Upload
phnetdemsptg
View
44
Download
0
Embed Size (px)
DESCRIPTION
A readiness report prepared by COMELEC and presented in the March 6, 2013 PPCRV Pre-Election National Conference, and provided to Democracy.Net.PH in the #AES2013PDR forum
Citation preview
Scope of Presentation
Challenges
Enhancements of the AES
Status of Preparations
TEC Certification
Timelines
CHALLENGES
Option to Purchase/Deed of Sale
Resolution No.
9376 • March 21, 2012
Exercise of Option to
Purchase/Deed of Sale with
Smartmatic-TIM • In accordance with AES
contract in connection with
May 10, 2010 elections
Option to Purchase/Deed of Sale
4 Petitions filed
with Supreme
Court • Assailing validity
and
constitutionality of
Deed of Sale
• Praying for TRO
1. GR No. 201112 (Archbishop
Capalla, Ali, et al)
2. GR No. 201121 (Solidarity for
Sovereignity [S4S], Pedrosa, et al)
3. GR No. 201127 (Guingona, Bishop
Pabillo, et al)
4. GR No. 201429 (Tanggulang
Demokrasya [Tan Dem], Kilayko, et al)
Option to Purchase/Deed of Sale
Supreme Court
issued TRO • April 24, 2012
After Oral Arguments, SC
• Dismissed the petitions
• Lifted the TRO
Option to Purchase/Deed of Sale
SC Decision • June 13, 2012
• OTP did not expire
• Nothing wrong with the Extension
Agreement • Extension Agreement did not give
Smartmatic additional right that was not
previously available to other bidders
• No substantial or material
modification/amendment of AES contract
• Exercise of OTP is more
advantageous to the Comelec
Option to Purchase/Deed of Sale
SC Decision • June 13, 2012
• PCOS machines are capable of
producing digitally-signed
transmissions
• Justice Carpio: “No, that’s a third
party ... That’s a third-party certifier,
but that’s an option. The law does
not require a third-party certifier. It
merely says that transmission must
be digitally signed.”
Option to Purchase/Deed of Sale
SC Decision • June 13, 2012
• Alleged defects, glitches and
infirmities have been determined
and may be corrected
• Enhancements have been
undertaken
• Petitioners could not even give
any plausible alternative to ensure
the conduct of a successful 2013
elections, in the event the SC
nullified the Deed of Sale
Option to Purchase/Deed of Sale
Motion for
Reconsideration
• Denied for lack of merit • October 23, 2012
ENHANCEMENTS OF AES
PCOS Enhancement Purpose
Automatic creation of
the precinct results
(election returns and
transmission files) • Once CLOSE VOTING
option is executed
To eliminate accidental
transmission of the
results file created
during FTS
PCOS Enhancement Purpose
REZERO function When used, PCOS
deletes all the
generated files
including the ballot
images except the
audit logs and
configuration data
PCOS Enhancement Purpose
Functionality
that sets
allowable
number of
REZERO
Once permitted number of
REZERO operations has been
consumed, PCOS will refuse to
allow any further REZERO
operation • If further REZERO operations are
required, memory card will have to
be re-programmed for that PCOS
PCOS Enhancement Purpose
Accurately reflects
user in the PCOS
log
User is identified either
as BEI Chairman, Poll
Clerk or Third Member • In 2010, the logs only
reflected user as
Administrator
PCOS Enhancement Purpose
Physical seal of
PCOS port • Even if physical seal
is destroyed, port
remains inactive • Activated only at the
software level
Eliminate unauthorized
access to the system
PCOS Enhancement Purpose
During generation of
ballot PDFs, and prior
to printing of ballots, a
tool is provided to
verify if ovals in ballot
templates are in their
proper coordinates
Eliminate risk of
PCOS machine
misreading the ballots
PCOS Enhancement Purpose
PCOS prompts BEI to
verify DATE and TIME
upon start up
If time is erroneous,
BEI required to make
corrections, and enter
such fact in Minutes of
Voting • In case of correct date
and time, BEI to enter
such fact in Minutes
CCS Enhancement Purpose
Additional CCS
hierarchy (Regional
CCS)
To receive provincial
results for ARMM
Regional Governor
and Vice-Governor
