Comelec starts review of PCOS source code

Michael Santos of SLI Global Solutions (right) hands over the source code for the Comelec’s counting machines to Reed Bodwell of Dominion Voting Systems at the Comelec headquarters in Manila on Thursday with Dallas Newby of Dominion and Comelec Chairman Sixto Brillantes Jr. watching. NIÑO JESUS ORBETA

The review of the “source code” that will be used for the precinct count optical scan (PCOS) machines began at the Commission on Elections (Comelec) in Manila on Thursday.

The source code refers to the readable computer program that will be used on the 82,000 PCOS machines for scanning ballots on Election Day.

Comelec Chairman Sixto Brillantes Jr. said the review would ensure the credibility of next Monday’s midterm elections.

But senatorial candidate Richard Gordon, who has asked the Supreme Court to stop the elections on a question of the “honesty” of the source code, said that with only four days before the balloting, political parties do not have enough time to examine the source code.

Brillantes said representatives of the political parties and a citizens’ watchdog conducted the review after a representative of Dominion Voting Systems formally turned over the source code to the Comelec.

“They will review a copy of [the source code] …  the advantage of having the review now is that Dominion and SLI [Global Solutions representatives] are here. So, if they have questions, they can ask these guys,” Brillantes said in an interview.

“This is important to show that the elections are credible even to contending political parties and interested groups who have asked and applied to review the source code,” he added.

After the turnover ceremony at the Comelec, Brillantes deposited a copy of the source code in the Bangko Sentral ng Pilipinas.

‘Proper,’ ‘accurate,’ ‘secured’

Brillantes said those who conducted the review included representatives from PDP-Laban, Pwersa ng Masang Pilipino, Liberal Party and the electoral watchdog Parish Pastoral Council for Responsible Voting.

Dominion owns the source code while the Comelec hired SLI Global as the third party required by law to conduct an independent review of the source code.

“[SLI’s] independent certification stated very clearly that the source code given by Dominion to them is actually no malicious software, is proper, accurate and secured. These are the three words—‘proper,’ ‘accurate’ and ‘secured’—that is the certification of SLI after they conducted the source code review,” Brillantes said.

The Comelec chief said he was glad that Dominion agreed to SLI’s giving the Comelec a copy of the source code.

“I want to cry again. This is the end of all our hardships. We settled the credibility issue today. That should be good enough,” Brillantes said.

When asked if this would appease his critics, Brillantes said: “I hope we all stop talking and instead work together for the success of the elections. After that, we can all rest.”

‘Deceptive’

But the critics were not impressed. Former Comelec Commissioner Gus Lagman said the Comelec should show if the binary code to be used on the PCOS machines actually “came from the source code reviewed by SLI.”

“That’s what I want to find out. How do they ensure that that binary code was not tampered with along the way? Was a ‘hash’ code generated for distribution to all [Boards of Election Inspectors] so the binary codes can be checked?” Lagman said.

He dismissed Brillantes’ claim that the turnover of the source code resolves the question of credibility of the elections.

“He must be kidding. It’s not the turnover that’s important; it’s the review that is,” Lagman said.

“It’s deceptive,” Gordon told the Inquirer, referring to the Comelec presentation before journalists Thursday morning.

Gordon, a former senator who is running again for the Senate as a candidate of the opposition United Nationalist Alliance (UNA), said there was no more time to check if the source code would match each of the 82,000 PCOS machines to be used next Monday.

“It’s not a valid inspection,” Gordon said. “Mere showing of the source code doesn’t mean that it already complied with the law.”

Gordon cited the provision in Republic Act No. 9369 that requires the Comelec to “promptly make the source code available and open to any interested party or groups, which may conduct their own review” of the code.

The law requires the source code to be “human-readable instructions that define what the computer equipment will do.”

“It is too late for IT experts to test the software in time for Monday’s balloting. [The] testing usually takes at least four to six months,” Rep. Toby Tiangco, UNA campaign manager, said in a statement.

Postponement of elections

Replying to Chief Justice Maria Lourdes Sereno’s question during oral arguments on Wednesday, Gordon said the Supreme Court was “not precluded” to seek the postponement of the elections.

But Associate Justice Marvic Leonen said only Congress could postpone the elections.

Gordon said the Comelec’s belated presentation of the source code was not unlike the “stonewalling” the agency allegedly did amid requests for a similar review of the source code for the 2010 elections.

Lagman said the review that began Thursday should have been conducted earlier so that the public would have known if there was a problem with the source code. He noted that the review would be finished only after four months.

“The Comelec has just put up an elaborate show on the source code to allay fears regarding the credibility of the polls. This show does nothing to address the concerns of watchdog groups,” Renato Reyes of the watchdog Kontra Daya said.

“There is no time for an honest review. This is just for show,” Reyes said.

Turnover

During the turnover ceremony at the Comelec, SLI Global senior test manager Michael Santos gave the compact disc containing the source code to Reed Bodwell, engineering manager of Dominion.

Bodwell then authenticated the source code and installed it on a desktop computer, which the Comelec used later to review the source code.

Bodwell then encrypted the source code copy on the desktop—Dominion, Comelec, and SLI Global inputted three separate passwords—and then copied the source code to another compact disc.

It was this disc that was turned over to Brillantes, who then put it in a black metal box, which was locked and sealed with three Comelec stickers signed by Comelec commissioners.

Brillantes then deposited the black box in the central bank.

Read more...