Kwentong Kengkay

Abril 19, 2010

internal controls will protect automated elections

Filed under: Uncategorized — kengkay @ 12:27 umaga
Tags: , ,

Let us be informed:
Because of the spectre of possible failure of elections on May 10, the Makati Business Club joined a growing clamor for Comelec to adopt a parallel backup manual count. Officials of the Makati Business Club (MBC) and the Management Association of the Philippines (MAP) said that the manual count should be done as a contingency measure for at least the contests for president, vice president and mayors. This was also the very same measure that was proposed by a group of IT professionals, as well as various poll watchdog organizations and political parties.

What you’ll be reading is a response by Mr. Bulatao arguing that parallel count is misguided. He believes that internal controls will protect automated elections from potential threats not a parallel count. Here’s the letter:

Hi Ernie,

I was motivated to attend yesterday’s press conference of IT Professionals for Good Governance because of your Apr 10 Inquirer article supporting the proposed parallel count. Frankly, I am disappointed with their briefing for they are presenting vintage ‘70’s ideas. Am also uncomfortable with their media spin of sowing discontent on the electoral process instead of collectively addressing the problems.


Gus Lagman presented 4 areas where potential fraud can happen, 1) at PCOS, 2) at the transfer CARD, 3) at Transmission, and 4) at the CANVASSING.

This is true only if each part is treated in isolation. That is why the law provided internal control measures. Providing a copy of the ER’s to political parties will deter attempts to compromise the system. Such time honored basic accounting procedures is still effective.

Therefore, the following concerns are covered:

■Maricor confidently said that she can proved that the CF card can be rigged. This true only if internal control is absent.
■In the transmission, hacking of the encryption code can also be compromise if done in isolation. But it will take hours for the brightest software or decode it. And the web basic timeout procedures will stop it. Even if we assume they are successful, the internal control procedure will show the discrepancy.
■Canvassing ‘dagdag bawas’ is impossible with the internal control.
Let us not forget that with the thousands of BOTO PATROL all over the country, we are assured that they will make noise if any missing ER with PCOS ID is detected at the canvassing centers.

In reality, this process provided a form of parallel count where COMELEC count is validated against count of parties or PPCRV.

It is at the PCOS where the risk is high and this is where I attempted to present my proposed procedural controls had I been permitted to talk.

Consider the problems of banking where potential reward for hackers is tempting. Bank’s did not resort to a parallel count, they devise internal control measures to prevent fraud. This is what IT Professionals should aimed for.


Time is wasted on this issue and to the eyes of the international community, we are considered amateurs. A vendor rarely will disclose the source codes. It is within the right of the vendor to protect their proprietary rights. And to most, in order tto hide how convoluted their codes are which may add absence of confidence. For COMELEC to waive this provision of the law is only fair.

A good example is the auto pilot of the Boeing 747. When PAL or any airline buys the aircraft, they cannot demand to see how the source code of the auto pilot programs.

BEST PRACTICE dictates that the buyer must design test parameters to ensure their expectations are met.

3. Other 36 issues based on the study of Lito Averia.

COMELEC no doubt will encounter multiple problems. This is nothing new and a reality in any major IT implementation. San Miguel suffered when they switch to SAP, UNION bank also encountered issues. At PNB, during our Y2K conversion, we had a list of 270 issues and worse, the threat to a potential systemic bank ran if we fail due to vendor’s misrepresentation. The most scary part is being duped that the solution will run on a 56 mips mainframe only to realize that what is needed 480 mips.

We solve them and postpone other issues later. We did not call a PRESS CONFERENCE to tell the public and sow undue fears and say ‘kami ay nababahala’.

4. Parallel Manual Count.

This is no longer the practice today. When I administered the Y2K conversion of PNB, parallel count is discouraged. When UNION Bank converted recently, they did not employ parallel implementation but elected the big bang approach. When SAP implements, no parallel. The big players realized the common sources of problems with the parallel method are created by the old timers who are fixed with the old ways.

Experience dictates that in transaction processing, manual method are prone to errors compared to an automated solution. Why then should we support a manual parallel count?

My other concern on their good intentions is with the team who will implement it. They are the same technical team that supported the Namfrel Quick Count since the ’86 edsa, that at best, delivered results only up to 70%, and took several weeks. With such track record, any potential delay in the results will only fuel further discontent.


