As serialized in this column about the “Fearless forecasts” that undoubtedly happened, the Joint Congressional Oversight Committee (JCOC) and even the Automated Election System (AES) Watch have never seen or heard any contingency plan (e.g., Plan B, C or X) due to the Commission on Election’s (Comelec) non-compliance with AES Law (RA 9369) and e-Commerce Law (RA 8792) and the recent malfunctioning of the Vote Counting Machines (VCMs) abroad for the Overseas Absentee Voting (https://www.youtube.com/watch?v=7njI0c_ueT8).
Section 11 of RA 9369 stipulates that the Technical Evaluation Committee (TEC), the technical arm of the Comelec for test certifications, shall certify not later than three (3) months (i.e., February 9, 2016) that the AES is operating properly, securely, and accurately, to wit:
1. The successful conduct of a field testing process followed by a mock election event in one or more cities/municipalities;
2. The successful completion of audit on the accuracy, functionality and security controls of the AES software;
3. The successful completion of a source code review;
4. A certification that the source code is kept in escrow with the Bangko Sentral ng Pilipinas; (Although Comelec said that they deposited it already.)
5. A certification that the source code reviewed is one and the same as that used by the equipment; and
6. The development, provisioning, and operationalization of a continuity plan to cover risks to the AES at all points in the process such that a failure of elections, whether at voting, counting or consolidation, may be avoided.
In the last two JCOC hearings this year on February 16 and March 23, AES watch didn’t see any report from Comelec about the TEC certifications regarding the above six items. As of this writing, almost three months after the due date and nearly days before the elections, Comelec spokesman James Jimenez confirmed that the TEC has not yet issued any certifications.
And do you know the meaning of this? It is simply telling us that that the AES, including its hardware and software components and the electronic transmission facilities, is not yet certified and validated to be operating properly, securely, and accurately. In a press conference last week, April 28, 2016, AES Watch emphasized this very alarming scenario and pinpointed that our AES this coming national and local elections on Monday, May 9, 2016, is at a very…very…very CRITICAL RISK level.
Comelec never bothered to inform the public on how they are going to address this risk like implementing contingency measures that should have been rolling out at this time. This is also a manifestation that Comelec has no contingency plan for non-certification of AES as mandated by AES Law; that is, the above item 6 – The development, provisioning and operationalization of a continuity plan….
Remember what happened on May 3, 2010 during the Final Testing and Sealing (FTS) of PCOS machines? The PCOS machines malfunctioned nationwide! It was a terrible disaster which alerted Comelec to recall all the 76,000 CF cards of the PCOS machines. Why terrible? A case in point was the FTS conducted in Makati wherein the votes of Binay and Mercado went to Genuino. Another example are the unsuccessful transmission of election results (ERs) in 2010 (i.e., 9%) and 2013 (i.e., 24% of transmission) while telco companies said in the past JCOC hearings that their facilities were fired up 100%.
Hence, these few but serious experiences are just manifestations of the absence of TEC certifications.
What we have been hearing is that the Comelec and its AES vendor, Smartmatic, have been hyping that they are 100% ready for the May 9 elections. But do they say they’re ready because they have complied with all the minimum system requirements to make the elections secure, transparent, accurate and credible and that the TEC has completed the test certifications?
NO! They are not saying that. Because NONE of these requirements have been complied with!
Moreover, Comelec has not submitted any report to JCOC about their compliance with Section 3 of RA 9369 stipulating that at least one member of the Board of Election Inspectors (BEIs) shall be an information technology (IT)-capable person, who is trained or certified by the Department of Science and Technology (DOST) to use the AES. Further, since there has been no update given by Comelec to JCOC, AES Watch hasn’t seen or heard in any public media voice anything [except The Manila Times]about this concern whether Comelec has gotten any certifications of the BEIs from the DOST.
But since JCOC will not convene any hearings anymore before elections 5 days from today, the question now arises as to whether the DOST will still provide a report to both Comelec and JCOC stating that the 92,500 BEIs have been certified to be IT-capable people.
What if the DOST could not submit the said certification because there are “x” number of clustered precincts that do not have IT-capable BEI? What will Comelec do? What is the contingency plan?
Let’s go a little further by looking at Section 31 of RA 9369 which stipulates that the Comelec shall, not later than six months (November 9, 2015) before the actual automated election exercise, undertake a widespread stakeholder education and training program, through newspaper of general circulation, radio, television and other media forms, as well as through seminars, symposia, fora and other nontraditional means, to educate the public and fully inform the electorate about the AES and inculcate values on honest, peaceful, orderly and informed elections. Nothing was reported in the last two JCOC hearings about compliance with Section 31.
To date, AES Watch has never heard any update from Comelec about this matter and what they know is that Comelec did not comply with the deadline of November 9, 2015. Will the Comelec still prepare its required compliance report to JCOC about stakeholder education and training? What is the contingency plan if not yet completed?
Since the Comelec system in their central operations had been hacked and it is surely vulnerable to potential hacking attacks at this time, such system should not be used as source of election results data for posting in its public website. What is the contingency plan? To mitigate this high risk of hacking again, AES Watch recommends that the ERs from the VCMs be posted directly to accredited public websites. Hacking the electronically transmitted ERs from 92,500 sites will certainly be hard for hackers to penetrate compared to hacking the Comelec system in their mainstream operations which could comprise a few servers even if dispersed geographically.
Even the transparency server at PPCRV’s premises should not be trusted as it generated changing unreliable data in the past elections; aside from unprincipled data center operations that transpired therein. What is the contingency plan? One option is to have the transparency server at NAMFREL operations in Greenhills!
Will not now expound on other compliance concerns that Comelec should have already addressed at this time like source code review, digital signing, etc. It’s been frustrating for stakeholders, like AES Watch, as Comelec has been very silent since the last JCOC hearing on Holy Wednesday, March 23.
Mr. Chairman Bautista, please enlighten us voters about your contingency plans!