Spokesperson says speedy canvass will make separate quick counts irrelevant

Smartmatic-Total Information System (Smartmatic -TIM), the joint venture that bagged the contract to automate Philippine polls, is confident that the technology it will be using in the 2010 polls have enough safeguards to secure the votes of the Filipino electorate.

Miguel Avila, Smartmatic-TIM technical support manager, led a team of the company’s representatives to demonstrate the features of its precinct-level machines to ABS-CBN reporters and staff on Thursday, July 23.

“Voters’ education is important so that the voters would be confident that their votes are secure using the automation technology,” said Avila. He said that this is the reason why Smartmatic-TIM agreed to hold the special demonstration for ABS-CBN so that the media company can help to inform voters.

Avila and his team brought with them an actual Smartmatic Auditable Election System counting device or the SAES 1800 machine to do the demonstration. This is the same device that will be deployed to each of the 80,000 precincts nationwide as part of the Precinct Count Optical System (PCOS).

The Smartmatic-TIM team let ABS-CBN staff try the machines to simulate the counting of ballots during the demonstration. While demonstrating the process, however, he stressed that the final configurations of certain aspects of the system would still be decided upon by the Comelec.

How to vote

The ballot itself, Avila said, could accommodate 600 choices – candidates and party-list groups and would be double-sided.

A voter is required to shade or fill in the oval shape to the right of the name of his chosen candidate. He said, as of now, permanent ink would be used and pens would be provided to the voter.

After making his choices, the voter himself would have to feed the ballot into the machine and not any member of the Board of Election Inspectors who would be supervising the polls at the precinct level. The ballot can be inserted in any orientation.

As each ballot is cast, the system stores and interprets images of the scanned ballot. If, in voting for president, a voter mistakenly marks two ovals—corresponding to voters for two presidential candidates—the SAES 1800 would consider it an invalid vote.

The machine however would still process and count the other valid choices in the voter’s ballot. Moreover, if the voter does not make any markings on ovals across the names of presidential candidates, Avila said the machine will interpret this to mean that the voter has decided not to vote for anybody for that position and would still accept it as a valid ballot.

An issue that still has to be decided upon, he said, are the so-called ambiguous votes, i.e. the oval was only partially shaded such as that only a dot could be indicated. He said they would need a policy decision from Comelec on this. He said, however, that the machine would count a check or X mark by the voter in the oval.

How votes are counted

Security key of the SAES 1800 (Precint Count Optical System machine)

After inserting his ballot, the voter would be informed, through the machine’s liquid crystal display (LCD), that his vote was counted by the increment on the indicator of the number of ballots counted. The ballot would then be fed by the machine on the bin in the ballot box which would contain valid ballots. Invalid ballots would be fed into a separate compartment in the ballot box.

“The machine would only need several seconds to scan and process the ballot,” said Avila as he let members of ABS-CBN tryout the machine by feeding the sample ballots.

At the end of the voting day, the chairman of the Board of Election Inspectors in that precinct would then use a special key to close voting for that precinct. The members then input their respective passwords into the machine.

After this, the machine would then interpret the images stored in its databank and print out the results of the elections in the precincts on thermal paper. The results of the national elections would first be printed out – and reprinted according to the copies needed – followed by results of the local elections.

In the printout, which would be two inches in width but would probably be several feet long, provisions are made for the signatures of the BEI chairman and members as well as the pollwatchers of political parties, candidates and party-list groups. The printouts would serve as the Election Returns (ERs) of the precinct.

After the ERs have been printed, the BEI officers will then be able to trigger the machine to transmit poll results to the municipal board of canvassers.

Transmission process

Where possible, Avila said, transmission of votes will be done through any available telecommunication network. He said that the consortium would be conducting a nation-wide site survey to check for the availability of communication signals at every precinct.

In the cases where no communication facilities are available, the consortium and Comelec might use satellite communications using Satellite Internet VSAT (Very small aperture terminal) technology.

Memory card that will store software and voting data

Even if a machine fails to transmit results, or in very difficult areas where transmission could not be established, the memory cards can be physically transported and inserted into “specially-configured terminals.” Transmission could then be performed, said the Smartmatic-TIM official.

