Does using machine digital signature fit the legal definition of digital signing as stipulated in Sections 22 and 25 of the Automated Election Law or RA 9369?
Does having no source code review for the past two consecutive elections in 2010 and 2013 constitute a violation of RA 9369?
Does the paper ballot being used for PCOS machines fit the legal definition of voter verified paper audit trail (VVPAT)?
Should Comelec promulgate rules and regulations for the implementation and enforcement of RA 9369 as stipulated in Section 37?
Many still unsettled major questions
The above questions are just some of the major ones not yet settled till now because Comelec has not promulgated the implementing rules and regulations (IRR) of RA 9369 since it enactment in January 2007. Eight years have passed and the Comelec Commissioners still hold the position that it should not prepare an IRR for RA 9369. In fact, in the last hearing of the Joint Congressional Oversight Committee on Automated Election System (AES) last Februray 5, 2015, Acting Comelec Chairman Christian Lim said, “You cannot have an implementing rule that can apply for all elections under one republic act because it would depend also on the system that is going to be used. Like in the case of this coming election, we will be using the old OMR, the new OMR, the DRE. So there will be three sets of general instructions that we will have to issue. You cannot have a rigid application on that, Your Honor.” OMR is Optical Mark Reader or the PCOS machine and DRE stands for Direct Recording Electronic or touch screen technology.
Acting Chairman Lim might have confused the difference between IRR and general instructions (GIs). Yes, it’s right that there should be three GIs for the said three technologies mentioned so that all stakeholders would easily understand the implementation scheme come the 2016 elections. However, AES Watch still believes that Comelec must promulgate the IRR applicable to all elections under one republic act that would clearly explain on how the digital signatures, source code review, VVPAT, test certifications and the rest of provisions of RA 9369 should be implemented for the clearer interpretation of the law.
Section 22 of RA 9369 states that “The election returns transmitted electronically and digitally signed shall be considered as official election results and shall be used as the basis for the canvassing of votes and the proclamation of a candidate.” On the other hand, Section 25 states that “The certificates of canvass transmitted electronically and digitally signed shall be considered as official election results and shall be used as the basis for the proclamation of a winning candidate.” Comelec interpreted Section 22 as digital signing being performed by the PCOS machines. This is contrary to what the law intends to convey as provided in RA 9369 Section 30 which stipulates that the authentication of electronically transmitted election results shall conform with the provisions of RA 7166, RA 8792 or e-Commerce Law as well as the Rules on Electronic Evidence (REE) promulgated by the Supreme Court. The e-Commerce Law and REE specify that a digital signature on the digital document shall be equivalent to the signature of a person on a written document. Therefore, the IRR that is yet to be written should explain that the phrase “digitally signed” implies the performance of the act of signing and that the digital signatures represent the functional equivalent of the actual signatures of the Board of Election Inspectors (BEIs) and Board of Canvassers (BOCs).
Sad to say, the interpretation of Comelec lawyers regarding digital signature has not been changed since the 2010 elections. They just adapted what Smartmatic provided them! They remained loyal to the machine digital signatures of PCOS machines and didn’t bother to consider the right way of digitally signing the election returns and certificates of canvass by BEIs and the BOCs, respectively.
But surprisingly, the digital forensics conducted by the Joint Congressional Canvassing Committee in 2010 at the Senate revealed the absence of digital signatures in the PCOS machines! What if we do the digital forensics now in any of the consolidation and canvassing system (CCS) servers? What could be the results?
Nevertheless, the Comelec Advisory Council (CAC) headed by DOST recommended the implementation of digital signatures for the BEIs and BOCs through its resolution no. 2013-008. At least, CAC and AES Watch are in agreement in this regard. Only Comelec is still in quandary!
For non-compliance with the law, neither Comelec nor Smartmatic was held accountable. But ironically, when Comelec institutes its own rules, they could easily implement it without hesitation. Case in point is the disqualification of Laguna governor ER Ejercito for overspending in the 2013 elections. After him, none was disqualified!
What about VVPAT? Source code review? Thus, AES Watch is asking Comelec to release the IRR now!
Comelec, don’t disregard the law!