PARISH PASTORAL COUNCIL

FOR RESPONSIBLE VOTING

29 August 2023

TO OUR DEAR PPCRV COORDINATORS AND VOLUNTEERS,

Over the past many months, the public has been receiving reports from
groups and individuals assailing the 2022 elections as “rigged”. The attacks
centered on the following issues:

1. The use of one IP address.

2. The surge in the transmission of Election Returns (ERs) during the two
hours after closing of the polls.
3. The use of the “Man in the Middle” (MITM) in the transmission of Election
Returns to the Transparency Server insinuating manipulation of the
election results.

Since the issues were communicated in “technospeak”, which to the

ordinary person would be difficult to understand, your Board has decided to explain
these and respond to the accusations in a language which we, as laymen, can
understand.

As PPCRV volunteers who diligently and selflessly tried to protect the

people’s votes and to ensure a CHAMP election, your Board owes it to you to refute
the claims that cloud the legitimacy of the 2022 elections. This report may be a bit
long but we indulge your patience for the sake of clarity, truth and justice.

Therefore, allow us to present these to you in Q and A format.

Page 1
1. Can we use one Private IP address?

Yes, you can use one public or private IP address for your network, and also one
IP address across multiple devices in various networks and this is made possible
by the use of a technique called Network Address Translation or NAT. It is a
legitimate technique used by corporations, service providers and telcos. They use
these private IP address blocks multiple times across their networks. Network
users can also use these private IP address blocks. There is nothing illegal about
this technique and it is a very common way to preserve and optimize IP addressing
practiced across the world. Internet service providers such as Globe and PLDT
have confirmed that they use NAT and private IP addresses to provide connectivity
to its customers. They also confirmed that they used NAT to provide connectivity
for the VCMs for the transmission of Election Returns. Globe and PLDT’s
confirmation of its use of NAT are attached.

Why is NAT used? When the Internet was conceived and put in place, its creators
thought that 4.3 billion IP version 4 (IPv4) addresses would be enough (it’s
4,294,967,296 to be exact). That’s for all devices around the world. They did not
plan for a scenario like we have today where devices like mobile phones, tablets,
televisions, refrigerators, CCTV cameras, etc. have IP addresses. There are
billions of devices connecting to the public Internet and there are not enough IPv4
addresses to cater to the requirements of all these devices. According to Statista,
there are 153M mobile subscribers in the Philippines. That’s only in our country.
There are other countries in the world that have devices that need IP addresses.
NAT is used so that private address ranges IP can be assigned or used by multiple
organizations to get access to the Internet, and it can decide its own network and
IP addressing design within its own private network including how many devices it
can attach to it.

As a side note, 192.168.0.X with X being any number (between 0 and 255) to be
assigned by a network manager, is a very common default IP address in many
newly bought devices. It is also a commonly used private IP address range used
for local networks or segments. Check your Wi-Fi networks at home and it is likely
using this IP address range.

2. What is a Man in the Middle (MITM) Attack?

Does the use of a single private IP to connect to the Internet, or the appearance of
a common Private IP address used across many devices, for example 192.168.0.2
automatically mean there is a “Man In the Middle” attack?

The re-use of private IP addresses is not indicative of a Man In the Middle attack
on its own. Using NAT to share an IP address among devices via a network router
is a standard networking practice, whereas a Man In the Middle attack is a security
breach. The two concepts are not the same.

Page 2
 A Man in the Middle attack can happen to any network no matter what IP address
or technology is used. The aim of a MITM attack is to maliciously intercept and
alter communications between a sending and receiving party without their
knowledge. Thus, in our election, the very real proof of a Man in The Middle
attack is when results we see in physical ERs that are printed before
transmission when compared with the results received by the Transparency
Server (and other downstream servers, for that matter) AFTER transmission
has a discrepancy.

3. How did we ensure that there was no Man in the Middle Attack in our 2022
elections, or any other automated election?

This is the whole point why PPCRV volunteers take great pains to collect the
physical 4th copy of the Election Returns (ERs) on election night. The 4th copy
represents election returns printed BEFORE transmission of our ERs, from
across the country. Our PPCRV volunteers do their best to collect as many of
these physical ERs across all precincts nationwide whether they be in city centers,
or rural areas. In 2022, these physical ERs were then sent to our Command Center
(located at the University of Sto. Tomas) so that we can then compare these to the
digital ERs sent and transmitted by the Automated Election System (AES) to the
Transparency Server. This is to make sure that NOTHING HAS CHANGED in
national positions President, Vice-President and all Senatorial votes
BEFORE AND AFTER Transmission to the Transparency Server.

