Philippines: Building the Electronic Counting System
National Standards; Legal and Procedural Framework
Last updated on December 17, 2013
The Election Modernization Act, which amends certain sections of the Philippines Omnibus Election Code, provides the legislative framework and standards for the use of an automated election system.62 The legislation was developed with input from relevant civil society organizations, including citizen election observation groups such as the National Citizens’ Movement for Free Elections (NAMFREL), which was primarily gathered through technical working groups set up in the two legislative chambers. In practice, there were some elements of the law that were not consistent with the move to automation. However, most stakeholders noted that the law generally provided a solid legal foundation upon which to conduct automated elections.
In preparation for the May 2010 elections, the COMELEC issued general instructions (GIs) for its precinct-level poll workers (Board of Election Inspectors, or BEI) on implementing voting and counting processes, as well as the transmission of results.63 Other procedures, including rules of procedure for resolving disputes arising from automated elections, were promulgated by the COMELEC.64
In addition, several governmental bodies were established to provide advice, oversight and technical assistance to COMELEC throughout the development, preparation and conduct of electoral processes.
The COMELEC Advisory Council (CAC) – which consists of nine members from government, academia, the ICT field and civil society – was tasked with recommending the technology, identifying potential issues, participating in the procurement process and conducting an evaluation of the AES after its use. The Technical Evaluation Committee (TEC) – which consisted of leaders from government, industry and civil society – was established to certify categorically that the AES, including its hardware and software components, was operating properly, securely and accurately. Two legislative committees, the House Committee on Suffrage and Electoral Reforms and the Joint Congressional Oversight Committee on the Automated Election System, provided legal oversight for the electronic counting system. The Joint Congressional Oversight Committee is responsible for assessing strengths and weaknesses of electoral technologies and which electoral processes are suitable for such technologies.
Design Requirements and Selection of Technology
Five technologies were considered and evaluated for the nationwide automation of the 2010 general elections: DRE, the OMR-based precinct count optic scan (PCOS), central count optical scan (CCOS), open election system and botong pinoy.65 They were evaluated based on accuracy, speed, cost, security, transparency, proven technology, auditability, ballot security and as an end-to-end solution. The CAC advised the COMELEC to use either DRE or PCOS, subject to budget considerations, and CCOS technology for all areas not covered by DRE or PCOS technology.
Several civil society groups contended that more independent voices should have been involved in the decision, and that very few people making the decisions had enough familiarity with the technology. Representatives from the IT community on the CAC were not permitted to participate in developing recommendations on the selection of the technology, as it was seen by the COMELEC as a conflict of interest if they were to become bidders. Other IT experts outside the CAC tried to submit their recommendations, but the COMELEC instead encouraged them to submit bids during procurement.
Ultimately, the COMELEC chose PCOS in part to findings from the 2008 pilot of PCOS and DRE machines in the ARMM. Another consideration was cost, which also favored the use of PCOS over DRE machines. The electronic counting system that was implemented for the 2010 elections consisted of an election management system (EMS); PCOS system; and a consolidation/canvassing system (CCS), detailed as follows:
The EMS is used to create all base components of an election definition. The application makes the needed associations of offices, candidates, parties and contests to create the election. The EMS outputs data files that are used to customize each CCS within the voting system, as well as creating output files that contain the data needed by the election event designer (EED) to create the election’s ballot styles, compact flash-memory cards and iButtons with unique digital signatures used by poll workers to access the PCOS machines.
The PCOS is the ballot/vote counting device based on OMR technology. Each PCOS is supposed to be customized with a compact flash (memory) card and an iButton, so that only ballots specific to the particular polling place can be successfully scanned . Ballots are scanned through the PCOS, which reads the markings made by the voter onto the ballot and interprets the positions of the markings on the ballot. When the polls close, the PCOS prints reports indicating the number of votes for each candidate on the ballot and transmits the results to the appropriate municipal CCS.
The CCS is the application that accumulates and tallies the vote data from the individual PCOS devices and generates results reports. The CCS is implemented at the municipal level, the provincial level, the national level and the central server level. At the municipal level, the CCS accumulates the votes and generates results for that level, then creates and transmits provincial and national level results to the provincial level CCS. At the provincial level, the CCS accumulates the votes and generates results for that level, then creates and transmits national results to the national level. At the central level server, the CCS receives all results from the different reporting levels.
