Credibility requires transparency

Interestingly, the Federal Constitutional Court of the Federal Republic of Germany ruled (on March 3, 2009) that the use of voting machines must “meet the constitutional requirements of the principle of the public nature of elections.” The principal basis for this ruling was that “all essential steps of an election… [must be] subject to the possibility of public scrutiny.” In essence, that German court was saying that transparency is absolutely indispensable in a democratic election.

And transparency was one thing our recently concluded elections definitely did not have. In the untransparent poll automation system selected by our Commission on Elections — supplied by favored supplier Smartmatic — we voters had no way of telling if our votes were actually counted and if the votes were being accurately tallied. In effect, Comelec found nothing wrong in the fact that the Filipino public would be required to just take whatever the Smartmatic PCOS voting machines printed out as election results as gospel truth.

In a forum organized last Saturday by the Philippine Computer Society (PCS), the Philippine Electronics and Telecommunications Federation (PETEF), and the Movement for Good Governance (MGG), many of the “sins” — a term introduced into the proceedings by the irrepressible master of ceremonies, Maricor Akol, past president of PETEF — jointly committed by Comelec and Smartmatic in these elections were revealed, documented, and discussed. The nature and number of those sins suggested — to me, at least — that the sins were deliberate and intentional, and not merely the result of oversight or incompetence. In other words, the “sins” were mortal sins, not venial sins.

Excellent presentations were served up by computer security and IT forensic expert Drexx Laggui, Philippine Software Industry Association president Bettina Quimson, AVA Law’s Al Vitangcol, Namfrel’s Eric Alvia, and Philippine Computer Society’s Edmundo Casiño. Essentially, they gave us graphic descriptions of the so-called “sins” committed in the name of poll automation. After those presentations, IT pioneer Gus Lagman, PETEF’s Ben Garcia, PHCert’s Lito Averia, PCS’s Ernie del Rosario, PETEF’s Ronaldo Solis, Botong Pinoy’s Joel Ong, and former National Computer Center director Dr. Bill Torres offered assorted “correcting” suggestions ranging from proposed amendments to the law to variations in technology to alternative voting systems.

The organizers of the forum will be consolidating the proceedings in a report and will be immediately forwarding this to the appropriate government bodies and various interested parties. I will comment on the report at that time.

For now, let me just say that “transparent” the 2010 election was not. The presentations highlighted the significant departures from and violations of the terms of the agreed Smartmatic-Comelec contract. These showed that the process of implementing the poll automation exercise was terribly flawed and inconsistent with good — I do not even say, best — practices.

The way I would sum up — imperfectly, perhaps — what we heard is to make three statements.

First, it is not true that, as Cesar Flores of Smartmatic keeps saying, “You cannot cheat in this system without leaving a trail.” This claim is not true even in theory, much less in practice. Indeed, modifying audit logs can be easy when a particular software system has inherently weak security features, as indeed is the case for the Smartmatic system. And, as every experienced programmer knows, with what is called “root access,” one can just delete a log file and replace it with a new one that is consistent with whatever alterations have been introduced into the system.

Furthermore, before and after May 10, access to the flash memory cards and the PCOS voting machines was acquired variously by assorted Smartmatic personnel, Comelec officials, logistics companies’ personnel, city or municipal treasurers, technical personnel, election officials, and who knows who else. That’s just too many potential “perpetuators.” It should be emphasized — which I did in columns on this subject that I wrote as early as July 2009 — that even a few minutes’ access to these memory cards and voting machines would have allowed a “hacker” to introduce malicious code that can change the reported election results and then remove traces of such alterations even from audit log files.

Moreover, as my friend Gus Lagman never tired of pointing out in the months before the poll automation technology was selected, the PCOS machine offers no way for the public to know that the election return printed by the machine is how the voters actually voted. Even if political parties and independent observers are present in the polling places, they simply cannot see — nor verify — what “votes” the machine is counting. Even if, for the sake of argument, PCOS machines were accurately counting the votes cast, no poll watcher can actually tell if the votes are being tallied correctly or transmitted faithfully.

Second, it is not true that, as certain Comelec, Smartmatic, and even PPCRV officials claim, “The poll automation was a success.” The crucial measures of success, as far as the results of an election are concerned, must be accuracy and transparency. Obviously, i) the votes must be correctly counted, and ii) the process must be transparent so that the accuracy of the count cannot be disputed. On both these measures, it is impossible to claim that the poll automation exercise was “a success.”

I think Comelec’s officials have lost sight of the fact that transparency is the absolutely indispensable requirement for credible elections. They appear to have prioritized quickness of the result over transparency in the process. They are effectively betting our democracy on the assumption that not a single well-placed election official can be corrupted. Given the Filipino public’s experience with election officials and election operators, this is obviously an unreasonable assumption. Thus, since “all essential steps of an election… [must be] subject to the possibility of public scrutiny” and since this was certainly not true in this case, we have to categorically state that the poll automation exercise was a dismal failure.

Third, finally, it would be the height of irresponsibility for those who actually understand the glaring faults of the Smartmatic system — like those in the IT industry — not to rail against its use in future elections. Further, it would be criminal for the public not to listen to what the experts are saying. Personally, I am convinced that there was a deliberate effort to muck up these first-ever automated elections. This conviction is reinforced by Comelec’s suspicious disabling of many important security features — like the prescribed personal digital signatures of election officials and the UV identification of ballots — coupled with the inexplicably late testing of the memory cards (thus triggering an eve-of-the-election need to “replace and reconfigure” 76,000 of them). This conviction is (for me) confirmed by Comelec’s complete bungling of the prescribed “random manual audit” which prevented observers from (at least) statistically validating the reported electronic election results.

What we have just been through is an untransparent — and therefore non-credible (incredible?) — election, one in which we have no way of knowing what the results actually were. Thankfully, groups like PCS, PETEF, and MGG are persisting in their criticism of the poll automation exercise so that we do not fall into the trap of using this Smartmatic system ever again. –Strategic Perspective — By René B. Azurin, Businessworld