The basic principle guiding elections in a democratic country is secret voting and public counting. When counting is computerized, we lose the essence of public counting. Senator Gordon's Automated Election Law RA-9369 hope's to remedy the absence of public counting via public source code review of the counting and canvassing computer programs.
But if Smartmatic has only a binary license, and not source license, how can there be a source code review? Read more here: http://pmana.multiply.com/journal/item/63/Election_2010_Public_Counting_Code_Review **PRManalastas** Election 2010: Public Counting & Code Review Aug 3, '09 10:52 AM for everyoneComputer Programs A computer program is a set of instructions that a computer follows to accomplish its task. Without a program, a computer is just a dumb chunk of metal and plastic. With a program the computer can help us browse the web, send and receive email, Skype our relatives abroad, format and print beautiful documents, and balance our household budget. A program is written by a human computer programmer, using a human-readable programming language like C or Java. This version of the program written in some human-readable language is called source code. Although the source code can be read by humans, the computer can not execute source code. Source code needs to be translated into a computer-readable-executable version called machine code, the only language that the computer understands. Here is an example of source code, written in the C programming language. #include <stdio.h> int main(void) { printf("Hello, world!\n"); return 0; } And here is the equivalent machine code that the computer can execute. The first column is machine code, and the last two columns are English version of machine code .section .rodata .LC0: 48656C6C .string "Hello, world!" 6F2C2077 6F726C64 2100 .text main: 8D4C2404 leal 4(%esp), %ecx 83E4F0 andl $-16, %esp FF71FC pushl -4(%ecx) 55 pushl %ebp 89E5 movl %esp, %ebp 51 pushl %ecx 83EC04 subl $4, %esp C7042400 movl $.LC0, (%esp) 000000 E8FCFFFF call puts FF B8000000 movl $0, %eax 00 83C404 addl $4, %esp 59 popl %ecx 5D popl %ebp 8D61FC leal -4(%ecx), %esp C3 ret The machine code is given in hexadecimal for convenience to the human reader, but in the computer, it is really binary, consisting entirely of zeroes and ones. For example, the hexadecimal instruction 89E5 (movl %esp,%ebp) is really the binary instruction 1000 1001 1110 0101 in the computer. For this reason, machine code is also called binary code. Counting in Manual elections The Omnibus Election Law tells us that counting of our votes has to be done in public, in full view of everyone. Section 206 states that, "Counting to be public and without interruption. As soon as the voting is finished, the board of election inspectors (BEI) shall publicly count in the polling place the votes cast and ascertain the results. The board of election inspectors shall not adjourn or postpone or delay the count until it has been fully completed, unless otherwise ordered by the Commission (on Elections or COMELEC)." As citizens, it is our right to know how our votes are counted. This right is an inalienable right, guarranteed by Section 7 of our Constitution, "The right of the people to information on matters of public concern shall be recognized." Election is a matter of public concern, and we have a collective right to know how the votes on our ballots are counted. Thus the need for open and public counting. Automated Election: Paper-Based Computerized Elections The computerized election that COMELEC has chosen for May 10, 2010 makes use of substance 24 or thicker paper ballots of size 8.5"x30". This ballot can hold the names of 300 national and local candidates' names on one side and 300 party-list names on the reverse side. The voter marks the oval next to the candidate's name of his choice using any one of the following marking styles: dot, check mark, cross mark, or full shade. When the voter has finished marking his choices, he feeds his ballot himself into the Precinct Count Optical Scan (PCOS) computer, which scans his ballot, saves the scanned image of the ballot as a TIFF file in the non-volatile static memory of the PCOS, together with its interpretation of the ballot. The PCOS decides which marks on the ballot are valid vote marks, based on guidelines specified by COMELEC, but ultimately based on its inherent capability to "see" the marks as defined by its scan resolution and scan depth. Scan resolution defines how many dots the scanner can see per linear inch. Normal scanners can see 300 dots per inch, horizontally and vertically. Scan depth refers to how many shades of color can be associated with each dot. Normal scanners can see 24-bits of color per dot, corresponding to more than 16 millions shades of color. On the other hand, the scanner of the Smartmatic PCOS computer that COMELEC has selected has a scan resolution of 200 dots per inch, with depth of 4-bits and so can only see 16 shades of a single color - black. This is 16 only, not 16 million. The Smartmatic PCOS scanner is absolutely the most primitive scanner one can buy today, or not buy, because they are not even offered for sale in normal computer stores. No matter how brilliant is the computer program of the PCOS, it will make mistakes in deciding which of the voter's marks are valid votes and which are not, precisely because it can only "see" 16 shades of black and white. The ability to see only 16 shades would have been okay, if only the PCOS machine were required to show to the voter how it interpreted the voter's ballot. But COMELEC will configure the PCOS machine to NOT show the PCOS interpretation to the voter, because of time