These hearings are turning out to be very informative, as well as entertaining. I suggest you all listen to these two-hour hearings regularly. I will try to clarify some of the exchanges that went on in the past two hearings.
On the wrong data and time stamp
Many did not immediately get the Smartmatic explanation, which I think sounded reasonable. The internal clock of some machines was not properly set by Smartmatic technicians at the Cabuyao plant. Fine. So the time stamp is wrong. Fine. (By the way, when I say time stamp, that includes date and time.) What the Smartmatic people were trying to say was: even if the time stamp is wrong, the relative time should still be correct. If the voting for instance took 12 hrs 7 min, the log should also show 12 hrs 7 min. If the transmission took 3 hrs 2 min, then the log should still show 3 hrs 2 min.
Thus, it should be easy to reconstruct everything by getting from the hand-written BEI minutes the time when, say, the machine was turned on, and then noting when this same event occurred on the audit log. For instance, the audit log time stamp may say that the machine was turned on April 28 4pm, but if according to the BEI minutes, the machine was actually turned on May 10 6am, then it establishes that April 28, 4pm on the machine is actually May 10 6am in real time. With this, the real time equivalent of every machine time stamp can now be calculated accurately, because the PCOS tme and real time are still synchronized in speed.
The point here that is audit log time stamps, even if wrongly-set, are not entirely useless. It is just inconvenient, but the actual time of events can still be reconstructed, and we can still determine what actually happened with the PCOS machines on what time.
This does not get Smartmatic off the hook, however. Once the event time stamps are reconstructed, they still need to explain anomalies, like opening and closing of the voting period in less than a minute, multiple transmissions, continuous feeding of ballots, and so forth.
Note that the Systest Labs source code review (which HALAL analyzed in one of the posts here) had identified this time stamp issue as a potential problem, warning that some machines actions may not include a time stamp, or may not even be logged, and that the audit log itself may be lost or overwritten, which enables intruders to cover up their tracks. This is one of the reasons we concluded that the Comelec erred in certifying the Smartmatic software.
Possible questions Committee members may ask in the future:
– Smartmatic should demonstrate how the PCOS internal clock is set, so that the public can determine if it is easy to do in the field and therefore subject to tampering.
– Smartmatic should explain what they did to respond to the time-stamp problems raised in the Systest Lab report.
– It might also be interesting to ask: if they could not set the internal clock correctly when all the machines were in the Smartmatic central warehouse, with senior engineers, and they were in no hurry, how could all the CF cards been successfully delivered and then replaced by junior field technicians involving machines spread all over the Philippines, in a matter of three days?
On the digital signatures
This is a big issue. If some lawyers are to be believed, this can make or break the 2010 elections.
The problem is that the Comelec explicitly instructed the BEIs not to digitally sign the transmission of the Election Returns (ERs). Hence, the ERs were submitted without the digital signatures of the BEI. Yet, the law requires that the BEI attest with their signature to the correctness and authenticity of the ERs they are sending to the Municipal or City Board of Canvassers. They do this with the printed ERs, which are signed by the BEIs, but the basis of the municipal/city canvass is not the printed ER, but the transmitted ER. Thus, if the transmitted ER is deemed void because it was not properly signed by the BEI (an explicit instruction of the Comelec), then, the municipal/city canvass itself is in danger of being voided too. Likewise, the provincial and of course the national canvass. (No one apparently raised this question when the senators were proclaimed — probably because 13th placer Risa Hontiveros and other losing senators were too shocked by their loss to protest — but it may be raised in the canvassing of presidential and vice-presidential votes).
Smartmatic/Comelec claim that the ER contains the digital signature of the PCOS machine. But the PCOS signature is not the BEI signature. And the PCOS signature has been stored in the PCOS ever since it left the Smartmatic plant in Cabuyao. It will happily add this signature to anything that it transmits, as it did when some PCOS machines mistakenly transmitted the results of the final field testing instead of the May 10 results. A few months back, I heard the Comelec explain that the BEI did not need to sign because their signature was already stored within the machine and that this would be transmitted with the ER. But again, this means the machine signed for the BEI.
The key problem here is that the BEI were specifically instructed NOT TO DIGITALLY SIGN the ER. Thus, on the witness stand, if they are asked: “Did you digitally sign this ER?” What answer can you expect?
And if the ERs were not signed by the BEIs, will they pass the test of legality?
That’s a big question mark.
There’s another major stumbling block on the legality of the digital signatures. These are supposed to be valid only if they are certified by a third-party certifying agency. But there was no third-party certifying agency. Smartmatic was generating, assigning, and authenticating these signatures by itself, which is not how a valid digital certification system should work. Thus, the whole digital certification system is also in danger of being declared null and void.
A final problem about the Smartmatic approach is that they generated both the public and private keys of the BEIs. It is a gross security violation by Smartmatic, which is running the whole authetication set up, to know private keys. Private keys are supposed to be known ONLY by those whose signature they represent. They are like passwords to your computer. Your company may issue you a computer with a standard password, but you can change that into a private password that only you know. Because they generated the private keys of all BEIs, Smartmatic could have stored these for future use, which means they can sign in the name of any BEI.
This is truly a major failing of the digital signature certification system.