The Market Monitor Minding the Nation's Business
By Rod ‘Inky’ Reyes
I am ominously aghast that regardless of how seemingly attractive automated elections are, the intent and spirit behind the Automated Election Law has been and continues to be prostituted by election authorities and the contractor entrusted with safeguarding our democratic institutions. Given what happened in 2010 and 2013 where every single security feature of the PCOS (Precinct Count Optical Scan) was removed, how can we expect a fair and honest election in 2016?
Consider the following anomalous disablement of the security features of the much-vaunted PCOS machines: First, there were no digital signatures, as required by law. The digital signatures are PIN codes given to the chairmen of the Board of Election Inspectors that serve to authenticate and secure the integrity of the electronic election results transmitted electronically.
The disablement of the digital signatures—first by Comelec Resolution No. 8786, issued in 2010, then by Comelec Resolution No. 9640, issued in 2013, left the system wide open to “tampering,” “hacking” or “network intrusion.”
Second, contrary to law, there was no source-code review, either by the Comelec or the political parties. This spelled disaster for the 2010 and 2013 elections because the source code tells us if the vote you cast was actually counted for the person you voted for. During the Joint Congressional Oversight Committee (JCOC) hearing on December 4, 2014, I appeared as a resource person representing the Philippine Constitution Association (Philconsa) and the Bagumbayan VNP-Movement (a national political party registered with the Comelec).
When I asked former Comelec Chairman Sixto Brillantes about the source-code review, he admitted that there was no such review in the 2010 elections, and that the source code was only reviewed after the elections in 2013. Shouldn’t the source code have been reviewed prior to the elections to make sure that the PCOS machine would work and that our votes would be counted properly?
The importance of the source-code review was emphasized by no less than the Supreme Court in the case of Center for People Empowerment in Governance vs Commission on Elections (G.R. No. 189546, September 21, 2010), to wit:
“Source code is the human readable representation of the instructions that control the operation of a computer. Computers are composed of hardware (the physical devices themselves) and software (which controls the operation of the hardware). The software instructs the computer how to operate; without the software, the computer is useless. Source code is the human readable form in which the software is written by computer programmers. Source code is usually written in a programming language that is arcane and incomprehensible to non-specialists but, to a computer programmer, the source code is the master blueprint that reveals and determines how the machine will behave.
“Source code could be compared to a recipe: just as a cook follows the instructions in a recipe step-by-step, so a computer executes the sequence of instructions found in the software source code. This is a reasonable analogy, but it is also imperfect. While a good cook will use her discretion and common sense in following a recipe, a computer follows the instructions in the source code in a mechanical and unfailingly literal way; thus, while errors in a recipe might be noticed and corrected by the cook, errors in the source code can be disastrous, because the code is executed by the computer exactly as written, whether that was what the programmer intended or not x x x.”
Third, the voter verification application was disabled and removed by the Comelec in the above-mentioned resolutions. You will recall that the PCOS machines had a slot on top where a “receipt” with a bar code was to have been issued.
This “receipt” would have shown the actual votes you cast and for whom you voted, which were to be scanned and read by the machine. Instead, the PCOS machines merely displayed the presumptive statements: “Congratulations. Your vote has been registered.”
The mere “congratulatory” message sent by the PCOS machine saying your votes were registered does not ensure that your votes were actually counted, especially where a doubtful source code devoid of review, which records which vote goes to which candidate, was inserted in the PCOS machine.
Fourth, contrary to law, no random manual audit was conducted. The random manual audits of precincts is mandated by law. Here, the Comelec should, without warning, audit the PCOS machines in randomly selected precincts to see if they performed accurately and efficiently. Again, the Comelec issued Resolutions 8837 in 2010 and 9595 in 2013, which ordered that ALL the precincts of audit be selected and disclosed at a central location at least six hours (for 2010) and four/two days (for 2013) before the close of the polls. This rendered the randomness of the audit virtually nugatory, because it totally removed the intended lack of predictability of the audit.
Fifth, and again contrary to law, the PCOS machines’ built-in ultra violet (UV) sensors were disabled by the Comelec. This function would have prevented the use of fake ballots, or pre-accomplished digitized ballots, as well as ensured that the machines would only read official ballots printed by the National Printing Office (NPO) and/or theBangko Sentral ng Pilipinas or as authorized by NPO.
I can give you a litany of other violations and anomalous and statistically improbable results, but we will be up all night with mouths agape in total bewilderment and disgust. I guess the question I have, which we all must ask is: Will we ever have clean elections? Methinks that as long as we have the PCOS machines stripped of all the safeguards written in by law, then the obvious answer is a flat “No!”! don’t know about you, but I don’t relish the idea that my constitutionally guaranteed right to suffrage has electronically been curtailed.
Rod Reyes is managing partner at Gordon, Dario, Reyes, Buted, Hocson, Viado and Blanco Law Offices (GDR Law)