Comelec was warned about ballot production software

With the numerous failures to read local votes in initial tests of the voting machines and the Smartmatic admission of a problem in configuring the ballot design, is it possible that Smartmatic used their ballot production software despite the clear warning by the source code review contractor that it should not be used? And that was only one of over 5,000 unresolved problems that the review found in the source code. Analysis by poll automation expert Roberto Verzola. According to the Automated Election Law (R.A. 9369), the Comelec Technical Evaluation Committee (TEC) must “certify, through an established international certification entity, ... categorically stating that the AES, including its hardware and software components, is operating properly, securely, and accurately, in accordance with the provisions of this Act based, among others, on the following documented results: 1) ... ; 2) ... ; 3) The successful completion of a source code review; 4) ... " For the certification entity, the Comelec chose SysTest Labs Inc., a U.S. firm that certifies voting software. SysTest conducted its review of the Smartmatic source code on Oct. 26, 2009 to Feb. 9, 2010. It was on the basis of the SysTest recommendation that the COMELEC accepted the Smartmatic software and went ahead with the automated elections. Although SysTest submitted its “Certification Test Report for Source Code Review, Readiness and Security Testing Rev. 1.06" on Feb. 9, the COMELEC released the full text of the report only on Apr. 30, barely ten days before the May 10 elections. The SysTest review found 9,888 problems, which ranged from “critical" or “major" to “minor" problems. Of these problems, Smartmatic was able to correct 4,422 critical or major problems. However, 327 major problems, 4,897 minor deviations from standards and 242 minor non-standard-related problems – a total of 5,466 problems – remained unresolved, according to the SysTest report. However, the software changes that supposedly resolved the 4,422 critical or major problems have not yet been successfully tested here or abroad, contrary to the following provision of the AES Law: "Sec. 12. ... With respect to the May 10, 2010 election and succeeding electoral exercises, the system procured must have demonstrated capability and been successfully used in a prior electoral exercise here or abroad." In addition, the problems which are supposedly minor are actually significant problems, if the text of the SysTest report is scrutinized carefully. Among the unresolved problems revealed by the SysTest code review are the following:

• “Possible database corruption", which can result in loss of vote data (p.16, 24)
• “Potentially incomplete, corrupted, overwritten or lost audit logs," which can also result in loss of vote data as well as make it possible for intruders to hide their tracks (p.18-19, 21, 23, 30-31);
• “Possible injection of malicious SQL [database] commands", which can corrupt vote data (p.19);
• “Unencrypted passwords in database and other encryption and password problems" (p.19-20, 24, 29); and
• “Possible loss of significant digits" in the vote data (p.20, 22).

To remedy the problems above that SysTest identified, it subsequently submitted a separate report entitled “Final AES Certification Test Report for the Smartmatic Automated Electon System (AES)," which the COMELEC has not yet made available to the public, although it has released a summary of the report, dated March 8, 2010 and entitled “Certification Test Summary for AES May 2010 Rev. 1.00". The Summary lists “compensating controls" needed to cover the shortcoming in the Smartmatic software identified in the Report. In particular, two compensating controls listed in the Summary should be noted (Summary, p.6): - The Ballot Production tool was not subjected to the full certification process; therefore it should not be utilized in the May 10, 2010 election process." - As the modem firmware was not subjected to the full certification process and is required for transmissions, COMELEC should request the source code from Smartmatic and have a thorough review conducted prior to the May 10, 2010 election." Given the transmission problems encountered by Smartmatic even in Metro Manila and the printing problems of the NPO with regards to misalignment from high-speed printing, these two compensating controls seem particularly important. The COMELEC should report to the public whether these two, as well as the rest of the compensating controls listed in the Summary, were accomplished. With the reports of failure to read local votes in initial tests of the PCOS machines and the Smartmatic admission of a problem in configuring the ballot design, is it possible that Smartmatic used their Ballot Production software despite the clear SysTest warning that it should not be used? It should be noted that Systest only gave a conditional endorsement of the Smartmatic software in its March 8 report (p.7), one month after the AES Law deadline for a categorical certification: “Assuming the abovementioned [compensating] controls are put into practice and that the AES is properly configured, operated and supported, SysTest Labs finds the Smartmatic Automated Election System to be capable of operating properly, securely and accurately and therefore recommends the system for certification and use in the May 10, 2010 election." This is not quite the categorical statement that the AES Law R.A. 9369 requires. This endorsement is conditional on the crucial assumption that all compensating controls are “put into practice". Given the problems cited in the SysTest report, and the explicit warning against using Smartmatic's ballot production tool, it is clear that no certification should have been issued to the Smartmatic software and the full nationwide automation of the Philippine elections should have been aborted.