EDITORIAL
It is not the right time and too early to talk about political plans for the 2022 national and local elections, Presidential Spokesperson Harry Roque told a virtual presser last week saying politics should be set aside first since the country is still grappling with the Covid-19 pandemic.
Roque issued the
statement following the launching of “1Sambayan,” a coalition of former
government officials eyeing a single slate of national candidates for the May
2022 elections to challenge President Rodrigo Duterte’s preferred successor and
his other bets.
The coalition, led by
retired Supreme Court justice Antonio Carpio, said the newly-formed coalition
already had initial talks with its potential presidential and vice presidential
candidates, including Vice President Maria Leonor “Leni” Robredo, former
senator Antonio Trillanes IV, Manila Mayor Francisco “Isko Moreno” Domagoso,
and Senators Grace Poe and Nancy Binay.
Roque said instead of
engaging in premature campaigning, the current administration is more focused
on addressing the Covid-19 pandemic.
On March 12, Roque
denied that Duterte is using his position to engage in premature campaign
activities by supposedly endorsing his preferred candidates for the 2022
national and local elections even as his daughter Sara is reportedly being set
up to run for President next year.
So, should
preparations for the 2022 elections not start considering it is only a year
away?
The Senate Committee
on Electoral Reforms and People’s Participation (Cerpp), had been deliberating
Senate Bill (SB) 7 since it was introduced by Senate President Vicente Sotto
3rd earlier.
The bill is an “Act
providing for the conduct of the hybrid national, local and ARMM
elections, through manual voting and counting at the precinct level, and
automated transmission and canvassing, and for other purposes.”
The Center for People
Empowerment in Governance (CenPEG), through its AES Watch, had submitted
its recommendations on how to go over the implementation of a hybrid
election system (HES) in 2022.
To date, the agreed
upon principle of manual voting and counting system at the precinct level
should be performed in public; that is, the voter still manually enters his/her
votes on ballot paper and that counting be publicly seen by
the Board of Election inspectors (BEIs) and watchers represented
by different groups in the precinct.
The manner of counting
is still being deliberated, whether it be computer-aided or pure manual. After
the counting, the election return (ER) would be computer-generated before it is
electronically transmitted for consolidation and canvassing at the municipal
level.
This is still similar
to our past four elections (from 2010 to 2019) except that the “secret”
counting by the vote counting machines is eliminated. It was secret as
nobody had seen how the machines really counted — transparency was lost!
CenPEG fully supports
SB 7. It recommended two phases in proceeding with HES in 2022: Phase 1 —
understand how the Commission on Elections (Comelec) “mismanaged” the automated
election system (AES) in the past elections; and Phase 2 — implement
action plan to correct Comelec’s “mismanagement”
In going through Phase
1, CenPEG’s first agenda is to determine how Comelec used its Data Center (DC)
in processing election results.
The DC is the heart of
any organizational computational power in processing its information needs.
Before the 2010 elections, an independent systems audit from 2007 to 2008 was
conducted by representatives of the Philippine Computer
Society at the Comelec’s DC at Palacio del Gobernador, Intramuros and
its Backup Data Center (BDC) at Insular Life Building, Alabang. These data
centers house the databases of registered voters and other data
hacked during the ComeLeak incident prior to the 2016 elections.
Questions were raised: has there been any independent system audit of
DC and BDC done after 2008? If none, why? If there has been,
can Cerpp request for such system audit/s?
The next interesting
questions raised were all related to the DC operations on the use of AES from
2010 to 2019 to understand how the telecommunications companies (telcos)
operated viz the DC processing of ERs and certificates
of canvass (COCs), to wit:
– Was the DC connected
with the telcos directly to receive and process the ERs and COCs? If so,
did the BEIs and Board of Canvassers (BOCs) use digital signatures? If not,
why?
– Was the BDC
receiving directly the processed ERs/COCs from DC for backing up? If yes, was
the backing up done immediately after DC’s processing? If not, how?
– If the DC was
not receiving directly the ERs/COCs, was it through a third-party service
provider (SP), whose servers were located outside the DC premises? Is that
legally binding viz Republic Act (RA) 9369 and Batas Pambansa (BP) 881?
