If the Commission on Elections (Comelec) had everything it wanted for a fully automated election system, the biometrics it collected from registered voters (which it continues to collect from new voters annually) would be fully integrated in the Automated Election System (AES). Then the biometrics would be used to make it pretty difficult for flying voters to do their thing.
During its initial rollout in the 2010 elections, the Automated Election System (AES) consisted of the Precinct Count Optical Scan (PCOS) machine—essentially a specialized scanner that reads specially-marked ballots and collates the votes it has read, stores the votes it has read, and counts them at the precinct level.
The PCOS machines were also designed to transmit the certificates of canvass (COC) it has collated to the Comelec’s data servers where a consolidated, computerized quick count will be the end-result. The use of PCOS machines cut the counting time from nearly two weeks for a national election to mere hours. The next generation of PCOS machines have also been re-christened: They’re now called Vote Counting Machines (VCMs).
“The whole point of automating the elections, if you will recall, was to shorten the counting time,” Comelec spokesman James Jimenez said in an interview with the Philippines Graphic at his office in Intramuros.
Shortening the counting time, Jimenez added, leaves a much smaller window of opportunity for people seeking to engage in poll fraud. Those parties who use intimidation and violence to harm their rivals, those rivals’ supporters, and Comelec personnel now have less time in which to work their mayhem.
“The most urgent need then was to safeguard human lives,” Jimenez said. “The bonus was that we reduced the amount of human intervention and, because we no longer had people writing names on ballots, there were less errors.”
This is the Philippines, where a blatant act of widespread electoral fraud triggered the 1986 Edsa Revolution that ousted strongman Ferdinand Edralin Marcos from the presidency and 20 years of dictatorial rule.
Poll fraud has undermined and weakened public confidence and trust in the election system—and its outcomes. Poll fraud includes vote-buying, ballot box-snatching and –switching, the use of flying voters who assume other people’s identities and vote at more than one precinct, plus errors in the manual vote count (whether deliberate or not).
These were the problems Comelec had to solve. The solutions the commission has developed include regular purging of the voter’s list to remove the names of the deceased and update voter information. The Comelec also works with the Philippine National Police (PNP) to beef up physical security at polling precincts, and improve coordination with the PNP and the military during the run-up to the elections, election day itself, and during the vote counting and at the proclamation of winners.
Automation is part of this process, and the Comelec is working to continue upgrading its poll automation systems.
In 2001, efforts were undertaken by the Comelec to update and upgrade the voter’s list and purge it, as much as humanly possible, of the voting dead. The voting dead, by the way, are the dead whose identities were used by flying voters, who are paid to hop from precinct to precinct to vote in favor of specific candidates by taking the identities of the deceased not purged from the voter’s list in vain, as well as live voters who failed to use and cast their ballots. It is an oft-told joke come election time that if you don’t go out and vote, someone else will be kind enough to fill your ballot out and shove it in the ballot box for you. That’s where the “gold” part of “guns, goons and gold” comes into the sorry image of the process of suffrage in the Philippines.
The Comelec collected (and still collects) voters’ biometric data: Signature samples, fingerprints and face-capture (not simply photographs) that mapped each registered voter’s facial bone structure underlying the skin, hair and eye color.
Age and wear and tear on the body, Jimenez noted, will change the appearance of a person’s face: “Your hair will turn white, or recede, with age. Your signature could change with time and the effects of illnesses like heart attacks and strokes. Your fingerprints could be changed by damage to your finger pads.” Facial bone structure, however, remains constant through most of a person’s life. Unless the finger pads are damaged enough to change a person’s fingerprints, those, too, are constant.
All of these biometric data make up the sum of each voter’s unique identity markers in the Comelec list of registered voters. They are all useful in verifying that Juan dela Cruz of Barangay Poblacion, Makati City, is the voter so listed.
While the suffrage is a right, you can’t just waltz into your assigned Comelec precinct to vote. You have to have solid, incontrovertible proof that you are that particular registered voter on the Comelec list. Only then are you given that sacred ballot with which to vote for the candidates of your choice.
This data was originally supposed to be put on a Voter’s ID card, then, later, plans to integrate the Voter’s ID into a National ID were made. Neither panned out, since the issuance of Voter’s IDs by Comelec were suspended in favor of the planned National ID that never materialized, though every administration from that of Fidel Ramos to Rodrigo Duterte has pushed for the implementation of a National ID system.
