Transparency and ‘meet-me room’ servers

4

The Commission on Elections (Comelec) owes the voting public an explanation on the use of unauthorized servers and the unauthorized introduction of a script into the transparency server, which puts the credibility and integrity of elections in question.

The transparency server has been in use since the 2010 National and Local Elections. While sanctioned by the Comelec, there is absolutely no reference to its use in the Automated Election Law. Each precinct count optical scan (PCOS), renamed vote counting machine (VCM), is supposed to directly transmit the vote counts to the city or municipality canvassing and consolidation server (C/M CCS) to which a PCOS/VCM is assigned, and the servers of the majority party, the dominant minority party, the Kapisanan ng Brodkasters sa Pilipinas and the accredited citizens’ arm. As implemented, the PCOS/VCM transmits the election return it generates to the C/M CCS, to the central server, and the transparency server. Comelec accredited recipients receive the election returns via the transparency server or its mirror but not in the format as transmitted from the PCOS/VCM. The election returns undergo format conversion from “election markup language” to “comma separated values,” the format accredited recipients receive.

The conversion of the election returns from one format to another is an unnecessary step. The election returns generated by the PCOS/VCM are supposed to have been digitally signed by the members of the Board of Election Inspectors. If digital signing is properly implemented, the key used to encrypt the election returns prior to transmission has a corresponding key that can be used by a recipient to decrypt the election returns. Citing data security concerns, the Comelec which had sole control over the process of data format conversion had refused to release the keys that would have allowed the accredited recipients to decrypt the election returns on their own.

The results generated from the transparency server may be unofficial but such results served to counter check the official results. After all, the transparency server theoretically receives the same official copies of the election returns. But the assumption does not always hold. Case in point is the issue raised by the Confederation of Non-Stock Savings and Loan Associations (CONSLA) Party List. It had asked the Comelec to conduct an investigation into what it alleges as a case of manipulation of the results of the May 9 National and Local Elections. It cites the discrepancy of the vote counts it garnered based on the count made by the Parish Pastoral Council for Responsible Voting (PPCRV) vis-à-vis the counts done by the Comelec.


In 2013, the transparency server worked in conjunction with a “work file” server. The Comelec Advisory Council, in its 2013 post-election report, cites that the “work file” server “may have made the system vulnerable, resulting in security breach, open to online interference or manipulation.” The “work file” server was uncovered when Smartmatic-TIM personnel were made to explain the deletion of certain files from the transparency server.

Following the conclusion of the 2016 national and local elections, Smartmatic’s Marlon Garcia admitted to the existence of a “fourth server” and other servers in a “meet-me room” (MMR). The admission came about during the preliminary investigation of the case filed for violation of the Cybercrime Prevention Act against Smartmatic and Comelec personnel.

The “meet me room” is where all telecommunications services converge and the servers in the “meet-me room” are supposed to serve only a pass-through function. A look into the transmission of election returns from some 92,509 PCOS/VCMs shows that transmissions reached a peak rate of over 2,100 election returns per minute during the period 6:30 pm to 6:38 PM on May 9, 2016. At the end of this peak period, some 28.36 percent of expected election returns had been received. By 7:30 pm, about 51.85 percent of expected election returns had been received. By 11:59 pm of May 9, 2016, about 81.16 percent of all expected election returns had been received. The risk of data loss may have been mitigated by the “meet-me room” servers, especially during the peak period. However, it is unknown if the “meet-me room” servers served other functions since the “meet-me room” did not undergo review by interested political parties and groups.

Let’s face IT! The non-disclosure of the “meet-me room,” coupled with the unauthorized introduction of a script in the transparency server during live operations have certainly placed a cloud of doubt over the credibility of the election results and the integrity of the automated election system. The Comelec certainly has some explaining to do – before the 2019 midterm elections.

Share.
.
Loading...

Please follow our commenting guidelines.

4 Comments

  1. Mr. Averio your expose to me means that the COMELEC, et al should be tried in a court of law and not in the court of public opinion. Your comment that the Comelec owes an explanation to the public is enabling more criminality laced with graft, corruption, abuse of authority, and conflict of interest. We should stop this charade. This is a very serious matter as it was done by perpetrators whose intent is to rig the results of this election including the past elections for their bosses. This not a matter of omission of approvals from higher ups, or an act of gross negligence, or incompetence but a deliberate and well planned execution to override established policy and procedural controls to control and manipulate the results of an election. This should be tried in a court of law to restore the faith of the People of the Philippines in our justice system and to ensure that courts will send the message to these termites of corruption that no one is above the law.Mr. Averio your expose to me means that the COMELEC, et al should be tried in a court of law and not in the court of public opinion. Your comment that the Comelec owes an explanation to the public is enabling more criminality laced with graft, corruption, abuse of authority, and conflict of interest. We should stop this charade. This is a very serious matter as it was done by perpetrators whose intent is to rig the results of this election including the past elections for their bosses. This not a matter of omission of approvals from higher ups, or an act of gross negligence, or incompetence but a deliberate and well planned execution to override established policy and procedural controls to control and manipulate the results of an election. This should be tried in a court of law to restore the faith of the People of the Philippines in our justice system and to ensure that courts will send the message to these termites of corruption that no one is above the law.

  2. ernie del rosario on

    Amen Lito !!! You hit it. Comelec must not just explain the presence and true and full purposes/functions of the fourth, queue, intermediary (maybe even rogue ?) servers and simliar “nodes” of similar function in the entire AES network. Comelec itself MUST clarify beyond reasonable doubt that no defrauding of the votes ever happened at any point in the system. It should NOT be the other way around where it is the public, the courts, the election protesters, the election reforms advocates are the ones TASKED to prove that Comelec and Smartmatic did serious wrongdoings in the conduct of the 2016 election (and all 3 automated elections for that matter). This must be an ultimatum to Comelec and Smartmatic – their last chance to clear this 8-year running doubtful automated elections they has inflicted since 2008 on the nation for 3 national and 1 regional elections. Otherwise they must be punished with the full force of the law.

  3. The writer explains the issue better than the “expert” Gus Lagman who acknowledged that the “script” has no effect in the count of votes.

    • That’s what I have been telling Namfrel from the start. The admission by Marlon Garcia on the existence of the Intermediary Server , now vindicates me.

      Now on this Intermediary Server, as I have explained time and again, the term “Meet me Room” is a misnomer when used to describe the Intermediary Server.. In the Telcos, the “Meet Me Room ” is used for convergence of different Telephone Companies on the various forms of communication – voice, text or data- and this is used only to do a Store and Forward Function.

      But the Intermediary Server does more than that, There is processing done when in 2013, , we saw large data other than ER data from the Transparency Server, Marlon Garcia , (yes the same Guy who did a change of script for “cosmetic purposes” in 2016, an intrusion into a Live Canvassing System) told us in the Systems Group of Namfrel, to disregard that data which came from the Intermediary Server that was used for “decrypting” the ER data from the PCOS.

      Indeed , Comelec and Smartmatic have a lot of explaining to do on the questionable Data received from the Transparency Server which when subjected to R, a Data Analytics Software, is very revealing.