No, it’s not the online, electronic type of a compromise and not by hackers or malevolent actors out to sabotage the election results. The compromise was done by those who set up the transparency server through which various groups receive electronic copies of election returns from the various PCOS machines.
The Election Automation Law, Republic Act No. 8436 (RA8436), as amended by Republic Act No. 9369 (RA9369), clearly provides: “Within one hour after the printing of the election returns, the chairman of the board of election inspectors or any official authorized by the Commission shall, in the presence of watchers and representatives of the accredited citizens’ arm, political parties/candidates, if any, electronically transmit the precinct results to the respective levels of board of canvassers, to the dominant majority and minority party, to the accredited citizen’s arm, and to the Kapisanan ng mga Brodcaster ng Pilipinas (KBP).”
Instead of direct transmission from the PCOS machines to the servers of the various parties identified by law, the Commission on Elections (Comelec) authorized the setting up of a transparency server through which the various parties receive the election returns.
The transparency server was installed at the Parish Pastoral Council for Responsible Voting (PPCRV) operations center at the Pope Pius XII CatholicCenter at UN Avenue in Manila. PPCRV issued identification cards and had full physical access control to the facility and the transparency server.
Yet, a vulnerability in PPCRV’s security protocol was exploited. The Comelec Advisory Council (CAC), in its “Post-Election Report on the Use of the Automated Election System (AES) in the 2013 National and Local Elections”, cites “xxx it was further found the day after Election Day that a laptop was installed as an intermediary ‘workfile server’ between the Transparency Server and the workstations of the authorized four recipients and the Rappler Server.”
Supplier Smartmatic-TIM knew of the intermediary server and the actions taken but none of those in possession and full control of the transparency server knew of Smartmatic-TIM’s action until after it was done. The CAC Report continues, “This was disclosed by Smartmatic-TIM when it met with KBP, PPCRV and NAMFREL to explain the deletion of files that it made at the Transparency Server on the early morning after Election Day. This modification may have made the system vulnerable, resulting in security breach, open to online interference or manipulation.”
How did Smartmatic-TIM’s representative get to the transparency server? Why didn’t Smartmatic-TIM’s representative secure prior authority to do whatever he had to from either Comelec or PPCRV?
The CAC Report continues, “The very installation of the ‘workfile server’ itself as an intermediary between the Transparency Server and the workstations of the parties have to be investigated hand in hand with these two issues. This was later revealed as transmissions that were marked for further investigation and removed from the results pool.
Greater care must be made to inform poll watchers of developments like this for transparency purposes.”
Another weakness in the transparency server set up is in the delivery of the election returns data to the workstations of the recipients. The PCOS generates election returns in election markup language, which is then encrypted and thereafter transmitted to the transparency server.
Recipients of the election returns had no capability to decrypt the data and instead receive electronic copies of the election returns in comma separated values (csv) format from the transparency server. This only indicates the transmission related data – the transmission date and time stamp, the sending PCOS machine identifier, and the modem or BGAN identifier – has been stripped away. The recipients of the data had no way of verifying the source of the data they received.
Similarly, all authorized recipients of the election return data had no way of double checking the accuracy and integrity of the data they received. The CAC Report cites “The COMELEC website in the 2013 National and Local Elections derived its data from the ‘workfile server’ that intermediated the Transparency Server and the four recipients.
This was a major departure from the network design in the 2010 National and Local Elections, where the COMELEC website derived its data straight from the COMELEC Main Server. In the 2010 National and Local Elections a comparison could be made on PCOS transmissions received from the COMELEC Main Server versus the Transparency (KBP/PopePius) Server. Such was not made available in 2013 NLE.”
Let’s face IT. The 2016 National and Local Elections is fast approaching. There is a need to review the transparency server set up since (1) it is not compliant with the mandates of RA9369 that requires direct transmission from the PCOS to the servers of the authorized recipients of election returns and (2) it does not provide a way for recipients of the election returns data to independently verify the data that they receive.