On December 9, 2016, a number of news websites carried the news that President Barack Obama had ordered a full review of possible Russian hacking of the recent United States election. Questioning whether an automated election system (AES) can be hacked or not raises concerns about the integrity of the AES and the credibility of election results that the system generates. The Philippine experience in automating the elections is no different. Concerns were raised on possible vulnerabilities of the AES used in the last three elections. Everything happens inside the machine and those internal mechanisms are shielded from public observation But can the voting machines really be hacked? Just as in the US, none of the vote counting machines (VCMs) used in the Philippine elections is connected to the Internet; they connect to the transmission network only when they are ready to transmit the election returns to the city or municipal canvassing and consolidation system (CCS) and other servers. Hackers would not be able to hack into the VCMs since the transmission network is configured as a virtual private network with the appropriate security measures in place, and the time period to perform hacking activities is very short. Potentially, however, the CCS and other servers are exposed to possible attacks since the CCS and other servers are open for much longer periods while they wait to receive transmissions from the VCMs and CCS.
At the VCM level, an added confidence measure is the printing of the voter receipt which the Supreme Court ordered to be activated a couple of months before the 2016 elections. A post-election random manual audit of the vote count results generated by the VCMs is also mandated by law.
But, as Philippine experience has shown, an insider can very well interfere in the workings of the AES while it is in live operations. It will be recalled that Marlon Garcia of Smartmatic had introduced a program script into the transparency server while it was receiving transmissions from the VCMs. Garcia’s incursion into the transparency server had a negative impact on the credibility of the results of the elections. While canvassing and consolidation reports of the election returns received by the transparency server generated by accredited observers and media outfits are unofficial results, still, the transparency server is part of the AES and the election returns received are official copies. Garcia’s action was without the Commission on Elections (Comelec) en banc’s approval, prompting Commissioner Rowena Guanzon to denounce Smartmatic and call for an investigation into the breach in protocol.
Full Article: AES hacking issue raised anew and Smartmatic’s demand for P2B payment – The Manila Times Online.