Friday, February 18, 2011

ACCURACY MUST TRUMP SPEED

BANTAY GOBYERNO SERIES 056
By Ike Señeres 02/19/2011

ACCURACY MUST TRUMP SPEED

Reader Mr. Jose Z. Osias says that there should be no debate between the choices of speed versus accuracy when it comes to the issue of what is important in the automation of the election process. He explained that truth could be twisted by speed if only the partial and unverified results are transmitted early to create trending. He concluded that the goal of achieving accuracy should start with the Voters List.

In the many years that I have planned and managed computerized systems, I have always followed the three pronged framework of Manpower, Infrastructure and Content, or MIC for short. Like my favorite dish of the Ilocano region where Mr. Osias comes from, the anchovies, tomatoes and okra must always be present and should converge to complete the menu, with no element missing. Without MIC coming together, there could be no complete computerization.

At this point, I remember what veteran Management Information Systems (MIS) expert Mr. Rene Relucio always tells me, that in the end, it is the MIS systems administrator who is king, because he holds the keys to the system. While it is true that in the end, content is the real king, Mr. Relucio is absolutely correct, the systems administrator holds the keys to the content, including what could be read from it, and what is written into it.

As a political scientist, I would always say that there should be a balance of power or equilibrium between Manpower, Infrastructure and Content, but in the real world out there, it is the Manpower who holds the real power, being the only living and thinking element of the trio, the other two being innocent and harmless non- living inanimate elements.

Each time I explain the concept of computer security to other people, I always give them the analogy of Fort Knox, supposedly the most secure Infrastructure in the whole world. Of course Fort Knox is secure by design, but just like any ordinary house, it has keys that could open the locks from the outside. It is therefore not the security of the locks that is the question, but the integrity or the reliability of the Manpower who holds the keys that could be questionable.

Many years ago, some ballot boxes were stolen from inside the Congress, where these were kept in custody, supposedly under tight security. Just like Fort Knox, we could say that the Congress is relatively secure, but as it turned out, somebody either gave the keys to someone from the outside. What could be worse than that, is that somebody might have opened it from the inside, disregarding the need for keys. In other words, it could have been an inside job.

Going back to what Mr. Relucio said, it is the systems administrator who is the king, because he holds the power to grant the rights to read from the system, or to write into it, either acting on his own, or under the authority of his superiors. He also has the power to command what data could be stored, or what data could be forwarded or transmitted. “Read and Write” and “Store and Forward” are two computer jargons that watchdogs of computerized systems should memorize.

Also going back to what Mr. Osias said, it is the systems administrator who has the power to decide which data to store and which data to forward and when to store and when to forward the data, indicating that data could actually be withheld due to human intervention, or conversely, it could be forwarded ahead of time, to show a trend that could influence the outcome of the voting, assuming that it is still ongoing at that time.

On the subject of Content being the king, we should all remember that the Voters List is the core of the COMELEC data, the “soul” so to speak. In a manner of speaking, it is the Infrastructure that is the “body” of the system. Even in layman terms, it would not be right for a “body” not to have a “soul”. In the past elections, so much importance has been given to the process of forwarding or transmitting the data, but how could we bring out the true will of the people if many qualified voters are not even in the Voters List?

In technical terms, the characters and images that are seen in the COMELEC Voter ID cards are just simply the printouts of the data that are stored in the Voters List. In other words, the ID cards are just derivatives of the Voters List, the latter being a database. Following the dictum of “Garbage in, garbage out” (GIGO), the Voters List could only produce ID cards for the citizens who are in the list. “What you see is what you get” (WYSIWYG) is another dictum that we should bear in mind.

