Mar. 8, Smartmatic took out full-page ads claiming “a vote of confidence for 2010 automated election system.” The automation supplier listed accomplishments in five subsystems: (1) Hardware; (2) Software, certification, voter education; (3) Logistics, support, preparations; (4) Telecommunications and transmission; and (5) Ballot printing, infrastructure.

IT expert Roberto Verzola evaluated the claims for civil society’s Halalang Marangal (HALAL). Finding serious gaps that open the subsystems to cheating, he gives his own rating, as of Mar. 28 report.

This is the second of 3 parts, published in Jarius Bondoc’s column, “Gotcha”  (April 7, 2010 edition of the Philippine Star, Opinion Section).

Subsystem 2: Software, certification, voter education

Claim: “Source code customization to meet requirements of RP elections finished.”

The source code was actually customized in a way that violates the requirement of election law for vote verification. The PCOS has a built-in feature that displays on-screen the names of candidates a voter has marked. He can then verify if the machine is accurately interpreting his voting intentions. If it doesn’t, the voter can abort and re-feed the ballot. If it does, he can then confirm and press “Cast”. This feature is absolutely necessary to assure voters that the PCOS scanned their ballots correctly.

Smartmatic disabled this feature, taking away the only chance for voters to check the PCOS scanning accuracy on Election Day. Couple this with the news blackout of pre-election PCOS testing, and the post-election audit of results only after Comelec proclaims “winners.” We have lost all three opportunities to determine scanning accuracy — not reassuring.

Claim: “System audit finished; source code public review process opened.”

The law required two audits: of the (1) automated election system (AES), which covers five subsystems, and (2) source code, which is specific to software programs that control the PCOS and canvassing servers.

Comelec contracted for this purpose US firm Systest Labs. Last Feb. 9 Comelec claimed the system audit and source code review were done, meeting the law’s Feb. 10 deadline.

Here’s the rub: neither Systest nor Smartmatic nor Comelec has publicly released any proper certifications. Such certifications should state unequivocally that the AES and its five subsystems, as well as source code, meet Comelec quality, reliability and security specs as detailed in the contract with Smartmatic. Neither has the full report of Systest Labs been released. Without these documents, we are justified in asking: were Systest system audit and source code review actually done or not? Comelec insiders have informed us of a “series of written exchanges” on certain concerns between Systest and the Technical Evaluation Committee. What were these concerns? The only way we can be convinced that Systest has truly certified the AES and source code is for Comelec to release the certifications and full reports.

Comelec did open the source code review to the public. But it imposed unrealistic restrictions, making a proper local review extremely difficult. Surely Comelec did not impose the same conditions on Systest.

It is important to appreciate why the source code must be open to public review. The source code is Smartmatic’s general instructions to its machines, in the same way that Comelec issues general instructions to election inspectors and canvassers. Just as it is unacceptable for Comelec to keep its general instructions secret, it is also unacceptable for Smartmatic to keep secret its general instructions to its machines. This is fundamental in a democracy. Our election law fortunately recognized this, and so required prompt release of the source code for public review upon selection of the AES technology. As of today, however, due to Comelec restrictions, no local group has yet conducted any review. Only two foreign companies — Smartmatic and Systest — have so far seen the general instructions to the machines that will determine our political future.

Systest took more than four months to conduct its review. Less than two months before the election, no local stakeholder, including political parties or poll watchdog, has yet reviewed the source code. Even if Comelec relaxes its restrictions today, a proper review is hardly possible anymore. Smartmatic knew about the law’s open source requirement when it submitted its bid and signed a contract with Comelec. It cannot now invoke commercial confidentiality.

Claim: “Field tests and mock elections successful.”

We have read the news reports on high ballot rejection rates as well as transmission problems right in Metro Manila. If Smartmatic can misrepresent results this way, what else is it misrepresenting?

Given these concerns, HALAL assesses the probability of success of Subsystem-2 at 70 percent.

(Continue to the last part of the series.)