pcos risks and fraud opportunities - article

8/14/2019 PCOS Risks and Fraud Opportunities - Article

1/19

PCOS Risks and FraudPCOS Risks and FraudOpportunitiesOp

portunities

Manuel A. Alcuaz Jr. Manuel A. Alcuaz Jr.

The COMELEC Smartmatic PCOSThe COMELEC Smartmatic PCOShas a lot of potential risks.has a lot of potential risks.


2/19

OMR RisksOMR Risks

The first set of risks are related The first set of risks are related

to the nature of voting.to the nature of voting.


3/19


4/19


5/19

Increased FraudIncreased Fraud

This increases the danger of others marking a This increases the danger of others marking avoters ballot. Or the use of ballots of votersvoters ballot. Or the use of ballots of voterswho did not show up.who did not show up.

The ballot will not be stuffed since they are The ballot will not be stuffed since they arefed into the PCOS machine.fed into the PCOS machine.

But the ballots can be filled up by people whoBut the ballots can be filled up by people whoare not the registered voters.are not the registered voters.

These danger is increased due to the These danger is increased due to theclustering of precincts. Lansadera is easier.clustering of precincts. Lansadera is easier.


6/19

More!More!

The sad part is that in case of an election protest it The sad part is that in case of an election protest itis hard to prove that one person filled up multipleis hard to prove that one person filled up multipleballots.ballots.

The safeguards built into the machine like checking The safeguards built into the machine like checkingif ballot belong to the precinct is useless. Becauseif ballot belong to the precinct is useless. Becausethe ballots to be used really belongs to the precinct.the ballots to be used really belongs to the precinct.

If goons and guns are used OMR election fraud is aIf goons and guns are used OMR election fraud is abreeze. One man can shade all the ballots!breeze. One man can shade all the ballots!


7/19

SabotageSabotag e

I think that all these talk about failure of electionsI think that all these talk about failure of electionsis a smoke screen.is a smoke screen.

But sabotage can still be done selectively in orderBut sabotage can still be done selectively in orderto cheat.to cheat.

In the old system unscrupulous candidates wouldIn the old system unscrupulous candidates wouldsteal ballot boxes or disrupt election in precinctssteal ballot boxes or disrupt election in precinctswhere they were weak.where they were weak.

In 2010 they could selectively sabotage PCOSIn 2010 they could selectively sabotage PCOSmachines by putting some form of glue on theirmachines by putting some form of glue on theirballots. Or actually damaging the machine.ballots. Or actually damaging the machine.


8/19

Fraudulent Counting TablesFraudulent Counting Tables(Programs)(Programs)

There are many ways to be able to There are many ways to be able tomanipulate the counting of votes in themanipulate the counting of votes in thePCOS machines.PCOS machines.

The danger, I would like to emphasize, is not The danger, I would like to emphasize, is not

due to hacking. It would be thru insiders.due to hacking. It would be thru insiders.


9/19

Source Review?Source Review?

Let us look at the different layers of code inLet us look at the different layers of code ina PCOS machine.a PCOS machine.

ApplicationProgram (Table)

ApplicationGenerator

I/OProgram

OMR Program

File Mgt orDBMS

Drivers

Operating System(Linux)

ApplicationProgram (Table)

ApplicationGenerator

I/OProgram

OMR Program

File Mgt orDBMS

Drivers

Operating System(Linux)


10/19

Where cheating will not beWhere cheating will not bedone!done!

If I were to cheat, I would not do it at theIf I were to cheat, I would not do it at thefollowing:following:

OSOSDriversDriversFile Management/ DBMSFile Management/ DBMS

OMR ProgramOMR ProgramApplication GeneratorApplication Generator


11/19

Where cheating would beWhere cheating would bedonedone

I would do it at the application table (program) andI would do it at the application table (program) andI/O program.I/O program.

I think that voting machine and OMR machineI think that voting machine and OMR machine

vendors would have a program that is somewhatvendors would have a program that is somewhatsimilar to a subset of Excel to quickly generatesimilar to a subset of Excel to quickly generatetabulation tables or programs.tabulation tables or programs.

