Hush-hush: The hash code explained

Metro Manila (CNN Philippines) — Technical jargon took center stage amid suspicion of high-tech manipulation of unofficial results of the 2016 elections.

The camp of Sen. Ferdinand “Bongbong” Marcos Jr. disclosed in a press conference on Wednesday (May 11) that a suspicious new script or computer command was fed to the Commission on Elections (Comelec)’s transparency server during the transmission and counting of election returns.

This altered the “hash codes of the packet data,” Marcos’ lawyer, Atty. Francesca Huang, said.

She said the hash code, which was supposed to be uniform, changed at around 7:30 p.m. on election day, at about the time that “Sen. Marcos' lead from Rep. Robredo started to erode at a rather distinctive pattern.”

Also read: Analyst: If you trust unofficial presidential tally, why doubt VP results?

A few hours after polls closed on Monday, Marcos was enjoying a comfortable lead over his strongest rival, Robredo. The tide turned against him early Tuesday morning when he was overtaken by Robredo, who has since kept her lead in the partial, unofficial results being made public by the Parish Pastoral Council for Responsible Voting (PPCRV). Marcos then called on the Comelec to stop the unofficial count and to explain the alleged irregularities.

Also read: Duterte, Robredo lead in PPCRV partial, unofficial results

What is a hash code?

A hash code is a value – a combination of letters and numbers – generated by a function for an electronic document, data file, or program.

It serves as a digital fingerprint, meaning it is unique for every file, and is “a security measure used to ensure that the integrity of an electronic document, data file, or a program has not been compromised,” the National Citizens' Movement for Free Elections (NAMFREL) explained in a news release on Thursday (May 12).

Related: Is it possible to rig automated elections?

University of the Philippines Computer Science Prof. Rommel Bulalacao told CNN Philippines that one of the key purposes of a hash code is to determine whether a piece of information is tampered or not.

“The hash code is usually large numbers or a long alphanumeric sequence to ensure that no two different data will generate the same hash code,” Bulalacao said.

A unique hash code looks something like this: A14791C42FDA957C47DBE3EAS2FB2AA39DBFDAAFF683687A80B69F61A113EOF7

Such unique code should be reflected in election returns and in the transparency server.

“If we tamper our data, though, it will generate an entirely different hash code,” Bulalacao said.

In the case of the automated elections, the unique code should be reflected in election returns and transparency servers because they should all have the same software.

“To check that all the transparency servers are using the same software version, we can use a hash function to generate a hash code. Some of the common hash functions are MD5, SHA1, and SHA256,” Bulalacao explained.

He said if after such process, the generated hash code is still the same, it means the software installed in all servers are the same.

Bulalacao added that the hash function can also be used to check if a file containing election returns has been tampered. “All you have to do is feed the election file found in one transparency server to a hash function,” he said.

“If the hash code it generates is the same across all other transparency servers then we can conclude that the data contained in all the files in all the transparency servers are the same. Hence, no tampering occurred," Bulalacao said. "If one server generates a different hash code, then the file in that server was tampered."

Robredo’s camp: Cheating claims insult to Robredo supporters

Is the altered hash code tantamount to election fraud?

In case the Comelec’s transparency server showed a different hash code and no notice was made about it, the initial assessment would lead one to believe there were hush-hush maneuvers going on behind the scenes.

Comelec Chairman Andres Bautista on Thursday admitted that an alteration had been made but it was merely for a “cosmetic change” which will not affect the election results.


He explained that the alteration was meant to replace a question mark (?) that appears in some candidates’ names instead of an “ñ”.

Bautista rejected suggestions there has been cheating.

 “There is no cheating,” Bautista told a news conference. “Our Comelec records are open to the public for scrutiny. If you wish to obtain any records from us we will provide them to you.”

NAMFREL also said its own probe showed that despite the mismatch in the hash codes, the data NAMFREL received were still the same as the actual data on each election return.

“It would be prudent if they (those claiming cheating) can show even a single VCM/ER (vote counting machine/election receipt) changed during the time they are complaining about the error,” NAMFREL said.

The PPCRV, which does the partial, unofficial count said it has submitted an incident report to the Comelec and left it to the poll body to explain the altered hash code.

Related: Singson: PPCRV not capable of changing hash code

"All results can be compared against the printed election returns of all vote counting machines, the electronic results transmitted from all the VCMs, the results in Comelec central server and the transparency server as well as the results published in the Comelec website,” Bautista said.

Expert: There should be no alteration, no matter how minor

Bulalacao said a changed hash code is not enough evidence to prove that the alteration has affected the vote count.

He explains it this way:

“Let us say I have the following information stored in a file named precinct-00512.csv






Senerez, 2

If I feed the file to md5sum, it may give me the following hash code: ddb41e1806654c49360548b8e4d6f426.

If I make even a 'minor' alteration such as changing Senerez to Señerez, it will result in a different hash code, say: 0b99ce8f1a78b3eb2c1d9ce18320c12a.

While it resulted in a different hash code, most, if not all, would agree that it did not affect the counting of votes."

Bulalacao stressed not even a “minor” change should have been introduced, considering the raucous this could create.

“I strongly believe that no alteration (no matter how minor) should have been made during the transmission of election returns,” Bulalacao said.

“According to reports, a character (a letter) was changed to ñ. This is not mission critical. It's not a show stopper. If that's all they did, I think the commotion that the minor change generated greatly outweighs the benefit of making such a change.”

Guanzon slams Smartmatic: They breached protocol and should be held liable