Why CenPeg, a UP-based Think Tank, did not Participate in COMELEC’s Software Review

Posted on February 18, 2010


Center for People Empowerment in Governance (CenPEG)
February 9, 2010
The Center for People Empowerment in Governance (CenPEG) today announced that it will not take part in the “source code review” called by the Commission on Elections (Comelec) to study the software program of the May 10 automated election system (AES).
Through its Board chair and Fellows, CenPEG thus declared its stand on the source code review in a breakfast roundtable with the press held in Intramuros, Manila. CenPEG had earlier called the Comelec move as too restrictive thus making any review a sham.
Source code is the human-readable computer program that will run Comelec’s 82,000 voting and counting machines in addition to other canvassing computers. Without a thorough review, estimated to take at least three months done by 30-40 IT programmers, nobody will detect the malicious codes and bugs inserted. This will make the system vulnerable to internal rigging and other manipulations.
A letter addressed to Comelec Chairman Jose Melo and signed by CenPEG Chairman and National Artist Bienvenido Lumbera and others, said Comelec’s 9-point guidelines on the review put undue pressure on the reviewers of interested parties and groups, such as time constraint, close watch, and other restrictions. The Comelec review also prohibits any
modification to the source code so that any malicious codes found would leave the software virtually without any safeguard thus compromising the integrity of the code, the CenPEG letter also said.
At this point, the letter which was also signed by CenPEG Executive Director Evita Jimenez and Fellow for IT Dr. Pablo Manalastas, said the AES internal system “is now deemed more open to greater vulnerability. Poll watching then would be more confined to observing the external workings of the AES.”
CenPEG political analyst Bobby Tuazon said that based on Comelec and Smartmatic pronouncements, no real source code review will take place. Instead only a “walk through” or presentation of the review findings done by SysTest Labs will be made.
Tuazon said Comelec could be held accountable if incidents of internal rigging and other manipulations resulting from the lack of a real source code review would happen.
CenPEG, an independent policy think tank based in the University of the Philippines in Diliman, Quezon City had as early as May 2009 asked the poll body for the release of the AES source code for review as mandated by RA 9369 or the election modernization law. The request was approved by the Comelec en banc late June but the computer software was not released prompting CenPEG to file a petition for mandamus with the Supreme Court in October last year.
The Comelec has asked for postponements and extension several times to reply to CenPEG’s petition. The case is awaiting resolution by the high court.
CenPEG had organized a pool of volunteer programmers and IT academics to review the AES software pro bono. But Comelec had the source code turned over through the U.S.-based Dominion Systems, the alleged real owner of the source code, for review and testing by the Colorado-based SysTest Labs. The review was transacted for a whopping PhP70 million.
Meanwhile, the Automated Election System (AES) Watch citizens’ poll watchdog had earlier rated the source code review a “failure” owing to the delay of its release by Comelec. The code should have been made available as soon as the technology was chosen for the AES last June 2009.
The source code review has been the subject of several hearings by the Joint Congressional Oversight Committee (JCOC) on the AES. CenPEG, along with AES Watch, has attended the hearings.
For details, please contact:
Ms. Ayi dela Cruz
CenPEG Media Relations & Researcher
TelFax +9299526
Mobile Phone 0939-4683368
3F CSWCD Bldg., UP Diliman, Quezon City
Download the PDF version: CenPEG PR Source Code Review Feb 9 2010
Posted in: Diliman, System