Some ballots may not be counted, watchdog says, citing software issues

Some ballots may fail to be counted on May 10, a poll watchdog claimed on Monday, citing problems that arose after the automated election system’s source code was reviewed by a software testing company. This was disclosed in a statement by poll watchdog Kontradaya after the US-based SysTest Labs, the Comelec-commissioned software testing company, reviewed the source code — a set of human readable instructions for the computer, in this case, the poll machine — and found some problems. The review discovered the non-standard treatment of undervotes, which could lead to exclusion of such votes during counting, the watchdog said. “This means that if you only voted for three senatorial candidates out of the supposed 12, SysTest said that it was not sure if the PCOS [Precinct Count Optical Scan] machine would read the three votes or not," Computer Professionals Union (CPU) national coordinator and Kontradaya member Rick Bahague said. The source code is the software used to make sure that the precinct count optical (PCOS) machines are able to count the votes properly. It should also make sure that there is no room for possible corruption of data, which could be used in election cheating. “May standard sa pag-treat ng undervoting. Pero ang nakita ng SysTest sa software ng Smartmatic ay hindi standard ‘yong pag-treat niya ng undervoting. Hindi sigurado ‘yong system kung binabasa niya yung undervotes," Bahague noted, adding, however, that Smartmatic has claimed that the program is capable of reading undervotes properly. (The SysTest review of software installed in Smartmatic’s PCOS machines indicated that undervoting may not be treated equally. The system is not sure whether its reading undervotes.) Risks for data loss “Election data may not always be properly encrypted before being stored, [at ito ay dahil] ‘yong software na ginamit para sa pagtatago ng mga ito ay may mga pagkakamali," Bahague added. (Software used to store election data may incur some errors.) The erroneous programming on the database, he said, could lead to election data corruption. Bahague also raised concerns regarding transmission of election data. “Nakita [ng SysTest] na may mga datos na pinapadala na hindi encrypted. Ibig sabihin, pwedeng mabago yung resulta habang pinapadala," he said. (The review discovered that some data were sent unencrypted which means that results may be changed during transmission.) The SysTest findings also included an inaccurate memory management — which meant that election data may either be inaccurately stored or lost — and that its audit log entries were not always recorded with the proper timestamp. “The implication is that there would be no record of what was done on the machine and no one could recreate the events leading to the results," Bahague said. Hasty programming All the problems found in the source code could be blamed on hasty programming, Bahague said. “Nakita [ng SysTest] na ‘yong buong system ay medyo minadali ang pag-proprogram.. The system is very vulnerable. Kumalat din ito sa IT community. Noong nakita namin, nagtaka kami dahil karamihan dito, kapag titingnan ng isang technical person, masasabi niyang amateur.. hindi propesyunal ang pagkakagawa. Iyong mga basic standards sa pag-proprogram, hindi nagawa." (The SysTest review saw that the whole system was hastily programmed. When we saw that, we were surprised because basic programming standards were not followed. It was not professional.) While admitting that no technical remedies could be put in place with just a week before the polls, Bahague pointed out that SysTest recommended manual safeguards to make up for what the software lacked. “Ang katapat nito ay manual [safeguards]. Kunwari, pwedeng maging accessible sa iba iyong canvassing server dahil ‘di maayos ang pagtago ng password. Ang operational safeguard nito, dapat trusted people lang ang maghahandle nito," he said, saying that failure of the Comelec to ensure this would compromise election results. (The canvassing server’s password may be accessed by others because it was not stored properly. The instituted operational safeguard in this case is that only trusted people should be able to handle this.) “Sila (SysTest) na mismo ‘yong nagsabi na questionable ang integrity ng software, although siyempre dahil sila yung kinomisyon ng Comelec, they said that these are just minor errors, and that if the necessary manual safeguards are observed, pwedeng magwork." (It was SysTest itself that said that the software’s integrity was questionable. And since it was the one commissioned by the Comelec, it said that these are just minor errors and that it will work if necessary manual safeguards are observed.) Comelec spokesman James Jimenez, for his part, said that the matter is just a "disagreement" with the methods used in testing the source code. "These are generic objections to how some things were done," he said. He likewise urged Kontra Daya to "move on" from the source code issue. "Let's move on...essentially, they're not the last word on it," he said. He noted, however, that they will still ask their technical committee to "look into their concerns and "respond properly" in due time. - RJAB Jr., GMANews.TV