By James Jimenez
April this year, the Supreme Court En Banc unanimously reversed the November 29, 2023 Resolution of the Commission on Elections (COMELEC) En Banc, which disqualified Smartmatic from participating in any public bidding for elections. In doing so, the Court held “[i]n choosing to disregard the procedures prescribed by the GPRA and its IRR and disqualifying Smartmatic before it had submitted any bid, without any reference to the applicable eligibility requirements and non-discretionary pass/fail criteria prescribed by the Special Bids and Awards Committee, the COMELEC En Banc implemented a discretionary pre-qualification regime antithetical to the very essence of the GPRA—a grave abuse of discretion amounting to lack or excess of jurisdiction.” Or to put it more plainly, the Court said that the COMELEC seemed to have acted arbitrarily, rendering the disqualification of Smartmatic flawed.
With the decision coming a little over a year before election day, however, the Court was quick to cite the doctrine of operative facts. To require the COMELEC to conduct another round of public bidding, the Court said, would seriously disrupt its preparations for the 2025 National and Local Elections (NLE) and potentially jeopardize the very conduct of the elections. This led to the Court declaring that its decision would prospective in application, leaving things where they were and essentially letting the COMELEC carry on with its current preparations.
Since then, the COMELEC has moved forward with its chose supplier – Miru Systems – and, as of this writing, a little over seven months before the 2025 elections, undergoing the Local Source Code Review (LSCR) and hardware acceptance testing (HAT) at its facility in Biñan, Laguna.
And here is where the rubber meets the road.
Up to this point, the COMELEC has made a big deal about its declared commitment to transparency. This is much appreciated, and there is a lot that the election management body needs to be transparent about.
The most important of these, to my mind, is the Source Code Review.
Section 9 of RA 9369 mandates that a Technical Evaluation Committee (TEC) should certify the chosen Automated Election System (AES). Ideally, without this certification, the AES won’t be authorized for use in elections, since the certification is essentially a guarantee that the automated system is clean, honest, and reliable. Of course, in the past, COMELEC has been able to circumvent this requirement, but that fact does not diminish the value of the TEC Certification.
The TEC Certification is issued based on the results of a field testing process followed by a mock election in one or more cities or municipalities; a successful audit on the accuracy, functionality, and security controls of the AES software; and the successful completion of a source code review by an international certification authority; and the development, provisioning, and operationalization of a continuity plan.
Most of these requirements will probably be met by COMELEC roughly around the end of the year or early in 2025 – before the start of the campaign period – so that bears watching out for. However, at least two of these requirements should ideally be met much sooner: the source code review by an international certification entity (ICE), and the continuity plan.
SCR by the ICE
In automations past, the source code review by the international certification entity (ICE) – a necessary input to the AES certification to be issued by the Technical Evaluation Committee – tended to start at an earlier date. For the 2016 elections, for instance, the ICE review started as early as September the year before, 2015. As far as I’ve been able to tell, however, the COMELEC has yet to announce the engagement of an ICE to conduct this indispensable source code review.
Note that the requirement of a source code review by an ICE is separate and distinct from the requirement for a local source code review – which the COMELEC has only recently initiated.
While the ICE review is required under the amended Section 12 of the law and is an absolute necessity for TEC Certification of the AES, the local source code review is required under the amended Section 14 of the same law, and is primarily just a transparency measure.
It provides that “once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof.” Although the law says “once the AES technology is selected…” in practice, the local source code review has focused on the source code already reviewed and certified by the ICE. Thus, the results of the LSCR have, at most, resulted in improvements being made to the succeeding iteration of the AES, rather than influencing its current incarnation.
So, as far as being transparent goes, the COMELEC needs to clarify to the public whether a source code review by an international certification entity has been initiated; if so, then at what stage is it currently, and when should the public expect its final findings. The COMELEC might also clarify whether the source code being reviewed by local reviewers is the raw source code from Miru, or if it is the (for lack of a better word) source code ‘customized’ for Philippine elections and certified as clean and reliable by the ICE.
