The Technical Violations of the

SMARTMATIC-TIM AES Contract to

RA 9369

By: Ma. Corazon M. Akol

Transparentelections.org.ph
1. Digital Signature – Sections 22, 25 & 30

Sec. 25:
• The Bid Bulletin No. 10 dated 27 April 2009 of COMELEC also
contained the following clarifications :
• Question/Issue: The Consolidation and Canvassing System
shall allow the BOCs to digitally sign all electronic results
and reports before transmission. Please specify your
requirements for the digital signature.

Answer/Clarification : The digital signature shall be assigned by

the winning bidder to all members of the BEI and the BOC
(whether city, municipal, provincial, district). For the NBOCs,
the digital signatures shall be assigned to all members of the
Commission and to the Senate President and the House
Speaker.
The digital signature shall be issued by a certificate authority
nominated by the winning bidder and approved by
COMELEC.
 Digital Signature Required By Law
The Omnibus Election Code or Batas Pambansa 881 (BP881)
mandates that the election returns be signed by the Board of
Elections Inspectors (BEI) and the certificate of canvass be
signed by the Board of Canvassers (BOC). Republic Act 9369
mandates that the election returns and certificates of canvass
be digitally signed prior to transmission for these election
reports to be used to proclaim the winning candidates. The
RFP for the Automated Election System for the 2010
National Elections, as clarified in Bid Bulletin No. 10,
required digital signing as one of the features.
The Smartmatic PCOS and CCS do not have the proper hardware and
software for digital signing of the election documents ( ER, SOV, COC,
etc) by authorized members of the BEI and BOC as required in the Law
and the Comelec Terms of Reference, specifically, the Smart- Card-
Reader – Writers nor programs to support the smart cards for digital
signing
The reply by COMELEC Consultant, Mr. Renato Garcia on the issue of the
missing Digital Signature:
“ During final project implementation and customization of the system,
En Banc decided based on the Advisory Council recommendation that the
machine digital signatures, the BEI Chairman iButton and the 2 BEIs
passwords were sufficient authentications for the transmittal of ERs
and COCs, compliant w RA9369. Personal digital signature systems were
not locally available and the government had not at that time
established the structure and system for accreditation and
certification. To use Verisign at $25 per BEI for example would not
provide official local authentication. The cost at that time was
outrageous. The BEIs were also unprepared and would be required to
enter their selected encrypted personal PINs, which personal digital
signatures would then have to be configured into each machine 3 months
before election. Today, personal digital signature applications are being
piloted by DOST and may cost less than $5 per BEI. Since DEPED
appointments of BEIs are made only a few months before election
(subject to frequent changes up to election day), this today remains
an operational challenge.  ”
However, Smartmatic’ s claim of using the machine digital signature
was discredited by both the Systest Labs Report and the Joint
Forensic team organized by the National Canvassing Board.
According to the Systest Labs Source Code Review – “no trace of any
encryption using SSL (Secure Socket Layer) , therefore no digital
signing”
In the Forensic Team Report:
• “Absence of Machine Digital Signatures.”
• “Examination of the PCOS machines revealed that there was no
evidence found to prove the existence of digital certificates in the
PCOS machines, contrary to the claims of Smartmatic. The
technicians of Smartmatic were not able to show to the Forensic
Team the machine version of the digital signature, alleging that they
do not have the necessary tool to show the same. More so, they
were at a quandary as to how to extract the said machine signatures
– to the dismay of the forensic team.”
• “If there are digital certificates then these were supposed to be
revealed. The forensic team tried to extract the digital signatures
but to no avail. Hence, the forensic team is of the opinion that there
exists no digital signature in the PCOS machine.”
• Upon careful review of the Financial portion of
Smartmatic-TIM’s Bid, there were no Funds allocated for
the digital signature. It can be concluded that
Smartmatic –TIM had no intentions of complying with the
requirements of RA 9369 and the RFP/TOR issued by
COMELEC

Therefore the Contract entered into by COMELEC with

Smartmatic-TIM should have been nullified.