In 2022, we had verified 89,260 election returns collected, at 99.84% match rate.
This process is called the Unofficial Parallel Count. All accredited media outlets
including Rappler, Inquirer, GMA, Philippine Star, the Kapisanan Ng Brodkasters
ng Pilipinas were freely given access to the Transparency Server. They were free
to do their own analysis of the results they gathered from the Transparency Server.
Aside from the Media, there were the Majority and Minority political parties who
also had access to the Transparency Server and saw the same data that the
PPCRV saw. They, together with their own technical experts, looked out for any
anomalies or irregularities. Should we not wonder why no political party and their
experts complained that the results of the ER’s before transmission did not match
the transmitted results from the Transparency Server? What did the Man in the
Middle attack do then if the results before and after transmission were the same?

4. Was there a Man In The Middle Attack or in effect, an alteration of the results
before and after transmission? Was there Dagdag-Bawas?

PPCRV’s Unofficial Parallel Count Activity showed no signs of a “Man In The

Middle” attack. There was also no complaint received by the PPCRV from any
media organization, or proof provided by any organization or even individuals, that
the final results changed from alteration of ERs from the precincts to the servers.
Those who advance the Theory that there was intervention in the transmission of

Page 3
 the votes have the burden of proof to support their theory. Talk must be supported
by proof. Evidence is the best proof to validate any claim or accusation. Mere
accusation is not proof of fraud. If somebody should raise concerns such as these
then we would be the first to investigate.

The Majority Political Party, the Minority Political Party, and Accredited Citizens
Arms were all given ER copies 1 to 8, or so-called Pre-Transmission copies. The
eighth copy is posted on the wall or door of a precinct where any citizen can take
a photo for their own use. Anyone can compare this pre-transmission copy to
publicly published results. Anyone can audit, and political parties could have
definitely audited as a matter of due diligence, their own pre-transmission returns
against published post-transmission results from any of the Servers made available
to the public.

After Transmission, 23 or more copies were also distributed to those interested

parties who had previously applied with the Comelec, usually local party
representatives and interested local organizations.

With the hundreds of thousands of ER copies out there with the public, as well as
our own Unofficial Parallel Count with our own collected ERs, we received no
complaints, let alone proof, of massive inconsistencies between printed ER results
before and after transmission. Our physical ERs collected before transmission
compared with the after transmission digital transmission had a match rate of
99.84%.

5. It was so fast! Can you really transmit ERs within 30 minutes?

It is very possible that VCMs can print 8 copies of the ERs, and then hit the send
button to transmit these in 30 minutes. Some quarters have questioned the speed
of transmission to the Transparency Server. An election board officer, usually a
teacher, can print 8 pre-transmission copies as a first step, and hit the send button
within 30 minutes after close of the polls at 7PM. This process may differ among
precincts, thus there are differing time stamps, but these activities are done under
the watchful eyes of poll watchers and other members of the public who have
differing interests in closely observing any attempt to divert from the process.

The PPCRV did log timing analysis on these time stamps of VCM Transmissions.
This means that we looked at the VCM IDs in log files, got the corresponding times
of send, and matched these against the logs and times from the results file of the
Transparency Server for added measure.

A large number of precincts were able to transmit the ERs to the transparency
server within 30 minutes after closing of the polls. The timings of the transmission
when compared to the transmission logs matched accurately. This explains the
build-up of transmissions during the first two hours after the closing of the polls.

Page 4
 Please note that ER transmissions are composed of small amounts of data. The
VCM does not transmit individual votes. A single Tiktok video has more data than
an election ER and we simultaneously stream and consume a lot of that
concurrently.

