Computerized cheating

NO HOLDS BARRED
Ike Señeres

The Optical Mark Reader (OMR) uses a paper ballot that is printed on security paper. The ballot as it is printed contains marks that are invisible to the human eye, meaning that only an optical eye can read it. Since these marks are not visible to human eyes, it is possible for cheaters to include invisible instructions as the ballots are being printed, in effect instructing the OMR to read only the shaded marks that are favorable to them. Conversely, the invisible marks could instruct the OMR not to read the shaded marks that are not favorable to them.

The OMR ballots will be printed either by the National Printing Office (NPO) or the winning supplier of the OMR machines. Either way, the managers of the printing facility could be pressured to print extra ballots using the same authentic security paper. These extra ballots could be “pre-shaded” with the marks of candidates that are aligned with the cheaters. As far as the OMR machines are concerned, these are genuine ballots.

The OMR machines will not read ballots that are “damaged” in one way or the other. It is very easy to “damage” a ballot using water, moisture, powders, pencil marks, indentations, etc. It is possible for cheaters to give “damaged” ballots to voters who are identified with their opponents. For that matter, cheaters could give out fake ballots that look like the real thing, but are not readable by the OMR machines.

One of two possibilities could happen. Either the OMR machines will have Microsoft Windows as their operating systems (O/S) or the data from the OMR machines will be transferred to personal computers that are using Microsoft Windows as their O/S, for purposes of transmission from the precinct level to the municipal level.

If the OMR machines will have Windows O/S, it is possible to inject or embed malicious codes into the O/S or into the hard drive, codes that will instruct the OMR machines to alter the data as these are being tabulated or transmitted.

If the cheaters will choose not to alter the data by using the OMR machines, they have the option to inject or embed malicious codes in the personal computers that will be used to transmit the data to the next level.

While it is possible that the encryption in the OMR machines or in the personal computers will protect the data from hostile hackers, it is also possible for cheaters to obtain copies of the encryption or the source codes, in which case they do not even have to hack the data, they can just manipulate it as an “inside job”.

It is not certain whether the bidding for the OMR machines will include the provision for a data center that should house the servers or the “server farm” as the case may be. As of now, the COMELEC does not appear to have a data center that is capable of hosting large amounts of data, such as the incoming canvassing reports from all over.

It is possible that the COMELEC will sub-contract the hosting and operation of the data center to a third party that may not necessarily be the winning bidder of the OMR machines. The Comelec could just keep this part of the process a secret, so that the cheaters could easily manipulate the data at the national level.

While it is possible that the encryption in the servers will protect the data in data center, it is also possible that cheaters could get hold of the “keys” that will open the encryption, in which case they will be able to manipulate the data. Since the servers in the data center will be essentially “blind” as to where the incoming data will come from, it is possible for cheaters to send “false data” or “fake data” to the servers by using their copy of the “keys”, thus supplanting or replacing the real data sent in from the legitimate sources.

The Comelec can say that the data could not be hacked, because it is encrypted. That is not the issue. The real issue is trust, because we have to be able to trust whoever is holding the “keys” to the encryption. The analogy is similar to a door that is secure because it is padlocked. No matter how secure the padlock is, it could be opened by anyone who has the keys to it.

The location of the data center is another issue.

Whoever owns the building or the facility that houses the data center could give physical access to the cheaters. In this connection, the political parties and/or the candidates should demand that the Comelec should disclose the names of the owners of both the building and/or the data center as the case may be.

The Comelec has been saying that the software application is encrypted. However, they have not disclosed what O/S they will be using in the OMR machines, in the transmission machines and in the servers. If the O/S is not proprietary or if it is not also encrypted separately, it is still hack-able. In simple terms, an encrypted software application will be useless if the O/S is disabled.

The Comelec has been talking about encryption, but so far they have not said anything whether their data center or server farm is fire proof or bomb proof. Fire proofing is an important issue in their case, because they already have the sad track record of their old building getting burned. Bomb proofing is also an issue, because all the data and results could be destroyed by one bomb, thus creating a legal basis to declare a failure of election.

Following standard data security practices, the Comelec should have more than one data center, meaning that they should mirror all their data in several other secure sites. In like manner, they should disclose where these mirror sites are, and who owns them.

By its own admission, the Comelec was only able to capture about half of the biometric data of voters. In this connection, they have not disclosed how many percent of the voters already have Voter’s IDs. Given this reality, there is no way of checking how many OMR ballots it would actually issue.

Come Election Day, 40 million voters will be looking for new precincts, because the Comelec “clustered” 200,000 precincts into 80,000 only. There would be lesser confusion if all the voters would have biometric data or Voter’s IDs, but that is not the case. This situation could be used by the government to fuel the confusion, so that a failure of election could be declared, thus giving the legal basis for the present elected officials to hold over.

Since the law requires the Comelec to proclaim winners within 2 to 3 days, it is possible for the Palace to influence the Commission to proclaim the candidates of the government, regardless of the actual data that they will receive. It will be harder for “losing” candidates to protest, because by then, the data would have been altered.

If the political parties and/or the election watchdogs would really want to protect the ballot, they should demand that all the OMR machines, the transmission machines and the data centers will be watched not only by the Comelec but also by their representatives. This is necessary in order to prevent cheaters from injecting malicious codes while these machines are in storage or are not being used.

Email unidaphilippines-subscribe@yahoogroups.com to join the United National Integrated Development Alliance (UNIDA). Text +639293605140