May 13, 2016

BBM vs Leni: Comelec-Smartmatic gives Sec. Abaya a run for his money

ThinkingPinoy thought no one can beat Abaya when it comes to incompetence… until yesterday. With barely over a month to go before Aquino’s term ends, Comelec-Smartmatic seems to be giving Abaya a run for his money.

TP clarified before that he never supported BBM [TP: Robredo vs Marcos]. If it were up to him, he'd rather have BBM lose the vice-presidential race. However, TP believes that fair play -- the rule of law -- should supercede any personal bias. That's why he decided, albeit reluctantly, to continue writing despite the fact that the content of his articles can go against his personal political interests.

It's just the right thing to do, so let's get this over with.

Yesterday afternoon, ThinkingPinoy explained how the alleged hash code anomaly may imply the illegal modification of the transparency server’s source code [TP: Hash Code]. While some readers pointed out a few technical inaccuracies in TP’s explanation, TP thinks the article provides the layman, in good faith, enough information about how hash codes work and how they can generally affect the integrity of the 2016 elections.

TP was delighted when he found that Comelec actually commented on the issue, at last.

Comelec speaks

Yesterday evening, Comelec surprised the public (including TP) after it admitted that the transparency server’s script was actually tweaked, but “only to correct a character in the names of candidates with ‘ñ’ in them” [GMA].

Comelec Chairman Andress Bautista said, “The correction involves a mere cosmetic change. It does not, in any way, change the results, the counting and the canvassing of the results and the source code of the automated election system."

Comelec Senior Commissioner Christian Robert Lim added, “"Smartmatic admits its shortcomings. I should have been informed about these things, and in fact, even before effecting the change, they should have also announced it to the parties there. There were lapses in the protocol."

Comelec then provided media with a copy of Smartmatic’s report regarding the said controversy, as shown below.

The Smartmatic report was dated 12 May 2016.

PPCRV IT Director William Yu also issued a report regarding the same incident, dated 08:00 PM 11 May 2016.

Both reports simply reiterated what Bautista and Lim said: that the script changes were purely for cosmetic purposes and there were no integral changes in Comelec-Smartmatic's IT infrastructure.

Now, let’s give Comelec-Smartmatic the benefit of the doubt by assuming that what they said is true. That is, let’s assume the following:
  1. The transparency server’s script was changed by Smartmatic personnel at around 08:00 PM, 09 May 2016 to accommodate the desired “ñ” enhancement.
  2. No other changes were made on any other part of Comelec’s IT infrastructure.
  3. PPCRV’s report was dated 08:00 PM, 11 May 2016.
  4. Smartmatic’s letter of explanation was dated 12 May 2016.
Now, let’s analyze.

1: RA 9369 Source Code definition

After examining the language used in both reports, TP observed that Comelec and PPCRV were very careful about using the term "script", as opposed to "source code", when talking about the changes made on 09 May 2016. TP thinks this is a very clever strategy because laymen will be more likely to think that the two are different things, adding an extra layer of believability onto Comelec's defense-slash-alibi.

Of course, IT experts can just whip out their diplomas and point out that the two are indeed different, and any doubting Tomas, who probably knows little about IT, will concede [IndianaU]. The problem, however, is not the difference between an IT expert's understanding of technical definitions and that of a layman's. Instead, it's about how the law defines those terms.

According to the Automated Election System Law Section 2(12), "Source code" is defined as "human readable instructions that define what the computer equipment will do" [RA 9369]. There is no separate definition for the term "script".

Now, it's interesting to note the following:
  • Scripting is a process that involves writing human-readable code [WVU].
  • A script instructs how a computer will work.
Thus, it appears that RA 9369 provides no distinction between the two terms. With that revelation, TP asks: Did Smartmatic just violate the the Automated Election System Law?

2: Timing of Reports

The incident took place on the evening of 09 May 2016, yet it took Comelec three (3) days to issue a statement, and only after the Manila Standard reported the issue and only after much public uproar ensued.If that unnamed IT-expert-slash-whistleblower didn't squeal, would Comelec even bother to tell the public about it?