PCOS machines that would fail during the election process would be replaced by “specially-configured machines”. The memory cards of the failed machines would be inserted into the replacement machines and the polling process could then resume, said Avila.

The machines, which run on basic Linux operating systems, do not have their own harddrives. Instead, each will have two memory cards which would contain the software, the data that will identify each specific machine, and the voting results.

“The machine only has a small operating system, the data for each precinct meanwhile would be encrypted into the memory card and only programmed at the main center before each machine is transported,” said Avila. He said only their main processing center would be able to place critical data into the memory cards.

The memory card can store up to 2,000 images. Assuming that each ballot will have two sides, this means it each machine will be able to accommodate a maximum of 1,000 voters per clustered precinct.

Security features

Avila said the system has security and audit features at various levels.

For starters, the ballots that would be used for the 2010 polls would contain a number of security features.

Each ballot will have a bar code at the bottom of each ballot which would indicate the area and the precinct where the ballot should be used. The PCOS machine would only read ballots assigned to it and would reject and not process those which are not. He demonstrated this by feeding the SAES machine with a ballot supposedly assigned to another precinct – the machine immediately ejected the unassigned ballot.

Avila also said that markings using ultraviolet ink would also be used in the ballot. Without the ultraviolet markings, he said the machine would reject it. A photocopy of the sample ballot Avila brought was tested on the machine and the SAES 1800 also rejected it. He said Comelec would also place other security marks into the ballot.

Avila brought to the demonstration only samples of ballots which were used for technical evaluation and not yet the official ballot. He said the Commission on Elections has yet to finalize the layout and the design of the official ballot itself.

Only authorized personnel who would be issued a special key and passwords specific for each memory card and PCOS machine will be able to operate the machines.

The special key will be given to the BEI chairman. To perform these three actions—starting the election process, closing the casting of ballots, and transmitting results—the BEI chair will need to use this key. The action will be confirmed by the other members of the BEI who will have to enter their respective passwords into the system.

Hacker proof?

Avila downplayed the concerns that the machine and the results could be hacked.

He said the data in the memory cards would use industry-standard 128-bit AES encryption and would be digitally signed using 256-bit SHA. “Hacking is virtually not possible,” said Avila.

LCD display

This is also not possible during transmission, he said, because “the machines would only be online for about two minutes and only for the transmission of the results.” From the start until the close of voting, the machines are standalone and need not be connected for anybody to do anything to the machine, said the Smartmatic-TIM official.

Avila also slammed allegations that the machines would have no audit trail.

He said the official ballots cast in any precinct would all be fed into the locked ballot box and could be used for a manual recount. The digital images of the ballots stored in the memory cards may also be compared with the official ballots.

He also demonstrated that all actions done on the machine are stored and can be printed out by the BEI chairman as an audit log which includes timestamps.

He also said that, come election day, the machines will be loaded with the highest quality thermal paper available that would last for at least five years. These will be used to print out documents such as election returns as well as the audit log.

No need for separate quick counts?

Using the new automated system, Avila said that 90% of election results nationwide could be available 5-6 hours after the closing of the precincts.

He admitted that there could be factors that would delay the overall results, such as delayed voting or the need to manually transport the memory cards from the precinct to a place where telecommunications systems are available.

Other factors involves some policies that would have to be decided upon by the Comelec. An example he said was for the transmission of the official municipal canvas report to the provincial board of canvassers.

He gave a hypothetical example using a 5-precinct town. “If 4 precincts have submitted results already, would the municipal canvassers still wait for the 1 precinct before they submit the results to the provincial board? That has to be decided by Comelec,” said Avila.

Avila also disclosed that an “unofficial” stream of elections results data could also be transmitted from the precinct machines to the servers of the Comelec and National Board of Canvassers (NBC). He said this could also be used as back-up data although he said that this is still being discussed at the Comelec.

The poll body will have to decide if data from this stream would be immediately made known to the public.

He also revealed that Comelec is discussing if a server for receiving election results would be installed at the Kapisanan ng mga Brodkasters ng Pilipinas (KBP). It is not clear yet, he said, if the data would come from the precinct machines or from the servers of the Comelec and NBC.

Given the speed at which canvassing and transmission is expected to take place, Avila said, there may not even be a need for other entities to conduct their own separate quick counts.