PRESS RELEASE (as of May 12, 12:00PM)

Updates on the Random Manual Audit, Transmission Feed from TS/MS and Hash Codes
Random Manual Audit
The conduct of a Random Manual Audit (RMA) is a safeguard mandated by Sec. 29 of RA 9369 (Automated Election
Systems Law) to verify the accuracy of the count of the Vote Counting Machines (VCM). This 2016, the RMA is to
be conducted under the auspices of the RMA Committee (RMAC), composed of representatives from the Comelec,
the Philippine Statistical Authority (PSA) and the Comelec authorized citizens arm, NAMFREL (assisted by its
partner the Philippine Institute for Certified Public Accountants (PICPA )), as authorized by SPP 15-193 dated
March 2, 2016. The activity involves a manual comparison of the printed election return generated by VCMs
(formerly PCOS) vis--vis the manual appreciation of the ballots (primary source document) of the selected cluster
precincts.
As of 11:15am 05/12/16, most of the 715 clustered precincts selected for the RMA have been completed or are
still on-going. Exceptions are in Basilan, Al Barkha, Maluso, Isabela City, Palawan (Linapacan) and in Lanao del Sur
(Tagoloan, Ditsain Ramain, Marantao, Marawi, Malabang, Kapatagan, Bayang, and Tubaran).
RMAs are being conducted in respective municipal/city canvassing sites or in a few cases, in provincial canvassing
sites.
Completed reports have now been transmitted to the Provincial Election Supervisor (PES) for submission to the
Comelec RMAC.
The RMA reports will be forwarded to the RMAC in the Comelec National office. For those with variance exceeding
10, the ballot boxes will also be brought to the RMAC for validation, repeat count and determination or root cause
as needed.

Transmission Feed from Transparency Server / Mirror Server

As of 8:45am, there are still around 4,000 plus precincts that have not transmitted its results to the Comelec
server. This is estimated to account for 1.9 million votes still to be received.

Hash Codes Issue

At the center of the current controversy regarding the unofficial vote count coming from the transparency server is
the statement coming from the camp of vice presidential candidate Ferdinand Marcos Jr. alleging that a new
computer command was entered into the transparency server to alter the hash code of the packet (sic).

A hash code is a value generated for an electronic document, data file, or a program. This value serves a compact
digital fingerprint which is unique to an electronic document, data file, or a program. Hash code is a security
measure used to ensure that the integrity of an electronic document, data file, or a program has not been
compromised.
For the COMELEC/Smartmatic system, hash codes were used in several fronts. The major ones are on the final
build of the software code in the VCM and CCS. As an ad hoc security measure hash codes were generated for
each cumulative data pack which they are sending out via the transparency server. The issue at hand is on the
cumulative data packs and NOT the hash codes of the software in the VCM or CCS.
The hash code on the data pack is essential for initial integrity test on the election returns (ER) results. However,
despite the mismatch in the hash code of the data pack coming from the transparency server, our verification of
the data received shows that there is no impact on the actual values on each ER.
Several security measures were put in place that allows verification of ER data authenticity.
1.
2.

3.

The project of precincts are published allowing simple checks like more votes than voters which can raise
red flags.
There are two batches of print-out of the ER that is distributed to several groups and parties. The first
batch is prior to transmission and remaining batch is after transmission. It would be very easy to spot
discrepancy here since ER-level data are available online via your favorite media firm. The ER printout
are, most of the time, published for the public to see and several digital copies are floating in social media
for easy verification.
Access to the Transparency Server is given to the majority political party, the dominant minority party, the
PPCRV and the KBP. Namfrel and other media outfits have access to the mirror of the Transparency
Server.

Namfrel is entitled to one copy of the printed ER. Our Systems Group has not found any discrepancy so far and
that despite the mismatch of the data pack coming from the Transparency server via its mirror, THERE IS NO
CHANGE in the actual values of each ER. Namfrels crowd sourced data shows consistency of the ER values as well.
The allegation on fraud is focused on the problem on the hash code. All parties have copies of the ERs from the
transparency server. It would be prudent if they can show even a single VCM/ER changed during the time they are
complaining about the error.
From our research, it seems like there has been character encoding issue specifically on the character and was
hastily corrected by someone from the COMELEC/Smartmatic group. The correction happened after the hash code
was generated hence the issue on the mismatch of the hash code. After a day it was corrected eventually. What
we also saw was the possibility of trending as we don't have a verifiable way to get inputs from the field if they
have submitted or not yet. The transmission of the VCMs are still areas for improvement, while it is fast, the
possibility of trending can still occur.
The main and real issue here would be last minute changes in process and codes as well as lack of quality control
by Smartmatic. The system is a multi-billion peso system and the error was so amateurish.
xxx