Press statement
May 9, 2013
Reference: Dr. Giovanni Tapang, Convenor

It appears the source code of the precinct count optical scan (PCOS) machines is available for review by political parties and other interested groups. The problem is, with just three days left before the midterm elections, a thorough review of the source code to verify its trustworthiness in counting our votes is now impossible. Thus, all the publicity by Commission on Elections (Comelec) chairman Sixto Brillantes about the source code review is mere drama at this juncture. In reality, it is already meaningless in terms of ensuring the credibility of the May 13 polls. The so-called review is just for show.

Kontra Daya has been among the many groups that were adamant in demanding the PCOS source code opened to political parties and independent experts for meticulous scrutiny. The idea is not simply procedural but goes straight to the heart of automated elections – do we really have a reliable and tamper-proof computer program to read and count the ballots before we even use it? The source code review will take several months to complete and the midterm elections are long done before we can even answer such fundamental and indispensable question.

Brillantes pointed out in earlier statements that it is not the source code that is important but the binaries which are loaded into the PCOS machines. However, without the careful review of the source code before the elections, who can now say what those binaries actually do? Our fears have been reinforced by hardware problems that cropped up in the mock elections last February as well as the ones encountered in the final testing and sealing (FTS) earlier this week. These problems range from machines not turning on, the scanner not being able to read one side of the ballot, paper jams and printer errors. We have also seen PCOS machines counting even wrongly shaded ballots or ballots with over-voting.

We could not just simply rely on the accreditation of the source code by SLI Global Solutions and be assured that the PCOS machines will function properly. We have to verify that this source code is translated into the proper program that will run on the machines during election day. This could have been tested during the FTS with the hash codes generated during the trusted build so that we can ensure that the same copy of the program will be running in all of the more than 80,000 PCOS machines nationwide.

And we are only talking about the PCOS source code. Even more dangerous and worrisome is the fact that the source code of the canvassing servers can be modified anytime making the whole system prone to electronic dagdag-bawas.

The Comelec could have saved everyone, including itself, a lot of time and effort if it had required that the source code be made at the time when it procured the system.

But we must also reiterate that the problem is not just the negligence of Comelec. The very design and framework of the country’s automated election system (AES) is deeply flawed as it overly relies on private, foreign corporations and their technology. Lest we forget, the availability of the source code was hostaged by the corporate dispute between foreign vendors Smartmatic International Corp. and Dominion Voting Systems.

The experience we had with the Comelec-Smartmatic AES should make clear what we have been pointing out since talks of automating the elections were floated. Technology, in this case automation, would not solely solve the plethora of problems of our election. Technology would only be as useful as those who control it allow us, the people, to use it to address our needs. In the AES case, even the Comelec had no control of the technology, making it vulnerable to the various problems it encountered during the electoral exercise. (End)