‘Source code review too late to make elections honest, secure’

“It does not take too much brain matter to come to the conclusion that all these media releases are just for show. We don’t have a real source code for 2013 that is available and open. We’ve been had again.” – Dr. Pablo R. Manalastas, IT Fellow of the Center for People Empowerment in Governance (CenPEG)


MANILA — Fears of blackout aside, the May 13 midterm elections is all set now– except that it still remains a big question whether the votes would be accurately, securely and honestly tallied. Three days before election day, Comelec chairman Sixto Brillantes held a press conference and made a big show of handing out copies of the source code, which, he said, would be running the PCOS machines come May 13.

The Comelec also announced that they have devised an automated random selection program to speed up the process of selecting the 234 precincts where they would conduct a random manual audit. The broad-based group AES Watch asked, though: Did Comelec finish first the final testing and sealing of all PCOS before running the random selection program to choose where it would conduct a manual audit? The group also told Bulatlat.com that this automated random selection for manual audit has “a bias for small districts.” They explained that under the Comelec’s selection process, the lone district of Batanes which has only 22 clustered precincts (CPs) is weighed the same as the 2nd district of Quezon City which has over 600 CPs.

As for the source code, the broad-based AES Watch, which had long asked the Comelec for a chance to review it, dismissed the Comelec’s announced review Friday, saying it was just a photo-op that does not dispel doubts about the source code set to run the PCOS machines. IT experts from the Automated Election System Watch (AES Watch) said the turnover by the Colorado-based SysTest Labs Inc. (SLI) of the source code to Comelec is still not compliant with the law. This turnover reportedly cost the public at least P41-million ($1 million).

AES Watch also challenged the Comelec to “lift the shroud of secrecy covering the supposed disclosure.” The group maintains that aside from doubts over the contents of the supposed source code, and whether the copy distributed for review today is the same code running the PCOS machines, there are still questions over the license covering the release of this source code to the Comelec.

In the press conference called by Comelec three days before elections, Brillantes also asked critics, in Filipino, to stop having a go at Comelec. But to Bobby Tuazon, convener of AES Watch, “It’s on record that CenPEG – and AES Watch – have not only documented significant findings and failures of the Smartmatic-marketed automated election system since 2008 but have proposed solutions, policy proposals, and legislation. Our reports and proposals were submitted not only to Comelec but also Congress. But Comelec is clearly un-reformable, exclusivist, and is an institution that considers all types of criticisms as “doomsaying” and “election sabotage” for lack of effective response to legitimate and well-founded observations.”

Comelec committed many violations in preparations for computerized election

Prof. Nelson Celis, AES Watch acting spokesperson and last year’s Most Outstanding Electronics Engineer in IT, asked if the source code embedded in the PCOS firmwares is a “chopsuey” source code of 2010 and 2011, which has not yet been tested. He added that the people also have the right to know the terms and conditions of the Comelec-Dominion-Smartmatic-SLI deal and what is in the source code CD.

As there was no source code reviewed several months ahead of the May 13 elections, Celis said, the Comelec is still liable for non-compliance with the election law. RA 9369, Sec. 11.5 stipulates that Filipinos must receive “A certification that the source code reviewed is one and same as that used by the equipment.”

Celis had helped craft the modern election law in 2007. He said Comelec has not published the hash code of the PCOS in escrow at BSP – as well as that of the election management system (EMS) and the canvassing and consolidation system (CCS). He recalls that in 2010, the Comelec published such “hash code.”

This prompted Celis to conclude that the “Comelec fooled the people in 2010 regarding the source code; now they want to fool us again.”

Dr. Pablo R. Manalastas, IT Fellow of the Center for People Empowerment in Governance (CenPEG), said earlier in an email that “It does not take too much brain matter to come to the conclusion that all these media releases are just for show. We don’t have a real source code for 2013 that is available and open. We’ve been had again.”

Too late for the review

Ernie del Rosario, former Comelec IT director, said there is no way to know now whether the claimed PCOS source code is the one embedded in the 80,000 plus PCOS machines that have been deployed nationwide for May 13 mid-term elections.

Worse, “The PCOS binary program that will be used in the May 13 elections retains all the bugs of the 2010 binary program, plus all the bugs added by the 2011 ARMM binary program which was never tested and used,” Manalastas, an IT professor at UP and Ateneo, said. He based this on a quote attributed to Brillantes, which says: “We want to be very transparent, the coverage for the 2013 source code elections would be those that were in the 2010 source code with some of the 2011 enhancements but absent the enhancement that we wanted to be added on for the 2013 which therefore the source code that we’re going to use for the 2013 election would be the 2010 plus the enhancements of the 2011 absent the last eight of nine enhancement we were asking for which we would not be able to actually consummate and finish because of some legal issues which we will not anymore discuss at this point in time.”

Manalastas said he got the same “roundabout answer” from Brillantes when he asked the latter after last Wednesday’s oral arguments over the source code at the Supreme Court .

No right to review, modify source code?

Can we legally review the source code distributed by Brillantes this morning?

IT expert and AES Watch convener Manalastas explained that for Comelec to follow the law and implement Section 12(14) of RA-9369 which states, “Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof”, the poll body must secure a license from Dominion granting interested political parties or groups (in the Philippines) the right to review the source code (and propose bug-fixes) of the Dominion EMS and Dominion PCOS.

“This is the only legal way by which the Filipino people through interested political parties and other groups can conduct a review of Dominion’s source code,” Manalastas said. But “the only license that Smartmatic was able to arrange from Dominion for Comelec is the 2009 license that gives Comelec the right to use the Dominion EMS and Dominion PCOS binary programs for the 2010 elections ONLY,” Manalastas stressed.

Even worse, he added, was the fact that Smartmatic and Comelec also did not secure a license from Dominion that gives interested political parties and groups the right to review the source code for 2010 and for 2013 even when the law is clear that it is Comelec’s obligation to do so.”

Given all that, Manalastas warned that “our hope for clean, honest, accurate and secure computerized elections for 2013 has just been reduced to NIL.” (https://www.bulatlat.com)

Share This Post