MATRIX OF VIOLATIONS COMMITTED BY BOTH COMELEC AND SMARTMATIC (2010-2016)

2010 2013 2016

LEGAL/CONTRACTUAL PROVISIONS VIOLATED
N/L Elections N/L Elections N/L Elections
I. SECURITY PROVISIONS
1. Source Code Review Violated Violated Violated
A. Required in Sec 14 RA 9369 No review at all per Incomplete and Incomplete but line by
(Examination and Testing of AES/ admission of then selective review line review covering
Opening of Source Code for Review) Chairman Brillantes at covering only the PCOS, only the VCM, CCS and
B. Required in Sec 11 (3) and (5) RA 9369 JCOC-AES hearing. CCS and EMS which was EMS but not the
(Technical Evaluation Committee made only after the Transparency Server,
Certification) elections in June 2013. Queue Server, SFTP
Server and transmission
infrastructure which all
form part of the AES
technology used.
2. Digital Signature Violated Violated Violated
A. Required in Sec 22 RA 9369 Alleged machine Alleged machine Electronic token was
(Election Returns) signature was used but signature was used but used but the ICTO of
B. Required in Sec 25 RA 9369 contradicted by SLI contradicted by SLI DICT has no file on
(Certificates of Canvass) report (no trace of report (no trace of record of the issuance
C. Required in Sec 30 RA 9369 in relation encryption using Secure encryption using Secure of such certificates.
to RA 7166 and RA 8792 (Authentication Socket Layer) and the Socket Layer) and the Comelec also admitted
of Electronically Transmitted Election Joint Forensic Team (no Joint Forensic Team (no at the JCOC-AES hearing
Returns) evidence found to prove evidence found to prove being unable to secure
D. Required in Request for Proposal for existence of digital existence of digital digital signatures with
Automated Election System certificates). Moreover, certificates). Moreover, the appropriate digital
(Digital Signatures) Comelec Resolution Comelec Resolution certificates.
E. Rule 6 A.M. No. 01-7-01-SC 8786 in Sec 40 (f) and 9640 in Sec 51 (f) and
(Rules of Electronic Evidence) (g) specifically (g) specifically
instructed the BEIs not instructed the BEIs not
to digitally sign the to digitally sign the
 transmission files with transmission files with
the BEI signature key. the BEI signature key.
3. UV Detector for Ballot Security Violated
A. Required in Sec 15 RA 9369 Not implemented
(Official Ballot) ostensibly because the
B. Required in Request for Proposal for wrong UV ink was
Automated Election System supplied making the
(Rejection of Fake Ballots) PCOS unable to detect
the mark.
II. ACCURACY PROVISIONS
1. Accuracy in Recording and Reading of Votes Violated Violated Violated
A. Required in Sec 6 (b) RA 9369 Accuracy rate of the Accuracy rate of the Accuracy rate of the
(Minimum System Capabilities) PCOS per RMA is a PCOS per RMA is only VCM per RMA is only
B. Required in Request for Proposal for dismal 99.6% or 80 99.9747% or 5 errors 99.884% or 23.2 errors
Automated Election System (Accuracy errors per 20,000 vote per 20,000 vote marks per 20,000 vote marks
Rate of 99.995% or 1 Error per 20,000 marks which means up which means up to which means up to
Vote Marks) to 4.578 million vote 284,000 vote marks 1.565 million vote marks
marks were erroneously were erroneously read were erroneously read
read and/or counted. and/or counted. and/or counted.
III. AUDITABILITY PROVISIONS
1. Voter Verified Paper Audit Trail Violated Violated Violated
A. Required in Sec 6 (e) and (n) RA 9369 PCOS merely showed PCOS merely showed VCM printed voter
(Minimum System Capabilities) congratulatory message congratulatory message receipt without security
on screen. on screen. and evidentiary features
impeding any post-
election audit.
2. Random Manual Audit Violated Violated Violated
A. Required in Sec 29 RA 9369 Sec 7 (a) of Comelec Sec 4 (a), (a.1) and (a.2) Sec 5 (a) of Comelec
(Random Manual Audit) Resolution 8837 states of Comelec Resolution Resolution 10078 states
that random selection 9595 states that random that random selection
of precincts subject to selection of precincts of precincts subject to
 RMA shall be done at subject to RMA shall be RMA shall be made not
the PICC at 12n on made not later than 4 later than 4 days before
election day, however, days before election day election day thus
the PES of Biliran was and shall be disclosed 2 prematurely identifying
already aware of subject days prior to election them and defeating any
precincts at least 4 days day thus prematurely means to randomly
before election day. identifying them and detect fraud.
defeating any means to
randomly detect fraud.
IV. INTEGRITY/TRANSPARENCY PROVISIONS
1. TEC Certification Requirement Violated
A. Required in Sec 11 RA 9369 Required certification
(Technical Evaluation Committee stating categorically that
Certification) the AES and all its
components are
operating properly,
securely and accurately
based on 6 documented
results was submitted
only on 30 Apr 2016, a
full month after the
start of OAV and well
beyond the 3-month
deadline set by law.
2. Demonstrated Capability Requirement Violated
A. Required in Sec 12 RA 9369 Smartmatic submitted a
(Procurement of Equipment) certification from
Bulgaria’s election
authority as proof that
the VCM (SAES1800plus)
was successfully used in
 a prior electoral exercise
but the voting machines
used in Bulgaria were
DRE while the VCMs in
the Philippines were
OMR, two entirely
different election
technologies such that
the VCM could not be
proven as complaint
under the law.
