EARLIER this week, Commission on Elections (Comelec) Chairman Andres D. Bautista announced that De La Salle University Taft (DLSU Taft) agreed to host the source-code review of the 2016 automated election system (AES), beginning the first of October.
Let’s unpack that announcement, shall we?
First off, the source-code review is the systematic examination of the, well, source code of the AES. The AES is actually comprised of three separate systems: the Election Management System, which is responsible for creating unique ballots for every single legislative district in the country; the Consolidated Canvassing System, which basically tallies up the results from all precincts; and the Vote Counting Machine, which refers to the Optical Mark Readers (OMRs) that will be used. Each code will, naturally, be reviewed comprehensively in an attempt to find mistakes, or (as some undoubtedly hope) malicious lines of code intended to “fix” the coming election.
This review is in compliance with the automation law, which provides: “Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof.”
Second, this code review is going to happen in parallel with a similar source-code review being undertaken by an international certification entity overseas. Under the automation law, it is this parallel review that will be the basis of the certification of the AES as being fit for use in the elections, again as provided for in the automation law.
Third, the code review to be done at DLSU Taft is actually a two-part undertaking. The first part will start on October 1, 2015, and will be a review of the base source code, referring to the uncustomized source code that was turned over to the Comelec at the start of the bidding process for the procurement of OMRs to be used in next year’s elections.
The second part, most probably happening in February next year, will be a review of the customized source code, that is, the code that has been tailor fitted for the unique requirements of Philippine elections and finally approved and loaded onto all the OMRs to be used in the elections.
Fourth, adhering closely to international best practices for source-code reviews, credentialed reviewers will be required to submit periodic reports of their findings to the Comelec. And for security reasons, no copy of the source code, documentation, or any material supplied by the commission may be taken out—whether wholly or in part—from the secured facility, whether physically or electronically.
Fifth, in both the 2010 and 2013 elections, source-code reviews by international certification entities were completed. It was the source code for interested parties—the kind now scheduled to be done at DLSU Taft—that encountered problems.
In 2010 source-code review facilities were set up at the Comelec main office in Intramuros, Manila. Unfortunately, those who claimed to be interested in reviewing the codes decided to boycott the review. Remarkably, despite having voluntarily passed on the opportunity to review the codes, these same people asked the Supreme Court (SC) to compel the Comelec to open up the source codes for review. The Comelec then explained the source-code review procedures it had instituted, along with the guidelines meant to govern the activity. The Court ruled that the procedures and guidelines were reasonable enough, and yet the boycott by the so-called interested parties continued.
Here’s where it gets weird. After boycotting the review a second time, these “interested parties” returned to the SC, asking that the Comelec be cited in contempt for not opening the codes up for review. Fortunately, the Court was having none of that.
In 2013 the source-code review was delayed until very close to Election Day. Nevertheless, a walkthrough—also a type of source-code review—was eventually conducted and participated in by political parties.
And, finally, in this context, the term “interested parties” does not include people who simply walk in and express curiosity about how the code works. People who want to undertake the source-code review actually have to write a request and present proof of their credentials, such as Java certifications and such.
However, the Comelec has announced that it will make provisions for a viewing area where, subject to reasonable regulation, the general public can remotely observe the review process. This will be possible through live feeds from the closed-circuit television cameras installed within the secure room where the review is taking place.
****
James Arthur B. Jimenez is director of the Commission on Elections’s education and information department.