How then can an invalid Contract be again renewed for

another similar Project – in clear violation of the
Procurement Act stated in RA 9184
2. Voter Vote Verification - Section 6 (e) and (n)

This feature, although available in the PCOS

model used in the U.S. was not included in the
PCOS used in the Philippines.
 3. Source Code Review – Section 14
.
This mandatory law provision addresses transparency and integrity
requirements. Although COMELEC with much long-drawn hesitation
allowed this, the procedure imposed was not free and unfettered as it
should be. The reason could be because the owner of the Technology
was Dominion Voting of Canada.

CenPEG uncovered a “License Agreement between Smartmatic

International Corporation and Dominion Voting Systems” dated April 4,
2009. Essentially, Dominion Voting Systems, owner of the software that
would be implemented and used with the PCOS machines granted to
“Smartmatic a non-exclusive license, except for the Republic of the
Philippines, which shall be exclusive, to use and manufacture hardware,
software and firmware using Dominion’s Licensed Technology x x x “.
The Licensed Technology includes, among others, “All relevant
technology owned by Dominion required to market, sell and implement
PCOS technology (including all current and future versions of them),
specifically inclusive of PCOS hardware, all software and firmware
resident on the hardware, and EMS software, including Democracy Suite
EMS and Democracy Suite Image Cast PCOS.
The License Agreement further declares, “all related technology and
related IP remains the sole property of Dominion”.
In IT industry practice, a License Agreement is understood to
refer to a running of executable code (not the source code)
of software that will be implemented with a hardware.

Since Dominion, under the License Agreement, retained

ownership of the software, Smartmatic had no authority to
disclose the source code of the EMS and PCOS software for
review by interested political parties or groups.

Proof of this is the Dominion website which claims to have

done the Philippine Elections.

http://www.dominionvoting.com/field/philippines
4. Certification of Source Code Review : Sec. 11

Non-certification that the Source Code reviewed is one and the same
as that used by the equipment before and after the Final Testing and
Sealing of PCOS Machines on May 3, 2010
5. Fake Ballot Detection

The Law mandates an automatic and machine-effected, not a humanly

performed , detection mechanism of fake ballots by the PCOS as the
voted ballot is submitted for scanning. This feature was disabled
due to the problems encountered when the System was tested.
Apparently, during the ballot printing stage, there was a reported
massive splatter of the UV ink due to the uncontrolled vibrations of
a second-hand printer provided by Smartmatic. The fallback
solution to use manual UV scanners was at best done in the field by
50% of the BEIs. So there is a possibility that fake ballots could have
entered the System.
6. COMELEC Website
All Internet-transmitted municipal and provincial COCs and SOVs to the public access
website were made available for public viewing at the link:
http://electionresults.comelec.gov.ph on May 10,2010, and after several weeks was
removed. However, a group of IT Experts made a mirror image of this website for
analysis. This mirror website is available at
http://curry.ateneo.net/~ambo/ph2010/electionresults/index2.html
A study of the COMELEC public access website reveals evidence of large scale
transmission errors. Of the total of 76,472 precinct ERs, we have counted (using
computer programs to count) the following:

Precincts that have no ERs, possibly due to transmission failure 8,939 11.7%
Precincts that have too few voters (0-10), possibly FTS ERs 371 0.5%
Precincts that have normal (> 10) number of voters 67,162 87.8%

Total number of precinct ERs counted 76,472 100.0%

The disturbing fact is that of the 67,162 precincts with normal number of voters, 25,888
precincts or 38.5% have missing data in one or more candidate positions.
A normal ER, but with no data in one, two, or three candidate positions,
possibly because of partial failure of transmission, looks like this:
 7. Date & Time Stamps

Varying Timestamps On Election Returns:

Discrepancies between time and dates stamps of the audit logs of the
PCOS machines and that of actual transmission were noted in many
Election Results. Examples would be in the protest Cases of Former
Rep. Glen Chong of Biliran and Mayor Lito Atienza of Manila. A record
of these ERs are also included in the CenPEG and NAMFREL Post
Election Reports.
8. Technical Evaluation Committee Certification
A very critical transparency requirement is the certification of the system as to its integrity.
The Certification for the AES 2010 was incomplete and conditional since it carried with it a
long list of compensating controls-conditionalities (to qualify as certified) which in the end
were not in fact satisfied. NEVER HAS THERE BEEN A CONDITIONAL CERTIFICATION FOR
MISSION CRITICAL AUTOMATION SYSTEMS. A CERTIFICATION IS A BINARY STAMP,
EITHER THE SYSTEM PASSES OR FAILS CERTIFICATION. THERE IS NO SUCH THING AS
A CONDITIONAL CERTIFICATION FOR USE. IF THE SYSTEM WAS FOUND TO HAVE
SERIOUS FAULTS THEN IT SHOULD NOT BE USED IN A BINDING ELECTION. THE
SYSTEM HAD SERIOUS DEFECTS BUT STILL COMELEC USED THE SYSTEM IN SUCH A
NATIONAL MISSION-CRITICAL SYSTEM AS THE PRESIDENTIAL ELECTIONS OF 2010.
THIS ACTION COMPLETELY DEFEATED THE VERY RATIONALE OF PUTTING THE
CERTIFICATION PROVISION IN RA 9369 AND IS THEREFORE A BLATANT LAW
VIOLATION.
Seven components were not certified: five of them are either critical or very critical to the
integrity of the system. The very critical components are the central server system and the
ballot production tool. One with medium criticality is the back-up central server system.
The two critical components not certified are the election system DNS server and the PCOS
modem firmware. The remaining two non-critical components that were not certified are the
public website and the KBP server systems.
Even if all the compensating controls were put in place and tested before election day, the
7 components above should have barred the issuance of certification.
In the end, the system used on election day was uncertified and therefore illegal.
Due to the need to change the CF cards in the field a few days before Election
Day, it was impossible to do re-certification (which is a mandatory need) in the
few days before Elections.
 9. Security of the System

Unsecured Communication Port

During the demonstration conducted at the Smartmatic Warehouse in
Cabuyao, Laguna, an unsecured communication port was found in each
PCOS machine used during the demo. The unsecured communication
port allowed another computer to be connected to the PCOS machine.
The PCOS machine could be accessed directly using the computer
connected to it without need to enter a username-password combination
or any type of access challenge. The unsecured communication port
offers an opportunity for tampering of the software and data in the PCOS
machine.
 Violations of RFP-TOR

1. CF Cards- Not WORM Technology

From Bid Bulletin No. 10:
Question/Issue: Can the Comelec provide clarification on what
Comelec deems “closed” with respect to the removable storage
device
Answer/Clarification:
The storage device should not allow anymore writing of data after one
back-up operation.

• This refers to the capability of the medium-: Write Once,

(to prevent writing on the medium again and thus making
it tamper-proof) and Read as Many Times as needed.
(WORM )…Obviously the CF cards were not WORM
Technology.
 2. PCOS Scanning Accuracy-99.995%
Bid Bulletin No. 10
Question/Issue:
In total, how many ballots should the vendor provide for each precinct in the
technical evaluation, and should these ballots be blank, or should they be voted
in any particular pattern
Answer/ Clarification:
For the demo system, the bidder shall provide the number of ballots needed to
show 20,000 marks. Please take note that “at least 99.995%” accuracy rating will
be evaluated as I error from 20,000 marks. In addition the bidder must provide
1,100 blank ballots. Except for the 1,100 blank ballots, the ballots for the demo
system following the Demo Model shall be pre-accomplished manually by the
bidder prior to the conduct of the Systems Evaluation.

Apparently the certification that all the units of PCOS machines delivered
had 99.995% accuracy rating was not done. The report of PPCRV and
Comelec in the Random Manual Audit was 99.6%.
 3. Marks Allowed X and Check
Question/Issue:
If the ballots will be manually marked by a committee, what are the criteria
for judging whether a given mark should be interpreted as a vote for the
specified candidate in relation to mark characteristics such as mark
density and percentage of of target filled by the mark.
Answer/Clarification:
The machine should be able to recognize a check mark, an X mark, a full
shading of at least 50% coverage as a valid vote.

Smartmatic changed the specs and did not allow the X and check marks
but just accepted the shading of the ovals .