Most people dont look at the source code of Excel.Most people dont look at the source code of Excel.

They review the specific Excel tables. They review the specific Excel tables.

It is these tables and I/O programs that have to beIt is these tables and I/O programs that have to becarefully checked.carefully checked.


12/19

Some Possibilities forSome Possibilities forCheating in PCOS ProgramsCheating in PCOS Programs

There are a number of ways for an There are a number of ways for an

insider to activate a program that willinsider to activate a program that willmanipulate the way a PCOS machinemanipulate the way a PCOS machinecounts.counts.


13/19

COMELEC SafeguardsCOMELEC Safeg uards

The COMELEC has provided for the following The COMELEC has provided for the followingsafeguards:safeguards:

1.1. USB sticks and passwords for BEIUSB sticks and passwords for BEI

2.2. test count before election daytest count before election day3.3. sealing of machinessealing of machines4.4. zeroing of counters before start of votezeroing of counters before start of vote

5.5. PCOS machines only online after printing of PCOS machines only online after printing of 8 copies of ER8 copies of ER

The above measures only provide protection The above measures only provide protectionagainst external parties.against external parties.


14/19

Insider FraudInsider Fraud

The bigger concern is the possibility of The bigger concern is the possibility of COMELEC people and/or SmartmaticCOMELEC people and/or Smartmatictechnicians inserting malicioustechnicians inserting maliciousprograms to change the count.programs to change the count.


15/19

Various WaysVarious Way s The pre election audit can be surmounted by a number of The pre election audit can be surmounted by a number of means. The counting program / table could contain two sets of means. The counting program / table could contain two sets of code. The honest code runs before Election Day. The maliciouscode. The honest code runs before Election Day. The maliciouscode runs on election night.code runs on election night.

Another alternative would be to have two totals. One is usedAnother alternative would be to have two totals. One is usedto print the ERs another to transmit the ERs.to print the ERs another to transmit the ERs.

Another possibility is to have + votes for preferred candidatesAnother possibility is to have + votes for preferred candidatesand negative votes in for other candidates.and negative votes in for other candidates.

The program that zeroes the counters does not zero the entire The program that zeroes the counters does not zero the entirememory.memory.

It only zeroes the area that will be used to show zero votes atIt only zeroes the area that will be used to show zero votes atthe start. The counting will be done on another part of the start. The counting will be done on another part of memory, where the + and votes are already stored.memory, where the + and votes are already stored.


16/19

What to ask for?What to ask for?

Let us insist on getting the applicationLet us insist on getting the applicationand I/O code for each of the 1,630+and I/O code for each of the 1,630+versions.versions.

Pressure COMELEC on the source codePressure COMELEC on the source codeavailability.availability.

Let us get complete software andLet us get complete software andhardware manuals for the PCOShardware manuals for the PCOSmachines.machines.


17/19

Hard to GuardHard to Guard

But with 82,200 machines how do weBut with 82,200 machines how do wemake sure that only the honest codemake sure that only the honest codegoes to all 82,200 machines.goes to all 82,200 machines.


18/19

The best protection 10%The best p rotection 10%Manual AuditManual Audit

I think that the best way to probably have clean,I think that the best way to probably have clean,honest, and credible elections is to increase thehonest, and credible elections is to increase thenumber of PCOS machines that should be audited bynumber of PCOS machines that should be audited bya manual recount and that the selection be aa manual recount and that the selection be a

random sample.random sample.One machine per district manual audit is too low.One machine per district manual audit is too low.

We should target a manual recount of 10% of theWe should target a manual recount of 10% of thePCOS machines in each municipality, district, or city.PCOS machines in each municipality, district, or city.

The identification of the machine should be random. The identification of the machine should be random.


19/19

If we failIf we fail

If we dont take these measures our 2010If we dont take these measures our 2010elections may not be honest, fair, andelections may not be honest, fair, andcredible. They will most likely be quick andcredible. They will most likely be quick anddirty.dirty.

pcos risks and fraud opportunities - article

Documents