Procurement Process
The COMELEC solicited bids for components of the AES, as well as the project management and electronic transmission of results. For developing the terms of reference (TOR) and request for proposals (RFP), the CAC members (with the exception of IT community representatives) submitted their final recommendations, which were incorporated into the final TOR/RFP. For the bidding and selection process, a Special Bids and Awards Committee (SBAC) was created. The CAC participated as nonvoting members of the SBAC, but representatives from the IT community were again not allowed to participate due to conflict of interest.
Seven technology providers/consortia submitted bids. All bidders were initially disqualified by the SBAC. The CAC and several other stakeholders interviewed believed ambiguities in the TOR and the strict interpretation of the RFP by the SBAC nearly caused the process to break down. After reevaluation, three bidders qualified for further evaluation of their proposals. Eventually, the only bid declared compliant with the technical and financial specifications was the joint venture Dutch/Venezuelan company Smartmatic, working in partnership with the Philippine company Total Information Management.
Immediately after the award of the contract, and while preparations were ongoing, cases were filed against the COMELEC and the vendor to enjoin them from implementing the automation project. Although the Supreme Court eventually ruled for the COMELEC, the latter’s decision to wait for the court’s decision even in the absence of a restraining order, caused a delay of two months, shortening the timeline for preparing for and administering elections.
While many praised the procurement process for its transparency, a number of observers reported shortcomings. Of the 16.5 billion PHP total cost of the 2010 elections, only 7.2 billion PHP were subjected to competitive bidding, while the remainder was procured through negotiated contracts that were less transparent. This included separate contracts issued to Smartmatic for ballot boxes and the transportation of ballots and PCOS machines to all polling centers. Additionally, CenPeg, the Legal Network for Truthful Elections (LENTE), The Carter Center and other election observation groups reported that, despite multiple requests, the COMELEC did not provide access to complete documentation of the contract between COMELEC and Smartmatic.66 This impeded the ability of stakeholders to assess the contractual obligations between the two entities and whether these obligations were fulfilled, which was later the subject of a Supreme Court case filed by civil society groups.
Production, Printing and Delivery
Printing of ballots was completed on time, but was an extremely rushed process. According to some interviewees, a two-month delay in the printing process occurred because the COMELEC extended the deadline for filing of certificates of candidacy, and printing could not commence before the deadline had passed. Others noted the vendor belatedly provided the necessary printers to complete the job on time. Due to the need to print ballots at a higher speed, the UV ink security feature was sacrificed to meet the deadline. Election observer groups and parties had the right to observe the printing process, and some took advantage of this right.
The vendor, Smartmatic, was able to deliver all the PCOS machines days before its deadline.
Certification, Source Code Review and Testing
The TEC was responsible for certifying the AES was operating properly, securely and accurately. Certification was to be done through an established international certification entity. SysTest Lab, a Colorado-based independent testing authority, was awarded the certification contract. SysTest audited the source codes of the following: PCOS firmware, election management system applications, CCS applications and other utilities. Because no independent observation groups or parties took part in a source code review, the certification became even more important. SysTest was unable to complete the certificate within the deadline prescribed by law. The certification was eventually issued two months before the elections. SysTest found the system was acceptable to conduct elections in the Philippines, but reported a number of deficiencies. While several election observation groups requested the certification review be made public, copies of the review were made public at a late date, and were released by senatorial candidate Joey de Venecia, not the COMELEC .
The law also mandates the COMELEC to promptly make the source code available and open to any interested political party or group to conduct its own review. The COMELEC, however, regulated access to the source code, citing security and intellectual property rights concerns. It provided a room within its headquarters with two computer terminals where interested parties could inspect the code on a read-only basis with the guidance of a Smartmatic technician. Those reviewing the source code would also need to sign a non-disclosure agreement. IT and civil society groups chose not to evaluate the source code, rejecting these limitations as too restrictive. They also noted the code was only made available in pieces. Political parties did not review the source code. Some parties acknowledged in retrospect that they did not grasp the importance of the review, and may not have had the capacity to review the source code effectively.
Due to the source code restrictions imposed by the COMELEC, a case was filed against it. The Supreme Court issued a ruling after the election directing the COMELEC to provide access to the petitioning civil society group, CenPeg. According to the Supreme Court, COMELEC “has offered no reason not to comply with this requirement of the law.” After years of court battles as well as negotiations between the COMELEC and Dominion Voting Systems, which owns the source code, the COMELEC offered the source code for public review on May 9, 2013, just four days before the May 13 general elections. Watchdog groups and some political parties commented that the source code release had come too late for a meaningful review.
