Journal News Online : IT Experts hit Comelec’s LSCR

7 September 2021

By Journal News Online

A GROUP of Information Technology (IT) experts on Monday asked the Commission on Elections (Comelec) to remove the Non-Disclosure Agreement in the guidelines for Local Source Code Review (LSCR) as it allegedly erodes confidence in the country’s Automated Election System (AES).

In a statement sent to the media, Leo Querubin, Chair of the Philippine Computer Society Foundation (PCSF) said Comelec’s decision to include an NDA is “inconsistent’ with the objectives to build public trust, promote transparency and build confidence in the AES.”

Querubin also described the situation as akin to a restaurateur inviting food critics to review the menu but preventing them to publish their reviews.

In an advisory released last month, Comelec invited stakeholders to submit their applications online from Aug. 16 to Sept. 10 through forms available in the poll body’s official website.

The LSCR provides interested parties an opportunity to inspect and examine the ‘source code’ of the Automated Election System. Source codes are human readable instructions that defines what a computer will do.

Political parties or coalition of parties registered and/or accredited by the Comelec, including parties and organizations registered under the Omnibus Election Code and the Party List System of Representation are allowed to participate in the review.

Also included are known IT groups from the IT community recommended by the Comelec Advisory Council and/or the Department of Information and Communications Technology (DICT).

The PCSF also hit Comelec’s alleged policy of preferential priority based on available space.

Querubin said, “it is like inviting food critics but then having the option to bar certain groups or individuals. This option may be used to bar critics who may have the reputation of providing negative reviews.”

He added that Comelec should exert efforts to remove hindrances to any group or associations if it’s truly aiming for a transparent elections on May 2022.

Under the Election Automation Law (R.A. 9639), Comelec shall “promptly make the source code available and open to any interested party or group, which may conduct their own review”.

The LSCR will cover the source codes for the Election Management System (EMS), Vote-Counting Machine (VCM), Consolidated Canvassing System (CCS), and all other related systems developed by Smartmatic-TIM, Comelec’s software provider.

Smartmatic returns as the country’s election systems provider after bagging the P402 million contract last May.

The Venezuela-based company was the subject of Duterte’s tirade in 2019 where he also told the Comelec to look for another vote-counting machine provider thats is “free of fraud”.

During the 2019 source code review, local experts found that stored procedures for the canvassing and consolidation system of the AES were not included in the review.

Reviewers determined this to be a vulnerability since the stored procedures may be changed while the canvassing and consolidation system is running.

It is also unclear whether the other recommendations put forward by the local source code review participants in 2019 were acted upon by Comelec.