“A massive biometric data leak in India’s national ID system that resulted in large-scale identity theft made the government reconsider making a National ID system here,” Jimenez said. “So, after a long pause in issuing Voter’s IDs, we may have to do that again, but we don’t know when that will be.”
It may be recalled that the Comelec has not been immune to data leaks, either. In 2016, hackers made Comelec’s voter’s identification data available online in one massive download that contained, among other data, legal names, home and provincial addresses, and birthdates—good enough identity information to sell on the Dark Web for between $1 and $8 per identity. This data breach was slapped with the hashtag #ComeLeaks, and it caused the Data Privacy Commission (DPC) to reach out to the Comelec: “Sinabon kami ng (we got a dressing down from) DPC,” Jimenez recalled. “The DPC also worked with us to plug the security holes in our systems, improve our data security by sharing best practices with us and training our IT and IT security personnel.” He said that his agency is “holding on to the voter identity data and the security of the voter’s list as tightly as we can. We’ve learned a hard lesson with the data breach. That is not a lesson we’re going to forget.”
The Comelec, Jimenez also said in another interview with Graphic and its sister media outfits at the BusinessMirror Coffee Club late last month, “was looking at going fully digital. We were looking at paperless voting.”
The commission decided against implementing such an AES because of the “wildly varying levels” of technology adoption and understanding of the electorate “especially in areas where technology like smartphones and tablets” have not yet gained popularity, nor become affordable enough for the locals of those areas.
However, the Comelec is pushing to improve its constant cleanup of the voter’s list by adding a complementary feature to its automated systems that will make it harder for flying voters to do their thing.
What Comelec is moving to integrate into the existing AES is the use of the biometrics data it has, starting with the use of a tool called a Voter Registration Verification Machine (VRVM), which is the hardware and software component of the Voter Registration Verification System (VRVS). These light, handheld machines can be linked to the Vote Counting Machines (VCMs) to trigger the release of ballots to voters, or deny voter access to ballots, depending on whether their identities as registered voters are verified or not.
“However, we will not be coupling the VRVM and VCM systems for now,” Jimenez said, explaining that the Comelec has already extended the voting hours from eight to 12 hours, because the list of registered voters is now about 61 million from the list of 54 million voters it had during the 2016 elections.
“We would have integrated the systems if we could accommodate all the voters on our list, and still give them the time to learn and adjust to the changes,” he said. “As it is, we’ve extended the voting hours from 7 a.m. to 3 p.m. to 12 hours—6 a.m. to 6 p.m.”
The VRVM is an Android tablet with customized software that is equipped with a fingerprint scanner much like the biometric Bundy clocks many offices now use. It is capable of wireless connectivity to the Comelec voter’s list and its biometric markers for each registered voter.
“It works this way,” Jimenez said. “You swipe your finger on the fingerprint scanner, which will then connect to the biometrics database to confirm that you are, indeed, a registered voter and verify your identity with what is in our system.” Once confirmation is achieved, “the VRVS will print a receipt that you will present to the Comelec personnel in charge of giving you your ballot. Then you can vote.”
“If, for some reason, your fingerprints are not recognized by the VRVS, we will then revert to the book of our registered voters to confirm your identity,” Jimenez said. “That will have to do for now.”
Trying to get voters to use VRVMs linked to the VCMs, Jimemez said, “will take more time per voter than we can accommodate, given that the number of registered voters has increased considerably.”
The Comelec will deploy 35,000 VRVMs during the 2019 polls, but 2,000 of these specialized tablets will be held as a contingency measure.
Eventually, Jimenez said, the Comelec hopes the VRVS will replace its existing manual identity verification method implemented by the Board of Election Inspectors (BEI) who still refer to printouts of the Election Day Computerized Voters List to determine whether or not a voter is given a ballot.
While learning to use any new system initially eats up a little more of each voter’s time, Jimenez said the Comelec expects the VRVS will ultimately lead to shorter voting time as the electorate gets used to the new system.
The goal, he said, is to reduce the processing time for each voter before that voter is given a ballot from the 10 minutes that is the norm now to two minutes.
