PCOS debacle: Is the software source code really important?

The source code is the format of a program in human-readable format (that is, as far as computer programs go). It most intuitively describes the logic followed by a computer that is running said program. Programs written in high-level languages like Visual Basic, Javascript, PERL, PHP, or database languages like Standard Query Language (SQL) and other scripting languages are the most readable of such program codes. These languages make use of intuitive syntax (command lines composed of statements, variables, and operators) that almost look like English sentences:

10 counter = counter + 1
PRINT “Hello”
If counter = 20 then END

You can tell just by reading the above program how a computer running it would behave.

Unfortunately, computers run programs and store data in a way that is different from the way humans read source code. Programs are no more than circuits that manage vast arrays of on and off switches. The binary nature of the way each unit or bit of data underlies everything about how a computer works and remembers stuff requires source code to be converted to binary code to be machine-readable. This conversion process is called compilation. Source code in whatever language it is written needs to be compiled into a binary data structure for it to installed and run on a computer.

Binary data is also more compact than source code because the information redundancies (and other inefficiencies) inherent in human language are no longer present in binary code (i.e. removed during the compilation process). This makes binary code a more economical format to store and distribute software (say, as installation CDs or memory sticks or as “install packages” downloadable from the Web). Thus in commercial form, software code is virtually unreadable to ordinary humans.


This is why the source code is important to someone who is buying and using software for a mission-critical exercise — such as conducting a national election. To be able understand how a computer system converts input data (say, data from ballots) into output (say, election results) the managers of a computer system need to know the logical flow of this conversion effected by said software. This can only be done when the source code of the software is made available to them.

In the absence of source code, the behaviour of a computer system and the soundness of its logic can be evaluated by competent test analysts. This is specially true for relatively simple systems such as the voting system in the Precinct Count Optical Scan (PCOS) machines to be used by the Philippines’ Commision on Elections (COMELEC). The trick lies in the formulation of a good representative set of test cases and running simulations using these test cases through the system and observing its behaviour to see if output is consistent with expected outcomes as defined in said test cases.


14 Comments on “PCOS debacle: Is the software source code really important?”

  1. If the PCOS’s only security features are hardware-based and the encryption methods, then there is no problem showing the source code on that. Also, implying that the PCOS has a “pirated” software, then their reasons for not showing the source code would be obviously:

    1) Comelec is afraid to getting messed up with the original owner of the code. (Just like you don’t want to say to Microsoft that you have a pirated version of Windows 8 and etc)
    2) The embedded programs used is modified, thus the modifications are also reflected in the source code. Good cover for your favorite electoral cheating.

    Seriously, COMELEC is in really deep sh*t now…

    1. Due to current events, the credibility of the 2010 elections will be investigated since they have admitted that there was no source code used in the 2010 elections.

      Aquino’s presidency will be put in hot water since his victory in the 2010 elections will be questioned.

      1. By the time they actually start investigating the legitimacy of this PNoy’s elections, his term would’ve been finished already. Don’t even consider the verdict of the investigation. Would this be another case of a new president bashing his predecessor, i.e. Gloria > PNoy.

        Why am I not surprised at all of these nonsense again being presented to the layman.

  2. Well if they’re going to check the source, then it should be done to all of the PCOS Machine. They’ve been saying that SLI check the source code and it took 6 months. But the questions is, which specific machine it was been applied. There are thousands of PCOS Machines that were distributed to different locations here in Philippines, but only 1 Source code was check. Im afraid that they can still get an access to other pcos machines remotely using a hidden embedded code.

    1. Ideally, and economically, all PCOS machines should have one software version and it use “configurable data” to instruct the PCOS machine to adapt to specific precinct.

      Nonetheless, your concern that the PCOS of one precinct is different from others is very much valid. To combat it, the integrity of the program can be tested using Secure Hash Algorithm (SHA) [1]. Think of SHA as means to check if the software has been changed. Hence changes in the compiled software, when hashed, is different from the one original.

      [1] http://en.wikipedia.org/wiki/Secure_Hash_Algorithm

    2. On production of these machines, they had to use ONLY ONE source code. It would make development easier for the development team on that since the machines are the same, thus the source must be the same.

  3. A source code review is fundamental in any system and standard practice.
    No financial or major system would be implemented without one let alone an electoral system.
    So the trickle of information, excuses and sheer incompetence from comelec not only proves the ineptitude of ‘wanna be ambassador’ brillantes and his band of IT illiterate dinosaurs, but does untold damage to the trust and confidence, especially important in a country where cheating is the norm.
    I wouldnt trust the system, or the yellow peril, as far as i could throw a PCOS machine.
    As usual the law and human rights are being trampled upon, but without major indignation and disbelief in the media.
    Prepare to be cheated. Filipinos should be used to it by now.

    1. Given the situation on how COMELEC handles this new technology? I can’t trust them too so far… 😀

  4. The source code is useless unless it is extracted from the pcos machine in the presence of the reviewer. Anybody can give you a supposed source code for that machine even though it’s not the complete or correct one just like many programmers are doing.

  5. It is really important. But i’ll tell you, the electronic voting machine is not really that secure. Pay a hundred million to a computer programmer to hack and manipulate the code. Or pay that company that made the machine to set the code to your side.

    I’m a computer programmer, I can make a votign system like that and program it that a particular candidate will surely win. I can make a bias voting system. For example:

    aquinovote = 500,000
    villarvote = 1,000,000

    deductedvillarvote = villarvote / 2.5
    (that is 1,000,000 / 2.5 = 400,000)
    aquinovote = aquinovote + deductedvillarvote
    (which is 500,000 + 400,000 = 900,000)

    villarvote = villarvote – deductedvillarvote
    (which is 1,000,000 – 400,000 = 600,000)

    So what is now the final votes for each individual?

    aquinovote is 900,000
    villarvote is 600,000

    villarvote was deducted. It got cheated. aquino won.

    That’s how a source code can cheat. Only examples are shown. They only test that machine 10-20x, and if that 10-20x testing resulted fine, they say the machine is reliable. But what if the cheating of dagdag bawas in the machine will be done pag naabot na 1,000,000 or 2,000,000 or so on. Kasi no one tested that machine a hundred thousand times or million times.

    Of course they cant really show the code because it’s sensitive or copywrited. It can only belong to smartmatic or else many companies will imitate the code. But I expected the code should be reviewed by trusted analysts like a programmer in UN or US or Microsoft or Facebook or Google. OR whatever trusted companies that cant be bribed by any running candidates. But it didnt happen. No one told us that those codes in those machines are reviewed by any experts in computer programming to see if the algorithm or codes in that machines is fair. Only IT analysts were shown. Well there are many kinds of IT analysts. A trusted expert computer programmer should have reviewed that codes. What if the candidate that won paid smartmatic? Who the hell is smartic. It’s not really a famous company. Sound like it can get bribe.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.