Comelec told to release PCOS-OMR source code

Various groups today challenged the Commission on Elections to release the source code of the for the Precinct Count Optical Scan-Optical Mark Reader (PCOS-OMR) technology to be used for the 2010 elections.

In a joint statement, the groups said that the source code should be opened to IT professionals and other parties interested in scrutinizing and testing it.

“Comelec and its bidders must convince the country’s 50 million voters that their source code is not vulnerable to either hacking or rigging and that their votes will be counted accurately,” the statement said.

The signatories to the statement cited a study by the Center for People Empowerment and Governance that said, among others, that the Comelec is unprepared and ill-equipped to address the complexities of next year’s automated elections.

Here is the joint statement:

Reveal PCOS-OMR source code, Comelec told

Below meanwhile is the Cenpeg study:

Cenpeg Policy Study on Automated Elections

10 Comments

  1. Paul

    CPEG is just messing with people’s minds and creating fear for new technology. I’d think that any kind of automated election system will not pass muster with this group — though it claims to know many other technologies, it does not venture to cite at least one alternative to DRE or OMR.

    How would giving out the source code make the OMR process more transparent?

    The CPEG’s first contention is that the OMR system makes the counting, canvassing and consolidation of election results hidden from public eye and, hence, lacks any transparency as the Constitution and RA 9369 require.

    At this point, let us differentiate between literal visibility and transparency.

    A literal interpretation of transparency would perhaps mean that the counting of votes or ballots could be witnessed with the eyes of poll watchers. This has NEVER guaranteed that the vote counting would be accurate.

    As applied to automated elections, neither the DRE or OMR systems are capable of showing the internal processes of the machines when they count each vote. The counting happens within the computer chips of the machines and therefore will not be visible to the naked eye. Therefore, perhaps, in this sense neither the OMR or DRE would be transparent.

    Now, again, how does being given the source code of the PCOS OMR system lead to transparency of the voting process?

    Will the CPEG be able to monitor each and every one of the 80,000 machines on election day to check if all the machines being used carry the source code that they scrutinized?

    There are reasons why source codes are protected and among them is to keep the program from being hacked — as all programs have inherent vulnerabilities.

    What is the real motive of CPEG?

    Didn’t we hear Senator Alan Peter Cayetano offer a P100 million reward to anyone who can hack an automated elections system?

    I think CPEG like CPU is just after the P100 Million from Cayetano.

  2. tonyo

    The issue here is how to ensure that automated voting would be clean, honest and faithful to the will of the people.

    I think Cenpeg made its position clear on the role of citizen oversight, of scrutiny of the machines and the technology to be used, in ensuring that hi-tech fraud won’t easily happen.

    There is nothing controversial about revealing source codes. It is standard practice in industry and government elsewhere where there is no premium on corruption of all sorts — whether the graft type committed by officials and hacking and corrupted data by the “experts”. Revealing source codes aims to show strengths and weaknesses of machines and technologies running them — with the goal of making them better and, in this case, resistant to fraud. I suggest you read about source codes and why it is good for you and me that they be revealed.

    I would not begrudge your right to harbor fantasies about Cenpeg and CPU lusting after a P100-million reward for breaking or hacking into the automated voting system. Di naman po lahat ng tao, mukhang pera. The issue here is not who would win the P100-million. That amount is too paltry compared to having a repeat of the 2004 elections which resulted in an illegimate presidency. The issue is whether this automated voting machines and techonology to be used by the Comelec are what we need and want.

  3. paul

    I think this blog agrees with CPEG and CPU in the assertion that if the source codes are not released to the public or to competent individuals, then there is something sneaky or suspicious about the automated voting machines.

    At some point, I think the CPEG and CPU even went so far as to say that keeping the source codes secret would make it possible to conduct automated cheating.

    These are fallacious arguements where PROOF OF CONCEPT would have ended any arguement.

    Both groups still have to prove that the automated election system that will be implemented can be hacked.

    Both groups still have to prove that secret codes or instructions can be inserted in the program of the automated voting machines that would enable anyone to conduct automated cheating.

    Both are theoretically possible, but they have yet to present a documented case where this actually happened.

    Like I said before, this is just as spectacular as SWORDFISH.

    I think you may have taken their whole spin on this issue without analyzing the repercussions of their statements. Then again, if this blog subscribes to their statement, then it is a willing supporter of an effort to sow doubt in the automated elections.

    What they and perhaps you are actually saying is that they do not want any form or type of automated elections at all in 2010.

    But, then again, I know you’ll say that you guys are actually for automated elections but you have to certify it kosher first.

    So, if you, CPEG and CPU are really interested to find out about the automated voting machines I suggest you go to the Comelec when they finally award the bid. The winner of the bid will give a demonstration of the system and perhaps you guys can go there and demand the winning bidder to give up the source code of the system.

  4. tonyo

    That is odd. We can’t scrutinize the bidders and their wares before one of them bags the single biggest contract in government history?