CCS Enhancement Purpose
“PARAMETERS
BY CONTEST”
• Lowering of
threshold
functionality
Sets number of registered
voters of remaining
precincts not yet
transmitted • In 2010, threshold was based
on the percentage of precincts
transmitted
CCS Enhancement Purpose
Transmit results
to next level of
canvassing either
• Per position
• All the higher
level
positions
In 2010, transmission done
simultaneously for all
positions • Transmission cannot be done
unless canvassing issues for all
positions are first resolved • Pre-proclamation controversy
• Illegal composition
• Illegal proceedings
CCS Enhancement Purpose
Provides
monitoring tallies
of results
received either
through
• Transmission
• Manual loading
In 2010, system does not
specify if election results are
received through
transmission or contingency
measures e.g. manual
loading
STATUS OF PREPARATIONS
Procurement of
Goods and Services Goods/Services Status
Warehouse and
Configuration Facilities
Writ of Possession issued by RTC in favor of
COMELEC; Pre-LAT on-going
Transmission Services Negotiations with public telcos; Done
Transmission Modems Deliveries on-going
Consumables Deliveries on-going
Ballot Boxes Manufacturing on-going
Ballot Packaging Packaging on-going
National Support Center Awarded, contract preparation
Deployment Awarded; contract preparation
Official Ballots 26.11 million ballots already printed as of
7:30 am March 5, 2013
Resolutions General Instructions for Board of Canvassers
• Resolution No. 9648, February 22, 2013
General Instructions for Board of Election Inspectors
• Resolution No. 9640, February 15, 2013
Continuity Plan
• Resolution No. 9635, February 12, 2013
Random Manual Audit
• Resolution No. 9595, December 21, 2013
TEC CERTIFICATION
Republic Act No. 9369 Created a Technical Evaluation Committee (TEC),
whose function is to
• “certify, through an established international certification
entity to be chosen by the Commission from the
recommendations of the Advisory Council, not later than
three months before the date of the electoral exercises,
categorically stating that the AES, including its hardware
and software components, is operating properly, securely,
and accurately, in accordance with the provisions of this
Act based, among others, on the following documented
results: […]”
COMELEC Advisory Council ‣ Only two established international certification entities
recommended by COMELEC Advisory Council to
conduct source code review of COMELEC AES 2013
Voting System
• SLI Global Solutions Inc.
• Wyle Laboratories
‣ SLI Global Solutions, Inc. (SLI) is the established
international certification entity chosen by COMELEC
SLI Test Results End to End Test Results
Execution of this suite leads to a determination that the
system does have all basic required functionality in place
(to conduct an election cycle).
Volume and Stress Test
The system is able to handle even far higher levels of
transmission, to even extreme stress levels.
SLI Test Results Transmission Test Results
Testing of the AES validated that the system is able to
handle multiple types of transmission.
The transmission method employed in any given
jurisdiction is able to be handled by the AES system.
Accuracy Test Results
Vote totals matched the expected results of the scanning,
for a 100% accuracy return.
SLI Test Results Audit Test Results
Review shows that an acceptable level of auditing is in place to assist any reviews that occur for elections in question.
Event recording for both normal and abnormal conditions within the election cycle.
PCOS Hardware Integrity and Data Retention Test Results
All aspects of the PCOS, as evaluated in the test suite, were satisfactorily verified.
SLI Test Results Security –
Access Control Test Results
Physical Security Test Results
Software-Firmware Test Results
Telecom Test Results
Security measures are implemented in a satisfactory manner.
Functional Findings
No issues were left unresolved that would have an impact
on an election, or its results.
