Last September 8, Commission on Elections (Comelec) Chairman Andres Bautista announced that DLSU agreed to host the Source Code Review (SCR) for the Precinct Count Optical Scan (PCOS) machines to be used for the 2016 National and Local Elections (NLE).
According to Coordinator for Special Projects Ricardo Flores of the Office of the Vice Chancellor for Administration (OVCA), Comelec opted to have the source code review done in an academic institution to ensure transparency and neutrality during the source code review process. Flores explains that DLSU was chosen because of its reputation as one of the premier universities in the Philippines and its proximity to the Comelec main office in Intramuros, Manila.
Another review is simultaneously being conducted by SLI Global Solutions, an international certification company based in the United States of America.
According to Comelec Webmaster Eden Bolo, the main goal of the SCR is to build public trust and confidence in the 2016 Automated Election System (AES).
What is the Source Code Review?
Section 12 of Republic Act 9369, aptly entitled “Examination and Testing of Equipment or Device of the AES and Opening of the Source Code for Review,” provides the mandate for reviewing the source code of the machines to be used in the elections. The review is necessary to assure citizens that Comelec imposes transparency in the NLE.
The source code is the software written in readable text. It shows how the systems of a program run and can be used to verify that the system is reliable, accurate, and secure. It can be written in any programming language, the most popular of which include C, C++, Java, Perl, PHP, Ruby, and Python.
Reviewing how systems are programmed entails scrutinizing the source code of an application. In the case of the elections, the SCR will allow independent bodies to review the source code that will be used by the Optical Mark Reading (OMR) machines set to be used in the NLE this coming May. Reviewers shall be checking each code line for malicious or erroneous portions, a task that, given the significance of the NLE, is of utmost importance. Reviewing the code will allow validation and certification that the system is correctly, accurately, and securely counting ballots.
Smartmatic’s Marlon Garcia notes that reviewers in charge of the SCR check the code line by line for flaws or potential flaws, consistency with the overall program design, quality of comments, and adherence to coding standards, performance, functionality, and security.
Leaving nothing to chance
In 2013, the SCR occurred over a period of one month. In contrast, Comelec has allotted seven months for the review for the 2016 NLE and divided the process into two phases: the Base Code Review and the Final Customized Code.
The reviewers shall also have the guidance of subject matter experts (SME) from Smartmatic, the source code provider. SMEs shall be giving presentations and support to the reviewers. A more cohesive report from reviewers, SME, and Comelec shall be made public.
Lastly, more participants have been invited to review the source code. Aside from political parties, two IT groups recommended by the Comelec Advisory Council and DLSU will be given the opportunity to review the code.
The first phase of the SCR, the Base Code Review, began on October 15, and will continue until January or February next year. This stage shall include the review of the Election Management System (EMS), the Canvassing and Counting System (CCS), and the SAES 1800+, the Vote Count Machine. Reviewers will be given walkthroughs and lessons by the SME to guide them through the process.
Once the program has been certified by the Technical Evaluation Committee, the review of the final customized code shall begin. There will be a discussion on the customized code; however, there will no longer be walkthroughs or guidance from SME.
Once both phases have been completed, Garcia explains that the source code can be programmed into the machines by SLI Global Solutions (IT company based in the US) and Comelec under the observance of political party representatives and accredited watchers.
Preparations done by DLSU
Aside from the OVCA, offices under the Facilities Management Group, Campus Services Group, and Information Technology Services will also be contributing to the SCR, mainly through providing logistical support. Moreover, students from the College of Computer Studies may also take part in the review, according to Flores.
The University has also invested in Intel Core i7 computers to be used in the review.
In order to cause minimal disturbances, Flores said that they chose the lobby of the Br. Andrew Gonzalez Hall, a relatively isolated venue, as the venue for the SCR.
The SCR Center will be open and operating from Mondays to Fridays, excluding holidays, from 8:00 AM to 5:00 PM.