Trust is a very expensive commodity in these times, especially since this is not the first time that the Comelec got into a trust-related controversy. To refresh the readers memory: 
  • Comelec's many excuses for not implementing four PCOS security features [GMA]
  • Comelec allowed one security feature, the voter receipt, only after a Supreme Court order and lots of dilly-dallying that followed [Inquirer].
  • Comelec's failure to finalize source codes on time [CNN], limiting opportunities for independent evaluators to verify its integrity.
  • A large number of faulty PCOS machines [SunStar], etc.
And now, Comelec expects the public to believe them just because they said so. #RealityCheck

Yes, the May 12th Smartmatic incident report plus the May 11th PPCRV report offer the public the option to verify Comelec's files, but the reader has to remember that we're already in the middle of the ballgame. Comelec-Smartmatic people can't just change a rule, no matter how trivial they think it is. 

With the understanding that RA 9369 considers "scripts" as "source codes",  the same law requires "a certification that the source code is kept in escrow with the Bangko Sentral ng Pilipinas" [RA 9369 Sec 11(4)].

In simple terms, a certified copy of the source code/s is/are kept in BSP vaults. So what is the point of giving BSP a copy when Comelec can change the source code afterwards anyway?

3: The Ñ bug and logical inconsistencies

The issue of the problematic Ñ sure is inconvenient for news outlets who are too lazy to press CTRL+F in MS Word. But do the benefits of correcting that minor issue outweigh the risk of casting a humongous shadow of doubt on the integrity of the vote-counting process?

TP can complain about that for an entire day, but for now, let's momentarily set aside the rule of law. Instead, let's talk about  "The Rule of Common Sense."

It is disturbing to note that the unveiling of the Ñ bug reveals apparent logical inconsistencies.

Before TP lists them down, let's watch this GMANews report published yesterday, 12 May 2016:

At the video's 2-minute mark, GMA tells us that their graphic at 9:14PM of 09 May 2016, which included the candidate Serge Osmeña, showed a typo error (Osme?a), which then led Smartmatic Project Manager Marlon Garcia to change the Comelec Transparency Server's scripts.

This suggests one possibility: GMA has a system that automatically updates their broadcast graphics based on data gathered from Comelec's servers, and that this system simply re-publishes whatever data Comelec's servers provide.

Meanwhile, at 12:20 AM of May 10th, or about 3 hours after broadcasting the Osme?a graphic, GMA issued an apology following a typographical error adversely affecting Chiz Escudero's votes:

In this statement, GMA implies that one of their encoders committed a mistake while manually typing Comelec data.

Here lie three inconsistencies.

First, GMA's explanation on how their graphics work.
  • The 9:14 PM May 9 graphic implied an automated system.
  • The 12:20 AM May 10 graphic implied a manual system.

Second, the reason behind the Ñ bug fix:
  • GMA said Smartmatic fixed the Ñ bug after they found it on GMA's 9:14 PM graphic.
  • PPCRV said the political parties UNA (supports Binay) and NPC (supports Poe) already raised the same Ñ issue at 7:30 PM of the same night [Inquirer].

Third and most importantly, Smartmatic cannot be THAT illiterate.

Smartmatic's programmers found the Ñ bug on May 9th. However, the reader is reminded that Smartmatic is a Venezuelan company, and Venezuelans use Spanish, which, in turn, uses the letter "ñ" all the time. Smartmatic has facilitated Venezuelan [SMMT], Chilean [SMMT], and Argentinian [SMMT] elections, all of whom use Spanish as their primary language.

How in the world could Smartmatic miss that? Something sounds wrong. Terribly wrong.

Chairman Bautista, it seems like you're putting DOTC Sec.Abaya's "accomplishments" to shame. (TP)

Did you like this post? Help stay up! Even as little as 50 pesos will be a great help!