Subscribe For Free Updates!

We'll not spam mate! We promise.


Thursday, July 30, 2009

CenPEG's Request for Public Scrutiny of Poll Automation's Source Code is Stupid!

Isa itong Reaksyon sa Comelec violated automation law: CenPEG

Para sa akin isang malaking kalokohan na ipakita sa publiko ang "source code" ng software na gagamitin para sa 2010 elections. Bilang nag-aral ng programming napakahalaga ng source code nsapagkat nandito ang lahat ng instructions ng isang program kabilang na rin ang mga sikreto nito. Ang lahat ng may inaalagaang source code tulad na lang ng Microsoft, Apple at iba pa ay hinding hindi ipapakita sa publiko ito.

"...disclosing it for public scrutiny should provide a major safeguard," iyan ang sabi ng Center for People Empowerment in Governance ( CenPEG). Pero sa totoo lang kabaliktaran ang mangyayari sapagkat mas magiging mainit ito sa mga "hackers" na gustong pumasok sa programa.

Kung gusto nila ng scrutiny ng source code ay dapat mga lehitimong tao na may pananagutan ang tumingin sa source code. Ang mga taong ito ay dapat managot kung sakaling may mangyari o ma-hack ang sistema.

Nakakatawa lang isipin na sa bawa't pagkilos at kagandahang nangyayari ay hindi mawala ang mga kumokontra at sumisigaw ng foul play. Wala akong kontra sa paninigurado sa source code pero ang ipakita ito sa lahat.... MALAKING KALOKOHAN AT ISANG MALAKING PAGKAKAMALI!

Further Reference: Full Text of Republic Act 9369 (Poll Automation Law)


Also Visit My Other Blogs
| Newz Around Us | Ordinary People, Ordinary Day |

Pagod Ka Na Bang Maging si Juan?
SOCIALIZE IT →
FOLLOW US →
SHARE IT →

18 comments:

Anonymous said...

http://en.wikipedia.org/wiki/Security_through_obscurity

Anonymous said...

http://articles.techrepublic.com.com/5100-10878_11-6064734.html

Shen said...

Naiintindihan ko ang mga artikulong ito at sang-ayon ako dito pero hindi ito dapat maging basehan ng hinihiling na public exhibition ng source code ng software sa automation. Bakit?

1. Isa itong specialized software na hindi para sa consumption ng public.

Ang mga open source software tulad ng Joomla, Linux at iba pa ay para sa publiko kaya ok lang na gawin itong open source sapagkat sa pamamagitan nito ay mas gumaganda ang sistema.

2. National security risk. Ang software source code vulnerability na maaaring makuha ay pwedeng samantalahin ng mga may interes sa eleksyon. Hindi ito kagaya ng open source na karamihan sa nag aanalyze ng source code ay para gawin itong mas maganda.

Malayo ang comparison ng open source at security through transparency sa pagkakataong ito. Specialized at custom software ito na not for general public access.

Sj San Juan said...

Why is it stupid? In the interest of transparency, the source code must be made public so that nobody can smuggle inside malicious codes or orphans to derail automation.

Shen said...

When you open the source code to the public you also open it to the eyes of potential hackers of the system. You open the vulnerability of the system. The source code should not be made public for national security purposes. It people want to prevent smuggling of malicious codes or orphans then let an independent and accountable body do it. You never make a source code of such a software be publicly known.

Shen said...

Transparency entails many things and it does not mean that everything should be made public. The source code should be kept a secret for the sake of its effectiveness and security.

Sj San Juan said...

I don't see what will be the difference of keeping the source code secret. I mean, FOSS have their source codes in the public domain. And also, if the source code will be hackable, then it means that there is a problem with it. It will be better for the public to see the source code, and try to hack it. Rather than people to hack it while we are counting the votes.

Shen said...

Are you sure that all of those who managed to hack it will report their success. Considering the magnitude of the money they can generate with the discovery some will just sell their capabilities to politicians who can then pay them to make them win.

Malaki ang pagkakaiba ng source code na ito sa standard ng FOSS at gaya ng naging sagot ko sa mga link na inilagay sa article na it.. narito sya ulit...

