New study underscores loopholes in automated election

In a press conference last week, the De La Salle University's College of Computer Studies and the Lasallian Justice and Peace Commission unveiled an overall assessment of the May 2010 automated elections, highlighting several areas in the automated election system (AES) that were poorly implemented and which may have been exploited for cheating. Entitled, "Towards Strengthening Electoral Reforms Using ICT: An Assessment of the May 2010 Automated Elections in the Philippines," the study focused on the use of information and comunications technologies (ICTs), casting a critical eye on how these technologies were used and offering recommendations for future automated elections. ICT: a two-edged sword "Like the proverbial two-edged sword, ICTs must be seen as tools that can either serve or subvert a purpose. Their design and use, particularly in a context as sensitive as national elections, must be exercised with careful forethought and diligence, especially in light of the vast amount of resources they entail," the report said. The study pointed out that Automated Election Laws, such as Republic Act 9369, "provide a viable and sustainable legal framework for the use of ICT in automating the election processes" but there was "a gap between the Law and how the AES was implemented." Security concerns Among other things, the study showed that Comelec's human resources had been made "vulnerable" as the organization grew the number of its employees by almost a hundredfold from 5,000 to under half a million. The report also underscored the inadequacy of proper training for the Board of Election Inspectors, particularly in crowd management and contingency planning. Most importantly, the report stressed the need to have a point person for AES and ICT within Comelec itself. "(There is) a need for a high-level, technical-business process czar, commonly known as the Chief Information Officer (CIO) that wil oversee the efficient and cost-effective utilization of ICT. The CIO must be able to balance the expectations for quality project management and adherence to best practices in AES implementation with desire for good governance," the report said. In terms of hardware and implementation, the assessment noted important security concerns, such as the decision not to implement the ultraviolet anti-counterfeiting security feature on the PCOS machines as well as the inability of Comelec up to the present time to divulge the specifics of the source code used in the PCOS machines. Was there fraud? Prof. Allan Borra, one of the authors of the study, said that, although there was no direct evidence of fraud, the vulnerabilities outlined in the study could have been exploited to influence the local elections in some areas. "(The AES) was successful for the national seats, as the results were concurrent with national surveys. However, we can't be sure about the local seats," he cautioned. "We can't possibly know if there's any fraud. If (the Comelec) really are aboveboard then they should disclose their documents. No one knows if the (PCOS machines) performed their jobs well. We're hoping that Comelec wil be transparent," Borra continued. "This assessment calls for an AES performance audit to ascertain if indeed SMARTMATIC-TIM (the providers of the PCOS machines) carried out its contractual obligations... Comelec must conduct its own performance audit of the internal processes and resource utilization pertaining to the AES," the report concluded. - GMANews.TV