Last credibility check: random manual audit

Was there fraud in the presidential and vice-presidential election? At least 1,800 vote counting machines (VCMs) broke down on D-Day, affecting 1.44 million voters. Comelec’s count was exceptionally fast. One hour after the close of the poll, 8:02 p.m., its transparency server recorded 20.05 million votes, or 37.96% of the votes cast (80.38% participation, or 52.81 million out of 65.7 million). registered voters).

Immediately, the votes of the two leading presidential candidates stabilized at a ratio of 68:32 and continued until the end of the count. Possible in a landslide. But also at 8:02 p.m. a flat curve emerged all the way in the tight fight between the third and fourth contenders. Same with the top two VP candidates. Highly unlikely, mathematicians cite the law of large numbers.

Given the varying bailiwicks and voter patterns by region, candidate curves are expected to fluctuate first and then flatten out in the end. Foolish to claim that pre-election polls showed such results. Elections validate polls, not the other way around.

Yet this is not evidence of fraud. At best, these are just hints.

But put aside partisan passions. Forget who won or lost. Hear what IT and election experts are saying. Voters will see that May 9 was a flawed automated election – again. As in 2010, 2013, 2016 and 2019, the provisions of the Automated Electoral Systems Act (AES) were not respected.

This law provides an unbroken chain of safeguards and processes. “But there were too many gaps,” says Nelson Celis, PhD, of AES Watch. Among these were:

(1) Digital Signatures – On March 23, Celis and National Press Club President Paul Gutierrez filed suit with the Supreme Court. “Order Comelec to assign digital signatures (access codes) to the three electoral inspectors per constituency.” This was after Comelec said only those in Metro Manila, Cebu City and Davao City would be assigned access codes from the Department of Information and Communications Technology’s list. In the rest of Luzon, Visayas and Mindanao, only presidents were to receive access codes, not the other two. For authentication, three digital signatures must be entered to start each of the 106,000 VCMs and transmit election results (ER). With only one signatory, any fraud can occur within the compound. The SC issued no mandamus.

(2) Monitoring Ballot Printing and SD (Secure Digital) Card Formatting – Citing pandemic restrictions, Comelec banned monitoring by party officials and election observers until 70 % of ballot papers have already been printed. Pray that the ballots will not be tampered with. A Filipino IT worker showed up at Comelec on March 22 when he was refused entry to witness the formatting of the SD card in the VCM warehouse. No action taken, Celis said.

(3) Documented results – Article 11 of the AES law requires Comelec to publish six conclusions 90 days before E-day or February 9. These are: field test and mock election; audit of AES software accuracy, functionality and security controls; review of VCM source code, forwarding router, consolidation/soliciting system; certification that the source codes are kept in escrow at the Bangko Sentral; certification that the source codes examined are those used by the equipment; and a continuity plan to avoid election failure during voting, counting or consolidation. Comelec decided not to release them until May 6, three days before E-Day, saying some findings had only been received the day before. He issued the resolution on May 11, two days after E-Day; links to results cannot be opened or viewed. No Filipino computer expert could examine it.

(4) Core, Backup and Transparency Server Source Code Review – A reputable international body must certify source codes, in this case Pro V&V of America, 90 days prior to eDay. Comelec is to release the details for review by Filipino experts as it did in 2010 with then-certifier SysTest Labs. Only then can Comelec issue a trusted version or executable file to run VCMs and servers. Comelec released a trusted version in January and revised it in February. Source code reviews continued through April. “Reviews say there were third and fourth revisions,” Celis remarks.

(5) Checking Emergencies against Transparency Server – Enclosure ER count must agree 100% with Transparency Server as all came from the same 106,000 VCM. But due to shortcomings in the above four processes, there might be variations. Watchdog Parish Pastoral Council for Responsible Voting reported a 1.6% difference between its tally and the Comelec server. This represents 1,696 constituency VCMs or 1,356,800 votes. Could there be more, asks former DICT secretary Eliseo Rio.

(6) Random Manual Audit (RMA) – Ballots in 759 constituencies, one per district or 607,200 votes, must be manually checked against ERs. These must be chosen publicly by tambiolo after the ballot. Constituency inspectors must then begin audits, observed by party representatives, watchdogs and voters. Since 2013, the selection has taken place behind closed doors. This Comelec 2022 did it through an automated random selection program in a laptop. Celis and Rio doubt that the ARSP source code has been revised. The RMA takes place at a location in Manila. Comelec gave the field offices two to five days to send the ballot boxes. Who will transport the boxes? Are they properly sealed and padlocked? The supervisor of the RMA, watchdog of the National Citizen Movement for Free Elections, does not know the logistics firm; nor does it contain the padlock keys. “Teacher-listeners are in a bubble; they are incommunicado,” says Namfrel chairman Gus Lagman, also a former Comelec commissioner.

All of this undermines the credibility of the 2022 election.

But there is a remedy. Publicly re-select the 759 constituencies. To shorten the time, prepare a tambiolo for each region. Open the audit to the public.

About Irene J. O'Donnell

Check Also

Why the Experts Say You Need to Go Wine on Barrel

Cask wine has become more mainstream than ever and there are many reasons to support …