BINAY – RELEASING ELECTION SOURCE CODE TO INDEPENDENT COMPUTER EXPERTS WILL HELP ALLAY “AUTOMATED HELLO GARCI” FEARS
24 AUGUST 2009
REF: JOEY SALGADO
Makati Mayor and United Opposition (UNO) president Jejomar C. Binay has asked the Commission on Elections (Comelec) to immediately release the automated election source code for review by independent computer security experts before Smartmatic-TIM begins manufacturing the 82,000 counting machines to be used in the 2010 election.
Binay said this would be an important first step in addressing growing apprehension of an “automated Hello Garci” scenario in next year’s election, owing to questions about vulnerabilities in the election software.
Binay said making the source code available in November, the indicative date given by Comelec officials, will be an empty gesture, since Smartmatic-TIM may have already started manufacturing the counting machines by then.
“The source code must be reviewed independently before the supplier begins producing the counting machines. Otherwise, it will just be a useless exercise since the machines have been programmed and there will be no way to probe the code for vulnerabilities,” he said.
The opposition leader said an independent review of the election source code – the instruction given to the computer to perform certain tasks – before the machines are produced will help establish the integrity of the automated election.
“Without the independent review being conducted before Smartmatic-TIM begins producing the counting machines, it will only be the Comelec and Smartmatic-TIM that will vouch for the integrity of the election results, and that is something that is really worrisome,” he said.
Republic Act 9369 allows political parties and other interested groups to review the source code to be used in the automated election.
The opposition leader said he fully supports a call by a University of the Philippines (UP)-based policy group for the Comelec to immediately release the automated election source code for review.
A request by the Center for People Empowerment and Governance (CenPEG) for the release of the source code was approved by the poll body in an en banc resolution issued in June.
The Comelec, however, has yet to release the code to CenPEG and election officials have told the group that guidelines for the source code review have not been drafted and may be ready only in mid-November or just five months before election day.
CenPEG had said without a source code review, the integrity of Comelec’s automated election system cannot be established and will likely enhance the
potential of internal rigging and wholesale automated cheating.
Dr. Pablo Manalastas, CenPEG’s IT Consultant, have said both Comelec and
Smartmatic-TIM are engaged in “delaying tactics” and this supports “our
suspicion that the consortium may have only a binary-level license of the
election programs, and our further suspicion that they do not have a
source-level license, and so cannot produce the source code for our
Manalastas, former chair of Ateneo de Manila University’s IT
department and a lecturer at UP’s computer science, reminded the Comelec
that it is mandated by the election modernization law to release the source code immediately.
Section 14 of the RA 9369 reads: “Once an AES technology is selected for
implementation, the Commission shall promptly make the source code of that
technology available and open to any interested political party or groups
which may conduct their own review thereof.”
Moreover, Comelec’s Terms of Reference (ToR) for the 2010 election mandates the poll body “to make the final source of the PCOS (precinct count optical scan) and CCS (consolidation canvassing system) and all of its components available and open to any interested party or groups which may conduct their own code