The Manila Times : Comelec sets local reviews of 'source code' for 2022 elections

News & Interviews
17 August 2021

By William Depasupil | The Manila Times

THE Commission on Elections (Comelec) is laying the groundwork for the local review of the so-called "source code," a voting software program customized for the upcoming 2022 presidential polls to ensure transparency and provide security to the Election Management System (EMS) against any form of malware that may alter the outcome of the elections.

In an advisory, Comelec spokesman James Jimenez on Tuesday called on election stakeholders to submit their application to participate in the local source code review as required by Republic Act (RA) 9639 or the Election Automation Law.

The source code is basically an independent auditor to ensure that the system is running free from possible malicious lines. It is provided by Smartmatic, the supplier of the vote counting machines (VCMs).

Jimenez said that among those invited to participate in the local source review were:

* political parties or coalition of parties duly registered and/or accredited by the Comelec, including parties and organizations registered under the Omnibus Election Code and the Party List System of Representation;

* legitimate organizations or groups accredited by the Comelec, including previously accredited citizens arms in the 2019 national and local elections;

* IT groups known and recognized as existing in the IT community, recommended by the Comelec Advisory Council and/or the Department of Information and Communications Technology (DICT);

* civil society organizations/ associations known for their involvement in election reform activities as may be determined by the Comelec or members of the Comelec Advisory Council and Joint Congressional Oversight Committee.

Aside from the local source code review, it is also subjected to a trusted build process by an international certification company.

In 2019, the source code review was done by the Alabama, USA-based international certification agency Pro V&V Inc. which broadcasted live to the Comelec office the "source code review" of the trusted build of the EMS, which was the final step in assembling the software system that will be used in next year's elections.

The EMS designs the configuration for the vote counting machines, like precinct number and the number of voters per precinct, among others.

The Comelec defines the trusted build as "the process whereby the source code is converted to machine-readable binary instructions (executable code) for the computer. It is performed with adequate security measures implemented to give confidence that the executable code is a verifiable and faithful representation of the source code."

The source code, on the other hand, is the human-readable version of the software. It is a voting software program customized for Philippine elections that would be installed in the VCMs.

There are three sets of codes. The first set is the one used for the VCMs and used by the different boards of canvassers to consolidate the results and generate the certificates of canvass and proclamation.

The second software is the only source code used by technology provider Smartmatic for purposes of transmission.

The third is called the domain name server (DNS) janitor, which is basically a utility program that cleans entries from the DNS so that what is being transmitted will reach its destination.