Trustworthy ‘trusted-build’?


“Trust, but verify,” is a phrase adopted by President Ronald Reagan in his dealings with the Russians. It’s an advice to further validate the accuracy of information given.

The source codes of the election management system (EMS), precinct count optical scan (PCOS), and the consolidation and canvassing system (CCS) will have to undergo conversion from a form that humans can read, into what is referred to as binary code, which computers understand. The process is referred to as “trusted-build.”

The “trusted-build” activity, open for observation by stakeholders, is one of the transparency and confidence-building measures aimed at building trust in the automated election system. There is nothing really much to see, except informational messages and prompts displayed via an LCD projector, since everything happens inside the machine.

An equally important activity before the “trusted-build” is the review of the source code which is being done in two stages: base source code review and customized source code review. The base source code is the generic source code of the programs prepared for the EMS, the PCOS, and the CCS. The base source codes have to be customized to take into consideration the procedures, rules, and conditions provided in Philippine election laws – such as, among others, rules on the counting of votes and the manner of vote canvassing and consolidation.

The local groups who participated in the base source code review had also suggested improvements and presumably these were considered in the customization of the base source codes.

A separate review of the source codes was done or is being done by SLI Global (SLI), the Denver, USA based international certification entity engaged by the Commission on Elections (Comelec) for the third time.

The (Comelec) conducted a “trusted-build” activity only for the EMS software last January 26, 2016. Presumably, the review of the EMS customized source code has been completed by SLI. The “trusted-build” activities for the PCOS and consolidation and canvassing system (CCS) software have yet to be scheduled.

Trust, but verify
When the panel–composed of Engr. Peter Banzon, Chairman of the Technical Evaluation Committee (TEC) and of ASTI-DOST, Mr. Mike Santos of SLI, Commissioner Robert Lim, and Mr. Marlon Garcia of Smartmatic–was asked what assurance they could give the stakeholders that the copy of the EMS customized source code reviewed and certified by SLI is the same as the as the copy of the EMS customized source code reviewed by the local groups, no one could give a straight answer, except to say that the EMS customized source code had undergone review.

Apparently, the local groups have not even started reviewing the EMS customized source code. Review of said source code will only commence in the week of February 1, 2016.

A case of putting the cart before the horse.

The hash codes of the EMS customized source code could have been generated had the local groups been able to complete its review. These set of hash codes could have served as a reference point for the “trusted-build” activity.

Prior to the start of the “trusted-build” activity, the hash codes of the SLI reviewed EMS customized source code could have been generated in the presence of observers and media. A comparison of the two sets of hash codes could have been done and a match would then serve as assurance that, indeed, the two copies of the customized source code are the same!

No comparison could be done because the local groups had not even started the review of the EMS customized source code and none among Comelec, TEC, Smartmatic, and SLI could give the assurance asked of them.

The “trusted-build” activity was done anyway and the reason given was lack of time. Smartmatic has to generate the ballot faces and the PCOS and CCS machine configurations. Comelec had recently announced that with or without a decision by the Supreme Court on the disqualification case of Senator Grace Poe, it will have to start printing the ballots on February 8 with her name on it as it will take three months to complete the printing of the ballots. Comelec’s AES (automated election system) timetable is getting tighter.

Why were the EMS customized source codes made available to SLI but not to the local groups at the same time? What will Comelec and Smartmatic do if the local groups find anything wrong or suspicious with the customized source code? Will it be back to square one?

After the local groups complete the review of the EMS customized source code Smartmatic can generate the corresponding binary codes and generate the hash codes of the binaries. Smartmatic is confident that these hash codes and the hash codes of the binaries generated from the trusted build will match. Why not? It has always had possession and full control over all source codes.


Please follow our commenting guidelines.


  1. Haaay naku! Di marunong umintindi ng batas ang Comelec en banc! “Trusted-build” kuno, kasi sila-sila lang ang nakaka-alam; wala silang paki-alam sa mga stakeholders. They are just doing that “Trusted-build” for show only kasi nga late na naman yang source code review.

  2. ernie del rosario on

    I suggets Lito that you explain in detail what the EMS is for, what it does and produces and what its criticality is in this trust building exercise. People must clearly understand what this thing does. Thanks.