Field tests were conducted about 3.5 months before the elections. Field testing was meant to identify and address problems relating to all aspects of the AES that included voting, transmission, counting and consolidation/canvassing. Further, the COMELEC staged mock elections wherein voters simulated the act of actual voting – verification, receipt of ballot, marking of ballot and scanning of ballot. The mock election used the final version of the election software to cover actual voting, counting, transmission of precinct results and consolidation of results from all canvassing levels. Some partisan poll watchers and nonpartisan observers observed field testing and mock elections.
Security
In its bidding documents and in the contract signed with the COMELEC, Smartmatic claimed the AES was equipped with multiple security mechanisms that included ultraviolet (UV) ink to recognize the authenticity of ballots: security marks printed on them; the digital signature of the Board of Inspectors to authenticate election results at each precinct; bar codes; COMELEC markings; and unique precinct-based numbers on the ballots to authenticate ballots. An interviewee from the IT Department of the COMELEC also reported the data on PCOS machines were encrypted with 128-level of encryption. The encryption key is held both by the vendor and the COMELEC. At the same time, he noted there could be a very small possibility to intercept transmitted data.
While a range of security features were initially planned, several of these features were not implemented or did not function as planned. Several election observation groups and IT experts alleged the range of security vulnerabilities exposed the system to possible manipulation, fraud and failure. Before Election Day, it was discovered that the PCOS machines failed to read the UV security marks. To address the problem, the COMELEC decided to disable the UV ink detection function of the PCOS in favor of handheld UV lamps/readers.67 However, the UV lamps were not used on Election Day, due to a range of reported reasons, including late delivery and a lack of any training for BEIs on how and why to use them.
Similarly, the plan to use digital signatures from three different poll workers to close the polls and canvass and transmit results for a precinct was not implemented. BEIs did not receive a digital signature of their own. Instead, the COMELEC decided to rely on the machine’s own digital signature. Some groups, however, claimed investigations found PCOS machines did not have internal digital signatures. One interviewee pointed out that, in the absence of digital signatures, it would be difficult to identify and verify the source of transmitted results.
A console port at the back of the PCOS machines was also criticized by election observation groups, saying it was too easily accessible. The vendor claimed it was an output port, but IT experts said it could be used as an input port which, if connected to a gadget, would provide access to the machine and its operating system to someone intending to manipulate the results.
Recruitment and Training of Personnel
The transition to nationwide electronic counting technologies created the need for a range of new skill sets, which the COMELEC lacked at the start of the preparation. Its IT department was understaffed, while its field offices only had contractual IT workers that were assigned to help in voter registration. To address this problem, the vendor provided trainings to the IT Department, while basic trainings on the PCOS machines were given to a group of personnel who served as trainers of the poll workers.
The poll workers are ad hoc election workers, consisting mostly of public school teachers tasked by law to assist the voting process during elections.68 The amended election automation law requires at least one of the three members of the BEI to be an IT-capable person, as certified by the Department of Science and Technology (DOST).69 Interviews with COMELEC staff, however, revealed lessons learned from the training process. There were not enough PCOS machines for use during the trainings, so many trainings were conducted without hands-on exercises. Trainings and accompanying materials, such as manuals, were delayed due to significant postponements in finalizing general instructions for conducting elections. Training focused heavily – almost exclusively – on the new technology and operating the PCOS machines. BEIs were not trained on how to conduct the electoral process more broadly, such as managing voter flow and authenticating voters. As discussed, this led to disorganization and inefficient processing of voters on Election Day, which contributed to long lines. In addition, several election officers interviewed recommended that future BEI trainings last longer than one day.
The vendor recruited, trained and provided approximately 45,000 PCOS technicians that were deployed in all precincts to assist the BEIs and address problems that might emerge. Most of the election officers that were interviewed, however, criticized technicians for being ineffective.
62 Republic Act 8436, Election Modernization Act of 1997.
63 COMELEC Resolution No. 8786
64 COMELEC Resolution No. 8804 -In Re: COMELEC Rules of Procedure on Disputes In An Automated Election System in Connection with the May 10, 2010 Elections.
65 OES and botong pinoy are locally-developed computerized voting systems.
66 Namely, annexes specifying the list of goods and services to be provided by Smartmatic.
67 COMELEC incurred additional cost of more than USD $700,000 for purchasing 76,000 handheld UV readers.
68 The BEI is composed of chairman, poll clerk, and a third member, each having a vital role in the election proceedings.
69 A BEI receives his/her certification after successfully passing the written and practical exams given by the DOST.
NEXT:
Philippines: Implementing E-Counting