Hacking The Automated Election System
With the elections just a few months away, some attention is now being given to the Comelec’s Poll Automation system. Judging from the press it’s been getting, the project is still on rather shaky ground perception-wise. The commission will have to step up its information campaign if only to ensure that the public will have sufficient understanding of the system.
One of the problems I am seeing right now with regard to automation is a lack of clarity on what it can and cannot do. This has already led to the misconception that the project in its present form will plug all exploitable loopholes. The way I see it poll automation will not guarantee that all manner of cheating would be prevented.
I seriously doubt though that cheating by way of hacking is the biggest threat. Over at www.botomoto.com there is a post about why this will not be the case. Here’s an excerpt:
Gregorio pointed out that a differentiation has to be made between the election websites and the automated election system that will be implemented.
The automated election system is protected by multiple layers of security and it will be online only during the transmission of electoral results from the 82,000 precincts. Hacking the results of just one precinct, because of its 128 bit encryption system, will take 50 years to decode. Hacking into the central servers is virtually impossible and the servers cannot be fed hacked data as it only accepts data from specific PCOS machines.
The botomoto post also pointed out that the recent hacking of government websites may be connected to an allegedly new scheme by some unscrupulous groups to squeeze money out of this year’s election contenders. You can read the post here.
In my opinion what the Comelec and the voting public should watch out for are the “offline” cheating methods such as vote-buying. From what I’ve been hearing in coffee shop and barbershop discussions, vote-buying is no longer about securing votes for a candidate but eliminating opposing votes. According to some, what election operators do is identify known supporters of opposing candidates. They then offer some form of payment to those voters in exchange for their non-appearance at the precincts on election day. If this were true, I guess we can safely assume that some form of intimidation is also involved.
If this is really how it goes down then obviously even if the automated system is 100% perfect it will have no bearing whatsoever on this alleged modus operandi. The same goes for the possible hacking of the Comelec’s website or any other election website. The website is one system and poll automation is another. Now as far as the automated system is concerned, Smartmatic has this to say (lifted from the botomoto post):
The automated polling system is virtually unhackable and there are multiple layers of assuring that the votes cast nationwide will be counted accurately,” said Gregorio.
I just hope the Comelec will get its act together and iron out all the kinks. This poll automation project is a good way of effecting some form of change in our electoral process.
The way I see it, those who keep voicing out that automated elections are hackable and easily cheated are serving as mouthpieces of politicians who stand to lose under such system because the usual tools at their disposal under non-automated elections could not be applied.
I’d give more credibility to these “concerned” figures if they’d (not only speak of possible problems of automated elections, but also)as enthusiastically and as loudly propose realistic methods to cheatproof traditional non-automated elections. But they don’t.
So I don’t believe they are sincere even a little bit. All they do is cast doubt on technology that should be supported, not undermined. If and when these people’s candidate/s win under the automated system, I’d like to see these same people say “This was rigged!” And they won’t do it, paid hacks that they are.
[Reply]
As long as it was online through internet, It would be vulnerable in any kind of attack such as SQL(Structured Query Language)injection/Bruteforce method attacks/sniff/remote access/Remote Administrative Tool (RAT) or I’d rather say etc. coz there’s a lot of ways to access computers,white hat/black hat hacker is no necessary,the important is the result,There’s no secured in the internet, and i would like to tell you all, the most secured computer is the one which is not connected on the Internet and it was turned off with a lots of security guard around it and it was inside the concrete barrier sealed with iron with high voltage.
[Reply]