The BusinessMirror reported on Jan. 18 that the French technology company Gemalto won the contract to supply the Comelec with the 35,000 units of VRVS tablets it is going to pilot-test during the 2019 polls in selected areas, including precincts in Manila and Quezon City, as well as in selected municipalities in Pangasinan, Cavite, Cebu, Negros Occidental, Zamboanga del Sur, Davao del Sur and in all of the Autonomous Region in Muslim Mindanao.
According to the report, Jimenez had announced that Gemalto Philippines Inc., “in a joint venture with NextIX, beat three other bidders, including Comelec’s perennial supplier, Smartmatic International Holdings, for the VRVS contract.”
The Comelec said last year that this contract for the VRVS has an approved budget of P1.6 billion. Jimenez had been quoted as saying that one VRVM unit “will be used in each of the selected [clustered] precincts.”
The Graphic paid a virtual visit to Gemalto Philippines’ parent website, where the company’s products and services are described in detail. One of the services Gemalto offers is “enabling swift and secure multi-channel Trusted Digital Identities.”
The company describes a “trusted digital identity” as a “digital ID” that serves as “the technological link between a real entity such as a person and [that entity’s] digital equivalent entities. It includes a collection of electronically captured and stored identity attributes including biographic and biometric data.”
According to Gemalto’s website information, a “Trusted Digital Identity is created when the information provided has been verified, or checked for authenticity.” The company’s description of a trusted digital ID is that it consists “of a set of verified attributes (like verified ID documents or biometrics)” that provide a “certifiable link between an individual and [that individual’s] digital identity. These attributes may also include verification with third parties such as Government databases, social identity, credit card number[s] or mobile records.”
While the business application of a trusted digital identity offers security in an environment where security is a constant concern, the advantages offered by Gemalto to its business clients include features and services that would serve the purpose of voters identification well: “When it comes to certain areas, like government services and banking, it’s critical that you are who you claim to be: IDs need to be trusted.”
“There are no hack-proof systems,” Jimenez said. “However, there are several ways of safeguarding your systems to keep them trustworthy. We learned that from the Data Privacy Commission, and from experience.”
Questions concerning the security and integrity of the AES have been raised constantly ever since the Comelec in 2010 adopted the use of machines to scan, collate and count the data on the ballots cast by the electorate.
The security of the system does not simply hinge on the machines the Comelec is using, nor on the source code for the VCMs or the customized software for the VRVMs.
“The ballots are printed with special markings, as you will recall, that enable the VCM to read these,” Jimenez said. The paper and markings on each official ballot are machine-readable and a fake ballot that does not carry the same markings cannot be scanned by the machine.
“We test each ballot,” Jimenez added. “And we need time to test them. Even if you give just two minutes for each ballot, we still have to run 61 million or so ballots through the VCMs—and that is before you, the voter, even get to touch the ballot.”
Responding to questions about the security of the source code that will be used to run the VCMs, Jimenez said the Comelec tested the improved and upgraded source code at the start of the year to find and resolve any issues with the software. “We handed it into the safekeeping of the Banko Sentral ng Pilipinas, which will hold the source code in escrow until we deploy it on election day.”
It will be recalled that the presence of Smartmatic personnel in proximity to some of the VCMs during the vote-count of the 2016 national elections raised concerns among some of the candidates vying for various electoral posts and their supporters. Some even alleged that cheating occurred because of this.
“Smartmatic is still our supplier for the VCMs because they won the bidding for the contract,” Jimenez said. “They are also, as part of that contract, supplying technical support for the VCMs.” Responding to questions about whether the Venezuelan company’s tech support teams will be permitted near the VCMs during the actual vote count, Jimenez responded with a one syllable reply and a smile: “No.”
“The whole point,” Jimenez said, “behind protecting the sanctity of the ballot is to ensure that the system by which we select our elected officials is perceived to be trustworthy.” G
Recognizing that face, voter edition
The facial recognition biometrics the Commission on Elections (Comelec) had begun gathering 18 years ago could quite logically become integrated into the voter registration and identification system as the country’s Automated Election System (AES) is upgraded.
Comelec spokesman James Jimenez said “that would be a good idea. We do have the face-capture data we gathered in our database for the voter’s list so we can include real-time facial biometrics as part of the system for confirming the identity and registration of each voter.”
Jimenez also explained that the facial recognition biometrics aren’t based on the surface appearance of a person’s face. “It also takes note of the bone structure of each registered voter’s face. Because your skin can sag and, as you age, there will be changes in skin tone, color and the appearance of your face—but your facial bone structure will likely remain the same, barring any accidents, mishaps or illness that change that.”
