• 6 AUGUST - *1907 - Gen. Macario Sakay, one of the Filipino military leaders who had continued fighting the imperialist United States invaders eight years into the Ph...
    8 years ago


The Daily Tribune

(Without Fear or Favor)



World Wildlife Fund for Nature-Philippines

The Philippines Matrix Project

Security for digital signatures breached, says IT expert By Charlie V. Manalo 05/30/2010

Sunday, May 30, 2010

Comelec should probe CF cards

Security for digital signatures breached, says IT expert

By Charlie V. Manalo
The automated elections have been seriously compromised with the security feature for the digital signatures of the poll officers on election documents completely breached.

While the Commission on Elections (Comelec) and its partner, Smartmatic, claim that the digital signatures used marks in the electronically transmitted election returns (ERs) is a good enough alternative to real signatures by the members of the Board of Election Inspectors (BEI), a former lawmaker and an information technology (IT) expert say there is no way those robotic penmanship can be considered “good enough” signatures of the BEIs and the BoC (Board of Canvassers).

At the weekly Kapihan sa Sulo, a news forum held at Sulo Hotel in Quezon City yesterday, former Assemblyman Homobono Adaza insisted that the law provides that BEI members affix their real signatures on the ERs, IT expert Roberto “Obet” Verzola of the Halalang Marangal, claims there is a strong indication that the security on the digital signatures could have been breached.

“The Comelec had totally disregarded the Election Law!” Adaza warned. “First, it did away with the Voter’s Verification Feature (VVF) which would allow the voter to read for himself his actual vote on the PCOS (Precinct Count Optical Scan) screen. Then it did away with the UV Lamp which could authenticate the ballots and then, it replaced the real signatures of the BEI members with a digital one, but one mark which anyone could affix to the ER with just one push of a button.” 

“Anyone for that matter then, could push that button for the digital signature,” Adaza stressed.

When reminded that the button for the digital button has a security measure, a private key (a set of codes) provided by Smartmatic to the BEI chair, Verzola interjected that is the primary reason the digital signature should not be accepted, including the ERs.

“In the transmission of the ERs with a digital signature, you have two sets of keys. One, a private key for the transmitter and another, a public key for the receiver,” said Verzola. 

“The private key should only be known to the transmitter and no one else to ensure that only the designated transmitter, the BEI chairman, in this instance, would only be the one who has the capacity to transmit the ERs. And it would be received at the other end using a public key, the code of which could be divulged to anyone.”

“But if it was Smartmatic that provided the private key to the BEI chairmen, then it only follows that the code to the private key is not only privy to one person. And if there is more than one person who knows the code to the private key, then anyone who has the knowledge of that code could also transmit election results,” Versola emphasized.
“The security then of the digital signatures is breached!”

While Verzola refused to elaborate any further, several candidates have reported that PCOS machines have been transmitting ERs even on the morning on the day following the elections.

Adaza also took the time to lash back at Senate President Juan Ponce Enrile for threatening to jail those who would cause the delay in the canvassing and proclamation of the winners in the presidential and vice presidential race.

“Why threaten to jail those who would cause the delay in the canvassing and proclamation of the winners? There is no provision in the Constitution setting a deadline for the proclamation of the winners. That is why there is a rule of succession provided to ensure there is no vacuum of power in case no winners are proclaimed,” said Adaza. “On the contrary, the Constitution provides that Congress should proclaim winners in accordance with the law.

“From the very beginning, this automated law operated in violation of the law. First, the law provided that a firm experienced in poll automation should be contracted. Smartmatic was incorporated in the Philippines in 2008 and its experience in the ARMM election as it claims, is not enough experience to be used as reference for contracting the May 10 polls.”

“Even its Venezuelan partner was criticized for its job in other countries, the US included. They (Smartmatic) bombed out in other country. They bombed out too in the Philippines,” Adaza pointed out.

Adaza said that if there would be anyone who should be jailed, it should be those who would proceed with the canvassing and the proclamation of the winners.

“The proclamation of the winners would be void ab initio, void from the beginning because the whole process violated the law,” said Adaza.

“I’m just wondering why they are all in a hurry to proceed with the canvassing and with the proclamation of the winners when there are still issues to be resolved. And this is the time to resolve them. Otherwise the scenario would be unpredictable,” he stated..... MORE    

SourceThe Daily Tribune

URL: http://www.tribuneonline.org/headlines/20100530hed1.html


Blog Archive