The Manila Times – Lack of IRR and distortions of the Election Law

By Nelson Celis | The Manila Times

Last of 2 parts

“THE electronic signature in 2000 under RA (Republic Act) 8792 was subsequently elaborated in 2001 under Rules on Electronic Evidence (REE) Rules 1, 2 and 6:

“REE Rule 1.j: ‘Electronic signature refers to any distinctive mark, characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message or electronic document or any methodology or procedure employed or adopted by a person and executed or adopted by such person with the intention of authenticating, signing or approving an electronic data message or electronic document. For purposes of these Rules, an electronic signature includes digital signatures.’

“Rule 2.e: ‘Digital Signature refers to an electronic signature consisting of a transformation of an electronic document or an electronic data message using an asymmetric or public cryptosystem such that a person having the initial untransformed electronic document and the signer’s public key can accurately determine: (i) whether the transformation was created using the private key that corresponds to the signer’s public key; and, (ii) whether the initial electronic document had been altered after the transformation was made.’

“Rule 2.f: ‘Digitally signed refers to an electronic document or electronic data message bearing a digital signature verified by the public key listed in a certificate.’

“Rule 6, Sec. 1: ‘Electronic signature — An electronic signature or a digital signature authenticated in the manner prescribed hereunder is admissible in evidence as the functional equivalent of the signature of a person on a written document.’

“Consequently, following the provisions of BP (Batas Pambansa) 881, RA 8792 and REE, the enacted RA 9369 stipulated that the BEIs (Board of Election Inspectors) and BOCs (Board of Canvassers) shall digitally sign the election returns and certificates of canvass, respectively, and these are defined in Sections 22, 25 and 30.

“Sec. 22: ‘The election returns transmitted electronically and digitally signed shall be considered as official election results and shall be used as the basis for the canvassing of votes and the proclamation of a candidate.’

“Sec. 25: ‘The certificates of canvass transmitted electronically and digitally signed shall be considered as official election results and shall be used as the basis for the proclamation of a winning candidate.’

“Sec. 30: ‘Authentication of electronically transmitted election results. — The manner of determining the authenticity and due execution of the certificates shall conform with the provisions of Republic Act 7166 as may be supplement or modified by the provision of this Act, where applicable, by appropriate authentication and certification procedures for electronic signatures as provided in Republic Act 8792 as well as the rules promulgated by the Supreme Court pursuant thereto.’

“Sections 22 and 25 are very clear about the word ‘digitally signed’ and supported by Section 30 specifying RA 8792 and REE.

“GMA News Online published that the Comelec (Commission on Elections) en banc ‘resolves to again use the PCOS (Precinct Count Optical Scan) digital certificate to digitally sign the election returns for the May 13, 2013 national and local elections’ but nothing was mentioned about the CCS (Canvassing and Consolidation System) digital certificate to digitally sign the certificates of canvass. This was also the pronouncement of Comelec during the JCOC (Joint Congressional Oversight Committee) meeting presided by Sen. Alan Peter Cayetano on Feb. 6, 2013 that they are going to use ‘machine digital signatures.’ Thus, the understanding of Comelec and Smartmatic-TIM has been consistent and they insistently believe that a machine digital signature is equivalent to a BEI or BOC signature. But how can the BOCs using the CCS authenticate the election returns electronically transmitted by BEIs from PCOS machines? As defined in REE, it is only an ‘asymmetric or public cryptosystem’ which can generate a genuine digital signature and such can only be attainable through the use, say, of the Philippine digital certification center (DGC) launched in 2011. The DGC was actually the realization of Executive Order No. 810 signed by former President Gloria Macapagal Arroyo in 2009 entitled ‘Institutionalizing the Certification Scheme for Digital Signatures and Directing the Application of Digital Signatures in E-Government Services.’ Such DGC should have been the ideal solution to settle the misinterpretation about digital signing.

“Because of the absence of the IRR (implementing rules and regulations), Comelec, and its AES (automated election system) provider, may interpret the provisions of RA 9369 in different ways vis what the BP 881, RA 8792 and REE are really meant to be. The absence of IRR means lack of authentication standard in implementing the digital signature and other technical provisions of RA 9369. Comelec simply interpreted it without considering what the local e-Commerce Law really intends to convey. By the way, the major provisions of RA 8792 were taken from the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law. Further, Gates, R. Nuzum, M., Byers, G. & Bessey, J (2008) stated that the goal of authentication standard is ‘to assure the authenticity of electronic signatures either received or generated by a court so that those who utilize electronic records in which an electronic signature is associated will have confidence that the signature is authentic; i.e., that the electronic signature associated with a court’s electronic record will be as unassailable as the traditional pen on paper model or that the electronic signature is a reliable as an ink signature as a means to validate the signer’s identity and intent.’

“I must say that the DGC was embedded in the aborted 2004 AES using the Verisign technology hosted then by ePLDT’s subsidiary, MySecureSign. That technology is commonly used now by the local banks in their respective internet banking facilities. The 2004 implementation of digital signatures was an ideal case whereby digital signing of BEIs and BOCs were really defined even though there was no RA 9369 at that time. In the AES implementation in 2010, no such technology was ever used and will never be realized in the 2013 elections.”

As expected, that digital signing was ignored again in 2013, then up to the 2019 elections, simply because the Comelec never really understood the said provisions of the law and they never tried promulgating its corresponding IRR. It is similar to the misinterpretation by the Comelec of the provision for voter verified paper audit trail, or voter’s receipt (RA 9369, Section 6e), as they thought that the receipt was the ballot paper! We only had that receipt in the 2016 elections when Sen. Richard Gordon fought it out in a Supreme Court’s oral argument with former Comelec chairman Andy Bautista. We were observing Bautista then and he was really firm with the Comelec’s interpretation of the law. Lo and behold, Comelec was proven wrong when the high court decided in our favor.

Should we let the misinterpretation of the digital signing in 2022, and other technical provisions of the law, and have unnecessary debates in a Supreme Court oral argument? The Center for People Empowerment in Governance (CenPEG)/AES Watch has a better option. Considering that the Senate Electoral Reforms and People’s Participation committee Chairman Maria Imelda Josefa Marcos had already discussed the proposed hybrid technology last year, the CenPEG/AES Watch suggests that she might request the reactivation of the technical working group (TWG) of the JCOC on the AES to draft the IRR of the electronic transmission of election results.

The reason being, unless the RA 9369 is amended, the electronic transmission for hybrid technology scenario will still be the same as that implemented in the last four national and local elections; that is, the automated canvassing and consolidation of electronically transmitted election returns/certificates of canvass from the board of election inspectors/municipal and provincial board of canvassers. Why TWG? Because they handled well the investigation of the early transmissions of the vote counting machines and other irregularities cited by Sen. Vicente Sotto 3rd in 2018. Please read further about the high-minded contribution of TWG at https://www.manilatimes.net/first-things-first-start-with-a-clean-slate/578621/.

While the proposed hybrid technology is being finalized, the TWG may already start crafting the IRR by inviting subject matter experts from the Department of Information and Communications Technology, Department of Science and Technology, academe, nongovernment organization and private practitioners. The TWG may even consider the working in-house developed CCS by Comelec in 2012! We cannot rely anymore on Comelec to promulgate the IRR as they left it hanging for 23 long years (since 1997)… and still counting? Besides, if we let Comelec neglect its duty, who will eventually be the losers? Not the Comelec, not the politicians, not the JCOC… but we, the Filipinos!

Back to Blog