Re: The Death of Election 2010 Source Code Review
The Center for People Empowerment in Governance (CenPEG) is making one LAST FINAL APPEAL to COMELEC to
release the source code of the election computer programs NOW, so that we can do a source code review.
If you believe in this CAUSE, please help CenPEG by supporting this appeal. You can do so by replying to this
email, adding your name, position, etc to the end of the list, and email this reply to
"Evi Jimenez" <evimenez <at> gmail.com>
Ms.Evi Jimenez is a Director of CenPEG coordinating this appeal. Thanks
~Pablo Manalastas~
Forwarded message:
From: evi jimenez <evimenez <at> gmail.com>
Date: Wed, Sep 30, 2009 at 5:10 PM
Subject: For Signing_Joint Appeal for release of source code_Sept30
To: bobbylsgh <at> hotmail.com, "Bro. Vince Fernandez" <brvincefsc <at> yahoo.com>, bromannyhilado <at> yahoo.com
Sept. 29, 2009
Dear Friends,
After going around to share the findings of our study on the AES, we now ask for your support. Can you help
follow up the Comelec to release the source code for review, as mandated in RA 9369 and which was approved en
banc to be given to CenPEG for independent review by its network of computer scientists in the academe?
The recent storm Ondoy last week hit us unprepared. Many lives were lost and billions of pesos worth of
property destroyed. THAT was a disaster of terrible magnitude that could have been prevented, or at least
mitigated through a comprehensive disaster preparedness program. The coming automated polls, the
first to be implemented nationwide, will need the same preparedness.
Please support the cause for a credible and transparent election by signing the following Statement.
Emailing us back with a short note to confirm your signature would be most appreciated. You may also
download the attached copy of the Appeal and ask your friends especially those who attended our
briefings, to sign. We are rushing against time. There is little time left for a meaningful source code
review.
Thank you very much!
Evi
Center for People Empowerment in Governance
www.cenpeg.org
A FOLLOW-UP APPEAL TO THE COMELEC
COMPLY WITH THE AUTOMATED ELECTION SYSTEM LAW;
RELEASE THE SOURCE CODE FOR REVIEW NOW!
September 30, 2009
The country has barely eight months to go before May 10, 2010 when 48 million Filipino voters are expected to
troop to the polls. On that day, the voters shade their votes on small ovals opposite the names of their
candidates on ballots 2.5 feet long, and feed the ballots into the Precinct Count Optical Scan-Optical
Mark Reader (PCOS-OMR) machines that will read and count their votes, and transmit the vote tallies at the
end of voting day to the Consolidation and Canvassing System (CCS) machines. If everything goes as
planned, the next President, Vice President, and other national and local elective officials will be
known in 2-3 days.
For the speed that it promises, the Automated Election System (AES) is certainly revolutionary, and the
AES Law or RA 9369, a landmark piece of legislation that could modernize the fraud-ridden voting in the
Philippines. But speed without addressing the deep-seated problem of cheating in the country will make
the automated election a wasteful exercise at PhP7.2 billion. Machines can help, but will not solve fraud completely.
The voters must be assured that the machines themselves cannot be used as instruments for cheating, that
they have been programmed correctly and are internally resistant to vote rigging. For this, the RA 9369
provides for certain safeguards that the Comelec is duty bound to implement. One of the key safeguards is
the source code review provision:
Section 12 [Sec 14] of RA 9369 mandates, “Once an AES technology is selected for implementation, the
Commission shall promptly make the source code of that technology available and open to any interested
political party or groups which may conduct their own review thereof." [underscoring supplied]
Source code is the human-readable set of computer program instructions used to specify the internal
actions to be performed by the PCOS-OMR called SAES-1800 (Smartmatic Auditable Election System)
machines and CCS called REIS (Real-Time Information System) computers. A most thorough examination of
the source code for correctness and security of the programs running in the e-voting machines to be used
for the first time in the country’s election history must be undertaken by reputable computer
scientists who are known for their independence and probity and are unattached to the vendor or the
Comelec.. This will ascertain that the programs in the machines will correctly implement the provisions
of RA 9369 for counting, canvassing, and transmission of the votes and that any serious security flaws are
identified and properly fixed. More than the external procedural features of the machines – that is,
feeding of the ballots into the PCOS-OMR machines to
printing of the Election Returns – the correctness and the security of the internal programs running in
the machines should be of primordial concern.
