|Updates on the
Random Manual Audit, Transmission Feed from
TS/MS and Hash Codes
Random Manual Audit
The conduct of a Random Manual Audit (RMA) is a safeguard mandated by Sec. 29 of RA 9369 (Automated Election Systems Law) to verify the accuracy of the count of the Vote Counting Machines (VCM). This 2016, the RMA is to be conducted under the auspices of the RMA Committee (RMAC), composed of representatives from the Comelec, the Philippine Statistical Authority (PSA) and the Comelec authorized citizens’ arm, NAMFREL (assisted by its partner the Philippine Institute for Certified Public Accountants (PICPA )), as authorized by SPP 15-193 dated March 2, 2016. The activity involves a manual comparison of the printed election return generated by VCMs (formerly PCOS) vis-à-vis the manual appreciation of the ballots (primary source document) of the selected cluster precincts.
As of 11:15am 05/12/16, most of the 715 clustered precincts selected for the RMA have been completed or are still on-going. Exceptions are in Basilan, Al Barkha, Maluso, Isabela City, Palawan (Linapacan) and in Lanao del Sur (Tagoloan, Ditsain Ramain, Marantao, Marawi, Malabang, Kapatagan, Bayang, and Tubaran).
RMAs are being conducted in respective municipal/city canvassing sites or in a few cases, in provincial canvassing sites.
Completed reports have now been transmitted to the Provincial Election Supervisor (PES) for submission to the Comelec RMAC.
The RMA reports will be forwarded to the RMAC in the Comelec National office. For those with variance exceeding 10, the ballot boxes will also be brought to the RMAC for validation, repeat count and determination or root cause as needed.
Transmission Feed from Transparency Server / Mirror Server
As of 8:45am, there are still around 4,000 plus precincts that have not transmitted its results to the Comelec server. This is estimated to account for 1.9 million votes still to be received.
“Hash Codes” Issue
At the center of the current controversy regarding the unofficial vote count coming from the transparency server is the statement coming from the camp of vice presidential candidate Ferdinand Marcos Jr. alleging that a new computer command was entered into the transparency server “to alter the hash code of the packet (sic)”.
A hash code is a value generated for an electronic document, data file, or a program. This value serves a compact digital fingerprint which is unique to an electronic document, data file, or a program. Hash code is a security measure used to ensure that the integrity of an electronic document, data file, or a program has not been compromised.
For the COMELEC/Smartmatic system, hash codes were used in several fronts. The major ones are on the final build of the software code in the VCM and CCS. As an ad hoc security measure hash codes were generated for each cumulative data pack which they are sending out via the transparency server. The issue at hand is on the cumulative data packs and NOT the hash codes of the software in the VCM or CCS.
The hash code on the data pack is essential for initial integrity test on the election returns (ER) results. However, despite the mismatch in the hash code of the data pack coming from the transparency server, our verification of the data received shows that there is no impact on the actual values on each ER.
Several security measures were put in place that allows verification of ER data authenticity.
The project of precincts are published allowing simple checks like more votes than voters which can raise red flags.
There are two batches of print-out of the ER that is distributed to several groups and parties. The first batch is prior to transmission and remaining batch is after transmission. It would be very easy to spot discrepancy here since ER-level data are available online via your favorite media firm. The ER printout are, most of the time, published for the public to see and several digital copies are floating in social media for easy verification.
Access to the Transparency Server is given to the majority political party, the dominant minority party, the PPCRV and the KBP. Namfrel and other media outfits have access to the mirror of the Transparency Server.
Namfrel is entitled to one copy of the printed ER. Our Systems Group has not found any discrepancy so far and that despite the mismatch of the data pack coming from the Transparency server via its mirror, THERE IS NO CHANGE in the actual values of each ER. Namfrel’s crowd sourced data shows consistency of the ER values as well.
The allegation on fraud is focused on the problem on the hash code. All parties have copies of the ERs from the transparency server. It would be prudent if they can show even a single VCM/ER changed during the time they are complaining about the error.
From our research, it seems like there has been character encoding issue specifically on the ñ character and was hastily corrected by someone from the COMELEC/Smartmatic group. The correction happened after the hash code was generated hence the issue on the mismatch of the hash code. After a day it was corrected eventually. What we also saw was the possibility of trending as we don't have a verifiable way to get inputs from the field if they have submitted or not yet. The transmission of the VCMs are still areas for improvement, while it is fast, the possibility of trending can still occur.
The main and real issue here would be last minute changes in process and codes as well as lack of quality control by Smartmatic. The system is a multi-billion peso system and the error was so amateurish..