--- On Tue, 10/13/09, Oscar Plameras <[email protected]> wrote:
> > If that is the case will the > COMELEC/Smartmatic/Whoever come up with a > > proposed blackbox test that would capture all the > scenarios (including > > the ones of my fellow PLUG members)? > > I have not thought of this. But I assume Comelec, etc., > will not refuse such a > reasonable suggestion. As a CenPEG fellow, I was an official observer at the SBAC testing of the Smartmatic computers in May 2009. I also had a chance to talk to Rene Sarmiento, Atty Tolentino, Chairman Melo, Atty Ferdinand Rafanan. We also talked to CAC members Renato Garcia and CAC Chairman Roxas-Chua. Our conversations were either face-to-face visits, or on national television (some of you might have seen the ANC TV shows where Atty Rafanan and myself had a heated discussions). We have made many resonable suggestions to Comelec, including enabling the voter verification of the PCOS interpretation of his ballot markings, suggestions for testing, suggestions for generating the private-public key pairs for the persons of the BEI, not for the positions of the BEI, etc. Comelec refuses to listen to reasonable suggestions if these suggestions do not come from either Smartmatic or the CAC. I have lost faith in COMELEC's ability to accept ideas from the academic community, the NGOs, the computer societies (PLUG, PCS, CPU, etc). COMELEC wants us to have faith in their computerized system, but it does not listen to reason. > > Also can COMELEC/Smartmatic/Whoever come up with a > solution to the > > access to source code provision in the enabling law? > > > > I think that you have to take this up with Comelec and the > responsible parties. > In my personal opinion, I don't think you will be granted > to see the proprietory > source codes used in AES. > I am not in anyway connected with Comelec nor Smartmatic > nor shall I profit > directly or indirectly from the project at all. > I am voicing my opinions on behalf of me as a Filipino > Citizen and as > a registered > voter during this coming election. COMELEC will not allow anyone to review the source code of the election computer programs. That is why we went to the Supreme Court. If you read CenPEG's petition, you will see that we have exhausted all legal means to convince COMELEC to follow the law (RA-9369 section 12) and release the source code as required by law, but COMELEC does not want to listen to our reasonable request. I think this is quite understandable, since COMELEC is trying to protect itself and Smartmatic from copyright infringements of the Dominion Voting System's proprietary election programs. Smartrmatic is only a licensee of Dominion, and COMELEC is a sublicensee of Smartmatic. SMartmatic only has a binary-level license from Dominion, and only Dominion has the right to modify the PCOS program in any way. COMELEC failed to enforce one of the vital provisions in its contract with Smartmatic -- the requirement to Smartmatic to put the source code of the PCOS and CCS programs in escrow at the Central Bank, so that COMELEC can comply with the provision of Section 12 on source code review by interested political parties and groups. This means that COMELEC approved Smartmatic's bid, even if Smartmatic did not comply with a number of provisions in the COMELEC terms of reference to bidders, and in this sense, COMELEC disobeyed the law. When a bidder joins the bidding, it agrees to follow the terms of reference, including providing the source code, even if the software is closed-source commercial softrware. In