What is strange (and possibly premature if not malicious) about the new suit is that Comelec already approved the request for source code of CenPeg:
Center for People Empowerment in Governance
Evita L. Jimenez, Executive Director
Bobby M. Tuazon, Policy Study Director, on his own behalf and
On behalf of Felix Muga II, PhD, Electoral Studies
Dr. Bienvenido Lumbrera, Chairperson, Board of Directors
Dr. Pablo Manalastas, IT Consultant
Atty. Victoria Avena, Legal Consultant
Subject: In the Matter of the Request for a Copy of the Source Code (COMELEC Resolution No.09-0366)Reference is made to your letters dated August 25, 2009 and May 26, 2009, pertaining to your request for a copy of the Source Code. The Commission En Banc in its meeting held on June 16, 2009 resolved under Resolution No. 09-0366 to approve the recommendation of its Executive Director to grant the request for the source code of the PCOS and CCS. This resolution and approval is premised on the provisions under Sec. 14 of Republic Act No. 93691.
SCORP cannot but note above Letter on the Record and justifiably observe that the present petition is PREMATURE, since Comelec not only resolves to grant the request of CenPeg but also addresses why all of us have to wait patiently for "the source code" to actually be produced:
...the source code “for implementation” referred to does not currently exist for the following reasons:1. The baseline source code of the provider has not been received. This should not come as a surprise to you since you are well aware that no payment has been made to the provider as of this date, in deference to the Supreme Court Petition filed to withhold payment from the Concerned Citizens Movement, which was supplemented in the oral presentation and Petition of the defunct Information Technology Foundation of the Philippines (as represented in the Supreme Court hearing July 29, 2009 by Gus Lagman of www.transparent.org & OES and by Professor Manalastas of CenPEG).
2. The customization of the baseline source code is currently targeted for completion in November 2009.
3. Under Sec. 11 of RA9369, the customized source code shall be reviewed by “an established international certification entity”, on which basis, among others, the Technical Evaluation Committee shall issue its certification. The current target for completion of the customized source code review by “an established international certification entity” is end February 2010.
Only thereafter will the AES technology “selected for implementation” be available and can be made “open to any interested political party or groups” for review under a controlled environment.Should CenPEG be interested to become a technical resource person of the Commission, it is suggested that CenPEG apply with the Commission through the Advisory Council and/or the Technical Evaluation Committee.
I think it is helpful to look at Republic Act 9369 (The 2007 Automation Law shepherded through Congress by Sen. Dick Gordon and Rep. Teddy Boy Locsin) on this whole matter of SOURCE CODE.
First is the following terse entry in the Definition of Terms:
Section 2-12. Source code - human readable instructions that define what the computer equipment will do;
Second the more substantive matter covered in:
Finally, there is in the law crafted by Mssrs. Gordon and Locsin the following provision for quality and security assurance of the deliverable hardware and software system, including but not limited to the source code review aspect being targeted in the CenPeg suit before SCoRP:
"SEC. 14. Examination and Testing of Equipment or Device of the AES and Opening of the Source Code for Review. - The Commission shall allow the political parties and candidates or their representatives, citizens' arm or their representatives to examine and test.
"The equipment or device to be used in the voting and counting on the day of the electoral exercise, before voting starts. Test ballots and test forms shall be provided by the Commission.
"Immediately after the examination and testing of the equipment or device, the parties and candidates or their representatives, citizens' arms or their representatives, may submit a written comment to the election officer who shall immediately transmit it to the Commission for appropriate action.
"The election officer shall keep minutes of the testing, a copy of which shall be submitted to the Commission together with the minutes of voting."
"Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof."
"SEC. 10. The Technical Evaluation Committee. - The Commission, in collaboration with the chairman of the Advisory Council, shall establish an independent technical evaluation committee, herein known as the Committee, composed of a representative each from the Commission, the Commission on Information and Communications Technology and the Department of Science and Technology who shall act as Chairman of the Committee.
"The Committee shall be immediately convened within ten (10) days after the effectivity of this Act."
"SEC. 11. Functions of the Technical Evaluation Committee. - The Committee shall certify, through an established international certification entity to be chosen by the Commission from the recommendations of the Advisory Council, not later than three months before the date of the electoral exercise, categorically stating that the AES, including its hardware and software components, is operating properly, securely, and accurately, in accordance with the provisions of this Act based, among others, on the following documented results:
We see at once that the matter of a source code review is a very particular aspect of the overall task and challenge of automated system implementation, management and logistics.1. The successful conduct of a field testing process followed by a mock election event in one or more cities/municipalities;
2. The successful completion of audit on the accuracy, functionality and security controls of the AES software;
3. The successful completion of a source code review;
4. A certification that the source code is kept in escrow with the Bangko Sentral ng Pilipinas;
5. A certification that the source code reviewed is one and the same as that used by the equipment; and
6. The development, provisioning, and operationalization of a continuity plan to cover risks to the AES at all points in the process such that a failure of elections, whether at voting, counting or consolidation, may be avoided.
SOURCE: Philippine Commentary