Comelec opens software source code for review

Political parties, poll watchdogs, and interested groups can start reviewing the source code to be used in the May election starting Friday, February 5, the Commission on Elections (Comelec) said. “I have talked with the chairman of the steering committee and I got the information that tomorrow will be the start (of the source code review),” Comelec commissioner Armando Velasco said at the hearing of the oversight committee of the House of Representatives Thursday. Velasco said that the poll body will release guidelines for the review of the source code. The automation software contains source code or programmable instructions that will be installed on the poll machines to define operations such as counting, canvassing, and electronic transmission of voting results from precincts to canvassing centers. Ferdinand Rafanan, director of the Comelec law department, said that the international firm Systest Labs, which was commissioned by the poll body to review the codes since October, has finished its work. Velasco said that the review by political parties will be done in a controlled environment at the Comelec main office to avoid leakage. Asked by Bayan Muna party-list Representative Teodoro Casino if political parties can make recommendations on the source codes, Rafanan said that “the source code review to be done is only for the purpose of seeing to it that in deed, the certification by the technical committee and Systest Labs is accurate, not to replace it.” Casino expressed concern over Rafanan’s statement because it meant that the codes could not be replaced even if the political parties found something wrong with them. Rafanan replied that “if there are malicious codes to be removed, then that is a good reason for political parties to make the recommendation.” Gregorio Larrazabal, Comelec commissioner and chief of the steering committee on automation, told that the public review of the automation source code is open for interested parties with credentials or proven track record for reviewing software. The Liberal Party have expressed intent to join the review. “We have yet to receive formal requests from other parties that we have invited early this year. Nevertheless, we would proceed as planned and hold the review from a period of one month or up until April if there are still code reviewers,” said Larrazabal. Under the guidelines for the conduct of the source code review, interested parties must submit with the PMO a letter of intent to join the source code review, including the credentials of the reviewers and the methodologies they propose to use. Once the application is approved, the party would sign a non-disclosure agreement with Comelec stating they would issue a report on the software review, said Larrazabal. To prevent leakage of the automation software, a read-only copy of the source code will be provided on secured Comelec workstations in a secured facility. “No copies or any part of the source code would be taken out of the review facility and no electronic storage devices could be permitted inside the secured review facility. We would also seal the USB ports to make sure there is no leakage,” said Larrazabal.