If allowed by law, did
the SP process the received ERs/COCs or just passed it on to the DC
for processing? Did the SP receive the ERs/COCs directly from the
BEIs/BOCs? If not, were there intermediaries or regional hubs (RHs)?
Was the digital
signing of BEIs/BOCs observed? If yes, how? If not, why was there no digital
signing? Did the Comelec people manage the operations of the SP? Did they see
the detailed transmissions of the BOCs and
the network management system activities in SP’s operations?
Did the Comelec or SP
provide a disaster recovery site viz a
business continuity plan in case the main server goes down in
compliance with RA 9369, Section 13 regarding continuity plan? Were the
stakeholders informed about the continuity plan? Was the SP test certified by
the technical evaluation committee as per RA 9369, Section 11?
How were
the telcos connected to the AES? Was the contract of electronic
transmission signed between Comelec and telcos? If not, were
the telcos made accountable to Comelec?
If yes, telcos
should have stored the transmission logs and should be accessible when needed
by Comelec, the House of Representatives Electoral Tribunal, the Senate
Electoral Tribunal and the Presidential Electoral Tribunal without court order.
Were the telcos directly connected to the SP?
RHs? business continuity center? If yes, were the telcos
managed directly by the SP or by Comelec?
These probing
questions will help the Cerpp guide how Comelec managed the DC
operations in processing the ERs and COCs, how they complied with the AES
law, figure out why were there so many unanswered mind-boggling questions to
date about the secret counting, and how will Cerpp come up with a
strategic plan to successfully implement HES.
Recommendations
And as initial
heads-up to the Cerpp, CenPEG enumerated some of the following major
recommendations:
– Promulgate
immediately the implementing rules and regulation (IRR) once SB 7 is
approved. Remember that Comelec did not promulgate the IRR
of the AES Law (or RA 8436 of 1997, as amended by RA 9369
of 2007) in spite of having brilliant lawyers within its ranks since 1997 — 23
long years and counting.
Perhaps they need the
help of Cerpp and stop the impasse.
– Audit the AES
implementation from 2010 to 2019 — corrective actions vis audit findings
should be presented to Cerpp.
– Use digital
signatures for BEIs and BOCs through
the public key infrastructure facilities of the Department
of Information and Communications Technology (DICT).
– For the DICT to
handle the HES project — the past four elections showed Comelec’s mismanagement
of the AES implementation.
– For the DICT to
prepare the DC operations of Comelec for the 2022 elections. This includes the
DC operations at Comelec’s premises, the removal of intermediaries or RHs, and
the direct connectivity of the telcos to the DC and BDC — that is, direct
transmission of ERs/COCs to DC by BEIs/BOCs through digital signing. The
“Meet Me Room” must be inside the Comelec’s DC.
– The DC and BDC
operations must be manned by Comelec and DICT organic personnel, no
vendors should be allowed.
– For the telcos to
provide copies of the transmission logs to Comelec and DICT at the soonest
possible time (e.g., three days after the elections). In the
past, telcos just delete these logs without prior notice to election
stakeholders. To avoid early transmissions as experienced in the past
elections, telcos should only activate their facilities at the closing of
the precincts on election day.
– For the Comelec
to comply with RA 9369, Section 27: “The Commission shall post its digital
files in its website for the public to view or download at any time of the day.
The Commission shall maintain the files at least three years from the date of
posting.” Commission on Audit (CoA) is recommended to check Comelec’s
compliance.
– Replace
“international certification entity” by CoA, supported by local auditing
firm/s, as stipulated in RA 9369, Section 11: “The Committee shall certify,
through an established international certification entity…categorically stating
that the AES…is operating properly, securely and accurately.”
– Use the
Consolidation Canvassing System co-developed by Comelec and the Department of
Science and Technology.
– For the DICT to
hold the source code review in public.
– For the
technical working group of the Cerpp/Joint Congressional
Oversight Committee (JCOC) on AES to finally check project completion and
compliance of the HES two months before the elections
– For
the Cerpp to remind the JCOC to comply with RA 9369, Section 33, as
the latter failed to conduct a comprehensive assessment and evaluation of the
performance of the AES technologies implemented in the last four automated
elections. JCOC have not reported any appropriate recommendations to Congress
in session assembled.