Tune in to Universal Access 2 to 3pm Monday to Sunday in DZRJ 810 KHZ and KA IKING LIVE! 6 to 7pm Thursdays in Global News Network (GNN), Channel 8 in Destiny Cable. Email iseneres@yahoo.com or text to +639997333011. Visit www.senseneres.blogspot.com. Coffee Clutch Fridays 3 to 6 PM at the Elks Club

Friday, February 11, 2011

SPEED VERSUS ACCURACY

BANTAY GOBYERNO SERIES 055
By Ike Señeres 02/12/2011

SPEED VERSUS ACCURACY

A concerned citizen asked me a layman’s question that needed a technical answer. He wanted to know what is more important in the automation of the COMELEC voting system. Is it speed or accuracy? I told him that that is precisely the challenge in the automation goal, to strike a good balance between speed and accuracy.

The equilibrium between speed and accuracy is needed because without it, the result could tilt towards one of the two extremes, and that could spell disaster. In either case, speed without accuracy or accuracy without speed would not be good for the system. By comparison however, accuracy would have a higher order of importance, because it would reflect the will of the people. Nonetheless, data derived from a slow process would still be questionable, because the people would suspect that the data might have been compromised in between.

Before the idea of automation came to the COMELEC, all votes were cast, counted, tabulated and transmitted manually. During the last election, the votes were counted and transmitted electronically, but the casting and tabulation stages were still done manually, at least from the technical standpoint. By comparison, the objective of speed was achieved, but some issues were still raised about the issue of accuracy.

There is a general impression that the casting of the votes in the last election was already automated. This notion is debatable, because the votes were still cast manually by using the Optical Mark Reader (OMR) technology. In using the OMR technology, the manual voting method simply changed from the use of hand written characters to the use of shaded dots, the latter representing optical marks. In a figurative sense, the second step of the voting was also manual, because the OMR ballots were manually fed into the Precinct Count Optical Scan (PCOS) machine.

There is also a general impression that the tabulation of the votes was automated, but this too is debatable. The reason for this is that the Compact Flash (CF) cards were manually removed from the PCOS machines so that these could be inserted into the CF card readers that were attached to personal computers (PCs) that were running on Windows Operating Systems (Windows O/S).
It could be said that the majority of the people were happy with the fact that the last election was able to deliver the expected results, even if the scope of the automation was only partial, so to speak. What is good however could be made better, more so because the law requires full automation, and not just partial. The law is the law, and we have to implement it, even if we are already happy with what we see.

When I chaired the COMELEC Modernization Committee twice in the past, I always encountered the issue of the disparity between what the law requires, and what our culture promotes or allows. The tolerance of partial automation is just one example, but there are more examples like the use of COMELEC identification cards as a requirement for the issuance of official ballots, and even as a control for the entry into the polling places, for security reasons.

What is the use of issuing COMELEC identification cards if these are not really required at the polling places? This is a good question that a reader asked me. A reader also asked me about the wisdom of using the Unified Multi-Purpose ID (UMID) as an alternative identification card. UMID is issued by the Government Service Insurance System (GSIS), but it is now being proposed as a unified card for all members of the Social Security System, PHILHEALTH and PAG-IBIG as well.

The issue of accuracy is directly related to the need for data integrity and data security. It is irresponsible for any organization to claim that their system is “hack-free”, because in theory all systems are prone to being hacked either partially or fully. This is precisely the objective of data security systems, to see to it that it could not be hacked quickly or easily, and to make it too costly for anyone to even try to hack it. The word to use is “super-secure”, not “hack-free”.

Conversely, there are technologies that would prevent a system from being fully hacked. This is a question of techno-economics; because the more money invested into the system to secure it would make it more costly to hack it. All told, the most secure data security system is one that would combine hardware encryption and software encryption technologies, not just one or the other. Crucial to this is the full legal ownership of all source codes and all passwords.

