Featured Post

MABUHAY PRRD!

Saturday, January 19, 2013

Unacceptable violations


Strategic Perspective 
René B. Azurin

VIOLATING ITS own specifications seems perfectly acceptable to our Commission on Elections when that favors its beloved automated election system supplier Smartmatic. Those violations, however, seriously endanger the integrity, transparency, and credibility of our elections and should therefore be totally unacceptable to us.


Among several recent contracts bestowed by Comelec on foreign supplier Smartmatic -- Smartmatic did not even bid for this one -- is one for the supply of 82,200 CF [compact flash] memory cards (for the negotiated price of 45 million). On those cards will be written the instructions to Smartmatic’s PCOS [precinct count optical scanner] machines on how to read the ballots fed into them. Those CF cards represent a clear violation of Comelec’s own Terms of Reference (TOR) as written in its formal Request for Purchase of an automated election system. Those cards are not the WORM [write once, read many] memory storage devices specified in the subject TOR. CF cards can be written over and are thus “write many” (not “write once”) devices.


That should never have been permitted. Indeed, former Comelec IT department head Ernie del Rosario says, “Smartmatic should have been disqualified outright in the 2009 bidding for this unmet mandatory requirement. Instead, Comelec allowed the spec violation then and it is allowing it again now. We are being hounded by the same problem a second time. The CF card is not and can never be an equivalent of a WORM storage device. It is a rewritable medium.”

Now why is this so important? Having a WORM storage medium means that new lines of code cannot be written into the device after the original instructions have already been written into it. That prevents the “rewriting” or altering of the original instructions. That is the reason why the original TOR for an automated election system specifically mandated a non-rewritable device.

To explain. Wholesale dagdag-bawas (add-subtract) can be done electronically simply by introducing the appropriate extra lines of programming instruction onto the memory card of each voting machine. This can be done if the storage medium is not a WORM device. Moreover, this can be done at any time before polling starts on election day because the extra code can be written so that it is triggered only at the time actual counting begins (meaning, it remains inactive while testing or “zeroing” runs are done). A reasonably careful programmer will also write instructions for the malicious code introduced to erase itself (and any traces of what it did) once the poll results have been transmitted.

In fact, in the HBO documentary “Hacking Democracy” (by Russell Michaels, Simon Arrdizone, and Robert Cohen), Finnish computer security expert Harri Hursti provided a “live” demonstration of how this can be done. Given access only to a single memory card (like Smartmatic’s CF card), Hursti did a simple “one-step hack” of the Diebold optical-scan voting machines -- similar to Smartmatic’s PCOS machines -- using just five lines of code. These lines caused the addition ( dagdag) of votes to one candidate and the subtraction ( bawas) of the same number of votes from another candidate. The Florida election supervisor who observed the demonstration said that the “hack” left no traces.

Notably, in its own study of the automated systems used in US elections, the Center for Information Technology Policy at Princeton University found that such systems (of the Smartmatic type) are “... vulnerable to extremely serious attacks... [and that] an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates.”

Rewritable memory devices constitute an already unacceptable security fault and should have caused the Comelec to immediately reject Smartmatic’s system. But there’s more.

Another spec violation that Comelec has permitted its favored Smartmatic is the publicly accessible console port on the PCOS machine. That open port is not supposed to be there at all, per Comelec’s TOR. That open port is a security hole of monstrous proportions. Basically, it allows anyone with a laptop to readily access the machine’s operating system. This makes possible easy tampering with the software code, the election results, and the audit logs. It should be pointed out that, once the PCOS machines leave their (supposedly) secure warehouse for transport to their designated polling places, these will be accessible to a countless number of people, from election personnel to anonymous transport workers, at least for the, say, two minutes or so needed to introduce malicious software into the machine.

And how about the performance of the PCOS machine itself? Comelec’s TOR says its counting accuracy should be at least 99.995%. Significantly, in Smartmatic’s own product demo (conducted before the committee on suffrage and electoral reforms of the House of Representatives) last August -- done precisely to demonstrate how supposedly good the machine was -- the PCOS machines used failed miserably to meet the required accuracy specification. In a mock presidential election, the Smartmatic’s machine’s accuracy was only a measly 93.757%, a far cry from 99.995%. The 6.243% error translates to some 2.8 million votes.

Further, in an apparently deliberate attempt at deception, Smartmatic tried to fudge these accuracy figures in its public report on the demo and Comelec seemed complicit in this deception by ignoring it. Fortunately, this shameless effort was immediately obvious to many knowledgeable observers (like Dr. Felix Muga II of Ateneo University’s mathematics department). By the way, the unacceptable 93.757% accuracy level was achieved in a product demo under ideal conditions, in a clean, air-conditioned, power supply-uninterrupted environment. It should be mentioned that, thus far, Comelec has not allowed local IT experts to conduct a full-blown testing of the Smartmatic machine, especially under field conditions.

So, what gives? Our Comelec is clearly acting like a stooge of foreign supplier Smartmatic, bending over backward to accommodate whatever Smartmatic wants. To what end?, we should ask. Honest, transparent, and credible elections? Ha ha. Ah, hmmm, well, maybe the Filipino people will let themselves be fooled a second time.


No comments: