The Manila Times - Time to change the automated election law

20 March 2019

By Nelson Celis | The Manila Times

Part 7

IN Part 6, we learned about the observation of AES Watch re the disconnect of the joint congressional oversight committee (JCOC) with the Comelec Advisory Council, the Commission on Elections (Comelec), the technical evaluation committee (TEC), and with its mother entity, the Congress. The disconnect primarily resulted not only in leaving the Comelec to decide on its own to acquire automated election system (AES) technologies through option-to-purchase in 2012 and 2017, but also the poor implementation of the AES project in the past three national and local elections and, incidentally, for the forthcoming elections on May 13, 2019.

To sidetrack a bit, what has been happening with the water supply crisis in Metro Manila, particularly with the admission of Manila Water Co.’s (MWC) violation of 24×7 services, is quite similar to the transparency crisis caused by the Comelec-Smartmatic violation of the AES law. In the House of Representatives hearing on March 18, the body found that the crisis was triggered by MWC’s lack of foresight, proper planning, timely execution of its Cardona treatment plant, etc. and the non-institutionalization by the Metropolitan Waterworks and Sewerage System (MWSS) of a cross-border mechanism with Maynilad as a contingency measure — that is, mismanagement! The MWSS, being the regulatory body, was hard-pressed to impose administrative fines. But its chairman said that it is not part of the concession agreement and that it is not within their powers. There was a motion to review the agreement and the MWSS functions, including its accountability. To top it all, Rep. Bayani Fernando, summarized the hearing by saying that the problem was technical, and he recommended the following: (i) facilitate the water flow from Angat Dam to La Mesa Dam; (ii) balance the load by regulating the pressure from 20psi to 17psi; and (iii) use new technology to control the valves. Fernando ended by saying that business undertaking is focus on the obligation to serve the public first, set aside too much greed, and penalize accountable people and entities.

There’s so much similarity between the water crisis and the AES non-transparency. The most profound are: (i) the privatization of water services and the enactment of RA 8436, as amended by RA 9369, both happened in 1997; (ii) the MWSS (as per Rep. Antonio Tinio) and Comelec (i.e., non-compliance of Smartmatic with the TOR/AES law) didn’t exercise their power to penalize their service providers; and (iii) MWSS-MWC and Comelec-Smartmatic had poor project management offices (PMO). The only difference is that with the water crisis, Metro Manilans could feel the pain outright while with AES being used, all of us Filipinos are blind, could not even feel the consequences of non-transparency of AES (e.g., hacking democracy or even socio-economic consequences). Who among us can prove that the count of the PCOS or VCM machines reflected the true will of the voters? Anybody?

Let’s now proceed with the question raised in Part 6: What are the functions of the proposed PMO and who are its members? As prepared by the technical working group (TWG) in 2017, the proposed amendments to RA 9369, or the AES Law, were submitted last year to the JCOC with the end in mind that AES project management might somehow change. But we were wrong! It only means that the proposed PMO will only be possible in the 2022 elections.

The PMO will complement the Comelec and the AES Board (read Part 4), and which is directly responsible for the implementation, coordination and monitoring of the AES project/system. The PMO shall provide overall governance in the execution and implementation of the AES, tasked (i) to monitor the progress in each stage of the implementation of the AES, (ii) to ensure the compliance of the AES contractor or contractors, if any, with regard to any AES outsourced, contract, (iii) to ensure compliance with this Act and existing laws, and (iv) to report and liaise with the AES board, commission and the JCOC. The liaising function would ensure full connection of JCOC with all the AES project stakeholders.

This time, the amendment would level up the Comelec’s Commissioner in charge (CIC) of the AES project, as the chairman of the proposed PMO, to be more pro-active in tandem with the Department of Information and Communications Technology’s (DICT) highest ranking career service official, who has a proven track record in senior-level IT management experience, as the PMO co-Chairman. The other three members are (i) the highest ranking career service official from the Department of Science and Technology (DOST) who has proven experience in conducting quality assurance test of information technology devices and software programs, (ii) Commissioner of National Telecommunications Commission to oversee the capability of telecommunications in the entire country, and (iii) an outsourced IT project manager from the private sector who has experience in managing large scale IT projects. As an exception, none of the AES contractors shall qualify as members of the PMO, nor shall they be engaged in any stage of implementation of the AES.

The above members of the PMO shall be created upon commencement in the planning and preparation for the next regular elections not later than 24 months before the next scheduled regular elections. That means, for 2022, the PMO shall start performing its task in May 2020, a year after the 2019 elections. To augment and support its tasks and functions, the PMO may avail of the services of various resource experts from the IT industry specifically for the following fields: (i) data base administration, (ii) data center operations, (iii) data communications and network administration, (iv) application systems development, (v) information infrastructure and information systems security, (vi) change management, (vii) problem and conflict management, (viii) quality assurance, (ix) information systems library and documentation, and (x) training course development.

The AES project implementation should not be left alone to the Comelec and the AES vendor to prevent the experiences in the past, especially the non-disclosure of the AES infrastructure and operations, transmission of election results outside the country, the non-usage of digital signatures, non-completion or performance of source code review, non-disclosure of contingency plan and measures to political parties, candidates and citizens’ arms, non-performance of systems audit, and other related technical provisions of the AES law.

The PMO shall be in charge of the different modules of the AES, from the vote casting and counting, transmission of results from the precincts and posting the same from their respective polling centers to the subsequent level of canvassing viewed in distinguishable websites, and certification of digital signatures consistent with existing law.

The following are the functions of the proposed PMO: (i) Perform governance and oversight functions up to risk management in all aspects of the development and implementation stages of the AES project from the planning and designing, to the construction and delivery until the conclusion of the electoral exercise; (ii) prepare and execute the implementation plan of the AES involving all stages and time schedules/milestones of the AES based on mutually agreed deliverables with all AES contractors; (iii) create task force/s to supplement the detailed work defined by the PMO upon the planning and designing stage following the systems configuration chosen by the Commission; (iv) perform risk assessments, tracking and communications with the different development teams as well as prepare and design a business continuity plan in cases of slippages in the lifecycle or failure of delivery; (v) manage, administer and oversee the contract and project development lifecycle, corresponding with the different vendor and the Commission’s development teams and determine the maximum efficiency and effectivity of the AES project; and, (vi) such other functions as may be pertinent and germane to its creation.

Meantime, let’s ponder on how the existing PMO will oversee the TEC’s activity as provided in Sec. 11.2 of RA 9369: the successful completion of audit on the accuracy, functionality and security controls of the AES software.

(To be continued)