Go for the good life! Tune in to Universal Access 2 to 3pm Monday to Sunday in DZRJ 810 KHZ and to KA IKING LIVE! 6 to 7pm Thursdays in Global News Network (GNN), Channel 8 in Destiny Cable. Email iseneres@yahoo.com or send text to +639997333011for local cable listings. Visit www.senseneres.blogspot.com

Saturday, February 05, 2011

THE BOTTOM LINE IS DATA

BANTAY GOBYERNO SERIES 054
By Ike Señeres 02/05/2011

THE BOTTOM LINE IS DATA

The Commission on Elections (COMELEC) is back in the news this week as two Commissioners retired and left two positions open. The word is out that the President wants to appoint a Commissioner with an Information Technology (IT) background. This development has opened new discussion about what really has to be done at the COMELEC computer wise, and what the new IT oriented Commissioner has to accomplish in his or her term

If you ask me, my answer would be very simple. I think the COMELEC should go back to the basics, and what could be more basic than putting the Voter’s List in good order? I would say that issuing Voter ID cards to all qualified citizens is also a basic concern, but experience tells me that an ID card is really nothing more than a print out of the data within a database, meaning to say that without data to back it up, it is not possible to produce reliable and accurate ID cards.

I was fortunate to be the Chairman of the COMELEC Modernization Committee twice, at one time appointed by the Commission en banc, and at another time appointed jointly by the Commission en banc and the Senate. In both stints, I remember that the discussion always hovered around the issue of Voter’s Lists and ID cards. I also approved the Information Systems Strategic Plan (ISSP) of the COMELEC at one time, and these were the two key issues too at that time.

Without a reliable Voter’s List, the COMELEC could not issue reliable Voter ID cards. Without these two working together, the Commission would have no legal and technical basis to issue official ballots to anyone. This is very basic, and nothing could be more basic than that. There are two sides to this issue. If there is no basis for issuance of a ballot, the election official on site could just deny anyone his right to vote. Conversely, if one is denied a ballot, he too would not have a basis to assert his rights.

Under normal circumstances, it would be reasonable to implement a NO ID, NO ENTRY policy in any place or event for security reasons. If only all voters would have their ID cards, this rule would be a very simple and easy rule to implement. Since not every voter has an ID card even up to now, this rule could not be implemented, thus making it difficult to control the security at the voting places. If this rule is implemented now, it would be tantamount to a denial of voting rights.
In the world of data management, it is normal and customary practice to subject the security and the reliability of the systems to the scrutiny of peers. This is often referred to as ethical hacking, but that is really an oxymoron because it is really just a form of authorized testing. To refer to this exercise as ethical hacking is about as wrong as the idea of rape with consent, obviously there is no such thing.

Good data management is precisely what the COMELEC needs, because every single thing that the Commission does is related to data and data management. When I say data management, I mean the whole gamut from data collection to data protection, the latter also known as data security. In this field, redundancy is also a common practice, but it seems that the COMELEC is now lacking in this regard, or at least their data security practices are not known to the world of data management practitioners.

The casting of votes in an election is also a data related exercise, and presumably, the data collected as the votes are cast are secured in such a way that these are not altered or modified in any way. This is another part of the data process that has to be verified and validated by professional peers in order to remove suspicions of any form of wrongdoing.

In the past election, there was a lot of controversy about the ownership of the source code. This issue is really a no brainer, because the user of a software program could only own the source code if they buy the rights to the entire system, lock stock and barrel. In the case of the counting machines that were used in the last election, it is obvious that the COMELEC could not own the source codes, because the Commission only rented the machines and did not buy them.

In the world of computer technology, it is important to understand the proper use of technical terminologies, because the wrong understanding of words could lead to the wrong decisions. For instance, a counting machine is not the same as a voting machine. Taking this analogy further, automated counting is not the same as automated voting. It could be argued that a Toyota is the same as a Mack truck because they both could move from one place to another, but a Toyota is not designed to carry heavy loads that only a Mack truck could carry. In other words, a personal computer is not the same as an industrial grade voting machine.

Go for the good life! Tune in to Universal Access 2 to 3pm Monday to Sunday in DZRJ 810 KHZ and to KA IKING LIVE! 6 to 7pm Thursdays in Global News Network (GNN), Channel 8 in Destiny Cable. Email iseneres@yahoo.com or send text to +639997333011for local cable listings. Visit www.senseneres.blogspot.com
Philippines Best of Blogs Link With Us - Web Directory OnlineWide Web Directory