a way, Smartmatic was engaged in deception, since all the COMELEC commissioners are lawyers who can not understand the licensing agreement between Dominion and Smartmatic, the agreement that was presented to COMELEC as part of Smnartmatic's bid documentation. COMELEC was already way in too deep into its commitment to Smartmatic, when its discovered this failure on the part of Smartmatic. ~Pablo Manalastas~ > > > The longer this gets delayed the great the risk. > > > > On Tue, 2009-10-13 at 13:19 +1100, Oscar Plameras > wrote: > >> You're right. The 1000 is just to illustrate. > >> > >> You're also right that Comelec will dream up all > sorts of possibilities, > >> including "stupid" ones, unreasonable ones, like > no entries in ballots, and all > >> sorts of idiotic combinations. Testing the > system to it's limits is > >> the purpose. > >> > >> On Tue, Oct 13, 2009 at 1:14 PM, <[email protected]> > wrote: > >> > Forgive my ignorance but doesn't this test > fall short? > >> > > >> > Shouldn't we also test for every concievable > configuration setting and not just data? Also shouldn't we > test for all possilbe input and output? Maybe 1,000 is just > an example but that is really too little right? > >> > > >> > Thanks. > >> > "Sent via BlackBerry from Smart" > >> > > >> > -----Original Message----- > >> > From: Oscar Plameras <[email protected]> > >> > Date: Tue, 13 Oct 2009 13:06:31 > >> > To: Philippine Linux Users' Group (PLUG) > Technical Discussion List<[email protected]> > >> > Subject: Re: [plug] COMELEC SUED (Was: The > Death of Election 2010 > >> > SourceCodeReview) > >> > > >> > What my Comelec check will do is, for 1000 > votes inputted, I expected to get > >> > in the results 1000 votes, categorized as > valid, invalid, and uncategorized. > >> > > >> > And the actual results should match the > expected results as prepared > >> > by Comelec of 1000 votes, categorized as > valid, invalid, and uncategorized. > >> > > >> > On Tue, Oct 13, 2009 at 12:42 PM, Danny Ching > <[email protected]> > wrote: > >> >> You should check for absurdity in code, > because it may not affect the check > >> >> during testing but it may affect the > outcome when it really counts (on > >> >> election day). Why do you want to accept > that risk? > >> >> > >> >> On Tue, Oct 13, 2009 at 9:40 AM, Danny > Ching <[email protected]> > wrote: > >> >>> > >> >>> How about checking for code that says > if there is a candidate named "Eddie > >> >>> Gil" add 5,000,000 votes to Gloria? > Will they check for each individual name > >> >>> available in the world? > >> >>> > >> >>> Do not get me wrong. I do not believe > that outcome checking is not good. > >> >>> It is. What I am saying is that it is > not enough. > >> >>> > >> >>> On Tue, Oct 13, 2009 at 9:09 AM, > Oscar Plameras <[email protected]> > >> >>> wrote: > >> >>>> > >> >>>> The check I propose is by > Outcome. > >> >>>> > >> >>>> If my check will not catch the > absurdity in any coding, that's well and > >> >>>> good. > >> >>>> > >> >>>> My check is not going to look for > such things. What matters are the > >> >>>> outcome > >> >>>> or results. > >> >>>> > >> >>>> On Tue, Oct 13, 2009 at 1:40 AM, > Robert Locke <[email protected]> > wrote: > >> >>>> > Oscar, > >> >>>> > > >> >>>> > If I had a closed system > that did the following: > >> >>>> > > >> >>>> > if (current_date > < '2010-05-10) { > >> >>>> > > do_a_normal_tally(); > >> >>>> > } else { > >> >>>> > > do_something_slightly_different_but_not_too_obvious(); > >> >>>> > } > >> >>>> > > >> >>>> > How would