Closing barn doors and runaway horses

There's been word about requiring the Comelec to publish the source code used by the voting machines deployed for the previous election. Apparently, this has been an item for a while (a piece on GMA's site is dated 26 September); only got wind of it last night, while watching the news.

This elicited two reactions: first, I should probably watch the news more often. Second, talk about doing too little, too late.

Well, the second reaction, truth be told, had been laced with a lot more hatred, profanity, cussing and very non-kid-friendly cursing. But maybe it's just me.

Let me just spell it out, for those not so quick on the uptake.

The election's done. We have a president who looks like he's still surprised by his winning to this day, and keeps expecting a celebrity to jump out behind the bushes and tell him it's been a joke the whole time. We also have a vice-president who's managed to steal his post from right under everyone's noses.

So we still have the baranggay and SK elections. Whoop-te-fucking-do. The main bout's over, the actually-famous band has already played, the grand prix has been won. Even if third-parties are able to prove the voting machines' complicity in the recent thefts of particular government posts, what good would it do? Not being defeatist, or overly cynical (well, maybe the latter), but that's how government works. It'd take a chain of events as massively improbable as that in Piers Anthony's Bio of a Space Tyrant to change all this.

They only guarantee source code; nowhere does it say that it has to be the source code of the operating system that actually went into the voting machines that people used. Not unless each and every single voting machine is disassembled can we verify that they used the exact same operating system image.

The operating system isn't the only point of failure. This may not be obvious to non-code monkeys. Let me clarify. In the last election, the "results" were transmitted, via HSDPA connections, I believe, to a central server (and possibly a backup; I can't remember) guarded and held under lock and key. And, right there, I've just mentioned at least three separate points of failure, all capable of being independently targeted and manipulated. Here's a picture:

  1. The operating system can be "buggy", such that it doesn't report failure to write to whatever media it uses to store its results. This way, a disk (I think they use some sort of solid-state drive) preloaded with rigged results can be shipped with each voting machine, with the read-only switch turned on. This is simple enough, and hard enough to verify (since, presumably, they'd have had more than enough time to cover their tracks this way). Or, you know, attach the preloaded disks to a port that the operating system doesn't expect to find them in. Easy enough to miss, even if you're a hotshot code monkey.
  2. HSDPA connections. Admittedly, a little more far-fetched, but not altogether impossible. Plus, have we already forgotten the lax security that allows bored Globe and Smart employees access to our individual SMS messages (which are, by the way, stored as plaintext on their servers). If you had money to burn, how much would you be willing to pay to bribe overworked and underpaid technicians into manipulating digital streams of data?
  3. The servers. Ohmighod, the servers. Take number 1, except, this time, it's even easier. Ignore anything the machines in the field send you, present preloaded data. You only have to rig one or two machines, instead of all the machines in the field.

If you're a belts-and-suspender type of criminal, combine two or more of these for even better results. And these are just the things I've come up with while being simultaneously engrossed in an episode of House M.D..

Oh, hey, also, a little birdie told me that a certain diminutive political hack shelled out 10 million bucks for each offspring to win. No crackpot conspiracy theories on how much he had to pay for himself to win, though; sorry.

Anyway, I don't really have a point to all this, I suppose. I just wanted to point out how massively stupid this attempt to get pats on the back is. And, more dangerously, whoever takes a look at the source will probably find nothing. This will serve only to bolster the confidence of the unwashed masses over this inherently and, dare I say, fatally flawed technology.

I've no better solution to offer, so I guess this is pointless criticism. The only thing I can suggest is that we go back to the old ways. Not that I like the idea of hundreds of thousands of teachers manually toiling away, inefficiently counting votes. But at least it's a methodology I can actually trust more than this newfangled electronic voting crap.

I'm a programmer. My livelihood depends on my skill at pushing electrons. And, yet, I'm telling people constantly that the taxpayers' money—our money—have been wasted by the self-absorbed elitist jerk that came up with this bill in the first place.

It's time to admit that our first attempt at electronic voting has failed. Miserably. Not only are we unable to get results that's trustworthy, we can't even get it as quickly as US citizens can. Maybe in ten years' time, we'd have perfected the technology.

Or, more likely, we'd have no further need for it, after Binay has turned this country into an even bigger mess than it currently is.

The definition of insanity is doing the same thing over and over again, expecting different results each time. But this... we'd be playing craps with the future of our children. Not only is that insane, it's dangerously stupid.