A Commission on Elections (Comelec) personnel and technology provider Smartmatic came under heavy fire Friday as allegations of tampering with the poll results ran thick after they introduced a new script midway through the vote count.
A Smartmatic engineer said he changed a hash code to correct the character “?” which appeared on some of the candidates’ names, to “ñ”.
A furious Comelec Commissioner Rowena Guanzon sought a formal en banc investigation into Smartmatic’s “illegal act,” including the poll body’s IT personnel who gave the other half of the password to the Smartmatic technical support team.
“I believe that Smartmatic has breached our protocol and they should be held accountable
for it,” Guanzon fumed. “The Commissioners are going to study this and even investigate our own people. If there is malfeasance we will get into the bottom of it.”
The commissioner stressed that the Automated Election System, which is owned by the government, should not have been touched by anybody without the consent of the Comelec en banc.
Guanzon said the Comelec may disqualify Smartmatic from future biddings or withhold its performance bond as a consequence of its unauthorized act.
“They have a performance bond which we can hold. We can also refuse payment unless I am satisfied that the breach was benign,” she warned. “We will look at the contract to see if the breach is enough to disqualify them from future biddings.”
She said Smartmatic’s action could cast doubts on the credibility and integrity of the elections.
“There may have been no damage in [the form of]alteration of the results. But there is certainly some effect because now the people are anxious and asking questions,” Guanzon said.
Smartmatic explained that the change it made was minor and that it did not alter the result of the elections.
But Rene Azurin, convener of the poll watchdog, AES Watch, said that Smartmatic committed a serious security breach.
“This now puts the entire canvassing process in serious doubt. The integrity of the automated results can now be reasonably questioned,” Azurin said in a statement.
“Everyone totally misses the point about a Smartmatic person changing a line in the canvassing program to replace a “ ? ” character into an “ ñ ”. The essential point in this matter is not that the change was “minor:” the crucial issue is that a Smartmatic technician had access to the server program while the canvassing was going on. If that technician can change one character, he can change other things as well,” he pointed out.
“Indeed, one can speculate that the so-called “minor change” might have been deliberately intended to act as a trigger to launch a sleeping worm or Trojan horse already embedded in the system and programmed to make major changes, including the altering of vote counts. Thus, the Smartmatic spokesman could claim with a straight face that the script change he made was ‘minor,’ while neglecting to say that this trivial change was the trigger for another script that would make major outcome-altering changes,” he added.
He said similar incidents have occurred in previous elections.
“In 2010, a Smartmatic technician cavalierly accessed the canvassing program to change the number of voters after the tally showed an erroneous 256 million as the total number of registered voters; and in 2013, a Smartmatic technician accessed the canvassing server to correct a script that produced an astonishing 12 million vote surge barely two hours into the canvassing. These incidents indicate major flaws in the Smartmatic system that our Commission on Elections has been so bent on foisting on the Filipino people,” Azurin said.
Also on Friday, an IT expert challenged the Comelec and Smartmatic to allow a public audit of the 2016 elections to find out if vote-shaving or vote-padding took place, particularly in the vice presidential race where Senator Ferdinand “Bongbong” Marcos Jr. and Camarines Sur Rep. Leni Robredo are locked in a tight battle.
Glenn Chong, former congressman of the lone district of Biliran province and a member of AES Watch, said a public audit would allow experts to look into the system (software) and the platform (hardware), including the mainframe Network Operating Center (NOC) and its backup Redundancy Server.
Chong, who was invited by the camp of Marcos to explain to the media how tampering may have been executed, said cheating is made possible by either making changes in the NOC and the Redundancy Server, which houses the application and database where an IT operator can make changes, modify, delete, or alter the program by inputting a new script.
“Smartmatic said the reason why a hash code was changed was that they corrected the character “?” to “ñ”. The best thing they could have done was just ignore the error. It is unbelievable that they forgot the ñ because Smartmatic is a Venezuelan firm that speaks Spanish. The question now is: Was there an overriding necessity to change the ‘?’ to ‘ñ,’ putting the integrity and credibility of the entire 2016 elections doubtful?” Chong said.
He said while Smartmatic and Comelec may always deny any manipulation of the election results, the “numbers do not lie,” referring to the mysterious decline in the votes for Marcos before midnight of May 9 and Robredo’s eventual increase in votes by 3 a.m. the following day, in less than five hours.
Chong blamed Smartmatic operations chief Mario Garcia, a Venezuelan, for the mess.
He said an election syndicate manipulated the results of the polls in Puerto Princesa City where a party swept 13 positions – from mayor, vice mayor, and 10 city councilors. Mayor Lucilo Bayron won against returning mayor Edward Hagedorn.
“I exposed this as early as February where the syndicate was paid P200 million to ensure a clean-sweep victory,” Chong said.
As of yesterday, Robredo was still leading by 223,154 votes. She had 14,003,003 votes, against Marcos’ 13,779,847.
However, the Comelec is not inclined to proclaim Robredo yet since the remaining .08 percent of untabulated votes, numbering more than a million, could still drastically change the results.
Smartmatic project director Mario Garcia said their personnel have been given authority to access the system because otherwise they would not be able to operate any component of the platform without the other half of the password.
Garcia claimed that everybody in the Parish Pastoral Council for Responsible Voting (PPCRV) command center, including representatives of the political parties, were aware of what was going on in accordance with protocol.
But Guanzon dismissed Garcia’s claim, saying that Smartmatic should have notified the Commission en banc about the need to change anything.
“Smarmatic should have informed the Commission En Banc what the problem was, what were the consequences and then they should have given us recommendations on how to fix it. They should have not touched the program without our prior knowledge and our official consent,” she stressed.
The Comelec IT personnel, Rouie Penalba, in a memorandum to the en banc, said he did not instruct Garcia to change the script.
PPCRV Media Director Anna Singson confirmed that their representatives were among those present when the change was made.
Election lawyer Manuelito Luna said that Smartmatic violated Republic Act 9369 or the
Automated Elections Law and the Omnibus Election Code with respect to the rights of candidates and political parties.
“It was electoral sabotage under a special election law,” Luna said.
Former Comelec Commissioner Gus Lagman also said that Smartmatic did an illegal act because it was strictly prohibited from tinkering with the source code when the counting of votes had started unless there was a Comelec en banc resolution.
Lagman added that Smartmatic did the same thing in 2013 when it also changed the software without such resolution.
He, however, agreed that the alteration on the script that also changed the hash code had no effect on the counting of the election results.