Corporate Watch
By Amelia HC Ylagan
It may summon lurid thoughts of a clandestine tryst at some secluded nest, where forbidden lovers unleash steamy passion. It must be very secret — imagine if the wronged wife (or husband) discovered and witnessed the unfaithfulness. “In flagrante delicto,” meaning seeing the crime in flagrant commission, would justify killing of the illicit lovers by the betrayed. Possibly a lugubrious picture of a “meet-me-room,” in some prurient minds, for want of any connectivity of the word with some staid common usage.
But “meet-me-room” was ceremoniously ushered into the lingua franca of the Filipino after the mid-term elections just last week. Forgive the risqué pun, but it has still to do with “connectivity”, but in the computer-speak of the automated election system (AES) that has ruled the democratic votation to install leaders of the country. “A meet-me-room (MMR) is the space in a colocation data center where carriers and clients interconnect or cross-connect with one another” (digitalrealty.com Aug 1, 2014). The National Citizen’s Movement for Free Elections (NAMFREL) asked the Commission on Elections (Comelec) to, among others, fully disclose and explain the transmission router or the “meet-me-room” network set up, how it operates, and who are behind its operations (GMA News May 18, 2019).
The seven-hour gap between the first two transmissions of the poll results to the transparency server made the election “losers” and the public anxious. Sen. Francis Pangilinan, president of the opposition Liberal Party, said the Comelec should come up with a clear explanation for what had happened to the transparency server. “The public’s concerns and doubts about the true results of the election just grew because of your silence. Are you (the Comelec) cooking up something that the public must not know?” Pangilinan asked (Philippine Daily Inquirer May 15, 2019).
How difficult it is to believe that not one of the opposition Liberal Party’s “Otso Diretso” candidates were in the “magic 12” (winning candidates) for Senator in the preliminary canvass, while ranks 1 – 12 were all Duterte political allies or with the administration-friendly majority blocs at the Senate and House of Representatives. 12 – 0? “The midterm elections show that the Filipino electorate wants a Senate supportive of the President’s agenda,” Presidential spokesman Salvador Panelo said (ABS-CBN News May 14, 2019).
Even in the May 14, 1984 Regular Batasang Pambansa election the dictator Ferdinand Marcos did not claim such a clean sweep. His KBL party won 62.30% of the 183 Parliament seats, Jose Laurel Jr.’s Unido coalition, 33.33%, and the Nacionalista Party and independents 4.37% of total (Julio Teehankee. “Electoral Politics in the Philippines” (PDF). quezon.ph.). It was known there was manipulation of the results of voting, but “disente lang” (not too brazen). It was more difficult to tamper with manual voting. In the present automated election system, would the “Duterte magic”, or any incumbent leader’s “magic” lean on computer magic?
“On top of the suspicious 7-hour delay, the number of election returns processed was already 92.89% as of 5:20 a.m. Tuesday, but suddenly went down to 49.76% around 6:21 a.m. same morning. Election Commissioner Marlon Casquejo said this was merely a “java app error” that affected all media networks and organizations getting data from the transparency server. “It was corrected again by just turning it off and on, or reset.” He explained away the 7-hour delay as “a bottleneck” in the transparency server and the data being sent to media networks, overwhelmed by the deluge of transmitted results (inquirer.net May 15, 2019).
Who can do things with the servers? In “Future Perfect”, Tony Velasquez’ technology talk show, he interviewed Dr. Nelson Celis, spokesperson of Automated Election System Watch (AES Watch) and Mr. Nice Quilantang of Kaspersky Lab on glitches in the May 13 fully automated midterm elections (ABS-CBN May 15 2019). Celis said the “meet-me-room” was an unauthorized intervention that transgressed the law (Omnibus Election Code/ Republic Act No. 9369, which amended the Automated Election Law). These MMRs host undeclared servers and intercept data from the vote counting machines to the Commission on Election servers, he said. The VCMs should be directly sending election returns direct to the municipal board of canvassers. He added that as early as March, the Senate President in two privilege speeches identified irregularities, one of which is the queuing server, and the early transmissions” (Ibid.).
In the same TV discussion, Quilantang pointed out that the File Transport Photo (FTP) system is not good for large volume data transfer (the “bottleneck”?) and is vulnerable — there is urgent need to secure (encryption) data being moved (Ibid.). In other words, there has to be accountability and responsibility for such data being moved (or changed?) and a record (log) of what was done. Celis seemed particularly agitated that the transmission logs were immediately deleted (though there is nothing in the law that prohibits this), when in regular IT practice, the audit logs are kept for 3-5 years. Imagine if banks and their branches junked these very precious transaction records! (Ibid.).
In a separate personal interview with a “retired” AES advocate (an IT expert), he reinforced the concerns of Celis and Quilantang, particularly on the audit trail of movements and changes if any, between and among servers, electronically collocated in that “meet-me-room”. The most important thing is the “private digital key”, he said, which is unique to each election official/inspector/anyone who has access, that positively identifies where the transmission is coming from, and ensures that such transmission is not being altered. There is no such private digital key to keep the Comelec honest, as of now. But the double-trouble is that the present system allows and accepts transmissions from anonymous machines which the servers automatically recognize. There is loose control among the central server, the various unrestricted servers, and the “Transparency server”.
So, what transparency are we talking about? From the start, concerned citizens knowledgeable with IT have been harping on the controls and accountabilities in electronic voting, such that an open row erupted between these election watchdogs and the Comelec Commissioner then, Sixto Brillantes Jr. The AES Watch (Dr. Celis et al.) asked the Joint Congressional Oversight Committee on AES to secure all PCOS machines, CCS software, ballot boxes, and other election paraphernalia needed for auditing the (2013) mid-term election system and subjecting it to forensics scrutiny. “Why were the major safeguards disregarded and removed –independent source code review, installation of the industry prescribed digital signatures, voter verification and the WORM (write-once-read many) CF cards up to the unconscionable expenses on the unbundled election paraphernalia, warehousing and the PCOS purchase itself?” the AES Watch asked (inquirer.net May 25, 2013).
Namfrel National Chairman Augusto “Gus” Lagman, a former Comelec commissioner and a political analyst, said many countries have discarded automated vote-counting because the process is not transparent and is not observable by the voters. He said the integrity of the midterm elections would not have been doubted had the Comelec not automated the counting of votes at the precincts (manilatimes.net May 19, 2019). Lagman suggested that automation could be employed while the votes are being counted manually, or, at least, immediately after. That way, the transmission of the results from precincts to canvassing points can be done electronically and the three levels of canvassing could be fully automated (Ibid.).
And there should be no more those mysterious, steamy “meet-me-rooms” where a lot of hanky-panky goes on.
Amelia H. C. Ylagan is a Doctor of Business Administration from the University of the Philippines.
