Automated Election System. The Challenge: Meaningful Poll Watching By Angel “Lito” S. Averia, Jr. Prepared for the Center for People Empowerment in Governance (CenPEG). Automated Election System Concerns. Operations Cheating Fraud Sabotage. Operational Problems with OMR.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Automated Election System The Challenge: Meaningful Poll Watching By Angel “Lito” S. Averia, Jr. Prepared for the Center for People Empowerment in Governance (CenPEG)
Automated Election System Concerns • Operations • Cheating • Fraud • Sabotage
Operational Problems with OMR Valid ballots that were crumpled, folded (to fit in the size of the ballot box) and those that contained unnecessary markings or smudges as well as those lightly shaded ballots were rejected, which slowed down the counting. CAC Report on the 2008 ARMM Elections
Operational Problems with OMR The number of ballots to be counted per ACM was not as it was projected. There are discrepancies in the counting of ballots between those who actually voted with results counted. An example of this was experienced in one of the precincts of Shariff Kabunsuan where the actual number of voters is 371 but the machine counted only 276, there was a discrepancy of 95 ballots papers. But, after the BEIs conducted a recount the machine counted 365. CAC Report on the 2008 ARMM Elections
Operational Problems with OMR Incidents of over voting in some precincts that used OMR, such as Bumbaran, Lanao del Sur, were also encountered because of BEIs voting in their assigned precincts. In these cases the result was invalidated (treated as zero) and COMELEC had to override it. CAC Report on the 2008 ARMM Elections
Operational Problems with OMR The Counting and Canvassing System (CCS) was not programmed to accommodate failure of elections in some municipalities, such as Balindong, Lanao del Sur and Basilan, thus the machine had to be shut down to force the system to close the counting. There were incidents wherein the system would not close the counting and canvassing since it showed that it didn’t count 100% of the total votes from all the precincts though all precincts were able to count the votes. CAC Report on the 2008 ARMM Elections
Operational Problems with OMR Some ACMs to include laptops and printers overheated, stopped functioning and had to be re-started. CAC Report on the 2008 ARMM Elections
Operational Problems with OMR Constant paper jamming (of the OMR Ballots). CAC Report on the 2008 ARMM Elections
Operational Problems with OMR The attached full 196-key Keyboard in the ACM is open to programming intrusion. CAC Report on the 2008 ARMM Elections
Operational Problems with OMR During the results transmission phase after the closing of the election, it was observed that problems were encountered by the supplier involving the data communication infrastructure. Specifically, it was reported that in the areas of Buluan, Pagagawan, Talayan and Shariff Aguak, the BEIs had to personally bring the USB flash drive to their respective canvassing centers due to total transmission failure. This incident holds true for several areas in Maguindanao. CAC Report on the 2008 ARMM Elections
Operational Problems with OMR The supplier admitted that they used an untried and untested private network that was only installed too close to the Election Day. Not only did this delay the transmission but also compromised the integrity and security of the AES. CAC Report on the 2008 ARMM Elections
Operational Problems with OMR Another cause of delay in the consolidation and transmission process was the physical transportation of the OMR ballots to the counting centers. The printing of 30 copies of the election returns of each precinct and counting center also slowed down the canvassing and transmission process, which in turn inconvenienced the BEIs of queuing to wait for their turn before their ballots could be counted and canvassed. CAC Report on the 2008 ARMM Elections
2008 ARMM Elections • The previously listed problems were experienced in the 2008 ARMM Elections • 2008 ARMM Elections involved and estimated 1.2mn voters in approximately 5,600 precinct clusters
Replication at Nationwide Scale • The foregoing listed problems could recur during the 2010 national elections if the COMELEC fails to put in place the necessary safeguards
The Election Process A Comparison of the Traditional Process and the Automated Process
Traditional None Automated Precinct Count Optical Scan (PCOS) Canvassing Computers Central Server Telecommunications devices and network Software Machines & Infrastructure
Machines & Infrastructure • Machines could be rigged • PCOS and Canvassing Computers: A program or software could be embedded into firmware (burned into eprom) which can be installed on the motherboard of the PCOS and/or Canvassing Computers. The embedded program or software could include hard data or randomly generate votes to favor a certain candidate. The firmware could be installed before the machines are shipped out of the manufacturing facility or before the machines are sealed days before the elections.
Machines & Infrastructure • Machines could be rigged: • The PCOS and Canvassing Computers are basically computers • Computers have central processing units (CPU) • In the CPU is a program called the BIOS or Basic Input/Output System • A malicious code designed to manipulate the results of the count or canvassing to favor a certain candidate could be embedded in the BIOS.
Machines & Infrastructure • Machines could be rigged • Mitigation: Review/audit of the hardware before sealing. This would, however, require highly skilled hardware engineers to review the equipment circuitry.
Machines & Infrastructure • Software Program Components • Imaging • Optical mark reader • Counting • Printing • Signing • Encryption • Transmission • Canvassing
Machines & Infrastructure • Software Program Components • Different, rigged versions of the software that will create the image of the ballot, count the votes, and prepare the ER could be loaded in 80,000 PCOS units. • General software failure • Software component failure
Machines & Infrastructure • Software Program Components • Mitigation: inspection and testing of each PCOS unit. However, it will be a Herculean task to check all 80,000 PCOS units to determine if the same software is deployed.
