Friday, April 26, 2013
Why worry about PCOS code?
MANILA, Philippines – Watchdogs raised a howl after poll chief Sixto Brillantes Jr on Monday, April 22, said he has given up on opening the source code of ballot-counting machines for review by local groups. Brillantes said it is “too late,” after a legal battle between two international companies held hostage the precinct count optical scan (PCOS) machine source code for months.
Brillantes gives up on PCOS review.
Should voters worry about this? What is the source code in the first place? Rappler presents the basic details through the frequently asked questions (FAQs) below.
What is a source code?
Experts describe it as the recipe or “master blueprint” followed by a computer machine. Republic Act (RA) No. 9369, which amends the Automated Election System (AES) Law, defines it as “human-readable instructions that define what the computer equipment will do.” Source codes contain instructions for counting and canvassing votes – which, if manipulated, could lead to fraud.
What is a source code review?
It is the process by which experts review the source code to perform the following major functions: check compliance with technical requirements spot possible flaws ensure there is no malicious code that may be used in fraud For the 2013 elections, the Commission on Elections (Comelec) intended to open both the PCOS and the consolidated canvassing system (CCS) source codes for review by local groups. Only the source code review for one of these pushed through. What does the law say about the source code? The AES Law requires the Comelec to certify that the AES underwent a successful source code review. The Comelec's technical evaluation committee (TEC) should certify this through an independent, international entity. The law also requires the Comelec to “promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof.”
Did the Comelec comply with this requirement in 2010?
Yes, the Comelec complied with the requirement to subject the AES source code to a review by an independent, international entity. A US-based firm, SysTest Labs Inc, reviewed the AES source code then. The poll body, however, failed to open the source code for review by local groups.
Has the Comelec complied with this requirement for the 2013 elections?
In February, the Comelec complied with this requirement through a certification by the Denver-based SLI Global Solutions, formerly SysTest Labs. SLI said the Philipines' automated election system (AES) “can operate properly, securely, and accurately.” It added there is no “malicious code” in the PCOS. (Read: 'No malicious code' in PCOS - int'l experts.)
Has the Comelec opened the AES source code to review by local groups?
Yes, for the CCS, a part of the AES. Only the United Nationalist Alliance (UNA) and the Parish Pastoral Council for Responsible Voting (PPCRV) have reviewed the CCS source code.
The Comelec, however, could not open the PCOS source code for review by local groups. This is due to a legal battle between the Venezuelan firm Smartmatic and the US-based Dominion Voting Systems. Dominion has blocked the release of the PCOS source code for review by Philippine groups.
What is the expected outcome of the CCS review?
Brillantes said UNA and PPCRV will issue a report on their findings. "These will be the comments of the political parties. We will not be bound by it anyway," he said. He added the parties signed a non-disclosure agreement, "which means they cannot disclose their findings." The chairman said the CCS review is done "for records purposes" and in compliance with the law.
Why do watchdogs blast the lack of a local PCOS source code review?
In a statement on Tuesday, April 23, Kontra Daya spokesman Fr Joe Dizon said without a local source code review, the 2013 elections "will be under a cloud of doubt." "The source code review was instituted precisely to assure the political parties and the electorate that the software to be used in counting our votes is trustworthy. It wasn’t put there out of whim like what Brillantes makes it appear with his irresponsible statements,” Dizon said. In an interview on DZMM on Tuesday, former Comelec commissioner Gus Lagman also said the 2013 elections would remain suspect without a local source code review.
“Hindi natin alam kung tama ang ginagawa ng source code, kung tama ang mga instruction sa PCOS machine. So puwedeng intentional na merong kalokohan. Puwede rin namang talagang may mali," Lagman said. (We don't know if the source code is doing it right, if it gives the right instructions to the PCOS machine. So there could be intentional fraud. It could also be that there is really an error.)
Can elections push through without a source code review by local groups?
In an interview on Monday, Brillantes said the local source code review is important “for credibility purposes, not for the legality or legitimacy of the elections.” On Tuesday, the chairman slammed critics, including Lagman, because of doomsday scenarios over the lack of a local source code review. (Watch more in the video below.) Previously, he said what is important is the source code review by an international group, “which is totally independent.” "Kung may legal implications 'yon, dapat null and void ang eleksyon noong 2010. Wala namang nakakita ng source code eh," Brillantes explained. (If that has legal implications, the elections in 2010 should have been null and void. No one saw the source code then.) Brillantes said even without the PCOS source code review by local groups, the Philippines' second automated elections will push through. (Read: Comelec rules out manual elections.) – Rappler.com