News reports say the PPCRV has received 70,255 and encoded 43,035 election returns (ERs). Out of these, they found 29 discrepancies, or an average of one in 1,484 ERs (.07% error rate). PPCRV chair Henrietta de Villa was quoted saying, “We can say that the election is clean because the discrepancy is very minimal.”
Unfortunately, computers are not evaluated that way. If your spreadsheet program makes one error for every 1,484 cells, junk it at once, because it is useless! If your wordprocessor changes one of every 1,484 characters it processes, junk it too.
While the analog side of an automated system (such as the scanning of marks) may introduce errors, we expect from the digital side zero error. Even a single error in a million characters or operations is a cause for worry, because it suggests a bug (a problem) in the machine’s logic. When testing software, testers assume that if you find one bug, more hidden bugs must exist. Unless that bug is found and properly evaluated, we can’t say if the problems it can cause are minor or major. All we know is, something is wrong with the software.
Unless the 29 discrepancies have been traced to the particular portion of Smartmatic software that caused them, and other portions of the software have been searched for similar bugs, it it premature to declare the election “clean”.
PPCRV grouped the 29 discrepancies into four:
- Candidates got zero votes (four machines). It is not clear from the news report whether some or all of the candidates got zero, and whether this occurred in the transmitted or the printed ERs, so we will leave this type of discrepancy for future analysis.
- A candidate got one less vote during transmission (at least two machines). The printed ER says a candidate got so many votes. But the transmitted ER has one vote less. That’s a “bawas”. Now, why would that happen? We had been worried earlier that the PCOS machine would print something, but transmit something else. And here’s the proof that the PCOS machine does print something but transmit something else. This is called malicious code. That it exists in one part of the system suggests that other parts of the system may also contain malicious code. In this particular case, the vote-shaving involved only one vote. But it is just as likely that the instruction could deduct not one but two – or for that matter, three or more. The discovery of malicious code really calls for a thorough review of the Smartmatic source code.
- Total votes in the transmitted ER was less than ten (nineteen machines). The printed ER has several hundred votes, but the transmitted ER has less than ten. The Comelec had earlier explained this away as follows: the board of election inspectors mistakenly transmitted the results of the previous final testing and sealing (FTS) instead of the May 10 results. This means that the FTS data are not zeroed, even if the May 10 data are zeroed at the start of voting. Here’s another case of malicious code. It means that the PCOS machines keep not one but two (and perhaps more) versions of vote data – the data from the FTS, and the authentic May 10 data.
- Total votes in the printed ER was less than ten (four machines). The transmitted ER has several hundred votes, but the printed ER has less than ten. This confirms that the PCOS machine keeps not one but at least two versions of vote data. It also suggests that BEIs, although it is not in the Comelec general instructions, can actually choose which vote data to print or transmit. In the third type of discrepancy, the BEI correctly printed the May 10 vote data but inadvertently transmitted the FTS data. In the fourth type of discrepancy, they inadvertently printed the FTS vote data but correctly transmitted the May 10 vote data. They must have pressed some keys, or done something different, that would either print the FTS data, or transmit the FTS data. These are undocumented options apparently triggered by hidden commands the BEI must have inadvertently pressed. This is another case of malicious code.
Let us be more systematic about this. There are four possibilities: 1) print May 10 data, transmit May 10 data; 2) print FTS data, transmit FTS data; 3) print May 10 data, transmit FTS data; and 4) print FTS data, transmit May 10 data.
The first one is the honest option, if you want to report exactly what the PCOS machine says it counted. The fact that other possibilities exist already indicate the existence of malicious code.
The third and fourth possibilities are BEI mistakes, caught by the PPCRV as its third and fourth types of discrepancy, respectively. We have already confirmed that these possibilities exist. That there are only 23 cases, means only 23 BEIs made mistakes among those who knew about the hidden commands. This is the tip of the iceberg that PPCRV stumbled on but consider “minimal”.
The second one is the undetected dishonest case: the BEI sends a false report instead of what the PCOS machine counted. This will not show up as a discrepancy. To detect it, we can: 1) count the votes in the ballots and compare the results with the machine count; 2) examine the CF cards in case they still contain both the false and the authentic vote data; 3) search the PPCRV and Comelec database for ERs whose transmitted and printed versions both contain ten total votes or less. The last method will not work, however, if the FTS before the elections was secretly done not with ten ballots but with several hundred. In fact, this looks like a plausible cheating method.
We must thank the PPCRV for detecting these discrepancies. They prove the existence of malicious code in the Smartmatic software and suggest a way high-tech cheating could have been done. Now, we have clues and can investigate further.
20 May 2010