6. Garbage In Garbage Out as others say.

We believe votes are Sacred. PPCRV volunteers took great pains to observe
elections and collect as many ERs in the tens of thousands on election night across
cities, mountains and seas, by plane, by foot, cars, horses, tricycles and whatever
way we can find to get the election returns to the Command Center at UST. We
assure you, pre-transmission ERs are a solid source of data to compare to any
transmitted data. It is NOT garbage in. They are sacred votes painstakingly
collected for the protection of our elections now and in the future. We have used
this process since 2010, to ensure that no Dagdag-Bawas happens in Cyberspace.

It would be prudent and fair to all voters and volunteers, certainly to our democracy,
for any party to show proof that a Man In The Middle attack occurred that altered
results, before alleging so, by showing ERs that changed during transmission, that
would have then altered results. The PPCRV has physical evidence and match
rates, to show that results were not altered during transmission in 2022 to
change overall results. Can the parties making accusations of fraud show
any tangible proof of fraud?

Had PPCRV seen any alterations or cyber-attacks during transmission, we

would have been the first to denounce such, we did not see this in 2022.

7. For the Geeks among Us.

This is a rather technical list but there are many other ways your votes were and
are protected during an election. Just for FYI, but this can also be verified as well
by media, political parties and poll watchers who were part of the process in 2022.
We should always make sure these are present in any election cycle. That:

a. All transmitted election return data are encrypted end-to-end during

transmission.

b. Digital Signatures and keys were used to ensure that data was sent only by
authorized VCMs and Election Board officers to authorized servers.

c. A local source code review was performed wherein many political parties
and observer groups participated. A Hash Code was also created for the
Election Software, which cannot be changed and is proof that the software
used on election night was that which was reviewed by political parties and
third party auditors prior. The Software and Trusted Build is also deposited

Page 5
 and locked (witnessed by media and citizens arms) in a vault of the Central
Bank in case any formal protest is filed thereafter.

d. Final Testing and Sealing (FTS) was conducted between May 3 and May 7
nationwide, in the view of the interested and accredited public, that ensures
the proper functioning of the VCMs prior to election day. Hash codes can
also be verified on that day. Hash codes are also printed in every election
return to identify the software used is the same one as that which had been
reviewed by political parties, accredited citizens arms and third-party
auditors during the Source Code review, trusted build and hash process.

e. All major telecommunications companies also prepared along with the

Comelec to ensure the proper transmission of our votes. They were part of
the planning process.

f. Results from the Comelec public access website and the transparency
server were compared to ensure there was no discrepancy. There was
none. We did this at PPCRV.

g. A Timestamp Analysis on logs were done to match timestamps of sending

VCMs and receiving Transparency Server. We did this as well in PPCRV.

This may be a bit long but we in the PPCRV Board of Trustees are obligated to
spare you, our beloved coordinators and volunteers from confusion and anxiety
brought on by unsubstantiated accusations and unproven allegations regarding
NLE2022. So that with facts and material evidence that we hold, we can together
fearlessly spread the truth and defend what is fair and right in our electoral process.
With the same faith on fire that impelled PPCRV to guard the ballot election after
election, we make our voices heard now for love of God and country, and the hope
PPCRV can generate for authentic democracy to flourish today and in all our
tomorrows.

PPCRV Board of Trustees

Page 6
(sgd.) (sgd.)
MS. EVELYN R. SINGSON AMB. HENRIETTA T. DE VILLA
Chairperson Chairperson Emeritus

(sgd.) (sgd.)
MR. RAMONCITO S. FERNANDEZ MR. DIOSCORO V. OCHANGCO JR.
Vice Chair for External Affairs Vice Chair for Internal Affairs

(sgd.)
ATTY. JOSE VICTOR EMMANUEL A. DE DIOS
Treasurer

Trustees:

(sgd.) (sgd.)
MR. HENRY RHOEL R. AGUDA MR. ROMMEL P. BERNARDO

(sgd.) (sgd.)
MS. MARIA AGNES A. GERVACIO MS. JANICE R. HEBRON

(sgd.) (sgd.)
MSGR. JULIUS PERPETUO S. HERUELA FR. DAVID L. PROCALLA

(sgd.) (sgd.)
MS. MA. ANA DE VILLA-SINGSON DR. ARWIN A. SERRANO

(sgd.)
MOST REV. ROLANDO J. TRIA TIRONA, OCD, DD

(sgd.)
DR. WILLIAM EMMANUEL S. YU

Page 7