your proposed > "Testing the System by Outcomes" catch this? > >> >>>> > > >> >>>> > Maybe you set the system > date to be 2010-05-10, and the ruse is > >> >>>> > revealed. > >> >>>> > > >> >>>> > So the programmer does > this: > >> >>>> > > >> >>>> > if (current_date > < '2010-05-10 && !obscure_hot_key_pressed) { > >> >>>> > > do_a_normal_tally(); > >> >>>> > } else { > >> >>>> > > do_something_slightly_different_but_not_too_obvious(); > >> >>>> > } > >> >>>> > > >> >>>> > How do you catch it then? > Obviously this is an oversimplified > >> >>>> > example, but I'm curious to > hear how you would expose it. Or are we > >> >>>> > supposed to blindly "trust" > that this won't happen? If that's your > >> >>>> > position, then I would say > it's a bit naive. > >> >>>> > > >> >>>> > "There is one safeguard > known generally to the wise, which is an > >> >>>> > advantage and security to > all, but especially to democracies as > >> >>>> > against despots. What is it? > Distrust." - Demosthenes > >> >>>> > > >> >>>> > Rob > >> >>>> > > >> >>>> > > >> >>>> > > >> >>>> > > >> >>>> > On 10 12, 09, at 9:35 PM, > Oscar Plameras wrote: > >> >>>> > > >> >>>> >> We do it the way it has > been done. > >> >>>> >> > >> >>>> >> Testing the System by > Outcomes. > >> >>>> >> > >> >>>> >> Come up with a set of > inputs, and a set of outputs. > >> >>>> >> > >> >>>> >> If all the outputs > (maybe hundreds or thousands) agree with all the > >> >>>> >> inputs, then that's > acceptable. > >> >>>> >> > >> >>>> >> > >> >>>> >> On Tue, Oct 13, 2009 at > 12:31 AM, <[email protected]> > wrote: > >> >>>> >>> How do you suggest > we ensure that the code that is running does not > >> >>>> >>> have the > badguyvote++ sub-routine? Checking binaries using pre- > >> >>>> >>> defined test cases > will probably miss something. > >> >>>> >>> > >> >>>> >>> "Sent via BlackBerry > from Smart" > >> >>>> >>> > >> >>>> >>> -----Original > Message----- > >> >>>> >>> From: Oscar Plameras > <[email protected]> > >> >>>> >>> Date: Tue, 13 Oct > 2009 00:09:48 > >> >>>> >>> To: <[email protected]>; > Philippine Linux Users' Group (PLUG) > >> >>>> >>> Technical Discussion > List<[email protected]> > >> >>>> >>> Subject: Re: [plug] > COMELEC SUED (Was: The Death of Election 2010 > >> >>>> >>> SourceCode > >> >>>> >>> Review) > >> >>>> >>> > >> >>>> >>> It's efficiency. > Code source review will not get you to where you > >> >>>> >>> want. > >> >>>> >>> > >> >>>> >>> It will not reach > the objective of knowing whether the System is > >> >>>> >>> right > >> >>>> >>> in doing what it's > suppose to deliver. > >> >>>> >>> > >> >>>> >>> On Tue, Oct 13, 2009 > at 12:08 AM, <[email protected]> > wrote: > >> >>>> >>>> This is getting > out of hand and really entertaining. > >> >>>> >>>> > >> >>>> >>>> But seriously, > what is wrong with a source code audit and a binary > >> >>>> >>>> integrity > validation mechanism? Just to check if there is not code > >> >>>> >>>> that says: "if > candidate='good guy' then badguyvote++"? > >> >>>> >>>> > >> >>>> >>>> "Sent via > BlackBerry from Smart" > >> >>>> >>>> > >> >>>> >>>> -----Original > Message----- > >> >>>> >>>> From: Oscar > Plameras <[email protected]> > >> >>>> >>>> Date: Mon, 12 > Oct 2009 23:58:59 > >> >>>> >>>> To: Philippine > Linux Users' Group (PLUG) Technical Discussion > >> >>>> >>>> List<[email protected] > >> >>>> >>>> > > >> >>>> >>>> Subject: Re: > [plug] COMELEC SUED (Was: The Death of Election 2010 > >> >>>> >>>> Source > >> >>>> >>>> Code > Review) > >> >>>> >>>> > >> >>>> >>>> [email protected] > is