To the code reviewers working with COMELEC:
Trust what you see


The Philippines’ Commission on Elections begins public source code viewing process


Update (25 October 2015, 11:56pm): COMELEC election worker Luie Guia responded to my Facebook posting of this article, clarifying that the “decision to have a source code review is, apart from gaining public trust, a requirement of law (source code must be made available to interested parties as soon as the supplier has been chosen)”.  This is specified in Section 14 of Republic Act 8436 (amended by R.A. 9369).

SECTION 14. Examination and Testing of Equipment or Device of the AES and Opening of the Source Code for Review. – The Commission shall allow the political parties and candidates or their representatives, citizens’ arm or their representatives to examine and test.

“The equipment or device to be used in the voting and counting on the day of the electoral exercise, before voting starts. Test ballots and test forms shall be provided by the Commission.

“Immediately after the examination and testing of the equipment or device, the parties and candidates or their representatives, citizens’ arms or their representatives, may submit a written comment to the election officer who shall immediately transmit it to the Commission for appropriate action.

“The election officer shall keep minutes of the testing, a copy of which shall be submitted to the Commission together with the minutes of voting.”

“Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof.


 

On Monday October 12, COMELEC-approved reviewers will begin a grueling five-month process of reading the program source code for the Philippines’ automated election system (AES).  This is a confidence-building measure intended to give the public an opportunity to understand, in detail, how each part of the system works.

Continue reading “To the code reviewers working with COMELEC:
Trust what you see
”

Questions for the COMELEC source code review

Here are five questions I’d like answers to following the COMELEC (Commission on Elections) source code review that’s supposed to have started on October 1, 2015.

1) How are the Smartmatic vote counting machines built? What are the capabilities of the embedded processor? Does it run an embedded operating system, or is it running “bare metal” code?

2) Did COMELEC arrange that results of the source code review – importantly, findings of code defects that affect the integrity of system operation – get forwarded to the manufacturer for field software update?

3) Is there a way to verify that the version of firmware (loaded into processor flash memory) corresponds to the release version of the software being reviewed?

Another way to ask this question is this: Do the code audit teams have access to the compilers and firmware update tools used by the manufacturer, to install firmware binaries into the device? Note that if the VCMs are not field-reprogrammable, then the usefulness of findings of a code audit are extremely limited. If there are any serious defects and there is no way to update the firmware, then manual procedures need to be put in place to work around those defects.

Continue reading “Questions for the COMELEC source code review”