limitations. It takes the PCOS 30 seconds to interpret each 8.5"x30" ballot, and to require the PCOS to show its interpretation to the voter will add another 30 seconds, for a total voting time of one minute per voter. Since there will be 1000 voters per computerized precinct, at one minute voting time per voter, total voting time will be about 17 hours, which is not acceptable to COMELEC. So in May, 2010, the voter will never know how the PCOS read his ballot, and how the PCOS added up all the votes to produce the precinct election return. With computerized counting using Smartmatic's PCOS, the principle of public counting provided for in the Omnibus Election Law will never be realized. Source Code Review The framers of Republic Act 9369, the Amended Automated Election System (AES) Law, realizing that the process of computerized counting of vote marks on paper ballots will be done in secret by the computer, provided an alternative that may be acceptable as a substitute to public counting -- source code review. If the source code of the program running on the PCOS computer can be reviewed by the community, then we will know how our vote marks are interpreted, how votes are assigned to the selected candidates, how votes are tallied, what data are saved for back up later, how the precinct ER EML file is generated, how it is digitally signed by the BEI, how the transmission to the municipal canvassing computer and other destinations is carried out, what details are placed in the audit logs and whether these details are sufficient, etc. With source code review conducted by people we trust, the computerized counting of votes, although carried out in secret by the PCOS computer, will be revealed to us, and so we can accept computerized counting as if it were public counting. RA-9369 Section 14 states the urgency of source code review of the election programs as follows. "Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof." The point in time when the source code review should be done is clearly stated here: "once an AES technology is selected". It does not say that source code review will be done after COMELEC signs the contract with Smartmatic. It does not say that source code review will be done after COMELEC makes a PHP3.0 billion down payment. It says, "once an AES technology is selected" by the Special Bids and Awards Committee (SBAC). THE Terms of Reference provided by COMELEC to the participating bidders in the 2010 elections further confirms this in Section 7.4. "The winning bidder shall authorize COMELEC to make the final source code of the PCOS and CCS and all of its components available and open to any interested party or groups which may conduct their own code review thereof". It says the "winning bidder". It does not say the "winning bidder after signing the contract and after being paid the down payment". It says the "winning bidder" period. Manner of Source Code Review During the hearing of the case "Harry Roque vs. COMELEC-Smartmatic", the Supreme Court gave us an idea of how a source code review should be conducted when Justice Antonio Carpio, pronounced, "the COMELEC has to supply the political parties the source code for review. They have to take them home so that they can study them". Justice Carpio knows how difficult it is to do a source code review, and that the correct way to do this is to allow the political parties to take the source code home, so that their programmers can take the code apart to understand what it is doing, study the code as individuals and in programmer groups, discuss the code with the political leaders, discuss the code in their organizations and special interest groups, discuss the code as widely as possible. This is the only way that you can convince people that the selected technology will do the job right, so that people can accept the secret counting that the PCOS will do. The Filipino can read source code. A great number of us can do so, as evidenced by an ever increasing number of enrollment in IT related courses, from 220,000 in 1999 to 270,000 in 2004. Even grade school students learn to program in school, using LOGO or Basic. High school students learn programming in Basic, C, or Java, and some even program their own websites. However, the COMELEC wants the political parties to do the source code review under conditions and terms agreed upon between COMELEC and Smartmatic, telling people that COMELEC has to respect the Intellectual Property Rights (IPR) of Smartmatic. The contract signed by COMELEC and Smartmatic specifies in Article 7.2, "The system software, hardware, and source code, including documentation will be open for inspection at any time in a controlled environment under guidelines formulated and agreed by both parties". And in Article 9.5, "The PROVIDER (Smartmatic) and COMELEC shall promptly make the source code of the Project available and open to any interested political party or groups which may conduct their own review thereof ... in accordance with the provisions of Article 7.2 above". As a computer programmer, I must violently disagree to a source code review under controlled environment, because that is not in the spirit of "an interested political party or group conducting their own review thereof". Richard Stallman is the founder of the Free Software Foundation, advocate of the freedom to study source code in order to make improvements to the program, and author of the software copyright called the General Public License (GPL). When I mentioned to him that the COMELEC wanted to protect the IPR of Smartmatic, he said, "IPR is just a vague way of talking about various different laws, so talking about it is just handwaving. If they (COMELEC and