The Commission on Elections (Comelec) under Chairman Sixto Brillantes, Jr. is not yet off the hook after announcing that the Dominion Voting Systems (DVS) has agreed to disclose the source code to the poll body, the AES Watch said today. The broad citizens’ election watchdog also said the PCOS count is unreliable and called for a 100 percent parallel manual count in the coming elections in light of the absence of a source code and other deficiencies of the poll automation system.
Bobby M. Tuazon, co-convener of AES Watch, said the supposed disclosure of the source code by Dominion only bolsters the election watch group’s contention that both Comelec and Smartmatic are liable for automating the elections of 2013 without a source code. “The last-minute disclosure of the source code even if true will not extricate Comelec and Smartmatic from legal liability,” Tuazon said. “They should have revealed the source code last year when Comelec decided to re-use the unreliable Smartmatic-marketed technology to allow political parties and other interested groups to conduct an independent review of the software program as a matter of right.”
The fact that the supposed source code is being released just less than a week before the elections constitutes a violation of RA 9369 and is further aggravated by Mr. Brillantes’ arbitrary decision that the review will have to wait after the May 13 elections, Tuazon.
“Is this a piece of candy to be given out just to appease the ‘noisy critics’ who persistently demanded the release of the source code as a vital security safeguard to ensure proper operations of the PCOS program?” Tuazon asked.
Section 12 of RA 9369 says, “Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof.”
Dr. Pablo R. Manalastas, IT Fellow of the Center for People Empowerment in Governance (CenPEG) and AES Watch co-convener, asked whether the claimed source code is the version of Dominion’s PCOS computer program that was used in the 2010 Philippine elections, possibly with some minor modifications for use in the 2011 ARMM elections, but without the bug fixes that were requested by Comelec from Smartmatic as a condition for purchasing the PCOS under the OTP provision of the 2009 contract.
“There were more than 40 bug fixes (or enhancements, using the words of Smartmatic) requested by Comelec, but these bug fixes were never acted upon because of the court battle between Smartmatic and Dominion in the Court of Delaware,” Manalastas said. To date, this court case between technology owner Dominion, and its Philippine licensee and system integrator Smartmatic, has not yet been resolved. So the PCOS binary program that will be used in the May 13, 2013 elections retain all of the bugs of the 2010 binary program, plus all the bugs added by the 2011 ARMM binary program, which was never actually tested and used.
Manalastas also asked, under what kind of license is the Dominion source code being released? He said: “Until we see the licensing agreement under which the Dominion source code is being made ‘open’, we do not know what Brilliantes means. Is Dominion giving Comelec a license to read and modify Dominion’s PCOS source code? Is Dominion giving Comelec a license to read the source code and propose modifications to be carried out by Dominion? Is Dominion giving the political parties and interested groups a license to read and modify Dominion’s PCOS source code?
Is Dominion giving the political parties and interested groups a license to read the source code and propose modifications to be carried out by Dominion? Is Dominion licensing the PCOS program as an open source program? If so, why is it not making the source code available for public download?”
Is the release of the source code going to improve the credibility of the 2013 elections, and is this Comelec’s obedience to the prescriptions of Section 12 of RA-9369?, the CenPEG IT Fellow also asked. “The answer to both questions is a big NO. A review done after May 13, of the source code of the May 13 elections will not help solve the bugs of the May 13 binary programs. To the second question, the Comelec has tried to disregard the provisions of Section 12, from the very beginning in 2009, to the present. It has stonewalled the proponents of source code review by imposing source code review qualifications and source code review conditions that are impossible, even for Comelec’s own IT people to meet.”
Another co-convener of AES Watch, IT security expert Lito Averia said there is nothing to rejoice with the news that the source code of the PCOS machines will be made available for review. “Even as Smartmatic-TIM has released the source code of the election management system (EMS) and the canvassing and consolidation system (CCS), the source code of the PCOS machines has long been withheld,” Averia said.
“How will candidates, political parties, and voters know that the errors found in the PCOS program that will run the machines have been corrected even after handing down the supposed source code?” Averia noted.
Tuazon, who is also the director for policy studies of CenPEG, said that a source code review done only after the mid-term elections will only be a farce. “All malicious bugs and errors that will be found then could no longer be corrected let alone the manifest deficiencies that would make the election results questionable,” he added.
Just the same, AES Watch challenged Brillantes to show immediately that the source code mentioned is the same one loaded in some 78,000 PCOS machines now deployed all over the country – with several being used for the FTS – and verified via hash code matching.
Tuazon said the Smartmatic PCOS machines cannot be trusted to count properly and do their job accurately and securely. The Comelec under Chairman Melo and now under Brillantes in complicity with its foreign technology provider bungled the implementation of the Poll Automation law (RA 9369) in the country.
He added: “Comelec wasted three years to prepare the source code and the PCOS machines for the 2013 polls. AES Watch individual conveners and members filed a strong complaint last May 3 with the international community, the UN and elevated their case to violations of civil and political rights of Filipino voters and watchdogs. The Comelec has lied about the source code many times in the past and labelled critics as election saboteurs. Afraid of the international backlash of continued violations of the country’s own poll automation law, now the Comelec is announcing the release of the elusive source code in the company of its foreign partners but only to be reviewed AFTER the elections contrary to the provision of RA 9369 that source code review shall be available for independent review as soon as the technology is chosen.”
Brillantes is also under obligation to disclose the terms and conditions reached with Dominion on the alleged disclosure of the source code especially because this company was not – and has never been – a party to the 2009 contract awarding the provision of election technology to Smartmatic. “How much money did the Filipino taxpayers pay for such disclosure brokered no less by Comelec?”, Tuazon asked.
Without the source code review to be done before election day AES Watch challenges Comelec to do Parallel Manual count as contingency, to ensure the PCOS software will count right and the machines will operate according to the law.
“We just cannot trust the machines to count accurately and do their job properly, given the countless glitches from wrong counting, mismatches, and erratic transmissions,” Tuazon concluded.
For details, please contact:
AES Watch Acting Secretariat