I was surprised to hear a representative of a civil society organization (CSO) say that her group is not so keen on pushing the Commission on Elections (Comelec) to release the source code for the software to be used in the Automated Election System (AES) this May. During the round table discussion on election issues organized by the Center for Media Freedom and Responsibility (CMFR) last week at the Asian Institute of Management (AIM) in Makati City, the representative said their IT head had told them that releasing the source code would open the system up to hackers and seriously compromise the conduct of the elections.
But I guess I shouldn't have been surprised. After all, the previous week had just seen five government websites being hacked, and even the National Bureau of Investigation (NBI) hinted that it could be a warning that the automated election would not be safe. One after the other, the websites of the Department of Health (DOH), the Technical Education and Skills Development Authority (TESDA), the National Disaster Coordinating Council (NDCC), and the Department of Social Welfare and Development (DSWD) were defaced, and while no real damage was done on the data, the mere fact that someone had hacked into them was disconcerting, to say the least. According to an article in the Philippine Star, Anti Computer Crimes Division (ACCD) head agent Palmer Mallari said: “We will be holding an automated election in May. So maybe these hackers want to prove something.”
That “something” is apparently the possibility that the system Comelec and Smartmatic are putting into place could fall into the hands of hackers. The message seems to be that if is is that easy to hack into five government websites, then it would be just as easy to hack into the AES. And this is probably Comelec's rationale for delaying the release of the source code, even though it is part of its mandate when Congress approved the automation of the electoral process through Republic Act 9369.
I asked an expert in open source software for his take on this, especially in light of the aforementioned CSO representative's assertion that hackers will have a field day if the source code were released, and this is what he said: “That is true if they can also access the chips where the source code will be programmed. That is why digital signatures are important since they will verify that the chips in the machine contain only the program that was digitally signed.” Having the source code is only part of the story: one would have to have physical access to the machines and have the necessary digital signatures to be able to pull it off. In other words, only the Comelec and Smartmatic would have the capacity to do it.
Let's backtrack a bit and answer the question: Why is it important for the source code to be released in the first place? According to my friend, this is to give everyone a chance to review the code and see if there are weaknesses or mistakes or anything else that needs adjustment. That is the spirit of open source, and Smartmatic, which according to my friend uses the open source operating system Linux, is bound to follow it. Even RA 9369 acknowledges this: in Section 12 [Sec 14], it mandates: “Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof."
Why Comelec has not done so yet is a mystery, but it is one that is threatening the conduct of the May elections. Reviewing the software takes time, and even as I write this the clock is ticking and the Center for People Empowerment in Governance (CenPEG), which got the Comelec approval to receive the source code for independent review by its network of computer scientists in the academe, is raising the alarm that it will not have enough time to do its task. Indeed, it has been making such warnings since September last year, but Comelec has still not acted.
Which opens it to the suspicion that it is trying to cook up something. Essentially, what the Comelec is saying is that we should trust it to conduct the AES efficiently and correctly, even without the benefit of review, because the process is computerized anyway. But my friend the open source expert had this to say in a forum composed of IT practitioners:
“I believe the better and more credible thing to do would be to release the code to political parties, have them sign it with their digital keys, embed it into the system, use it, and then audit the chips after the election.
“What the Comelec is effectively doing is just ask us to trust an international organization for our electoral system and make the system seem trustworthy by showing the code to political parties (but not really review and understand it).
“As ICT practitioners, we all know that a computer system is nothing but the embedding of processes, policies, and rules into a digital system. Without a multi-lateral review, how do we know that the election machines are enforcing the correct processes, policies, and rules?” |