SLI Source Code Review
SUMMARY
“Final results of the review of modified code determined
that the code satisfactorily met the prescribed
standards. Additionally, all remaining open “Major”
discrepancies from the May 2011 code base were
determined to be satisfactorily resolved. No “Critical” or
“Major” discrepancies remain open within the source
code base.”
SLI Source Code Review
SUMMARY
“There were no instances discovered of any
intentionally malicious code having been written by the
vendor and included in the voting system source code.”
SLI Source Code Review
CONCLUSION
“The system conforms to requirements and is
operationally suitable for use. SLI Global Solutions
determination is that the Automated Election System is
functionally capable of operating properly, securely and
accurately. SLI recommends the system for
certification, as it is conformant with operational
requirements and is suitable for use in applicable future
elections.”
TEC Resolution No. 2013-001
Adopted on February 12, 2013
Entitled “Resolution on the Certification of Automated
Election System (AES) for the May 13, 2013 National
and Local Elections”
TEC Certification NOW THEREFORE, the Technical Evaluation Committee, having
considered the totality of the certification test artifacts, findings logs, corresponding continuity plan, the on-site evaluation of field test and mock elections, systems acceptance and certification test reports as herein identified, RESOLVED as it hereby RESOLVES, to certify that the AES, as submitted, with full adoption of the recommended compensating controls, can operate properly, securely, and accurately be used by the voters, boards of election inspectors, local and national boards of canvassers, and COMELEC in the May 13, 2013 National and Local Elections.
FURTHER RESOLVED, as it hereby RESOLVES, that to comply with the requirements under RA 9369, the AES source code as submitted and reviewed be kept in escrow with the Bangko Sentral ng Pilipinas.
Compensating controls Administrative and Procedural in Nature
Proper account management and usage
Properly trained BEI and BOC
BEI and BOC Assessment
Configuration management
Hardening of EMS system
Authenticated actions
Account and password management
Continuity plan
Voting and Consolidation maintenance
Compensating controls Administrative and Procedural in Nature
Tamper evident seals
UPS for EMS system
Chain of Custody for accountable forms/supplies
Physical Key Chain of Custody
COMELEC Security Policy
Job Rotation
PCOS Environment (RF transmitting devices)
Voting System Integrity (Virus)
Compensating controls Administrative and Procedural in Nature
Procedures for
• BEI and BOC Abnormal Situations
• AES Test
• PCOS and CCS Receipt
• Restoration of Chain of Custody
• Test Plan
• Election Information Control and Archiving
• Change Management
• Voting and Consolidation Systems Administration
• Software Validation
• Voting and Canvassing Systems Usage
• Acceptance Testing Warehouse
• Polling Place Testing and Sealing
• Audit
Source Code Source Codes for PCOS, CCS and EMS existing
• Reviewed by SLI Global Solutions
• Binary Codes compiled by SLI Global Solutions
Hash Codes given to interested parties during January 10,
2013 Trusted Build activities
Also posted in www.comelec.gov.ph
Source Code Code Review
• Delivery of PCOS Source Code for local review currently
under discussion between COMELEC, Smartmatic-TIM
and Dominion Voting System
• CCS and EMS Codes already available for review
• Resolution No. 9651 dated March 1, 2013
Who are considered interested groups that may conduct
source code review
Qualifications of code reviewers
COMELEC Advisory Council recommendations
TIMELINES
TIMELINES
Random Manual Audit (RMA) Done
Period to finalize List of Candidates Done
Period to finalize Project of Precincts (POPs) Done
Laboratory Test Done
Field Test Done
Configuration of PCOS/CCS On-going up to April 25
Mock Elections Done
Printing of Official Ballots On-going up to April 25
Pre-Election Logic and Accuracy Test On-going up to April 30
Training On-going up to April 7
TIMELINES
Deployment March 15 to May 8
COMELEC & TEC acceptance of
transmission system March 15 to April 30
Preparation of voting, counting and
canvassing sites April 1 to April 30
Final Testing and Sealing May 6 to May 10
Election Day May 13
THANK YOU! www.comelec.gov.ph