    People are skeptical of the Comelec. No, very skeptical. Being vigilant about the process toward automated voting is a healthy exercise that seeks to calm this skepticism and, more importantly, reduce possibility that other Garci’s implement more modern cheating.

    If you do not wish to be as vigilant and critical, that’s your right.

    All people, I think, share this aspiration to have a modern and credible poll system. The problem is that time is against all of us, even if we do not complain (as you may wish). Congress and the President delayed the whole process. The lingering credibility problem of institutions makes the situation, as best exemplified by the refusal to divulge the source code of the technology to be used.

    I am sick and tired of the line that to complain is bad. That is unfair and untrue. To complain is supremely good at times like this when the order of the day is to unquestioningly, uncritically and unintelligently allow perfidies to just happen.

  5. Paul

    Tonyo, just to clarify, the winning bidder still has to pass the demonstration phase. In the demonstration phase, the lowest winning bidder will be asked to prove that their machines meet the requirements set by RA 9369. These include, among other things, if the machine does counts accurately or not as well as if it can be tampered with or not. If the winning bidder’s machine does not pass the requirement, the next bidder with the next lowest price will be asked to undergo the demonstration.

    This demonstration is open to the public. This means you can actually go to the demonstration and perhaps, as a citizen, asked to be recognized and be allowed to submit observations on the demonstration.

    Perhaps, your only point of contention is whether or not the source code will be released to the public.

    The source code for the program will be scrutinized by the Comelec Technical Advisory Committee and thereafter held in safekeeping at the Central Bank.

    RA 9369 recognizes that not everybody can or should review the source codes of the automated election machines.

    Therefore appointed the Technical Advisory Committee to conduct the scrutiny.

    The Technical Advisory Committee is composed, NOT OF COMELEC OFFICIALS, but of people from the Department of Science and Technology, the Commission on Information and Communications Technology, the National Computer Center of the University of the Philippines, the PPCRV and IPER (institute of political and economic reform)

    Should parties contest the results of the elections or allege that code had been inserted to pad the votes of any of the candidates in the elections, the code can be retrieved from the Central bank for comparison with the codes in the machines used in the elections.

    I strongly suggest that you, the CPEG and the CPU do witness the demonstration of the winning bidder. Practice your analytical prowess there, be skeptical where it will actually matter, and then if it doesn’t pass muster with you, then lodge your complaint formally with the Comelec.

    It is alright to recognize that something wrong is happening, but don’t stop at complaining. You have to take action.

    Don’t assume that I haven’t been vigilant.

    I actually followed RA 9369’s progress through congress and I pushed for its implementation in 2007. Where was CPU, CPEG, and Tonyo Cruz then?

    Where were you guys when machines were being demonstrated to the public in 2007? Eh?! There were actually several vendors, including the present bidders, who were all too willing to show their machines and even give out source codes then.

    Why surface now at the eleventh hour?

    Even granting you, CPEG and CPU could be given the source code, would you actually be able to find all the flaws in the programs and propose remedies for all of it in time for the 2010 elections?

    I’d bet that CPEG and CPU wouldn’t be able to complete the scrutiny and the programming work needed to come up with patches for the programs in time. Perhaps all it will be able to do is to point out flaws, if there are flaws and the whole thing would be argued over.

    This proposal for a review of the source code of the winning bidder is adding another step that might effectively lead to the shelving of automated polls.

    Of course, you wouldn’t want that to happen, would you?

  6. tonyo

    The source code must be divulged because that the most important aspect of automated polls — just exactly how the systems would accept, count, transmit, canvass the votes.

    I was among a number of bloggers present during a 2008 presentation by James Jimenez on the machines to be used in the ARMM elections. I am also aware that CPU is closely following the proceedings.

  7. paul

    Well, Tonyo, I think that this requirement of CPEG and CPU of divulging the source code is superfluous and also dangerous.

    It’s a great idea actually, but then again, you should have raised that point when the bill was going through legislation.

    Raising it right now, at a rather crucial juncture, makes this call and this cause rather suspicious.

    I think na mas sigurado ang pandaraya sa mano-mano na election and I believe that CPEG as well as CPU would rather have the mano-mano system, despite being proven to be so vulnerable to wholesale cheating. I think they’d rather have mano-mano cheating kasi hindi naman ibibigay ang source code.

  8. paul

    And also, let me refute your statement that the source code MUST be divulged. Nowhere in RA 9369 was this specifically made a requirement for the bidder and we all have to contend with the law.

    Mas maganda siguro kung mag-lobby kayo na makapag-pasa ng batas para ma-require yan ng batas. You have ample time, between now and the fifteenth congress.

  9. MNDL

    COMELEC CHAIRMAN MELO assured us that COMELEC will make the source code of the Automated Election System available for review once it is customized and gets certified sometime in February. Yes, we have no problem with promises. Lovers often do that. Groovy? We’ll see.

    “A Stalled Right to Review the Election Source Code”
    http://www.mndlaw.net/?p=477

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.