AS explained in my last article “Digital forensics in the realm of AES” (http://www.manilatimes.net/digital-forensics-realm-aes/295544/), the Joint Congressional Canvassing Committee (JCCC) allowed the digital forensics of the 60 precinct count optical scan (PCOS) machines that were seized from the house of a Smartmatic technician in Antipolo. It was also explained in that article that nothing was stipulated in the Automated Election System (AES) Law (RA 9369) or in the Comelec’s Rules on Proceduresregarding digital forensics.
Let’s look further into the application of digital forensics in the recent 2016 elections. In the case of the Smartmatic technical person, Marlon Garcia, whocorrected the displayed character“?” in some candidates’ names with the Spanish letter “ñ” in the transparency server on the night of the May 9 elections, a digital forensic investigation should have been requested immediately to find out its effect in the votecount of the affected candidates.
One interesting investigative question would have been, “How did the computer program behave before and after the change of character ‘?’ to ‘ñ’?” The Commission on Elections (COMELEC) must have copies of all the source codes of AES-related software in escrow with the BangkoSentral ng Pilipinas (BSP) as mandated by Section 11 of the AES Law, or RA 9369. The source codes would include the vote counting machine (VCM) system (a.k.a. PCOS), consolidation and canvassing system, election management system, and all software-related systems, including that one installed in the transparency server.
All AES software deposited with the BSP are supposed to be tested and certified by the Technical Evaluation Committee, a technical working group headed by Department of Science and Technology. Logic dictates that the transparency server’s program in escrow should behave the same as that of the transparency server program that was changedby Mr. Garcia without authorization from the COMELEC. If the performance of the two supposedly similar programs differ in results, then the forensics investigator could go down further to the vote counts generated by the transparency server in question.
Another interesting case for digital forensic investigation involving the May 9 elections is the admission by Mr. Garcia regarding the existence of a “fourth server” and other servers in a “meet-me room” (MMR) during the preliminary investigation of the case filed against Smartmatic and Comelec personnelpersonnelfor violations of the Cybercrime Prevention Act. An investigative question for the forensics expert would be, “How did these servers execute their respective computer programs?” Following the same simple procedures explained in the preceding paragraph, the investigator could easily deduce a conclusion. Moreover, another question arises, “Are the AES-related software of these servers kept in escrow with the BSP?”
Going beyond the MMR servers which accepted the transmitted election returns (ERs) from the 92,509 VCM or PCOS machines, a digital forensic investigator must establish whether the ERs received are the same as the transmitted ERs. Else, the investigator would have to go through the nitty-gritty of gathering the data from the telecommunications companies.This would be not only time consuming but would need legal permission as well.
In any electoral protest, the use of digital forensics appears to be unclear in the existing rules and procedures of thedifferent electoral tribunals, whether it be the Presidential Electoral Tribunal (PET), the Senate Electoral Tribunal (SET), and House of Representatives Electoral Tribunal (HRET). This is something new in the realm of AES that our legislators have to look into, although the JCCC allowed digital forensics in 2010.
* * *
In regard to the much-awaited Joint Congressional Oversight Committee (JCOC) hearing that AES Watch has been anticipating to be called this month, nothing has been heard to date as to when exactly a schedule would be set to discuss the report of the COMELEC Advisory Council. The AES Law stipulates that the JCOC is “created composed of seven members each from the Senate and the House of Representatives, four of whom shall come from the majority and three from the minority, to monitor and evaluate the implementation of the AES Law. The law provides that a written report to the Senate and the House of Representatives shall be submitted by the Advisory Council within six months (i.e., not later than November 9, 2016) from the date of election…(Section 33).” Further, RA 9369 specifies that “the oversight committee shall conduct a comprehensive assessment and evaluation of the performance of the different AES technologies implemented and shall make appropriate recommendations to Congress, in session assembled,” including “an evaluation of their accuracy through a comparison of a random sample of the AES election results with a manual tabulation, and the conduct of similar tests.”
* * *
The year 2016 is about to end. However, the COMELEC has not yet promulgated the Implementing Rules and Regulations of RA 8436, as amended by RA 9369. Next year will be the 20th year of non-compliance of the election commission with the AES law.
* * *
To date, no specific plan has been made about the direction the COMELEC will be taking with regard to the AES technology to be used in the 2019 elections. This could also form part of the JCOC agenda in the earliest possible hearing.