NOTES ON THE DIGITAL SIGNATURE: The PRIVATE – PUBLIC KEY Pairs of the Board of Election Inspectors

(Originally posted November 14, 2009)


By: Pablo Manalastas, PhD, IT Consultant, Fellow of CenPEG


The source code of any computer program is the set of human readable computer programming instructions, while the password is part of installation data that is invented by the installer of the program, and the password is chosen by the installer, not by the programmer who wrote the source code.

For some reason that is not too smart, the COMELEC has ruled that it is SMARTMATIC who will designate who should control or manage the Certification Authority (CA) of the election canvassing and transmission systems. In technical terms, a CA is the directory of passwords, and the users who are authorized to hold or keep the public and private keys. In effect, we now have a foreign entity that will have full control of a process that is at the heart of our national security.

If you check the Smartmatic financial proposal to COMELEC, Smartmatic will spend PHP0.00 to generate the 240,000 private-public key pairs for the BEI staff. This just means that Smartmatic will not even hire Verisign or Thawte or any legitimate CA to certify the 240,000 public keys of the BEI staff, because certification by a legitimate CA will cost at least PHP1,000.00, according to a local representative from Verisign.

So Smartmatic, with the blessing of COMELEC, will generate ALL the private-public key pairs, itself, passphrase the private key, store three key pairs in one RF key, print the three passphrases that they used and keep in three sealed envelopes. Then on election day, this RF key and the sealed envelopes will be given to the BEI, and this is the first time that the BEI will see their private keys. In effect, the BEI will be signing with the Smartmatic private keys, so it is, in fact, Smartmatic that will sign ALL the precinct election returns, which is against the provision of RA-9369 on digital signing of the precinct ER.#