What the source code review is and why it is important to the 2016 elections
Atty. Karen Jimeno is a lawyer licensed to practice in the Philippines and in New York. She hosts Legal Help Desk on CNN Philippines. Currently, she is also the Head for Voters’ Education of Smartmatic in the information campaign jointly undertaken by Smartmatic and Comelec for the 2016 elections.
Metro Manila (CNN Philippines) — The Commission on Elections (Comelec) launched the second phase of the Local Source Code Review on Monday, February 2.
The “source code” is the version of a software as originally written by a human in plain text (i.e. human readable alphanumeric characters). The source code review is important because it allows participants to review, line by line, the software to be used in the 2016 elections.
There are two phases of the source code review: the first involves a review of the base code, and the second, of the final customized source code.
Comelec launched the first phase of the source code review on October 2015 or seven months before the elections. The review was open to the public at Brother Andrews Hall in De La Salle University. Anyone accredited as per Comelec’s requirements were allowed to participate in the source code review.
Smartmatic Project Manager Marlon Garcia explained that the source code review has an impact on the trust of the Filipino people in the elections.
“The outcome of said review would reflect the assessment made by IT professionals that are not directly involved in the preparation of the election nor related either to Comelec or to the provider,” said Garcia.
Smartmatic-TIM is Comelec’s technical service provider for the 2016 elections.
The first phase of the source code review allowed participants to take a look at the base source code submitted by Smartmatic.
The base code includes the code of three systems—the Elections Management System, the Vote Counting Machines, and the Consolidated Canvassing Servers.
During the first phase, Smartmatic provided the on-site support of a developer for each of the systems to explain the code to the reviewers.
“Once the reviewers became familiar with the structure and the logic of the code, they were able to do a review on their own,” said Garcia.
At the conclusion of the first source code review last December 2015, the participants issued a report with recommendations, which were taken into account in preparing the final customized source code.
The final customized source code includes all the customizations required by Comelec such as the type of information reflected on the screen of the Vote Counting Machines, and that the screen display’s information will be in Tagalog and English language, etc.
The second phase of the source code review allows the reviewers to inspect the final customized source code to be used in the 2016 elections.
The two phases of the source code review has been publicly available as part of Comelec’s efforts to promote transparency for the 2016 elections.
Parallel to the public source code review, an independent certification agency, SLI Global Solutions, was also hired by Comelec to review and certify the source code.
The final customized code was certified by SLI last January 27.
"The certification from SLI means that the final customized code was found to be without errors or malicious codes, and that such code complies with all of Comelec’s requirements," said SLI Senior Test Manager Mike Santos.
The second phase of the local source code review will be continuously held at De La Salle University. The public review of the final customized code is expected to conclude in March 2016, two months before election day.
“We would like to be as transparent as we can. What we are going to use in the elections is something that the public can trust,” Comelec Commissioner Luie Tito Guia, referring to the source code, said.
“Source code review and transparency are part and parcel of the project,” added Guia.
Since the start of the source code review last year, Comelec has been calling on all political parties to participate in the source code review and to take it seriously.
