COMELEC: A Question Of Confidence
Upcoming SlideShare
Loading in...5
×
 

COMELEC: A Question Of Confidence

on

  • 1,317 views

 

Statistics

Views

Total Views
1,317
Views on SlideShare
1,260
Embed Views
57

Actions

Likes
0
Downloads
10
Comments
0

2 Embeds 57

http://joeydevenecia.com 56
http://translate.googleusercontent.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

COMELEC: A Question Of Confidence COMELEC: A Question Of Confidence Presentation Transcript

  • Comelec: A Question of Confidence
    By Joey de Venecia III
    Senatorial Candidate & Spokesman
    on Poll Automation
    PwersangMasang Pilipino
    Presented at the Kapihansa Manila Hotel, May 3, 2010
  • D Day -- May 10, 2010
    One week from today, 50 million Filipino voters will head for their respective precincts to elect the next president, vice president, 12 senators, party-list representatives, and local government officials. This will be the first time that the Commission on Elections will conduct automated (AKA computerized) elections.
  • There are serious issues the Comelec needs to address
    The Comelec has not succeeded in winning the trust and confidence of the electorate for a number of reasons:
    The PCOS machines have failed or underperformed in a number of instances;
    The entire voting system appear to have numerous pitfalls/shortcomings; and
    It is not clear if cheating – in the form of digital dagdagbawas – can still take place.
  • COMELEC & the AES
    Evaluation
    COMELEC has been trying to create this link without any success
    Source Code Review
    Assurance
    Stakeholders
    (PUBLIC)
    CONFIDENCE
    THE MISSING LINK
    Automated Electoral System
    RISKS
    Systems
    Concerns
    Countermeasure
    Minimize/
    mitigate
    risks
    By: DrexxLaggui
    Information Security Consultant
    The COMELEC has been unsuccessful in providing information on the AES to gain voter confidence
    • Release of critical documents were delayed giving the perception that they are hiding something.
  • Documents
    On Monday, April 26, 2010, 5:00 PM, The following documents were requested.
    On Friday, April 30, 2010, 3:00 PM, The following documents were received.
    • Systest Labs Report – promised to be provided on April 27
    • Technical Evaluation Committee (TEC) certification and report – promised to be provided today April 27
    • PCOS Machine Test Results (and the PCOS test procedures that generated these results)– promised to be provided April 27
    • Three (3) test results in particular: mean time between failures (MTBF); average rejection rate of valid ballots; and accuracy rate (given x test ballots, how many were miscounted, if any) If we can have full access to the reports per machine, we can do statistically analysis and have a good idea about the % of failures, ballot rejections, and count accuracy levels to expect on May 10
    • Random Manual Audit (RMA) Procedures – promised to be provided by April 27
    • Design Specifications – still to be discussed during en banc on Tuesday, April 27
    • Test Protocols – to be discussed during en banc on Tuesday, April 27
    • TEC Resolution 2010-002.pdf
    • Tabular Information 03 03 2010.pdf
    • Systest Source Code Review Readiness and Security.pdf
    • System Acceptance Test.pdf
    • Systest Certification Report Summary.pdf
    • RMA Resolution No 8873.pdf
    • PCOS Firmware Extract Hash 03 03 2010.pdf
    • Other Certifications.pdf
    • DOST Discrepancies Reports Analysis.pdf
    • Certification on Final Trusted Build.pdf
    • ANNEX J - TEC Compensating Controls.pdf
    • ANNEX G - Revised Continuity Plan.pdf
    • ANNEX F - TEC Validation and Verification Procedures.pdf
    Hard copy of the documents were received then converted to PDF format for proper distribution.
    Downloadable through Joey’s website:
    http://www.joeydevencia.com
    Remaining documents were promised to be given on Monday, May 3, 2010
  • IMPORTANT NOTE
    Of all the documents provided us by the Comelec, we consider the Certification Test Report for Source Code Review, Readiness and Security Testing the most important. This is also known as the SysTest Lab report.
    The copy of the report provided us
    had a potentially important page missing.
    • The report indicated the extent of the test performed on the system.
    • The report showed the strength and weaknesses of the system.
    • A statement in the SysTest Labs website says a comprehensive test was done
    to the system
  • COMELEC MATERIALS & THEIR SIGNIFICANCE
    Technical Evaluation Committee (TEC) certification and report
    • These certifications and reports are mandated by law.
    • Test Results on accuracy, security and quality of the system.
    • The Certification released to the public does not satisfy the requirement of the Law.
    • RA 9369 states: “"SEC. 11. Functions of the Technical Evaluation Committee. - The Committee shall certify, through an established international certification entity to be chosen by the Commission from the recommendations of the Advisory Council, not later than three months before the date of the electoral exercises, categorically stating that the AES, including its hardware and software components, is operating properly, securely, and accurately, in accordance with the provisions of this Act based, among others, on the following documented results:”
    PCOS Machine Test Results (and the PCOS test procedures that generated these results)
    • The test results show the basis for both COMELEC and Smartmatic’s acceptance of the system.