3. Rules and Regulations Violated Violated Violated
A. Required in Sec 37 RA 9369 No rules and regulations No rules and regulations No rules and regulations
(Implementing Rules and Regulations) were promulgated by were promulgated by were promulgated by
Comelec. Comelec. Comelec.
4. Testing of Equipment and Storage Devices Violated
A. Required in Request for Proposal for Alleged configuration
Automated Election System errors in the CF cards
caused the PCOS to
misread the votes
resulting in tabulation
errors 3 days before
election day causing the
recall and re-
configuration of 76,347
CF cards across the
country which were
never subjected to the
required testing after
reconfiguration and
prior to redeployment
 due to lack of time.
5. Queue Server/Man in the Middle Violated Violated Violated
A. Sec 35 (b) RA 9369 Transmission from the Transmission from the Transmission from the
(Prohibited Acts and Penalties) PCOS to the MBOC/CCS, PCOS to the MBOC/CCS, VCM to the MBOC/CCS,
Comelec Central Server Comelec Central Server Comelec Central Server
and Transparency and Transparency and Transparency
Server should be direct Server should be direct Server should be direct
and unimpeded but the and unimpeded but the and unimpeded but the
presence of the un- presence of the un- presence of the un-
disclosed/secret Queue disclosed/secret Queue disclosed/secret Queue
Server which served as Server which served as Server which served as
checkpoint that checkpoint that checkpoint that
captured all transmitted captured all transmitted captured all transmitted
results prior to being results prior to being results prior to being
reported in the final reported in the final reported in the final
destination servers destination servers destination servers
constitute interfering constitute interfering constitute interfering
with and/or impeding with and/or impeding with and/or impeding
the processing and the processing and the processing and
transmission of election transmission of election transmission of election
results. results. results.
V. PROHIBITED ACTS/ELECTION OFFENSES Violated Violated
1. Sec 35 (a), (b) and (c) RA 9369 Key Smartmatic officials Key Smartmatic officials
(Prohibited Acts and Penalties) inexplicably changed in connivance with
2. Sec 27 (b) (3) RA 9369 the script of the Comelec ITD personnel
(Election Offenses/Electoral Sabotage) Transparency Server introduced alleged
purportedly to adjust “cosmetic change” in
the 12 million votes it the script of the
already received and Transparency Server at
reported but which the height of the
clearly exceeded the transmission and
 number of voters in the canvassing of votes.
precincts involved.
(Querubin, et. al. v Rico,
et. al.; DOJ; pending;
complaint based mainly
on the Post-Election
Report of the 2013 NLE
by CAC submitted to
JCOC-AES)
3. Sec 4 (a) (1), (3) and (4) RA 10175 The DOJ found probable
(Cybercrime Offenses) cause to indict key
Smartmatic officials and
Comelec ITD personnel
for illegal access and
intentional or reckless
alteration or
interference of data and
system arising from the
“cosmetic change”
made in the script of the
Transparency Server at
the height of the
transmission and
canvassing of votes.
(Dela Cruz v Garcia, et.
al.; NPS Docket No. XV-
07-INV-16E-02592; DOJ;
pending)
VI. PROCUREMENT PROCESS
1. ISO 9001 Certification Violated
A. Required in Request for Proposal for Smartmatic submitted
 Automated Election System the ISO certification of
Jarltech passing it off as
its subsidiary when in
fact it is never owned
by, or a part of,
Smartmatic or the joint
venture it established
with TIM. A certification
of extension of credit
line by Jarltech to
Smartmatic issued on 20
Aug 2013 to the
Electoral Supreme Court
of the Republic of El
Salvador stated that
Smartmatic was its
client since 2003, not its
owner.
2. Single Largest Completed Contract Violated
A. Required in Sec 23.4.1.3 IRR RA 9184 Smartmatic submitted a
(Technical Documents/SLCC) document in compliance
with the SLCC
requirement but the
names of the parties
and amount involved
were redacted such that
the BAC could not have
properly evaluated it for
compliance.
3. Disclosure of Arrangement with Violated Violated
Subcontractors
 A. Required in Request for Proposal for The software that runs The violation was
Automated Election System and the PCOS was actually disclosed when
Government Procurement Policy Board owned by Dominion Smartmatic could not
Rules Voting Systems (DVS) produce the source
and Smartmatic was code for review in time
simply a reseller which for the elections
did not disclose this because DVS withheld it
arrangement with a from Smartmatic after
subcontractor involving both were entangled in
important parts of the a legal dispute in the US.
system.
4. Other Bid Qualification Requirements Violated Violated
A. Required in Request for Proposal for On demonstration, the Smartmatic was initially
Automated Election System and PCOS shutdown after post disqualified by the
Government Procurement Policy Board emitting smoke due to BAC for failing in the
Rules faulty wiring and failed technical demonstration
i. Technical Demonstration to work again thus and for its deficient AOI
ii. Articles of Incorporation failing in the technical only to be reversed by
iii. Board Resolution requirement. Comelec en banc. It
iv. Tax Clearance Certificate also failed to submit the
required board
resolutions and tax
clearance certificates.
VII. CONTRACTUAL OBLIGATIONS Violated
1. Item 18 Part V Request for Proposal for Comelec’s direct
Automated Election System (Warranty on admission in Pabillo, et.
Availability of Parts, Labor, Technical al. v Comelec that its ITD
Support and Maintenance) personnel are incapable
of performing the
required repair and
refurbishment of the
PCOS clearly proves that
Smartmatic reneged on
its obligation to provide
extensive training and
education program on
repair, troubleshooting,
tuning up, and
maintenance of the
PCOS.