‘Digital signature essential’ to safeguard automated polls

‘Digital signature essential’ to safeguard automated polls
By Leila B. Salaverria
Philippine Daily Inquirer

MANILA, Philippines—It may be one less human intervention in electronically transmitting election results, but a watchdog group insists a digital signature by a poll inspector is an essential safeguard in the automated balloting on May 10.

Alfredo Pascual, convenor of the Automated Elections System (AES) Watch, said that he became concerned after the Commission on Elections (Comelec) released its revised general instructions to the board of election inspectors (BEI) earlier this month.

Resolution No. 8786, directs the teachers comprising the BEI to press “No” when asked by the counting machine, or the Precinct Count Optical Scan machine, if they would like to digitally sign the transmission files with a BEI signature key, Pascual said.

The counting machines electronically transmit the results of the voting to the canvassing centers.

The digital signature is used to verify which machine the results had come from.

Big questions

“This raises big questions in the minds of groups like us and the public in general,” Pascual told the Inquirer in an interview yesterday.

“We’d like Comelec to be true to what is required in the law, that election results transmitted electronically should be digitally signed because this is a key safeguard feature of the AES,” he said.

He said that if the BEI would not be required to enter the digital signature, then other sources would also be able to send data to the servers where election results are stored.

But Comelec spokesperson James Jimenez said the instructions did not mean that there would be no digital signatures in the transmission of the votes.

Jimenez said the instructions simply removed one step in the transmission process in order to minimize human intervention and further protect the results of the vote.

The digital signature of the machine is already encoded in the device, he said, and that the digital signature of the BEI is also entered into the machine before the voting.

Signature imbedded

“From the start, the digital signature is already in the machine … Since it is there, the minute the machine stops counting, it starts printing, it starts transmitting. The teacher does not need to enter the process,” Jimenez said.

“That minimizes the possibility of the results being tampered with,” he added.

Jimenez said that the digital signatures would be read by the machines receiving the voting results because they are already in the signal that was transmitted.

The Comelec spokesperson also said that since the transmission of the results would be continuous, there would be no opportunity for anybody to encode new data into the machines.

It was also physically impossible for anyone to enter new data into the machine, he said.

Karen Ang

A plebeian who is trying to make small changes in this world.

  • Manuel Bulatao

    Mr. Pascual,

    Two persons close to me, Mr. Amador Astudillo, your ADB colleague, and Fr. Freddie Dulay, MJ, my high school classmate recommended your name as the real prime mover re our election issues.

    I understand I am being invited on April 9. Before that day, Kindly take note re attached ppt re potential solution re the possibility of MERCENARY Programmers and GUNS, GOONS, and GOLD. Time is getting shorter. This combination is the most dangerous enemy of the current PCOS system since the version the proper program can be replaced the night before the day of the election. This possibility is unknown to the general public who can easily be persuaded that just because of automation, cheating can be prevented. The recent survey that 84% of the public trust the automated solution is a very unstable basis to ignore this problem. For the professionals, they use public propaganda to hide their plans.

    In banking, you do not seek public opinion on the basis of an opinion poll re customer’s trust on the system. They ensure proper controls are in place so that no one can dictate to abuse the system.

    Without any CAPEX and reprogramming, the systems & procedures controls suggested will address this problem and will provide public confidence.

    It is sad the CAPABILITY MATURITY of both COMELEC and SMARTMATIC is limited….and so are the army of techno advisers from various volunteer organizations. Unfortunately, even those organizations who can best contribute to understanding internal controls are silent. These are the PICPA, PMAP, and the various Management Associations. There maybe a few very concerned IT brokers who are attempting to be heard. Unfortunately, most of their issues are marginal in content and does not address control issues.

    The nation deserves a system with solid internal controls. To accept a solution presented on the basis of technical trust or referential selling that it works in advance country is not good enough.

    In my 4 decades in this field, I have experienced examples referential selling from very big players who delivered of failed solutions. They are getting away from the justice system only because those officers who recommend them are scared of being charged as buying products disadvantageous to the institutions.

    I have given up on our Philippine Computer Society or the Philippine Society of IT Educators who both are ignoring my advocacy of enriching skills of the public.
    The problem centers on the fact that the academic program are TECHNOLOGY RICH …but APPLICATION POOR. And the TRAGEDY OF THE SYSTEMS GRADUTES is that no matter how intelligent, whatever honors (summa, cumlaude, gold medalist), degrees MS..PhD., Despite coming from the best schools such as Stanford, Harvard, MIT, etc., their output is only AS GOOD AS THE USER DEFINING the specifications. But then, this is another story.

    Prior to the Y2K issues, I am the lone advocate of the ‘not to fear’ scenario to prevent major capital expenditures. To the nation’s benefit, my suggestion was adopted by Congressman Garcia to ignore the impositions by Chairman Aguiluz to replace all non-Y2K compliant ATM’s and Teller terminals. While they may not be compliant, they are Y2K Functional similar to the international satellite who are all not sensitive to transaction date issue.

    Privately, I would like to discuss the issue on ‘source code’ as it relates to the real failure of election if not handled properly.

    Manny Bulatao

    p.s. you do not have a provision to attach a ppt file.