    • Smartmatic received the machines from their Chinese manufacturer.
    • What was the basis for accepting these machines?
    • COMELEC received the machines from Smartmatic.
    • What was the basis for accepting these machines?
    • There has to be some form of Test Data for both COMELEC and Smartmatic to accept these machines. None were provided.
    • The report should also show the strength and weaknesses of the system.
  • SYSTEMIC PITFALLS
    PCOS Machines
    • 82,200 PCOS machines & backup batteries purchased
    • 75, 471 precinct clusters
    • 6,729 spare PCOS machines available. ( 8.9% of the total number of clustered precincts )
    Memory Cards
    • 180,640 memory cards purchased.
    • Two Memory Cards per precinct cluster (one firmware, one data) yields a requirement of 150,942 memory cards.
    • 29,698 spare memory cards available. (39% of the total number of clustered precincts)
    • These cards could either be used for data or firmware.
    • Spare PCOS machines can be used to generate multiple ERs and store the corresponding data file to the spare memory cards.
    • Could be used as the basis when a candidate questions the results.
    • Could be used to switch the data card during transport.
    • These Compact Flash cards are small enough to cover with the palm of your hand.
    • Spare PCOS machines could be used to connect to the servers.
    • There is more than enough spare data cards to attach to the spare machines.
    • Identity and profile for these spare machines could be easily be configured.
  • SYSTEMIC PITFALLS
    • Disabling the feature to read UV markings.
    • The official COMELEC reason is “alignment problems.”
    • Empowering the BEI to control the fate of the Ballots.
    • To date, voters are unaware of how this UV markings should look like.
    • Disabling the voter verification feature which implements the provision of the law allowing the voter to confirm that the machine (PCOS) registered his/her choice.
    • Although it is very clear in RA 9369, the COMELEC decided solely to disable this function
    • RAs can only be changed by amending the law in Congress.
  • SYSTEMIC PITFALLS
    • The BEI will no longer be required to Digitally Sign the ERs.
    • The Digital Signature will automatically be embedded by the PCOS machine.
    • This contradicts the original General Instruction document released by the COMELEC. Although a revised GI was released to reflect this change.
    • All Digital Signatures were prepared and generated by Smartmatic/COMELEC.
    • The Comelec has removed another significant security feature which makes it possible to transmit data from other PCOS machines without the presence of any BEI member.
  • SYSTEMIC PITFALLS (CCS)
    Audit Functionality
    Several of the logging functions in the Smartmatic CCS project appear to omit the inclusion of the time and date from the logged messages. These functions are accessed throughout the system as logging functionality is required. This apparent omission may result in audit log entries without complete date and time information being included as part of each individually logged message. (Page 18, Certification Test Report for Source Code Review, Readiness and Security Testing, Rev 1.06, Feb 9 2010, Systest Labs)
    • The CCS (Consolidating/Canvassing System) will be the basis for protests. Just like during the manual voting days wherein the COCs were the basis for electoral protests.
    • With the absence of time and date logs, records & results can be accessed during and after elections without the public knowing the time and date they were accessed.
    • Systest Labs even acknowledges this problems stating “it is however, an impediment to an accurate re-creation of election actions, should the need arise.”
  • SYSTEMIC PITFALLS (CCS)
    Security Functionality
    SysTest's processing of the Dominion EMS source code through the Parasoft tool application, however, indicated that there are possible susceptibilities to SQL injections within the Dominion EMS…Several instances were found to exist in which user-entered data-related commands may be submitted to the database in such ways that the implemented protective coding may be bypassed. (Page 19, Certification Test Report for Source Code Review, Readiness and Security Testing, Rev 1.06, Feb 9 2010, Systest Labs)
    • This simply states that it is possible to make changes to the database bypassing the implemented security measures.
    • Remote operations on the database is possible.
    • These injections are actual database related instructions that can manipulate data stored in the system.
  • SYSTEMIC PITFALLS (CCS)
    Security Functionality
    It was also determined that, in at least one instance, encryption keys were found to be explicitly coded into the source code of the system. That encryption keys were discovered within the source code could potentially make them available to anyone that might have access to the executable binary version of the EMS application.(Page 19, Certification Test Report for Source Code Review, Readiness and Security Testing, Rev 1.06, Feb 9 2010, Systest Labs)
    • Encryption Keys provide added security features to the system by turningvarious data into unreadable format.
    • Any threat to the system (such as hackers) have basically their work cut out for them making it faster to access the system.
  • SYSTEMIC PITFALLS (CCS)
    Other Functionality