The idea of doing a PARALLEL COUNT will require the approval COMELEC to release P300 million for the proposal. Yet the method of marketing is to attack the source of funding, then to tell them that the result will check their mistakes, and to threaten the institution that groups will be mobilized to rally for transparency. WOW! It seems that they really do not intend to get approval after and are only making noise.


Here is where the potential risk is HIGH. With the present controls implemented, SMARTMATIC cannot protect their own programmers with the possible motivation such as monetary or security threat that GUNS,GOONS, and GOLD will provide. Overnight, a change can be made. Even the guards can also be motivated to look the other way.

However, a simple procedural testing can be done at the first hour of the voting day. The test run should include:

■a) display directories to ensure that there are no transient or hidden files ,
■b) hardware/software functional test,
■c) sample test ballots with expected results. If the ballot test run is compromise,
obviously that PCOS is bugged.
Some paranoid contrarian will say that a time bound triggers can be added that at 3 PM votes will be diverted. This only true for those who do not understand their PC basics and lacks the imagination to counteract this. Am sure that thousands of our BOTO Patrol team will know the answer. It is embarrassingly simple!


Like Gus Lagman, Lito Averia, Maricol Acol and other patriots, I am also very angry with what is happening for our most revered institutions are being abused. I admire their courage, passion, and determination to fight the P2billion fraud, and I revered and honor their friendship built through decades in the industry. Am sure we are united in objectives although differ in approach. I am also very disappointed with COMELEC for their inability to avoid controversial issues that impacts confidence to automation.

However, there is no turning back on a project where 7 Billion is allocated. It is our collective responsibility to make it work! And Internal Controls is our only way to protect our public and the technologist from potential threats. Not a parallel count. And sowing discontent and technology fears will not help.

In closing, allow me to relate why I decided to get involved in our electoral process. While I am having radiation treatment for CA in Buffalo N.Y., I got the happy story from my daughter working at HSBC Toronto that the Filipinos in their office were celebrated with the news of Efren Penaparanda being selected as the CNN Hero of the Year. Only to be rebuked the next days with the bad news of the Mindanao massacre! This hit hard on my technological conscience and brought me to tears. It should not have happen if we have a simple ON-LINE Registration within the concept of VIRTUAL Precincts. I feel sad since we as a nation have the skills. Since the ‘70’s we have techy people who knows the technology of ‘deposit withdraw kahit saan’ yet today, we are still in Limbo.

It is time to speak up for the confusions generated by our own misguided IT practitioners are getting out of control. Election system is so simple compared a complex banking system. Let us not waste our time dealing with the marginal issues and focus on material ones.

I hope you will find space in your column for public awareness! As a personal friend also, I implore you not to motivate the farmers to support a misguided parallel count.

I am an authority on this subject for being a veteran in the areas of applications having been trained in the best practices of USAF, KLM, BAC, BOEING, McKenzie, Banking, Hudson Bay, and government. Today, I am still able to prevent being hostage to a programmer for I dictate what codes to adopt at various level such as HTML, JAVA, WEB, and SQL server. And I am proud to be honored by Mrs. Carmen Guerrero Nakpil in her book as responsible for providing the highest technical prestige for Technology Resource Center.

~Manuel Bulatao

Pass this on so people would know.


2 mga puna »

  1. dapat mag manual n lng kasi

    Komento ni rllqph — Abril 19, 2010 @ 5:18 umaga | Sagutin

  2. hello blogger, i was reading your posts on internal controls will protect automated elections Kwentong Kengkay and i genuinely liked them. 1 thing that i observed whilst browsing through your blog that a few of the links aren’t working and return error error. this makes the reading experience a bit bad. you’ve a good blog and i would request you to revise the links so that interested folks can get all the info they intend to have. Btw are you on twitter?? i would genuinely like to follow you and get up-dates in your blog.

    Komento ni Kathleen Myers — Abril 27, 2011 @ 2:58 hapon | Sagutin

RSS feed for comments on this post. TrackBack URI

Mag-iwan ng Tugon

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Baguhin )

Twitter picture

You are commenting using your Twitter account. Log Out / Baguhin )

Facebook photo

You are commenting using your Facebook account. Log Out / Baguhin )

Google+ photo

You are commenting using your Google+ account. Log Out / Baguhin )

Connecting to %s

%d bloggers like this: