The 1-3pm House Committee on Suffrage hearings on automated election fraud

These hearings are turning out to be very informative, as well as entertaining. I suggest you all listen to these two-hour hearings regularly. I will try to clarify some of the exchanges that went on in the past two hearings.

On the wrong data and time stamp

Many did not immediately get the Smartmatic explanation, which I think sounded reasonable. The internal clock of some machines was not properly set by Smartmatic technicians at the Cabuyao plant. Fine. So the time stamp is wrong. Fine. (By the way, when I say time stamp, that includes date and time.) What the Smartmatic people were trying to say was: even if the time stamp is wrong, the relative time should still be correct. If the voting for instance took 12 hrs 7 min, the log should also show 12 hrs 7 min. If the transmission took 3 hrs 2 min, then the log should still show 3 hrs 2 min.

Thus, it should be easy to reconstruct everything by getting from the hand-written BEI minutes the time when, say, the machine was turned on, and then noting when this same event occurred on the audit log. For instance, the audit log time stamp may say that the machine was turned on April 28 4pm, but if according to the BEI minutes, the machine was actually turned on May 10 6am, then it establishes that April 28, 4pm on the machine is actually May 10 6am in real time. With this, the real time equivalent of every machine time stamp can now be calculated accurately, because the PCOS tme and real time are still synchronized in speed.

The point here that is audit log time stamps, even if wrongly-set, are not entirely useless. It is just inconvenient, but the actual time of events can still be reconstructed, and we can still determine what actually happened with the PCOS machines on what time.

This does not get Smartmatic off the hook, however. Once the event time stamps are reconstructed, they still need to explain anomalies, like opening and closing of the voting period in less than a minute, multiple transmissions, continuous feeding of ballots, and so forth.

Note that the Systest Labs source code review (which HALAL analyzed in one of the posts here) had identified this time stamp issue as a potential problem, warning that some machines actions may not include a time stamp, or may not even be logged, and that the audit log itself may be lost or overwritten, which enables intruders to cover up their tracks. This is one of the reasons we concluded that the Comelec erred in certifying the Smartmatic software.

Possible questions Committee members may ask in the future:

– Smartmatic should demonstrate how the PCOS internal clock is set, so that the public can determine if it is easy to do in the field and therefore subject to tampering.

– Smartmatic should explain what they did to respond to the time-stamp problems raised in the Systest Lab report.

– It might also be interesting to ask: if they could not set the internal clock correctly when all the machines were in the Smartmatic central warehouse, with senior engineers, and they were in no hurry, how could all the CF cards been successfully delivered and then replaced by junior field technicians involving machines spread all over the Philippines, in a matter of three days?

On the digital signatures

This is a big issue. If some lawyers are to be believed, this can make or break the 2010 elections.

The problem is that the Comelec explicitly instructed the BEIs not to digitally sign the transmission of the Election Returns (ERs). Hence, the ERs were submitted without the digital signatures of the BEI. Yet, the law requires that the BEI attest with their signature to the correctness and authenticity of the ERs they are sending to the Municipal or City Board of Canvassers. They do this with the printed ERs, which are signed by the BEIs, but the basis of the municipal/city canvass is not the printed ER, but the transmitted ER. Thus, if the transmitted ER is deemed void because it was not properly signed by the BEI (an explicit instruction of the Comelec), then, the municipal/city canvass itself is in danger of being voided too. Likewise, the provincial and of course the national canvass. (No one apparently raised this question when the senators were proclaimed — probably because 13th placer Risa Hontiveros and other losing senators were too shocked by their loss to protest — but it may be raised in the canvassing of presidential and vice-presidential votes).

Smartmatic/Comelec claim that the ER contains the digital signature of the PCOS machine. But the PCOS signature is not the BEI signature. And the PCOS signature has been stored in the PCOS ever since it left the Smartmatic plant in Cabuyao. It will happily add this signature to anything that it transmits, as it did when some PCOS machines mistakenly transmitted the results of the final field testing instead of the May 10 results. A few months back, I heard the Comelec explain that the BEI did not need to sign because their signature was already stored within the machine and that this would be transmitted with the ER. But again, this means the machine signed for the BEI.

The key problem here is that the BEI were specifically instructed NOT TO DIGITALLY SIGN the ER. Thus, on the witness stand, if they are asked: “Did you digitally sign this ER?” What answer can you expect?

And if the ERs were not signed by the BEIs, will they pass the test of legality?

That’s a big question mark.