Eight years ago, Jimenez and I had a geeky conversation on the steps of the building where the Graphic makes its home. That conversation revolved around how to harness existing technology—optical scanners, video cameras, fingerprint scanners among them—to make it harder to commit poll fraud, provide for a quick and accurate vote count and, generally, clean up the process of vox populi.
In the eight years that have passed between that conversation and my latest interview with Jimenez, the technology used to make security cameras, video cameras for cinema, and, yes, the cameras on smartphones, has changed so much that people can actually shoot short feature films with respectably good resolutions and cinematic flair on mid-range smartphones that fit neatly in one’s purse or pocket.
AI WITH KEEN EYES
Now, high tech security cameras can be hooked up to artificial intelligence systems focused on security—closed-circuit television cameras and car dash-cams are becoming ubiquitous sights in our urban landscapes.
Just last year, news reports were shared over social media of how the Chinese government was making use of CCTV systems to identify dissidents using both the improved range and resolution of these cameras and the artificial intelligence (AI) that is used to control and monitor these video surveillance systems.
Hikvision, a manufacturer of video surveillance technology based in Hangzhou, China embarked on an “AI tour” of 40 countries across Asia, Africa, the Middle East, Oceania, and Latin America last year. This company has been selling CCTV systems in the Philippines for 11 years and is looking at expanding its operations to the Visayas and Mindanao this year.
When AI tour got to its Philippine leg on Oct. 30 last year, Hikvision showcased innovations covering AI cloud architecture, technologies, products, and other “vertical solutions.”
Hikvision general manager Ray Wu gave a presentation during the Philippine leg of the AI tour where he said that “as AI becomes more common and more powerful, deep learning will soon become the foundational technology for the security industry. AI will strengthen critical security efforts in every sphere, with new machine learning techniques giving CCTV cameras the ability to spot troubling behavior without human supervision.”
The Chinese technology company introduced a series of products capable of accurately detecting, recognizing, and analyzing human, vehicle, and object features and behavior—and can be used indoors and outdoors.
Hikvision’s EXIR Flexible PanoVu Network Camera features 1/2.7” progressive scan CMOS sensors and four lenses that each support 1080p at 30fps. According to the product description, the EXIR is capable of six behavior analyses, four exception detections, and facial detection.
The PanoVu PT Series 2MP + 2MP Target Capture Camera, meanwhile comes with a product description that says it can “capture distant images, as well as close-up images by integrating the design of a distant view camera and a tracking PTZ camera. This camera can be used in situations where a wide monitoring range and high definition video are required, such as the entrances/exits of airports, parks, and mass transit stations.”
HOW TO USE?
As for the purposes of the Comelec, cameras outfitted with AI and the ability to analyze movement, recognize faces and detect exceptions according to their users’ parameters would work well with the biometrics already in the Comelec system.
“We could use CCTV cameras to provide an additional layer of security and registered voter verification,” Jimenez said. “But we’re not yet there, honestly.”
If the Comelec runs true to form, any data it obtains from surveillance cameras for the purposes of voter identification will be used solely for that. The Omnibus Election Code, Jimenez said “is very specific about how voter identification data—including biometric data like photographs and fingerprints—will not be used for any other purpose.”
He noted that the fingerprint database of the Comelec “is literally an AFIS (Automated Fingerprint Identification System) database” just like the AFIS systems of law enforcement agencies in countries like the United States and the United Kingdom.
“The Philippine National Police (PNP) have been asking us for a long time to share our AFIS with them,” he said. “We cannot. It is not that we do not want to. We cannot because our mandate is only to use biometric data like fingerprints solely for the purposes of suffrage. The Omnibus Election Code prohibits us from using or allowing the use of voter identification data for any other purpose.”
So, if the Comelec will make use of CCTV or AI-run surveillance cameras in the future for voter identification and registration verification purposes to augment the VRVS they’re piloting now, “we will only be able to use it for that purpose alone,” Jimenez said.
Has Comelec learned its lesson from #ComeLeaks? Well, when I dropped casual-sounding questions about where the Comelec servers are located and which servers hold what, Jimenez just smiled and gave me the cut-direct: “I am not going to answer that question.” (Alma Anonas-Carpio)