During the Joint Congressional Canvassing Committee hearing on May 26, 2010 at the Batasang Pambansa (BP) hall, Sen. Enrile asked a question why the computer servers in BP and PICC had 256 million and 150,000 million registered voters, respectively, though in fact that the registered voters at that time was only 51.3 million. Under oath, Cesar Flores of Smartmatic replied, “Error in application!” Ouch! As a resource person, I was shocked…and therefore recommended to the Committee that the canvassing system should not be used as it could have not passed through proper testing and certification. In short, it was defective then. The following day, the canvassing started not knowing if there had been a fix made. Hmmm!
Another shocking revelation on May 26 was the vivid negligence of the Technical Evaluation Committee (TEC) in addressing the compensating controls that the SysTest Labs, Inc. (SLI) recommended in implementing the AES. The law–RA 9369, Section 11–clearly mandates that the TEC shall certify, through an established international certification entity not later than three months before the date of the electoral exercises, categorically stating that the automated election system (AES) is operating properly, securely, and accurately. Based on Comelec Advisory Council’s (CAC) recommendation to Comelec, SLI was contracted to support TEC in the latter’s role to certify. SLI did its job but TEC failed to address said controls; that is, there were no test certifications to show that all the 82,000 PCOS machines had 99.9995% accuracy rating (required by law), that the integration testing was successful from the PCOS machines up to the national consolidation and canvassing system (i.e., including the testing of all telecommunications facilities and digital signing), that the source code is kept in escrow at Bangko Sentral ng Pilipinas, that the source code reviewed is one and the same as that used by the equipment, etc. That TEC failure happened not only in 2010, but was also repeated in the 2013 elections.
Knowing all the systemic defects of Smartmatic’s AES in 2010, the CAC, headed then by former Sec. Ray Anthony Roxas-Chua of the Commission on Information and Communications Technology, recommended to the Joint Congressional Oversight Committee (JCOC) in June 2010 not to use the same PCOS machines in 2013 and that the “Comelec should not exercise the option to purchase (OTP) the AES. The AES encountered too many problems that need to be resolved before this particular system can be used again. Also, the savings of approximately P2 billion pesos versus leasing the machines again is negated by the costs of storage, breakage and obsolescence.”
On March 28, 2012, the letter of the Government Procurement Policy Board of the Department of Budget and Management to Comelec stated that “The contractual relation between Comelec and Smartmatic-TIM, specifically on the exercise by the former of the OTP is deemed automatically terminated upon expiration of the option on 31 December 2010.” However, the Supreme Court ruled on June 13, 2012 that the OTP was legally valid.
The above cases are just few of the many “Errors in Application” that AES Watch enumerated in its System Trustworthiness Accountability and Readiness (STAR) Card in 2010 and 2013. Other cases were the use of CF cards that were not write-once-read-many storage medium, fake ballot detection and voter-verified paper audit trail feature were disabled, unavailability of transmission facilities (i.e., 23% of the PCOS machines failed to transmit election results in 2013), no digital signatures, no source code review, and the like.
STAR is the framework for assessing the AES’ adherence to key technical and management requirements which AES Watch considers as crucial in making the system credible and reliable. For 2013, the STAR Card listed 27 items of concerns guided by the following key requirements:
(1) System set-up (Will the AES be ready for full implementation?)
(2) Internal security (Will the AES have the necessary safeguards to prevent fraud?)
(3) Personnel training and voters’ education (Will the teachers and the voters know exactly what to do on election day?) and
(4) Contingency planning (Will Comelec and other involved personnel know what to do when things go wrong?).
The listed items were rated as: Pass (4 points), Qualified Pass (3 points), Warning (2 points); Danger (1 point) ; and Fail (0). In this regard, the STAR Card ratings of AES in 2010 and 2013 were 1.2 and 0.29, respectively. Such failing grades are just manifestations of how poor the AES was implemented in the past two elections.
Further, the JCOC failed also its mandate (i.e., RA 9369 Section 33) to conduct a comprehensive assessment and evaluation of the performance of the AES technologies implemented in 2010 and 2013. But recently, AES Watch is very hopeful that the appointments of Sen. Koko Pimentel and Congressman Sarmiento as the new JCOC heads would yield compliance and a STAR Card rating of 4 (pass) for the 2016 AES.