Pablo Manalastas wrote:
--- On Tue, 10/13/09, Oscar Plameras <[email protected]> wrote:If that is the case will theCOMELEC/Smartmatic/Whoever come up with aproposed blackbox test that would capture all thescenarios (includingI have not thought of this. But I assume Comelec, etc.,the ones of my fellow PLUG members)?will not refuse such a reasonable suggestion.As a CenPEG fellow, I was an official observer at the SBAC testing of the Smartmatic computers in May 2009. I also had a chance to talk to Rene Sarmiento, Atty Tolentino, Chairman Melo, Atty Ferdinand Rafanan. We also talked to CAC members Renato Garcia and CAC Chairman Roxas-Chua. Our conversations were either face-to-face visits, or on national television (some of you might have seen the ANC TV shows where Atty Rafanan and myself had a heated discussions). We have made many resonable suggestions to Comelec, including enabling the voter verification of the PCOS interpretation of his ballot markings, suggestions for testing, suggestions for generating the private-public key pairs for the persons of the BEI, not for the positions of the BEI, etc. Comelec refuses to listen to reasonable suggestions if these suggestions do not come from either Smartmatic or the CAC. I have lost faith in COMELEC's ability to accept ideas from the academic community, the NGOs, the computer societies (PLUG, PCS, CPU, etc). COMELEC wants us to have faith in their computerized system, but it does not listen to reason.Also can COMELEC/Smartmatic/Whoever come up with asolution to theaccess to source code provision in the enabling law?I think that you have to take this up with Comelec and the responsible parties. In my personal opinion, I don't think you will be granted to see the proprietory source codes used in AES. I am not in anyway connected with Comelec nor Smartmatic nor shall I profit directly or indirectly from the project at all. I am voicing my opinions on behalf of me as a Filipino Citizen and as a registered voter during this coming election.COMELEC will not allow anyone to review the source code of the election computer programs. That is why we went to the Supreme Court. If you read CenPEG's petition, you will see that we have exhausted all legal means to convince COMELEC to follow the law (RA-9369 section 12) and release the source code as required by law, but COMELEC does not want to listen to our reasonable request. I think this is quite understandable, since COMELEC is trying to protect itself and Smartmatic from copyright infringements of the Dominion Voting System's proprietary election programs. Smartrmatic is only a licensee of Dominion, and COMELEC is a sublicensee of Smartmatic. SMartmatic only has a binary-level license from Dominion, and only Dominion has the right to modify the PCOS program in any way. COMELEC failed to enforce one of the vital provisions in its contract with Smartmatic -- the requirement to Smartmatic to put the source code of the PCOS and CCS programs in escrow at the Central Bank, so that COMELEC can comply with the provision of Section 12 on source code review by interested political parties and groups. This means that COMELEC approved Smartmatic's bid, even if Smartmatic did not comply with a number of provisions in the COMELEC terms of reference to bidders, and in this sense, COMELEC disobeyed the law. When a bidder joins the bidding, it agrees to follow the terms of reference, including providing the source code, even if the software is closed-source commercial softrware. In a way, Smartmatic was engaged in deception, since all the COMELEC commissioners are lawyers who can not understand the licensing agreement between Dominion and Smartmatic, the agreement that was presented to COMELEC as part of Smnartmatic's bid documentation. COMELEC was already way in too deep into its commitment to Smartmatic, when its discovered this failure on the part of Smartmatic. ~Pablo Manalastas~
[snip]Whew! this is one extremely long thread. Well, both of the ayes and nays have their own point, but in the context of the law, there is no loophole. Binary testing is not equal to source code review, Automated testing is not equal to realtime testing, compounded with insufficient QA, this is one hell of a deadman switch. Mission critical applications are rigorously scrutinized and source code examined. The AES is a mission critical application since it determines the fate of a country, not a simple matter of just Counting and Tallying, especially in the light of overwhelming computer threats. Therefore transparency/source code review is important to ensure that no hidden easter eggs or nests are present to screw up the whole situation. In any case, while the case is still pending with the Supreme Court, why don't we start thinking of ways to ensure the safety and integrity of the system? The wheels of justice turns ever so slowly here in our country, that I would say, it would be a miracle if the Supreme Court can put out a decision regarding the interpretation of the law within this year.
-- Peter Santiago [email protected] My website: www.psinergybbs.com My spamtrap address: [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
