Five flaws in the Election Commission’s Voting Count Information System

5

“It’s not the people who vote that count, it’s the people who count the votes.” 

Joseph Stalin

IO – The uproar over erroneous input into the Election Commission (Komisi Pemilihan Umum – “KPU”)’s Voting Count Information System (Sistem Informasi Penghitungan Suara – “Situng”) is to such an extent that we can no longer view the issue as a technical-casuistic issue. It is now a systemic problem that threatens the credibility and trust of electoral organizers, because the input error occurred not just once, but hundreds of times. In fact, the Committee to Elect Prabowo-Sandi (Badan Pemenangan Nasional Prabowo-Sandi – “BPN Prabowo-Sandi”) and Prabowo-Sandi volunteers have discovered 12,550 cases of erroneous data input into Situng KPU.

I am among the first to request audit IT forensic audit on KPU since September 2018. The purpose is to detect the mess in the Final Voters’ List (Daftar Pemilih Tetap – “DPT”) data and a system that can be easily manipulated using specific algorithms. BPN’s IT Team has discovered problematic 17.5 million DPT data items. Forensic check is needed in order for us to guarantee security and prevent intruders from outside. We don’t want anything to be covered up. Unfortunately, there was no response to the request for the forensic audit.

Despite the discovery of so many errors and oddities, KPU maintained a stream of normative responses. I do not think that we can be understanding of the constant reiteration of “human error” anymore. Other than not resolving the issue, the response shows a less-than-responsible attitude. Therefore, on Friday, 3 May 2019, as the Vice Chairman of DPR RI, I and Mr. Riza Patria, Vice Chairman of DPR RI’s Commission II, exercised our right to perform a sudden inspection to KPU to inform the public’s unrest, as well as request information from KPU’s Leaders. We were received properly by KPU’s Chairman, Commissioners, and General Secretary. After our dialog and debate, we made a direct inspection of the server room dan operation room.

Briefly, I conclude that Situng KPU is loose. Its validation rules are weak, creating a large gap for manipulations to occur. I believe this explains why there are massive errors in C1 input into the Situng KPU. I do not believe that KPU can no longer take cover behind the disclaimer that what is shown in Situng is not yet the official count results. From my 3-hour sudden inspection at KPU RI, there are five points that I noted that mark Situng KPU’s serious flaws. Most of these flaws are elementary: they do not need to occur. With these weaknesses, we note that Situng KPU is clearly constructed in an amateurish fashion.

The first weakness was the construction of the counting system itself. Situng KPU is not outfitted with early correction during the data input stage, while according to IT experts, this function only needs the addition of a simple instruction in the programming language. As the input verification is weak, even wrong data will still be automatically entered to the KPU server, then expressed in a real count graph visible by the public. This is clearly a fatal elementary weakness, as how could KPU as an official agency of the State dare to show a graph based on data whose truth cannot be guaranteed?

This kind of error can actually be automatically anticipated from data input stage. If the DPT of each TPS contains 300 voters, for example, when there is a vote input of more than 300, or more than 3 digits, then the system would automatically reject it. Ironically, Situng KPU currently has no such function. So, if the inputter or verifier enters thousands or even millions of votes in the TPS, they will still be entered in the KPU server. Even though there is a correction mechanism, the Headquarters generally informs the corrections to verifiers in the regions manually using WhatsApp (WA), not through the system. Therefore, it is no wonder that even now we find hundreds, or even thousands of erroneous inputs in Situng KPU. Without WA from the Headquarters to inputters or verifiers in Regional KPUs, no corrections would have been made.

How did we discover such errors? My check shows that it’s mostly from the public’s protest in social media. So, without any findings or protests, no corrections would have been made.

The second weakness was that in the inputting process, some data is still unaccompanied by scans of C1 Forms. KPU’s own information stated that once, there were 1 million files without any C1 scans. KPU RI stated that this is because the data storage capacity in the system was already full, so that the memory could not contain the files submitted by Regional KPU Offices. If it were true, I would say that what KPU has been doing so far is very much amateurish. An event as great as the Simultaneous Elections must be well-prepared, all necessities must be prepared in anticipation. I would consider memory and bandwidth to be trivial and no excuse, especially since Sudden Inspection I in KPUD Bogor on 4 May 2019 shows that data submission by inputting officials without C1 scans is actually not allowed by the system. In other words, KPU’s excuse did not match true conditions.

The question then: if inputting officials could not send their files to KPU’s servers without any C1 scans, how come there are 1 million files in the Situng KPU are entered without C1 scans? Who sent them? This oddity means that KPU did not seriously prepare its IT infrastructure. The display of C1 forms is also delayed, while the text has appeared already.

The third weakness is related to the data inputters. According to the statement of KPU’s Chairman, there are 25 inputting officials in each municipality and regency. Some of these officers act as verifiers. These are the frontline soldiers in KPU’s real count process.

Another issue that we found from KPU’s statement is that inputters frequently double as verifier. This should not be allowed, as the overlap of duties would cause proper data verification to be impossible. Data inputting and verification must be separated, and inputters and verifiers must be different people.

Fourth, KPU also stated that inputters and verifiers have different IP addresses. However, when we ask for confirmation on the total exact numbers of IP addresses used by the data inputters, nobody was able to state it. KPU should know basic data such as this. In fact, KPU should ideally check IP address traffic regularly: how many IP addresses are active at any given time, where are they located, and what their activity log is like. All these need to be monitored, both as anticipation and detection if any unknown IP addresses attempt to enter Situng KPU’s processes.

The fifth weakness is related to KPU server. The information I got from direct check shows that KPU server is currently split into three locations: KPU Head Office, Agency for the Assessment and Application of Technology (Badan Pengkajian dan Penerapan Teknologi – “BPPT”), and KPU’s Sentul office. The main server is placed in KPU’s Head Office, while the servers in BPPT Office and Sentul are reserves.  A direct visit to the server located at KPU RI’s office shows that the server room is far from being representative. The system it uses is also very simple: it uses Linux operating system, MySQL database, and PHP program. These programs are freely available. An IT expert assessed the construction of KPU server to have cost about IDR 1-2 billion, ditto the operation room. According to the information that I obtained on site, KPU did not use ISO 27001-certified server, while this certificate is the global standard for Information Security Management System (ISMS).

When we asked whether or not the server admin was on site, the answer was “No.” Nobody knows how they access or login to the server, so we cannot determine whether the physical KPU server is really the active server or not.

In view of the many weaknesses we have discovered, Situng KPU right now should not be continued. The high number of erroneous inputs and weak verification processes means that Situng KPU is no longer viable as an instrument of KPU’s manual count control. The system is flawed. Situng KPU can still make the wrong count. This will only add to the mess and reduce KPU’s credibility among our people. We all want this Election, which has already spent IDR 24 trillion of our tax money, to provide fairness to everyone – to the contestants, to the voters – in order to generate a President and Vice President who really reflect the will of the Indonesian people, not a president elected by erroneous inputs.