There’s another major stumbling block on the legality of the digital signatures. These are supposed to be valid only if they are certified by a third-party certifying agency. But there was no third-party certifying agency. Smartmatic was generating, assigning, and authenticating these signatures by itself, which is not how a valid digital certification system should work. Thus, the whole digital certification system is also in danger of being declared null and void.

A final problem about the Smartmatic approach is that they generated both the public and private keys of the BEIs. It is a gross security violation by Smartmatic, which is running the whole authetication set up, to know private keys. Private keys are supposed to be known ONLY by those whose signature they represent. They are like passwords to your computer. Your company may issue you a computer with a standard password, but you can change that into a private password that only you know. Because they generated the private keys of all BEIs, Smartmatic could have stored these for future use, which means they can sign in the name of any BEI.

This is truly a major failing of the digital signature certification system.



  1. Posted May 24, 2010 at 4:25 pm | Permalink

    I perfectly understand Smartmatic’s explanation with regard to the time stamps and the reconstruction using other references. That is not the point of my query about the time stamps. My queries are directed towards the system’s compliance with the law and Smartmatic’s quality control.

    The law provides that election returns containg THE DATE OF THE ELECTION. It is requirement under the law. In legal discussions, the date reflected on a document is what establishes the date which the document officially exists. Even if the time of operation of the PCOS machine coincides with the handwritten minutes by the BEI (for example, the PCOS log says it operated for 13 hours and the written minutes show an operation of 13 hours), it is still not conclusive proof that indeed, the PCOS operated during the date and time it was supposed to operate. How is one to know that either (PCOS or the minutes) was manipulated to make the logs correspond? We must remember that cheaters will try to find ways to cover their tracks.

    That is why it is very important election returns reflect the true and correct date / time stamp. Otherwise, its authenticity is questionable. Besides, it is required by law! The law says the date of election must be reflected in the election return. So if the date of elections is May 10, 2010, an election return which bears the date April 28, 2010 does not comply with the law. It is not merely an inconvenience, it becomes a legal issue.

    This then goes to the question of quality control by Smartmatic. If the election returns are required to bear the correct date and time, how an they allow any PCOS machine to be deployed without the correct date and time properly set? It is nothing but negligence.

    If they can be negligent in certain aspects of the system, then they can be negligent on others. For example, during the canvassing of votes for Senators, the system generated National Canvass Report (the official report on votes received by senators) showed that the total registered voting population is 153 thousand-plus voters. Clearly, it is an error generated by the system. In the canvassing for PRes/VPres, the Consolidation and Canvassing System deployed in COngress shows a total registered voting population of 256 thousand -plus. This too, is supposed to be system programmed.

    That’s why the explanation of Smarmatic, backed up by Comelec, is not acceptable. And we should not let it pass without a concrete and specific plan of action to address these concerns.

  2. Roberto Verzola
    Posted May 25, 2010 at 5:23 am | Permalink

    Hi Cong. Ruffy,

    I get your point about the legal requirement, and the negligence of Smartmatic.

    To the list, we might add the May 3 fiasco, which Smartmatic owned up to. It should be obvious that if you change the layout of the ovals, their coordinates change and therefore the configuration file which contains these coordinates should also be modified. To claim that they forgot to do so, putting the entire national election at risk a few days before election day is truly the height of negligence. Many don’t believe, and I’m one of them, that they managed to successfully replace all memory cards within the three days they claim they did it. If they could not set the internal clock properly earlier at the Cabuyao warehouse where they had their best engineers and technical people and they were not so pressed for time, how could they replace all the cards within three days in machines spread out all over the country, without any mistake?

    By the way, I have heard of unusual voting patterns showing up in the senatorial race, where losing senators at the Nth place, for instance, occupied the same ranking in many provinces, some their bailiwicks where they expected to rank higher, and some the bailiwicks of another party where they expected to rank lower. Again, though not proofs, these are nagging questions that are too widespread, affecting too many candidates to be simple coincidences.

    There’s something I suggest you can ask Smartmatic:

    It is very clear from the discrepancies found by PPCRV that the PCOS keeps at least two versions of vote data, the testing data and the May 10 data. Even if the May 10 data is zeroed, the testing data is retained. It is also very clear that there is a hidden PCOS command to print, as well as to transmit, the testing data, because PPCRV has found 10-vote results in printed ERs as well as in transmitted ERs.

    Can you please ask Smartmatic: what is the PCOS command for each of the following:
    1. print the May 10 data (or select the May 10 data for printing)
    2. transmit the May 10 data (or select the May 10 data for transmission)
    3. print the test data (or select the test data for printing)
    4. transmit the test data (or select the test data for transmission)


    Obet Verzola

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: