Click here to load reader
Click here to load reader
Oct 24, 2014
Republic of the Philippines SUPREME COURT Manila EN BANC TANGGULANG DEMOKRASYA (TAN DEM), Inc., EVELYN L. KILAYKO, TERESITA D. BALTAZAR, PILAR L. CALDERON and ELITA T. MONTILLA, Petitioners, --versus COMMISSION ON ELECTIONS And SMARTMATIC-TIM Corporation, Respondents. x-------------------------------------------------x MEMORANDUM GR SP No. 201413 For: Certiorari, Prohibition & Mandamus
1. Petitioners, through counsel , respectfully submiti their Memorandum to nullify the procurement and prohibit the Commission on Elections (COMELEC) from purchasing listed hardware and software licenses from Smartmatic-TIM on the following grounds: I. THE DEED OF SALE DATED 30 MARCH 2012 FOR THE PURCHASE OF LISTED GOODS, IS ILLEGAL AND THERFORE NULL AND VOID, BECAUSE IT WAS EXECUTED PURSUANT TO AN EXPIRED AND THUS NON-EXISTENT OPTION TO PURCHASE, DISREGARDING THE MANDATORY REQUIREMENT OF PUBLIC BIDDING FOR GOVERNMENT PROCUREMENT CONTRACTS. R.A. 9184, Secs. 10, 48-54. GPPB-DBM Opinion dated 28 March 2012. II. THE PCOS BASED AES OF SMARTMATIC-TIM HAS ADMITTEDLY FAILED THE REQUISITE MINIMUM ACCURACY RATE OF 99.995% BY REGISTERING AN AVERAGE OF ONLY 99.6% DURING THE MAY 2010 ELECTIONS. TWG-RMA Report dated 20 July 2010. The Technical Specifications of the Invitation to Bid (2009). The Request for Proposal with Evaluation Criteria dated 11 March 2009. Comelec Bid Bulletin No. 10, dated 27 April 2009. III. THE PCOS BASED AES OF SMARTMATIC-TIM OPERATED WITHOUT THE FUNCTIONAL DIGITAL SIGNATURES REQUIRED BY LAW DURING THE MAY 2010 ELECTIONS. Sec. 22, Par. 6 of R.A. No. 8436, as amended by R.A. No. 9369. IV. THE PCOS BASED AES OF SMARTMATIC-TIM HAS BEEN RECORDED TO BE VULNERABLE TO HACKING AS DOCUMENTED IN THE PROVINCE OF BILIRAN DURING THE MAY 2010 ELECTIONS.
STATEMENT OF THE CASE
2. This is a Petition for Certiorari, Prohibition and Mandamus to nullify the procurement and 1
prohibit the COMELEC from purchasing the listed hardware and software licenses from SmartmaticTIM, for lack of jurisdiction, in excess of jurisdiction and grave abuse of discretion.
2.1. The legal standing of the Petitioners is discussed in Supplement A.
STATEMENT OF THE FACTS
3. The facts which are of judicial noticeii, covered by judicial admissioniii, or proven by authenticated recordsiv, are as follows:
3.1. On 22 December 1997, Congress enacted Republic Act No. 8436 authorizing and directing the Commission on Elections to use an automated election system in national and local electoral exercises.
3.2. On 23 January 2007, Congress enacted Republic Act No. 9369 amending Republic Act No. 8436. Among others, the amending law provided for the following: that election returns transmitted electronically be digitally signed;v and that electronic signature which include digital signatures be subject to appropriate authentication and certification procedures.vi
3.3. Meanwhile, the Commission on Elections conducted national and local electoral exercises for the years 1998, 2001, 2004 and 2007 using the manual election system.
3.4. On 15 June 2009, the President issued Executive Order No. 810 designating the National Computer Center (NCC) under the Commission on Information and Communications Technology (CICT) to operate Government Certification Authority to issue certificates (for digital signatures) for all government transactions to government employees/entities and specific purpose certificates to private individuals/entities.vii
3.5. On 10 July 2009, the Commission on Elections entered into a contract with Smartmatic2
TIM for the Provision of an Automated Election System for the May 10, 2010 Synchronized National and Local Elections.viii The contract involved the provision of a Precinct Count Optical Scan (PCOS) based Automated Election System (AES) by way of lease with services.ix It also provided for an Option to Purchase (OTP) listed hardware and license to use and modify software.x The OTP was valid until 31 December 2010.xi
3.6. On 09 September 2009, the Supreme Court rendered its Decision in Roque, et al v. Comelecxii denying the petition to nullify the said contract between the Commission on Elections and Smartmatic-TIM, but admonishing the public and private respondents on the proper implementation of vote-security measures revolving around the issuance of public and private keys pair to the Board of Election Inspectors, including the digital signatures.xiii The Decision reads in part as follows: The Court, to be sure, recognizes the importance of the vote-security issue revolving around the issuance of the public and private keys pair to the Board of Election Inspectors, including the digital signatures. The NCC comment on the matter deserves mention, appearing to hew as it does to what appear on the records. The NCC wrote: The RFP/TOR used in the recent bidding for the AES to be used in the 2010 elections specifically mandated the use of public key cryptography. However, it was left to the discretion of the bidder to propose an acceptable manner of utilization for approval/acceptance by the Comelec. Nowhere in the RFP/TOR was it indicated that COMELEC would delegate to the winning bidder the full discretion, supervision and control over the manner of PKI [Public Key Infrastructure] utilization.xiv (emphasis supplied)
3.7. On 29 December 2009, the Commission on Elections approved Resolution No. 8739 instructing ALL the Boards of Election Inspectors (BEI) nationwide to digitally sign the electronic election returns prior to electronic transmission, as follows: Section 38. Counting of ballots and transmission of results; Procedure... 6. Thereafter, the PCOS shall automatically count the votes. After all the votes have been counted, the PCOS shall immediately display... c. Require for the digital signature of the members of the BEI. Each member shall insert his iButton security key intended for the digital signature in the iButton security key receptacle... (emphasis supplied)
3.8. On 04 March 2010, the Commission on Elections approved Resolution No. 8786 reversing the previous instructions and instructing instead ALL the Boards of Election Inspectors (BEI) nationwide NOT to sign the election returns transmitted electronically with their digital signatures, as 3
follows: Section 40. Counting of ballots and transmission of results; Procedure... f) Thereafter, the PCOS shall automatically count the votes and immediately display a message WOULD YOU LIKE TO DIGITALLY SIGN THE TRANSMISSION FILES WITH A BEI SIGNATURE KEY?, with a YES or NO option; g) Press NO option. The PCOS will display ARE YOU SURE YOU DO NOT WANT TO APPLY A DIGITAL SIGNATURE? with a YES or NO option; h) Press YES option. A message shall be displayed PRINTING 8 COPIES OF NATIONAL RETURNS. PLEASE WAIT. (emphasis supplied)
3.9. On 30 March 2010, the Commission on Elections approved Resolution No. 8809 providing General Instructions Governing the Consolidation/Canvass and Transmission of Votes at the Municipal/City Boards of Canvassers, but without any instruction regarding the delivery of the Public Keys to the canvassers, nor the manner of their use to authenticate the identity of the sender and integrity of the message contained in the electronic election returns transmitted electronically from the PCOS machines.
3.10. On 10 May 2010, the Commission on Elections conducted national and local electoral exercise using the PCOS based AES provided by Smartmatic-TIM.
3.11. Applying the judicial presumption regularity in the performance of official dutyxv in relation to Comelec Resolution No. 8786, it may therefore be presumed that Smartmatic-TIM under the control and supervision of the Commission on Elections operated the PCOS based AES nationwide without any functional digital signatures during national and local elections held on 10 May 2010.xvi This must be so in the absence of any evidence on record proving the contrary.xvii
3.12. On or about election day, in the Province of Biliran, apparent hacking incidents were recorded in official AUDIT LOGS (from the PCOS machine) and PRINT LOGS (from the municipal server) of the Commission on Elections. At least three (3) modes of apparent hacking were documented: (1) Unauthorized Transmission and Receipt of Electronic Returns from an Unknown Source; (2) Unauthorized Double Transmission and Receipt of the Same Electronic Returns using Different IP Addresses; and (3) Unauthorized Double Use of One IP Address for Two Different
3.13. On 20 July 2010, the Technical Working Grou p on the Random Manual Audit (TWGRMA) of the Commission on Elections reported on the actual performance of the PCOS based AES provided by Smartmatic-TIM, whereby the system registered only an average accuracy rating 99.6%, thereby failing to comply with the requisite minimum accuracy rating of 99.95%.xviii
3.14. On 21 March 2012, the Commission on Elections approved Resolution No. 9376 purporting to authorize the exercise of the expired OTP for listed hardware and software license.xix On 29 March 2012, the Commission on Elections approved Resolution No. 9377 further purporting to authorize the acceptance of the offer of Smartmatic-TIM to reinstate and extend the expired OTP until 31 March 2012.xx On 30 March 2012, the Commission on Elections approved Resolution No. 9378 finally purporting to approve the Deed of Sale for the purchase of listed hardware and software license, pursuant to the expired OTP, and without the conduct of any competitive bidding.xxi
3.15. On 30 March 2012, the Commission on Elections and Smartmatic-TIM executed the Deed of Sale for the sale and purchase of listed hardware and software license, pursuant to the expired OTP. The sale and purchase was executed despite the absence of circumstances that may justify an exception from the rul