PRESS RELEASE (as of May 12, 12:00PM)
the Random Manual Audit, Transmission Feed from TS/MS and Hash
Random Manual Audit
The conduct of a Random Manual Audit (RMA) is a safeguard
mandated by Sec. 29 of RA 9369 (Automated Election Systems Law)
to verify the accuracy of the count of the Vote Counting
Machines (VCM). This 2016, the RMA is to be conducted under the
auspices of the RMA Committee (RMAC), composed of
representatives from the Comelec, the Philippine Statistical
Authority (PSA) and the Comelec authorized citizens’ arm,
NAMFREL (assisted by its partner the Philippine Institute for
Certified Public Accountants (PICPA )), as authorized by SPP
15-193 dated March 2, 2016. The activity involves a manual
comparison of the printed election return generated by VCMs
(formerly PCOS) vis-à-vis the manual appreciation of the ballots
(primary source document) of the selected cluster precincts.
As of 11:15am 05/12/16, most of the 715 clustered precincts
selected for the RMA have been completed or are still on-going.
Exceptions are in Basilan, Al Barkha, Maluso, Isabela City,
Palawan (Linapacan) and in Lanao del Sur (Tagoloan, Ditsain
Ramain, Marantao, Marawi, Malabang, Kapatagan, Bayang, and
RMAs are being conducted in respective municipal/city canvassing
sites or in a few cases, in provincial canvassing sites.
Completed reports have now been transmitted to the Provincial
Election Supervisor (PES) for submission to the Comelec RMAC.
The RMA reports will be forwarded to the RMAC in the Comelec
National office. For those with variance exceeding 10, the
ballot boxes will also be brought to the RMAC for validation,
repeat count and determination or root cause as needed.
Transmission Feed from Transparency Server / Mirror
As of 8:45am, there are still around 4,000 plus precincts that
have not transmitted its results to the Comelec server. This is
estimated to account for 1.9 million votes still to be received.
“Hash Codes” Issue
At the center of the current controversy regarding the
unofficial vote count coming from the transparency server is the
statement coming from the camp of vice presidential candidate
Ferdinand Marcos Jr. alleging that a new computer command was
entered into the transparency server “to alter the hash code of
the packet (sic)”.
A hash code is a value generated for an electronic document,
data file, or a program. This value serves a compact digital
fingerprint which is unique to an electronic document, data
file, or a program. Hash code is a security measure used to
ensure that the integrity of an electronic document, data file,
or a program has not been compromised.
For the COMELEC/Smartmatic system, hash codes were used in
several fronts. The major ones are on the final build of the
software code in the VCM and CCS. As an ad hoc security measure
hash codes were generated for each cumulative data pack which
they are sending out via the transparency server. The issue at
hand is on the cumulative data packs and NOT the hash codes of
the software in the VCM or CCS.
The hash code on the data pack is essential for initial
integrity test on the election returns (ER) results. However,
despite the mismatch in the hash code of the data pack coming
from the transparency server, our verification of the data
received shows that there is no impact on the actual values on
Several security measures were put in place that allows
verification of ER data authenticity.
The project of precincts are published allowing simple checks
like more votes than voters which can raise red flags.
There are two batches of print-out of the ER that is distributed
to several groups and parties. The first batch is prior to
transmission and remaining batch is after transmission. It would
be very easy to spot discrepancy here since ER-level data are
available online via your favorite media firm. The ER printout
are, most of the time, published for the public to see and
several digital copies are floating in social media for easy
Access to the Transparency Server is given to the majority
political party, the dominant minority party, the PPCRV and the
KBP. Namfrel and other media outfits have access to the mirror
of the Transparency Server.
Namfrel is entitled to one copy of the printed ER. Our Systems
Group has not found any discrepancy so far and that despite the
mismatch of the data pack coming from the Transparency server
via its mirror, THERE IS NO CHANGE in the actual values of each
ER. Namfrel’s crowd sourced data shows consistency of the ER
values as well.
The allegation on fraud is focused on the problem on the hash
code. All parties have copies of the ERs from the transparency
server. It would be prudent if they can show even a single
VCM/ER changed during the time they are complaining about the
From our research, it seems like there has been character
encoding issue specifically on the ñ character and was hastily
corrected by someone from the COMELEC/Smartmatic group. The
correction happened after the hash code was generated hence the
issue on the mismatch of the hash code. After a day it was
corrected eventually. What we also saw was the possibility of
trending as we don't have a verifiable way to get inputs from
the field if they have submitted or not yet. The transmission of
the VCMs are still areas for improvement, while it is fast, the
possibility of trending can still occur.
The main and real issue here would be last minute changes in
process and codes as well as lack of quality control by
Smartmatic. The system is a multi-billion peso system and the
error was so amateurish.