Traditional elective positions and blank line(s) for each elective position. Automated Names of candidates for each elective position are printed on the ballot. Across the name of each candidate name is a figure (oval or square) which will be shaded by the voter. Ballot
Ballot • Potential Problem: • If the pre-printed ballots are pre-filled, there is no way to detect if one and the same person pre-filled the ballots. • The pre-filled ballots may be “read” or scanned by the PCOS before the PCOS is sealed with the connivance of the technical personnel • Or, before opening of polls with the connivance of the BEI
Ballot • Mitigation: At initialization of the PCOS, it should be demonstrated that no images are stored in the PCOS. • Note: The RFP requires a function to show that all vote counters are zeroed. But nothing in the RFP requires the execution of a function to show that there are no ballot images stored in the PCOS.
Traditional Preparation of election paraphernalia Automated Preparation of election paraphernalia Breaking of seal of the PCOS Powering up the PCOS Execution of the initialization function Pre-Poll-Opening Activities
Pre-Poll-Opening Activities • Problems • No seal • Seal broken • Failure to power up • No power • Defective UPS or power supply • Failure of the initialization function
Poll Open – 7am to 6pm • PCOS Unit Failure • Malfunction due to: • Overheating • Component shutdown (no power) • Machine or any component “hangs” • Mitigation: • Rugged testing prior to election day • Backup plan • Procedures to employ • Escalation
Pre-Poll-Opening Activities or Poll Open – 7am to 6pm • Machine or component failure: • Backup unit delayed • What is COMELEC action?
Traditional Voter writes the names of candidates per elective position Automated Voters marks the figure across the name of his selected candidate Voting
Voting • Problems • Over-voting (votes will be disregarded for the affected position only) • Note: Under-voting is allowed • Smudges • Crumpling of ballot • Mitigation: • Voter education
Traditional Voter folds the ballot and drops it into the ballot box Automated Voter “feeds” the ballot into the PCOS If PCOS is integrated with ballot box, ballot is automatically dropped into ballot box If PCOS and ballot box are independent units, voter drops the ballot into the ballot box Casting
Casting • Problem • PCOS rejects or does not “read” the ballot • Cause for rejection • Crumpled or folded • Overly smudged • Fake • Machine failure • Mitigation – voter education • Not to crumple or fold ballot; avoid smudging • Accept ballots only from BEI • Machine Failure: COMELEC should institute actions to be taken by BEI and Tech Support
Traditional Manual count, stick counting. Guided by the Rules on Ballot Appreciation, a member of the BEI shall read the name of the chosen candidate for a particular position. Another member shall record by stick mark (taras) the vote for a particular candidate on the tabulation form posted on the wall of the precinct while the third member of the BEI records the vote for a particular candidate on the Election Return (ER). Automated PCOS count. A function in the Precinct Count Optical Scan (PCOS) will be executed by the BEI after closing of polls. The count shall be done internally and without public view/review of the ballots. PCOS program component will “read” the marks on the ballot in order to count the votes. Counting
Counting • Counting is away from public view. If the hardware/software is rigged, the result of the machine count may not be faithful to a hand/manual count. • The program to “read” the marks could “misread” the marks. Or it could be designed to actually “misread” the marks.
Counting • Mitigation: hardware/software audit prior to deployment to 80,000 PCOS units and another 2,000 PCOS units that will serve as backup. Ensure same software copy is deployed.
Traditional The ER is prepared manually in seven copies. The ER is signed and thumbprints affixed. A copy of the ER is posted on the wall of the precinct. The rest of the copies of the ERs are distributed accordingly. Automated The ER is prepared using the PCOS. First eight (8) copies of the ER is printed and signed and thumbprints affixed. The electronic copy of the ER is digitally signed and encrypted. A copy of the printed and signed ER is posted on the wall of the precinct. Election Return
Election Return • Problems • ER is prepared/generated by PCOS • Printout could be different from ER copy stored in PCOS • RFP does not specify a way to verify • Printing failure • Mitigation • Testing and pre-audit of PCOS
Traditional The ballots and ER are placed in the ballot box. The ballot is then transported to the City or Municipal Board of Canvassers. Automated The ER, precinct statistical report, and PCOS audit logs shall be transmitted electronically to various destinations, including but not limited to the city/municipal Computerized Canvassing System (CCS), central server, and various parties. Transmission
Transmission • Assurance that the transmitted copy is the same as those earlier printed and manually signed then posted on the precinct door? • Mitigation: immediate posting on a publicly accessible website. Poll watchers can then immediately download the web copy and compare with the one posted on the precinct door.
Transmission • Problem • Inability to establish connection • Failure to transmit • Poor or no telecommunications infrastructure present in the locality
Transmission • Problem • Signal interception or data hijacking. This would require sophisticated actions. The window is tight. Data shall be transmitted to multiple destinations at (almost) the same time. If signal interception or data hijacking is successful, spurious data could be injected.
Traditional Manual tallying and preparation of SOV and COC at each level Automated Canvassing computers at each level shall tally the votes and shall be used to generate the SOV and COC. Canvassing
Canvassing • Problem: • Canvassing software could be rigged such that votes for a particular candidate could be padded or shaved.
Certification • BEI and BOC cannot certify to the correctness/accuracy (ER, SOV, COC) of the results/reports generated by the PCOS and Canvassing Computers • BEI and BOC can only certify that the printouts are generated by/from the machines
Web War I • Estonia: World’s most wired nation • April 27, 2007: CyberAttack • Denial of Service Attack • Attack came from various servers from South America, Europe, Asia • Swamped the websites of Estonia’s private and public organizations
Denial of Service Attack • An attack similar to the Estonia attack could be launched on May 10, 2010 and paralyze the telecommunications infrastructure thus preventing the transmission of the Election Returns, PCOS audit logs, and precinct statistical data.