not even in google search. > >> >>>> >>>> > >> >>>> >>>> Just another one > of those pretenders. > >> >>>> >>>> > >> >>>> >>>> On Mon, Oct 12, > 2009 at 11:56 PM, Oscar Plameras > >> >>>> >>>> <[email protected]> > wrote: > >> >>>> >>>>> Maybe, just > maybe your just one of those pretenders. > >> >>>> >>>>> > >> >>>> >>>>> On Mon, Oct > 12, 2009 at 11:53 PM, Oscar Plameras > >> >>>> >>>>> <[email protected]> > wrote: > >> >>>> >>>>>> I don't > understand. Why would you ask the question? > >> >>>> >>>>>> > >> >>>> >>>>>> On Mon, > Oct 12, 2009 at 11:50 PM, Daniel Escasa > >> >>>> >>>>>> <[email protected]> > wrote: > >> >>>> >>>>>>> OK, > who are you, and what did you do with the Oscar Plameras > who > >> >>>> >>>>>>> > posted this: > >> >>>> >>>>>>> http://lists.slug.org.au/archives/slug/2003/08/msg00344.html > >> >>>> >>>>>>> and > this: > >> >>>> >>>>>>> http://archives.free.net.ph/message/20090918.004218.c213bcf2.en.html > >> >>>> >>>>>>> ? > Oh, and ironically, > >> >>>> >>>>>>> http://www.elections.act.gov.au/elections/electronicvoting.html: > >> >>>> >>>>>>> > >> >>>> >>>>>>> > <except> > >> >>>> >>>>>>> > Source code for 2008 software (zipped file in .zip format - > 759 > >> >>>> >>>>>>> > kb)The > >> >>>> >>>>>>> > eVACS® source code downloadable here is an extract of the > >> >>>> >>>>>>> > voting, data > >> >>>> >>>>>>> > entry, and counting modules as used by Elections ACT and is > >> >>>> >>>>>>> > provided > >> >>>> >>>>>>> for > study purposes only. Not included are: (a) artefacts > produced > >> >>>> >>>>>>> > during the eVACS® development process, such as detailed > design > >> >>>> >>>>>>> > specifications; (b) the base Linux operating system and > >> >>>> >>>>>>> > configuration > >> >>>> >>>>>>> > files; (c) the scripts that are used to initialise the vote > >> >>>> >>>>>>> > databases > >> >>>> >>>>>>> and > invoke the eVACS® modules. The design information for the > >> >>>> >>>>>>> > eVACS® > >> >>>> >>>>>>> > system is the property of Software Improvements Pty Ltd. > Their > >> >>>> >>>>>>> > website > >> >>>> >>>>>>> is > at www.softimp.com.au/. Bona fide researchers interested in > >> >>>> >>>>>>> > acquiring more of the source code may apply to Software > >> >>>> >>>>>>> > Improvements > >> >>>> >>>>>>> > using the form at: www.softimp.com.au/evacs/contactus.html > >> >>>> >>>>>>> > </excerpt> > >> >>>> >>>>>>> > >> >>>> >>>>>>> > Ironic because you're in Australia. And you're even too lazy > to > >> >>>> >>>>>>> > trim > >> >>>> >>>>>>> the > quotes. And if you have to ask what that's all about, I'll > >> >>>> >>>>>>> ask > >> >>>> >>>>>>> > again: who are you and what did you do to the Oscan Plameras > who > >> >>>> >>>>>>> > posted those two messages in the URLs above? > >> >>>> >>>>>>> -- > >> >>>> >>>>>>> > Daniel O. Escasa > >> >>>> >>>>>>> > independent IT consultant and writer > >> >>>> >>>>>>> > contributor, Free Software Magazine > >> >>>> >>>>>>> (http://www.freesoftwaremagazine.com > >> >>>> >>>>>>> ) > >> >>>> >>>>>>> > personal blog at http://descasa.i.ph > >> >>>> >>>>>>> > Twitter page at http://www.twitter.com/silverlokk > >> >>>> >>>>>>> If > we choose being kind over being right, we will be right > >> >>>> >>>>>>> > every time. > >> >>>> > >>>>>>>_________________________________________________ > >> >>>> >>>>>>> > Philippine Linux Users' Group (PLUG) Mailing List > >> >>>> >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug > >> >>>> >>>>>>> > Searchable Archives: http://archives.free.net.ph > >> >>>> >>>>>>> > >> >>>> >>>>>> > >> >>>> >>>>> > >> >>>> > >>>>_________________________________________________ > >> >>>> >>>> Philippine Linux > Users' Group (PLUG) Mailing List > >> >>>> >>>> http://lists.linux.org.ph/mailman/listinfo/plug > >> >>>> >>>> Searchable > Archives: http://archives.free.net.ph > >> >>>> > >>>>_________________________________________________ > >> >>>> >>>> Philippine Linux > Users' Group (PLUG) Mailing List > >> >>>> >>>> http://lists.linux.org.ph/mailman/listinfo/plug > >> >>>> >>>> Searchable > Archives: http://archives.free.net.ph > >> >>>> > >>>_________________________________________________ > >> >>>> >>> Philippine Linux > Users' Group (PLUG) Mailing List > >> >>>> >>> http://lists.linux.org.ph/mailman/listinfo/plug > >> >>>> >>> Searchable Archives: > http://archives.free.net.ph > >> >>>> > >>>_________________________________________________ > >> >>>> >>> Philippine Linux > Users' Group (PLUG) Mailing List > >> >>>> >>> http://lists.linux.org.ph/mailman/listinfo/plug > >> >>>> >>> Searchable Archives: > http://archives.free.net.ph > >> >>>> > >>_________________________________________________ > >> >>>> >> Philippine Linux Users' > Group (PLUG) Mailing List > >> >>>> >> http://lists.linux.org.ph/mailman/listinfo/plug > >> >>>> >> Searchable Archives: http://archives.free.net.ph > >> >>>> > > >> >>>> > >_________________________________________________ > >> >>>> > Philippine Linux Users' > Group (PLUG) Mailing List > >> >>>> > http://lists.linux.org.ph/mailman/listinfo/plug > >> >>>> > Searchable Archives: http://archives.free.net.ph > >> >>>> > > >> > >>>>_________________________________________________ > >> >>>> Philippine Linux Users' Group > (PLUG) Mailing List > >> >>>> http://lists.linux.org.ph/mailman/listinfo/plug > >> >>>> Searchable Archives: http://archives.free.net.ph > >> >>> > >> >>> > >> >>> > >> >>> -- > >> >>> Regards, > >> >>> Danny Ching > >> >> > >> >> > >> >> > >> >> -- > >> >> Regards, > >> >> Danny Ching > >> >> > >> > >>_________________________________________________ > >> >> Philippine Linux Users' Group (PLUG) > Mailing List > >> >> http://lists.linux.org.ph/mailman/listinfo/plug > >> >> Searchable Archives: http://archives.free.net.ph > >> >> > >> > > _________________________________________________ > >> > Philippine Linux Users' Group (PLUG) Mailing > List > >> > http://lists.linux.org.ph/mailman/listinfo/plug > >> > Searchable Archives: http://archives.free.net.ph > >> > > _________________________________________________ > >> > Philippine Linux Users' Group (PLUG) Mailing > List > >> > http://lists.linux.org.ph/mailman/listinfo/plug > >> > Searchable Archives: http://archives.free.net.ph > > -- > > > ------------------------------------------------------- > > William Emmanuel S. Yu (杨怀义) > > Department of Information Systems and Computer > Science > > Ateneo de Manila University > > email : wyu at ateneo dot edu > > blog : http://hip2b2.yutivo.org/ > > web : http://CNG.ateneo.edu/cng/wyu/ > > phone : +63(2)4266001 loc. 4186 > > GPG : http://CNG.ateneo.net/cng/wyu/wyy.pgp > > > > Confidentiality Issue: This message is intended only > for the use of the > > addressee and may contain information that is > privileged and > > confidential. If you are not the intended recipient, > you are hereby > > notified that any use or dissemination of this > communication is strictly > > prohibited. If you have received this communication > in error, please > > notify us immediately by reply and delete this message > from your system. > > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
