Digital signing in the AES
THE Commission on Elections (Comelec) gathered interested stakeholders, who included members of the Comelec advisory council, the technical evaluation committee, citizens’ arms and others in a meeting last Feb. 8, 2024, to provide updates on the preparations for the 2025 national and local elections (NLEs). Among the pronouncements by Comelec Chairman George Erwin Garcia is that the poll body will implement digital signing in the automated election system (AES) to be used in the 2025 NLE.
A bit of background. Republic Act 9369 (RA 9369), which amended the Automated Election Law, RA 8436, provides that the electronically transmitted and digitally signed election returns shall be considered as the official election results and shall be used as the basis for the canvassing of votes and the proclamation of a candidate (Section 19 of RA 9369), and the electronically transmitted and digitally signed certificates of canvass shall be considered as official election results and shall be used as the basis for the proclamation of a winning candidate (Section 20 of RA 9369).
Information technology practitioners and professionals (IT professionals) interested in the AES expected that the personal digital signature would be implemented in the AES. However, the IT professionals found that what was implemented in the first nationwide automated elections in 2010 and subsequent NLEs is the machine digital signature. Then Comelec executive director Jose Tolentino Jr. explained at the hearings conducted by the House of Representatives Committee on Suffrage and Electoral Reforms after the 2010 NLE that the Automated Election Law did not specify who will digitally sign the election returns and certificates of canvass.
IT professionals argue that the non-implementation of the personal digital signature raises concerns about the credibility, integrity and security of election results.
What is a personal digital signature? Digital signing is enabled by a trusted entity called certificate authority (CA) through an infrastructure called public key infrastructure (PKI). It is with a CA that an individual applies for a digital certificate. A digital certificate issued by the CA certifies that a public key is owned by a named individual. That public key has a corresponding private key generated by the individual who owns the public key. A public key is used to verify who owns the digital signature, while a private key is used to generate a digital signature.
Several petitions (Archbishop Capalla v. Comelec, GR 201112, Oct. 23, 2012; BagumbayanVPN Movement Inc. et al. v. Comelec, GRs 206719, 206754 and 207755, April 10, 2019; AES Watch v. Comelec, Dec. 9, 2020; and National Press Club et al. v. Comelec, GR 259354) have been filed with the Supreme Court asking the high court to order the Comelec to implement personal digital signatures and not machine signatures. The Court, however, ruled in the Capalla petition that the digital signature on the election returns was generated when the members of the board of election inspectors (BEI) used the ibuttons and entered their respective passwords. This ruling has not been disturbed in decisions promulgated by the Court in subsequent petitions.
Still, a number of IT professionals do not agree with the Court’s decision, and they insist that the proper digital signature to be implemented in the AES is the personal digital signature.
Reviewing the petitions, it
appears that the arguments put forward by petitioners focused on the technical matters relating to digital signing, like the public and private keys. Perhaps the petitioners and lawyers were unaware of the justification put forward by former Comelec executive director Tolentino that RA 9369 did not identify who would digitally sign the election return and certificate of canvass — a legal issue. They could have raised the question: Isn’t RA 9369 an amendatory law that amended parts of RA 8436 and Batas Pambansa Bilang 881 or the Omnibus Election Code (OEC), among others?
The OEC provides that the members of the BEI (now called Electoral Board or EB) are mandated to sign the election return (Section 212 of OEC) and that members of the Board of Canvassers sign the Certificate of Canvass (Section 15 of OEC). No provision in RA 9369 amended nor repealed Sections 15 and 212 of the OES. On this basis, the proper digital signature that should have been implemented is the personal digital signature, not the machine signature.
The representative of the Department of Information and Communication Technology (DICT), who was present at the February 8 meeting, expressed support for the implementation of personal digital signing. The DICT representative announced that the Philippine National PKI had been operational even before the 2022 NLE and that enrollment of election workers, in particular, the teachers who were supposed to serve as members of the EB, had started then. For the 2025 NLE, the DICT will continue to work with the Department of Education for teachers who will serve as members of the Electoral Board to be enrolled in the PKI. The Comelec should also ensure that would-be members of the Boards of Canvassers are enrolled in the PKI.
It is worth noting that enrollment in the PKI is not only for the sole purpose of the elections. Rather, those enrolled in the PKI will be able to digitally sign electronic documents used in electronic transactions with digitally transformed government agencies or private organizations.