• Digital forensics in the realm of AES



    SINCE the implementation of the Automated Election System (AES) in the 2010 national and local elections by virtue of the AES Law, or RA 9369, we, the electorate, have found ourselves in a digital world where information related to counting, consolidation and canvassing of votes are captured, processed, generated, transmitted, and stored in digital form. In the past three national elections, the precinct count optical scan (PCOS) machine and the vote counting machine (VCM) were the information technologies that were used to convert the shaded ballots into digital images.

    Considering that the handling of digital information or electronic data have been very crucial in the past elections, AES Watch has had so many compelling reasons to continuously air its challenge on the non-compliance of the Commission on Elections (Comelec) with RA 9369. One of the Comelec’s most glaring failures is the non-promulgation of the Implementing Rules and Regulations (IRR) of the AES Law.

    On another note, even the Comelec’s Rule 22 under the Rules of Procedures on Disputes in an AES (Resolution 8804) has not been complied with. Section 2 of Rule22 stipulates that before any electronic document (e.g., election return) or data offered as authentic is received in evidence, its authenticity must be proven by any of the following means:

    a) by evidence that it had been digitally signed by the person purported to have signed the same;

    b) by evidence thatother appropriate security procedures or devices for authentication of electronic documents were applied to the document; or

    c) by other evidence showing its integrity and reliability to the satisfaction of the judge.

    Validating the authenticity of an electronic document as evidence is not that simple. It goes through a process called digital forensics. One literature defines digital forensics as the collection of scientific techniques for the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events (Edward Delp et al., 2009). It is inherently a multidisciplinary subject involving computer science and engineering, signal processing, and criminal justice, at the very least.

    Let’s consider an actual case where digital forensics was actually applied. It may be recalled that there were 60 PCOS machines seized in the house of a Smartmatic technician in Antipolo City just after the 2010 elections. A then presidential candidate Nick Perlas asked two simple questions: 1) why had Smartmatic and the Comelec, and their police apparatus, put up such a stiff, almost violent, opposition to the rightful investigation of the PCOS machines that Smartmatic had illegally stored in a private house in Antipolo?; 2) were they hiding something inside the machines? The machines were eventually taken into the Senate’s custody.

    Before the start of the canvassing in May 2010 by the Joint Congressional Canvassing Committee (JCCC), then headed by Senate President Juan Ponce Enrile and House Speaker Prospero Nograles, deliberations were conducted on the issue of the 60 PCOS machines. AES Watch representatives were invited as resource persons to shed light on what could be the objective of having those machines in the house of the technician. Their recommendation then was to conduct digital forensics to do a comprehensive examination of the machines. It was approved by the JCCC and a team was formed to do the digital forensics.

    Days later, the digital forensics team released the following findings:

    1. The extracted hash code did not match the published hash code. The hash code is an output of an algorithmic process that will verify if an electronic file is authentic or not. The hash code of an electronic file is always unique and change may happen if the content is modified. The hash code is to an electronic file as the fingerprint or DNA is to humans.

    2.There was an absence of digital signatures. Examination of the PCOS machines revealed that no evidence was found to prove the existence of digital certificates in the PCOS machines. The technicians of Smartmatic were not able to show the machine version of the digital signature, claiming that they did not have the necessary tools to show the same. Moreover, they were in a quandary as to how to extract thePCOS machine’s digital signatures. The forensic team is of the opinion that there exists no digital signature in the PCOS machine.

    3.PCOS machine can be remotely controlled through its console port. The forensic team was able to connect an ordinary laptop computer to the console port of a PCOS machine, via a serial cable provided by the team. To the surprise of everyone, the serially connected laptop computer was able to access the operating system of the PCOS machine.

    Although it is not provided in the AES Law or in the Comelec’s Rules on Procedures, AES Watch recommends that digital forensics be made part of the rules. Election protests involve more than a mere process of recounting the votes and comparing ballots with electronic images.


    Please follow our commenting guidelines.

    1 Comment

    1. It is plain that comelec is not fit to perform its function, has in fact committed a serious crime and one of the most treasonous act.

      But why is congress, senate, judiciary, the executive branch, not acting on it? Is it because their political existence depend precisely on the status quo, where vote can be bought? Aren’t they all partners in crime?

      Then why waste so much resources in all these traitors? the government should be wiped out clean, imprison all of them, or to save resources, just cremate them all. We owe this to our future generations.