The need for the AES implementing rules and regulations

1
LITO AVERIA

LITO AVERIA

The Automated Election System Watch, through Dr. Nelson Celis, has been asking the Commission on Elections (Comelec or our state poll body) to promulgate a set of implementing rules and regulations (IRR) for the implementation and enforcement of the Automated Election Law, Republic Act No. 8436 as amended by Republic Act No. 9369.

The poll body had issued guidelines relevant to the operations and use of the automated election systems used in the last three elections, addressed, in particular, to the Board of Election Inspectors and the Board of Canvassers. It also issued resolutions on the conduct of the random manual audit.

The same system had been used for voting and counting at the voting center level, the underlying technology of which is the optical mark reader used to scan the paper ballot for vote marks. The software used in the 2010 and 2013 elections came from Dominion Voting Systems. Smartmatic had written its own software for the vote counting machines used in the 2016 elections. The guidelines for the operations and use of the PCOS renamed VCM issued by the Comelec by way of resolutions are specific to this technology.

The technology used for the canvassing and consolidation of vote counts is a general purpose laptop. The operating system used is a freely downloadable version of Linux. The software used for the canvassing and consolidation system (CCS) is still the same, although Smartmatic may have introduced improvements for the 2016 automated elections. The Comelec-issued guidelines for the operations and use of the CCS are specific for the Smartmatic supplied CCS.


But, the issues that hounded the 2010 and 2013 elections are the same issues that hounded the 2016 automated elections, in particular, the digital signature used in signing the election reports. The attributes of the digital signing technology to be used can be addressed in the IRR.

In the transmission of vote counts from the VCM in the 2016 elections, 3.36% of election returns had not been transmitted as of May 26, 2016. But the Comelec says that all election returns had been accounted for. The questions are:

1. How were the election returns transmitted/received or conveyed?
2. Where did they come from?
3. How were the election returns authenticated?
4. How were the data secured?
5. How were the vote counts consolidated in the final tally of votes?

In the 2013 elections, Comelec resorted to what is called the “Grouped Canvass Report” which is provided for in the guidelines the poll body issued but cannot be found in any of the election laws. The same questions may be asked.

In terms of data protection, the Comelec has only so far succeeded in mesmerizing stakeholders about encryption, citing that in 2010 and 2013 128-bit encryption had been used, translating this to 2128 = 340,282,366,920,938,436,463,374,607,431,768,211,456 combinations but never explained what those combinations are and what they are used for! In 2016, Comelec cites the use of 256-bit encryption to protect data. Data protection can be laymanized and clarified in the IRR.

The guidelines issued by the poll body do not address or provide a process for authenticating the election returns received by the CCS at the city/municipal level nor the canvass reports received at the succeeding levels of canvassing up to the national CCS.

Noticeable in the conduct of canvassing of the national results, for instance, was Congress, in joint session and acting as the national canvassing board, had relied on the printed copies of the canvass reports. Some canvass reports were reprinted for completeness, of course, under authority of the Comelec for the Provincial Board of Canvassers to regenerate the canvass reports which previously lacked the canvass results coming from some municipalities. This indicates that transmission failure was also encountered at the municipal level. This also raises another question: How was the integrity of the results previously received protected or ensured?

RA8436, as amended, defines transmission as “conveying data in electronic form from one location to other (sic).” This includes storing the election returns in an electronic storage medium and physically transporting the same from a voting precinct to a city/municipal canvassing center. The same can be done with canvass reports that needed to be transmitted from one canvassing point to another. However, Section 7 of the RA8436, as amended, requires the use of “secure communication channels.” How secure the physical mode of transport is anybody’s guess. But, fortunately, there were no reports of untoward incidents relating to the physical transport of electronic results.

Matters pertaining to electronic transmission may be clarified in the IRR being sought.

The assessment of the conduct of the elections or how successful the automated elections were vary between and among interested groups. The IRR can include a description of the manner on how the technology used can be assessed. After all, Section 6of RA8436, as amended, provides: “In the procurement of this system, the Commission [on Elections]shall develop and adopt an evaluation system to ascertain that the above minimum system capabilities are met.” The IRR can also provide for the manner how to assess or evaluate the conduct of the automated elections in general.

Let’s face IT. The IRR being sought can provide a common reference point. The IRR can be used to clarify various matters relating to technology and operations of the automated election system.

Share.
.
Loading...

Please follow our commenting guidelines.

1 Comment