One of the most interesting components of the current Philippine elections is the introduction of electronic voting. (It’s called the “Automated Election System,” or AES in the acronym-happy local idiom.) Instead of paper ballots tallied by hand at the precinct, the AES has people fill out bubbles on a sheet. (This immediately invoked my private traumas with standardized tests.) A computer then reads the bubblesheets and transmits the tallies to the next highest level of vote aggregation. E.g., results from a barangay (probably best translated as “ward”) go to the municipality (actually a county in North American terms), and then to the province and finally the national election commission, called Comelec. The system is intended to stop the long-standing practice of dagdag bawas, literally “add-subtract,” whereby zeros are creatively appended (and other digits somehow dropped) in order to favor particular candidates during the tally.
All good in theory. But technology alone can’t beat the political animal. The implementation of the vote machines, which are designed by a private company SmartTec, has been ... fraught. It raises a few general questions about technology, democratic legitimacy, and the regulation of public-private partnerships.
The initial AES law had a number of clauses guaranteeing security of the vote and providing for pilot projects. Comelec has ignored most of these in implementing the AES. For example, Section 12 of Republic Act 8436 (as amended) states: “Once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof.” The idea was that the code could then be stress-tested and debugged by a global army of recreational hackers. Comelec, however, has kept the code under wraps. Not only has it not been made public, it hasn’t even been made available to AESWatch, a highly-qualified federation of local groups! Rather, Comelec outsourced the testing to U.S. companies at a price tag of ₱7 million. Whether this reflects partisan pro-Arroyo bias, institutional politics, or just plain old bureaucratic incompetence is not yet clear to me. The cipherpunks and open source community long ago argued that “security by obscurity” doesn’t work to protect software systems.
The rub is that voting technology is not just any software system! What elections do (to crib from Jim Fearon) is legitimize a government by making it common knowledge that the ruling group has enough support to take on all comers. Since the technical e–voting issues are beyond the grasp of the general non-hacking public, it is REALLY important that local technical experts, ideally drawn from a broad social base, give the election technology a thumbs-up. This kind of legitimacy is exactly the kind of thing the private sector, however efficient and low-cost, can’t provide. It comes from a social knowledge base of recreational political geekery. In the fraud infested environment of the Philippines (and other developing countries experimenting with electronic voting), everyone is suspicious of the new technology.
Open-sourcing the underlying code wouldn’t just have helped to insure the elections against nefarious technical manipulation; it would have created legitimacy for the Philippine democratic process V2.0.
Unfortunately, it didn’t happen. Instead, we face the possibility of the “imponderable, unthinkable and unimaginable” should the system fail ... or worse yet, the possibility that the results will be rejected by powerful groups even if it does not.
Comments