FROM Guest post from someone who emailed the blog.
I watched with a great deal of interest the recently released video (https://www.onenewspage.com/video/20230917/16205147/The-Truth-is-Out!-This-is-how-they.htm) which tries to expose election fraud in the 2022 presidential elections in the Philippines and wish to respond. First, a little about myself. I'm an American with a long-term interest in Philippine politics. I am very distressed by claims of widespread electoral fraud in American politics which are totally groundless. At the same time, as an IT professional, I recognize how easy it is to cheat when computers are involved. I'm a huge fan of Leni Robredo. On Election Day in 2004 I flew to Phoenix, Arizona for 24 hours to observe voting in a lower income precinct and I witnessed how people were denied the right to vote.
A lot is being made of the private IP address 192.168.0.2. As I will describe below, unfortunately it is not the smoking gun of obvious fraud that it is suggested to be. That IP address does however point to serious gaps in transparency by Comelec. Hang with me as I describe some computer issues.
Private IP addresses are not "owned" by anyone. They do not indicate a specific device, whether a computer, router, printer, or other endpoint. I build many small networks in the 192.168.0.0 subnet, and invariably the router address ends with .1 or .254, and the server with .2. I could never imagine giving my server a public IP address, because it would be exposed to almost immediate attack by malevolent actors on the internet. Instead, an edge router is placed in between the internet and a server to protect it. In fact, servers that are put on public IP addresses are often called honey pots because they intentionally collect malware that's analyzed by data scientists.
In addition to the edge router just described, internet traffic uses a series of intermediate routers between the sender and the receiver of IP packets. This internet traffic is subject to potential "man-in-the-middle attacks," whether on the public or a private network. There are two ways in which most internet traffic is protected. First, the traffic itself is encrypted in a browser, and HTTPS guarantees this encryption. Second, the remote site being browsed has a certificate which demonstrates it is who it says it is. For most of us, most of the time, this is sufficient.
Online banking transactions have a higher bar. They must also guarantee that the transactor is legitimate. Passwords and multi-factor authentication are ways of accomplishing this. Once you demonstrate you are legit, you're allowed to conduct business on the site.
Although I know little about proprietary election systems, I know they have the highest hurdle. They must simultaneously preserve the confidentiality of individual voters, accurately tally results, create an audit trail of transactions, and send results in a way that guarantees the authenticity of the sender.
Ironically, individual transactions should be completely invisible, but the processes must be totally transparent. In the case of the 2022 Philippine elections, they don't appear to be. Here are my concerns:
- If 51% of the IP addresses were identical, what was the distribution of the remaining IP addresses? Were they all private too?
- If some were public, how can this anomaly be explained?
- If they were all private, perhaps indicating the use of a virtual private network or VPN tunnel, what were the corresponding public IP addresses of the 64,000 precinct devices that sent results?
- Was there a paper audit trail?
- If so, has it been randomly audited?
- Was public-key private-key encryption or some other mechanism used to guarantee that each result was sent from the precinct which it claimed to be?
Setting aside the election transactions themselves, we need to think about election results as evidence of election soundness, or not. It is simply inconceivable that precincts across the country showed the same 86% participation. If this were simply the aggregate, comparing hour one and hour two, it's a trivial outcome, easily explained by chance. But I understand that each region showed an identical percentage result. Contrast this with a distribution curve around an average, the classic bell curve. By itself this exact percentage across regions is a very strong indicator of fraud.
Was a post-election audit performed? This is another way to determine if an election has been tampered with. First, actual precincts can be randomly chosen to compare the raw data with the published results. Second, results can be compared with previous elections to discover outliers. Third, even the numbers contained in the results can be analyzed, because they are not randomly distributed 1 to 9. It's very hard to reproduce the true randomized distribution of real election results.
I am suggesting that the discussion move beyond a single IP address to ask even more hard-nosed questions about the past election, and demand reforms that will make it possible to achieve fair elections in the future. At a minimum, here's what I think should be included in future elections:
- A physical (paper) audit trail for every vote cast.
- Published precinct tallies.
- A transparent, thorough description of the vote collection and transmission methods.
- Results distributed to the public media and capable of being analyzed.
- Evidence of point-to-point encryption methods that prevent spoofing.
- Rigorous testing by outside parties who are given an opportunity to hack the system before the election, as friendly white hats.
- Post election audits.
- Documentation for all inevitable outlier data, such as failed transmissions, more votes than voters in a precinct, 100% vote for one candidate, late submissions, and double votes by a single voter.
No comments:
Post a Comment