It was in this spirit of transparency that on May 26, 2009, the Center for People Empowerment in Governance
(CenPEG) wrote the Comelec requesting for the source code of the counting and canvassing computers as
well as the election database and servers. On June 10, the Comelec en banc approved the release of the
source code for review through its Minute Resolution No. 09-0366 but it was delivered to CenPEG only on
July 10, the day of the contract signing between the Comelec and Smartmatic-TIM.
To this day, however, the Comelec has not yet released the source code, citing as reasons the following:
“lack of guidelines” (Comelec spokesperson James Jimenez), “premature release” (Comelec
Executive Director Jose Tolentino, also PMO), “CenPEG (and other groups) to apply (first) as resource
person … and under controlled conditions,” and “the source code does not currently exist”
(Atty. Ferdinand Rafanan of the Comelec legal department), and “we are still waiting for
Smartmatic-TIM to turn over the source code so that it could be opened for review” (Commissioner Rene
Sarmiento who pointed out that the source code is not owned by Smartmatic but by another firm, Canada’s
Dominion Voting Systems!).
Then on the September 21 poll automation forum on ANC TV, Atty. Rafanan delivered a final blow to the call for
source code review by announcing that “CenPEG (and other interested groups) will not do a source code
review, but that an international certification agency will do it as a requisite to TEC (Technical
Evaluation Committee) certification.” This announcement is misleading. As clearly spelled out in RA
9369, the certification by TEC through an international entity is a separate requirement (Sec. 9) from
the mandate to release the source code for review by interested groups (Sec. 12).
We, concerned citizens and organizations from various professions and sectors, join other interested
groups like CenPEG in demanding that the source code be made available to interested groups as provided by
law so that it may be reviewed by competent computer experts who are not vendors or Comelec-designated but
are independent and known for their probity and integrity in the IT hardware and software security industry.
Source code review, in accordance with international standards, takes time. Any further delay in the
release of the source code for thorough examination by “interested groups” will surely frustrate
the intent of the law to give all concerned the opportunity to review the source code and be assured of the
integrity of the e-voting system.
We believe that implementing this particular safeguard, even if not a sure-cure to fraud, is a big step
toward ensuring the integrity of the automated election system, that internal safeguards are well
plugged in while assuring the Filipino voters that the machines are secured, accurate, and reliable.
Reviewing the source code will certainly not make the system impervious to external attacks and
manipulation but rather make it more immune to manipulation as possible vulnerabilities are identified
and fixed beforehand. In landmark cases in the U.S., more and more citizens’ groups are calling for
e-voting systems to be periodically reviewed long before the elections to check if they are defective,
obsolete, or otherwise unacceptable.
We reiterate in strongest terms our call for the Comelec to comply with Sec. 12 of RA 9369 and release the
source code of the PCOS-OMR and CCS computer programs NOW before it is too late..
As we sign this joint statement, of primordial concern to us are the rights of the voters and the integrity of
the voting system. While our demand for the release of the source code is based on law, we believe that the
review is critical on moral, political and economic grounds. Let us work together in making sure that the
integrity of the machines and our votes will not be under grave threats.
Signed:
Name Organization Designation
Alfredo E. Pascual University of the Philippines President
Alumni Association (UPAA)
Bishop Broderick S. Pabillo National Secretariat for Chairman
Social Action (NASSA)-
Catholic Bishops Conference
Of the Philippines (CBCP)
Bishop Deogracias S. Iniguez Public Affairs Committee Chairman
CBCP
Angelito S. Averia, Jr.. Philippine Computer
Emergency Response Team (PhCERT) President
____________________ ____________________________ ____________
____________________ ____________________________ ____________
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
RSS Feed