Automated Election System
Does automation = clean elections?
Possible Problems: Preliminary Results Technical Briefing
What is the AES?
“A system using appropriate technology which has been demonstrated in the voting, counting, consolidating, canvassing, and transmission of election result, and other electoral process” process”
Public perception of the AES
It would lead to clean elections l Cheating would be impossible in an automated election
Election Management System (EMS)
Configuration of precinct data l Election Mark– Up Language (EML) Mark–
Precinct– Precinct–Count Optical Scan (PCOS) System
Precinct Machine BOC Computer
Input: ERs from precincts Input: Statement of Votes and Certificate of Canvass from Cities/Municipalities Congress: President and Vice President contests Comelec: Comelec : Senators and Party List contests Input: Statement of Votes
l l l
PCOS Machine (counting) – SAES 1800
CCS Server (canvassing) REIS
PrePre- election * Election * Canvassing * Proclamation
6 Vulnerabilities On Voting Day
BEI inserts physical key into PCOS machine to power it
• Hardware Failure: Start up or boot failure
• Signing/encryption/transmissi on failure • Failure to accept password • Connectivity failure
BEI inserts CF card into PCOS machine to configure it
• Wrong CF card inserted
BEIs digitally signs electronic ER for transmission BEI attaches external modem to access internet connection
• Failure of function to close polls ( premarked ballots can still be inserted) • Misreading of ballots • Mis -crediting of marks • Erroneous counting • Printer fails
BEIs type passwords to initialize the machine – zero votes
• Failure to accept password • Failure of initialization function • Machine has stored ballot images already • Wrong program installed • Paper jam
• Pre-marked legitimate ballots might be fed • Legitimate ballots rejected • Reading/scanning ballots from another precinct • Hardware/software failure • No backup units • Voter cannot verify if ballot is read/scanned correctly
Voter fills up and feeds ballot into the machine
BEIs close poll and print ER
Software and Data Integrity
5 MAJOR TECH ISSUES
Highlights of Technical Concerns
Verifiability of Voter’s Choice Voter’
Machine Interpretation of Ballot Review of Source Code
Program Integrity Verification Protection of Transmitted Data
Digital Signatures Root Users / System Administrators
Voter’ Voter’s Choice Verifiability
“Provide the voter a system of verification to find out whether or or not the machine has registered his choice. ” choice.” [Article 7 (n) of RA 9369]
Voter ’s Choice Verifiability
No sufficient mechanism for voter’s choice voter’ verifiability. Safeguard
Comelec has to enable the feature of the SAESSAES1800 that will show how the PCOS machine interpreted the ballot.
RA 9369 requires Comelec to subject the source code to review by all interested parties.
Human readable version of the computer programs running on the PCOS and BOC computers. Will reveal whether the counting and canvassing are done properly To prove that the PCOS and CCS programs follow RA 9369 and COMELEC ToR
An illustration of Java source code with prologue comments indicated in red, inline comments indicated in green, and program code indicated in blue.
Reviewed and approved...