Senators air concern on release of voters’ data
The camp of independent presidential candidate Sen. Grace Poe is seeking formal explanation from the Commission on Elections (Comelec) regarding the hacking of its database even as her legal team is studying legal action to take against the poll body for the possible breach in integrity of the coming automated polls.
“Our legal team is already looking into it. We will take necessary steps in the coming days,” Poe spokesman Valenzuela City Mayor Rex Gatchalian said yesterday.
Poe’s runningmate Sen. Francis Escudero said the Comelec should take steps to “assuage the worries of voters.”
Sen. Vicente Sotto III said the Comelec was apparently still unprepared for automated elections.
“If Comelec cannot protect our system, let us go back to Jurassic times, manual. Get rid of computerization,” said Sotto. But he stressed poll automation is mandated by law.
The Comelec database hack has made public online voters’ information including full names, birth dates, addresses, registration details and voter identification numbers, height and weight of voters, passport details, and – in some cases – even biometric information such as fingerprint info and topography.
“A data breach this serious should not have happened at all,” Gatchalian said.
“These types of incidents will always raise the red flag in the minds of the general public, especially since the elections is two weeks away,” he added.
“We are calling on Comelec to investigate and detail to the public the circumstances behind this breach. This not only affects the integrity of the upcoming elections but is also an alarming data privacy concern,” he said.
Poe also urged the Comelec to explain reports that there were discrepancies in the voting receipts and the tally of votes in the Overseas Absentee Voting.
Nationalist People’s Coali- tion (NPC) senatorial bet Sher- win Gatchalian also called on the Comelec to make an honest-to-goodness accounting of the 1.3 million passport data and 15.8 million fingerprints which were compromised in the March 27 hacking of the Comelec website.
The hacked information have been published in wehaveyourdata.com, with hacker group LulzSec Pilipinas saying it wants to make the government “start thinking about security of citizens’ personal data.”
“What is alarming is that this crucial data is just in plain text and accessible for everyone, including cyber criminals who can use the leaked personal information of Filipino voters for extortion and other illegal activities,” he said.
Gatchalian, who is running for senator under the Partido Galing at Puso, vowed to push for stiffer penalties against hackers and other cyber criminals if he is elected senator.
Under the Cyber Crime Law, illegal access to websites or hacking is punishable with imprisonment of up to 12 years and a fine of at least P200,000.
Rep. Gatchalian also lauded the National Bureau of Investigation (NBI) Cybercrime Division for the arrest in Sampaloc of one of the suspects in the Comelec website hacking who turned out to be a 23-year-old fresh IT graduate.
Biggest hacking case
The congressman also expressed concern over a report by Trend Micro, a global security software company, that said the defacement and subsequent leak of the Comelec’s entire database online “may turn out as the biggest government related data breach in history.”
“The report by Trend Micro is alarming considering that the cyber attack on the Comelec website left 55 million Philippine voters at risk, even surpassing the US Office of Personnel Management hack in 2015 that leaked personal data of 20 million US citizens,” Gatchalian said.
He said it is imperative for the Comelec to assure all political parties, candidates and the voting population that all their systems, from the Internet website to the transmission of votes from the vote counting machines ( VCMs), are safe from hacking and other forms of manipulation.
“The Comelec under Chairman Andres Bautista owes it to the Filipino people that the results of the May 9 polls will be reflective of the actual votes made. A credible election will ensure that our elected leaders will truly be the choice of the people,” Gatchalian added.
The Comelec earlier downplayed the hacking of its website, with Bautista saying that hackers from the group Anonymous Philippines failed to access any confidential information that may derail the 2016 elections.
“It would be best for the Comelec to come clean by informing the public of the actual extent of damage hackers made on the integrity of the commission’s data base and assuring voters that the sanctity of their votes come May 9 will not be compromised,” Gatchalian said.
Destabilizing move
For Liberal Party presidential candidate Manuel Roxas II, shadowy groups are behind the hackers that attacked the Comelec website with the intent of destabilizing the May polls.
Akbayan party- list Rep. Ibarra Gutierrez, spokesman of Roxas and the administration Daang Matuwid coalition, denied insinuations the LP could be behind efforts to erode the credibility of the elections.
“We are also alarmed by the leak of the information of millions of registered voters, and we are one of those who call out for an investigation of the incident,” Gutierrez said.