    Mixed mode operations may have risks involved if the value being converted is of a floating type, and it is converted to a decimal type, thereby potentially losing precision, or if the type being converted is assigned to a type implemented as a smaller variable type, in what is known as a narrowing conversion..(Page 20, Certification Test Report for Source Code Review, Readiness and Security Testing, Rev 1.06, Feb 9 2010, Systest Labs)
    Type of Variable is Integer
    • Programming languages require you to define the type of numerical value of all variable that will be processed. (i.e. Decimal, Integer, etc.)
    • Converting types during program execution could affect the values during the conversion process (round up, round down, etc).
    • This could be a threat especially when dealing with number values in the millions range.
  • SYSTEMIC PITFALLS (PCOS)
    Audit Functionality
    It appears that multiple entities may have the possibility of writing to a single log file using class method logFile.LogMsg() without clear controls over ownership of the file handle, or clear comments indicating that that is the single audit logging thread….. It is however, an impediment to an accurate re-creation of election actions, should the need arise.(Page 21, Certification Test Report for Source Code Review, Readiness and Security Testing, Rev 1.06, Feb 9 2010, Systest Labs)
    • The appears to have the same issues as the CCS
    • The log file could be overwritten thus clearing the previous log records.
    • Could be a challenge in re creating events as mentioned in the report.
    Ballots
    A few instances were found where the source code did not include checks for the possibilities of vote count variables being overflowed. Numeric variable overflow is possible if the value assigned to the variable becomes more than the maximum permitted value for the numeric type of the variable. The risk can only become manifest if a large number of votes are processed through a single PCOS.(Page 22, Certification Test Report for Source Code Review, Readiness and Security Testing, Rev 1.06, Feb 9 2010, Systest Labs)
    • This states that the PCOS machine can generate more votes than the prescribed amount.
  • Digital Dagdag - Bawas
    • Majority of the findings in the Systest Labs Report have been tagged as either Major or Minor
    • Statements like “the implementation of manual processes and procedures will further mitigate any potential issues” are frequently used in the document to downplay the gravity of the findings.
    • Relying on manual processes to address shortcomings of the system contradicts the entire idea of AUTOMATION.
    • Issues creating opportunities for Digital Dagdag – Bawas
    • CCS Security issues allow database manipulation.
    • Adding and removing records in the database.
    • Log issues will make make it almost impossible to recreate events when needed.
    • Significant amount of Backup Memory Cards in tandem with the spare PCOS machines can be used to generate ERs.
    • Lack of Test Data for the 48,000 modems makes the transmission of ERs questionable.
    • Could create the scenario to transfer Data Card to a different machine for transmission due to modem failure.
    • Switching of Data Cards is always possible once it is removed from the PCOS machine.
    • Could create the scenario to send the ERs manually.
    • Cannot discount the fact that there are still 5,000 signal jammers at large.
  • Digital Dagdag - Bawas
    • Issues creating opportunities for Digital Dagdag – Bawas (cont’d)
    • Alignment issues (as demonstrated and confirmed in the UV marking controversy) could result to significant Ballot rejection.
    • There is no certainty at this point that the alignment issues applies to the names and ovals in the Ballot.
    • Digital Signatures of the BEI are no longer required by the PCOS in order to transmit the ER.
    • Allows any PCOS machine to transmit ERs without any BEI officer present.
    • There are 6,726 spare PCOS machines on standby.
    • There are 29,698 spare memory cards readily available.
    COMELEC – SMARTMATIC - TIM
    Voting
    Transmission
    Canvassing
    With the COMELEC having absolute control and access to the entire Voting System, it should truly secure this and ensure honest elections.
  • Notes on Digital Dagdag - Bawas
    Of the 48,000 voting centers nationwide, only 36,000 have been surveyed for signal, power, etc.
    Only 48,000 field technicians were recruited to handle 75,471 machines to be used on election day
    Comelec assigned only 438 trainers to train 260,000 Board of Election Inspectors (1 trainor for every 593 BEIs)
  • Notes on Digital Dagdag - Bawas
    There are only 48,000 modems for the 75,471 PCOS machines.
    • For all the SIM cards to be used in the elections, Smartmatic generates passwords, issues digital certificates, verifies the certificates, and operates the machines. This is like merging in a single person the functions of accountant, cashier, auditor, operator and vendor!
    • Data centers are in secret locations which the Comelec refuses to reveal to the public. This is equivalent to conducting a canvass in a secret place only the Comelec and Smartmatic know
  • RECOMMENDATION
    To request the COMELEC for full transparency in the steps taken in addressing the findings indicated in the Systest Labs Report.
    To request the COMELEC for full disclosure on how spare PCOS machines and CF cards be secured against misuse.
    The COMELEC should educate the voters on how the UV Markings look like.
    Discolose features of the PCOS machines that can be configured without modifications to the software.
  • Thank You