Smartmatic) claim that some law restricts this review, they have an obligation to say WHICH law they are talking about. Then you can look at that law and make arguments about what it really requires in this case". So I now ask COMELEC, which Philippine law is violated if source code review is done in the manner specified by Justice Carpio? I tell COMELEC now that it may be violating the provision of RA-9369 Section 14 and its own Terms of Reference if it does not allow review as Justice Carpio specified. COMELEC Advisory Council - Enemy of the People In the document "Post-election Report on the Use of Automated Election System (AES) in the 2008 ARMM Elections", the COMELEC Advisory Council (CAC) recommended to the Congressional Oversight Committee the following change in legislation, in RA-9369 to remove "source code review" and replace it with "review of the instructions/users' manual". So the CAC wants to remove from the AES Law the only measure that will make people believe in the correctness of the computer count. The fact that COMELEC did not do a source code review in the ARMM elections can be forgiven. But for the CAC to recommend a new law that prevents us from "our constitutional right to know" is treason. The present membership of the CAC, if they have any honor left in them, should all resign, and should be replaced by people in their respective agencies who will do a better job. The recommendation to remove "source code review" from RA-9369 arises out of the CAC's ignorance of computer technology, an area in which all of them are supposed to be experts. In the Report, the CAC mentioned that "source code" refers to "system software codes of computer programs that may be subjected to alterations causing widespread fraud at a grand scale". First, the subject of source code review is the election application program, the SAES-1800 scanning and counting program, not the system software which is either Windows or Linux. The operating system software, if Linux, has been downloaded and reviewed by thousands of people, and so does not need to be reviewed. Second, the act of doing a source code review of the SAES program will not subject the SAES to "alterations causing widespread fraud at a grand scale". To alter the program running on any computer, you need to have physical or network access to the computer, and the program must be alterable. Only Smartmatic and COMELEC will have physical possession of the PCOS machines before election, which they will keep under lock and key, so physical access is out of the story. The PCOS computer will connect to the Internet at the close of polls on election day, and for a few minutes only, in order to transmit its precinct election return to the canvassing computers, so network access is extremely difficult. The PCOS program must be alterable, but it is not, since it is burned in computer firmware. So how can any criminal computer cracker gain access to the PCOS machine for the purpose of altering the PCOS program? Unless, it is an inside job within Smartmatic or COMELEC. Is Smartmatic Allowed to Supply the Source Code? The owner of a software program (copyright holder) can license his program for use by other people. The license can be of two kinds: (1) a binary license is a permission to use the binary code or machine code on a computer. (2) a source license is a permission to use the binary code on a computer, together with a copy of the source code, which the licensee is allowed to read and study. The source license may further specify whether the source code may be modified by the licensee, and what mechanism the licensee must follow to implement his modifications. Is the Smartmatic PCOS program owned by Smartmatic, or Smartmatic just a licensee of another company? A reading of the License Agreement presented by Smartmatic to COMELEC, which is a public document whose contents the people has the right to know, shows the following. The PCOS computer hardware and software/firmware are owned by Dominion Voting Systems of Canada. On April 4, 2009, Smartmatic licensed this technology from Dominion for a period of five years, "with the right to sublicense the right to use such software to the COMELEC", but that "Dominion will retain sole liability to amend, change or develop all software or firmware or EMS". It is clear from this document that Smartmatic's license is a binary license, and Smartmatic has never been authorized to get the source code from the very beginning, nor is it authorized to modify the source code in any way. When Smartmatic joined the COMELEC bidding to supply computer equipment, management, and training for Election 2010, it had full knowledge that it could not meet the provision of RA-9369 Section 14, which states "Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof". Since COMELEC is a sublicensee of Smartmatic, which in turn is a licensee of Dominion, with only a binary license, COMELEC could not fulfill this sacred duty of source code review in an environment in which "political parties may conduct their own review", because there is no source code to review. Is Smartmatic liable under Philippine laws for its misrepresentations of facts? Is COMELEC, under advice from the CAC, fooling the People? About the Author Pablo Manalastas, PhD, is a lecturer in computer science at Ateneo de Manila and University of the Philippines. He is a computer programmer, and he coached the Ateneo programming team that went to the two World Finals, 2005 Shanghai and 2006 San Antonio, of the prestigious ACM International Collegiate Programming Contest. He is a research fellow of the Center for People Empowerment in Governance.
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