1. Isa itong specialized software na hindi para sa consumption ng public.... Read More

Ang mga open source software tulad ng Joomla, Linux at iba pa ay para sa publiko kaya ok lang na gawin itong open source sapagkat sa pamamagitan nito ay mas gumaganda ang sistema.

2. National security risk. Ang software source code vulnerability na maaaring makuha ay pwedeng samantalahin ng mga may interes sa eleksyon. Hindi ito kagaya ng open source na karamihan sa nag aanalyze ng source code ay para gawin itong mas maganda.

Malayo ang comparison ng open source at security through transparency sa pagkakataong ito. Specialized at custom software ito na not for general public access.

Noong nasa 6th National Youth Parliament ay advocate ako ng paggamit ng FOSS sa government softwares pero hindi ibig sabihin na para maging safe ang mga ito ay dapat maging bukas sa publiko ang source code ng bawat ahensya... bakit ... dahil nag iimbita ka ng risk sa pambansang seguridad.

Sj San Juan said...

Whether or not COMELEC will open the source code in public, ita-try pa rin ng mga hacker na pasukin ang sistemang ito. If they will be successful, then that means there's a problem.

The public's sense of security will only be realized if we know what kind of program is being uploaded there.

And anyway, Section 12 of the Automation Law clearly allows public scrutiny of the source code.

Shen said...

SEC. 12. Section 10 of Republic Act No. 8436 is hereby amended to read as follows:

"SEC.14. Examination and Testing of Equipment or Device of the AES and Opening of the Source Code for Review. - The Commission shall allow the political parties and candidates or their representatives, citizens' arm or their representatives to examine and test.... Read More

"The equipment or device to be used in the voting and counting on the day of the electoral exercise, before voting start. Test ballots and test forms shall be provided by the Commission.

"Immediately after the examination and testing of the equipment or device, parties and candidates or their representatives, citizen's arms or their representatives, may submit a written comment to the election officer who shall immediately transmit it to the Commission for appropriate action.

"The election officer shall keep minutes of the testing, a copy of which shall be submitted to the Commission together with the minute of voting."

"Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof."

In analysis the code is in effect open for review but it will not be and should not be open for general public viewing. Those who want to see the source code should be accountable, credible and has the knowledge and expertise to do such a review.

A source code like this should not be just open to anyone's viewing and in public domain.

Tonyo Cruz said...

This is a bad idea you have. Revealing source codes is important. It allows the government and concerned citizens to check how a software would operate a hardware. This has been done in many countries especially for electronic voting systems.

Shen said...

I agree with you on that. I am also for opening the source code but to accountable persons only and not to the public as a whole. This will prevent unnecessary leaks to person who are waiting for this opportunity to tamper the code. Beside I think it will be highly against a company's propriety to reveal its source code to all.

fossinabottle said...

http://en.wikipedia.org/wiki/Premier_Election_Solutions#Controversy

Shen said...

And so?????

Tonyo Cruz said...

The IT community wish to get the source code so they could tell the government whether they're good and secure.

Shen said...

I hope that they be given access... as long as these IT groups are legit and will be accountable as well to the public :)

Julie Ann Basconcillo said...

Hi!

I think you need not take the term public as referring to every person living, Filipino or otherwise. I am not a member of CenPEG but I have attended some fora discussing the AES. What CenPEG wants I understand is for Smartmatic-TIM to now handover to the IT experts commissioned by COMELEC the source code for the poll automation. It appears that the joint venture is procrastinating in its delivery. These IT experts have to review the source code to safeguard the election process, that's correct, noting that the instructions given to them (after some deliberation between the two groups) should be what are actually inputted into the system when the machines are built. Public may not necessarilly mean again as I've said everyone but maybe only some elements of the set of people who are not part of the private set (i.e. Smartmatic-TIM) who in fact can be said to know more [private] information than anyone else. Thank you.

Shen said...

Well since many did compared the term "public" as the same term "public" for open source software then that means the general public. If the case is what you have indicated then I think that is indeed a proper action and a must to safeguard the election process.

I am just wary of making it open to anyone.