“We also ask our people to take measures to protect their personal information, but don’t easily believe fear mongering of others,” he said.
“If we think carefully, those who offer a solution to the fear are the ones who started the fear in the first place,” he added.
He said Roxas was a “victim of cheating” in the 2010 elections and that he never would allow anyone else to experience the same.
Vice presidential candidate Sen. Ferdinand Marcos Jr. said the hacking incident would endanger not only the credibility of the elections but the personal security of every voter.
He said the Comelec should swiftly conduct a thorough probe on the incident as it constitutes an attack on the voters’ right to privacy. He said the election body should also explain how it happened in the first place.
“These are crucial information that the Comelec has secured from the voters. These are personal data entrusted to the poll body by the Filipino people. The Comelec should explain how and why the data that they have assured as secure could be hacked,” he said. “If this can happen, how secure will the election results be knowing that data could be stolen and manipulated from the Comelec’s system?”
He also urged the NBI to make its investigation swift to make sure compromised voters’ information would not be used for criminal purposes.
“The site must immediately be shut down so that voter data won’t be searchable online,” Marcos concluded.
Criminal charges
For Bayan Muna Rep. Neri Colmenares, Bautista and other poll officials may be held accountable for negligence and – if proven guilty by the courts – could face imprisonment of up to six years.
He said the Data Privacy Law or Republic Act No. 10173 mandates the agency head with the responsibility of ensuring that sensitive and personal information are secure.
“Under the same law, negligence of the agency resulting in a large-scale breach is punishable by imprisonment of up to six years, fine and disqualification to hold public office,” he said.
He added the agency must also be held accountable for concealing the security breach, which is likewise punishable by imprisonment, fine and disqualification, he added.
“The extent of the data breach is in the hundreds of thousands at the least so the maximum penalty may be meted to those responsible. I would not be surprised if the Comelec would face a lot of lawsuits after this,” Colmenares stressed.
He accused the Comelec of “criminal neglect and incompetence, which allowed a massive leak of its database.”
“Not only was the Comelec website easily hacked, the culled data was also uploaded to a website that exposed the sensitive and personal information of millions of Filipino voters to identity thieves and other predators. All cases of identity theft now could be blamed on the Comelec,” he said.
“The Comelec has utterly failed in its obligation to protect the fundamental human right of privacy of the Filipino people. The situation endangers the security, life and property of each one of us,” he said.
OFWs’ demand
Overseas Filipino workers are also demanding the filing of legal charges against ranking Comelec officials for the online leak of voters’ data.
Migrante official Garry Martinez said sanctions must be implemented and those whose personal information were leaked should be sufficiently compensated.
“If all personal information would be used to rig the automated elections, the Comelec should not just dismiss its possible repercussions and carry on as ‘business as usual’. Heads must roll,” Martinez stressed.
“We hold the Comelec mainly accountable for this security breach. The hackers have only proven how vulnerable the AES is,” he added.
“OAVs are up in arms to discover that all their information can now be accessed publicly. We tried the search engine and so far all data are chillingly accurate, to include birth dates, passport details, previous and present addresses here and abroad, even information of their official representatives in the Philippines,” Martinez said.
He said each of the 1.3 million registered OAV is now vulnerable to electoral fraud and identity theft.
The data leak could have been prevented, Martinez said, had the Comelec complied with requirements stated in the Automated Election System (AES) Law and the eCommerce Law.
The requirements include the public release of the new source code, a mechanism to verify whether the VCMs can accurately read, record and transmit votes as well as the activation of other security features of the VCMs.
“Because of these, we have no way to determine if the correct program is installed in the VCMs. We also have no way to verify if the votes cast are the ones being read, recorded and transmitted to the Comelec’s central server,” Martinez pointed out.
He said they have also been receiving reports of “missing names” in the official list of registered OAVs, specifically in Hong Kong, Italy, US and Japan.
“If we find that their names and information can be accessed in the data leak, what are the implications on the results of the elections,” Martinez said.
OFW advocate and senatorial candidate Susan Ople said the Comelec should now focus on protecting the personal data of over 55 million registered voters.
“Don’t talk to us about voting in malls when you can’t even fix this problem concerning our own personal data now available online,” Ople said. –