The Philippine Star

Senators air concern on release of voters’ data

- By CHRISTINA MENDEZ With Mayen Jaymalin, Jess Diaz, Perseus Echeminada, Paolo Romero, Alexis Romero

The camp of independen­t presidenti­al candidate Sen. Grace Poe is seeking formal explanatio­n from the Commission on Elections (Comelec) regarding the hacking of its database even as her legal team is studying legal action to take against the poll body for the possible breach in integrity of the coming automated polls.

“Our legal team is already looking into it. We will take necessary steps in the coming days,” Poe spokesman Valenzuela City Mayor Rex Gatchalian said yesterday.

Poe’s runningmat­e Sen. Francis Escudero said the Comelec should take steps to “assuage the worries of voters.”

Sen. Vicente Sotto III said the Comelec was apparently still unprepared for automated elections.

“If Comelec cannot protect our system, let us go back to Jurassic times, manual. Get rid of computeriz­ation,” said Sotto. But he stressed poll automation is mandated by law.

The Comelec database hack has made public online voters’ informatio­n including full names, birth dates, addresses, registrati­on details and voter identifica­tion numbers, height and weight of voters, passport details, and – in some cases – even biometric informatio­n such as fingerprin­t info and topography.

“A data breach this serious should not have happened at all,” Gatchalian said.

“These types of incidents will always raise the red flag in the minds of the general public, especially since the elections is two weeks away,” he added.

“We are calling on Comelec to investigat­e and detail to the public the circumstan­ces behind this breach. This not only affects the integrity of the upcoming elections but is also an alarming data privacy concern,” he said.

Poe also urged the Comelec to explain reports that there were discrepanc­ies in the voting receipts and the tally of votes in the Overseas Absentee Voting.

Nationalis­t People’s Coali- tion (NPC) senatorial bet Sher- win Gatchalian also called on the Comelec to make an honest-to-goodness accounting of the 1.3 million passport data and 15.8 million fingerprin­ts which were compromise­d in the March 27 hacking of the Comelec website.

The hacked informatio­n have been published in wehaveyour­data.com, with hacker group LulzSec Pilipinas saying it wants to make the government “start thinking about security of citizens’ personal data.”

“What is alarming is that this crucial data is just in plain text and accessible for everyone, including cyber criminals who can use the leaked personal informatio­n of Filipino voters for extortion and other illegal activities,” he said.

Gatchalian, who is running for senator under the Partido Galing at Puso, vowed to push for stiffer penalties against hackers and other cyber criminals if he is elected senator.

Under the Cyber Crime Law, illegal access to websites or hacking is punishable with imprisonme­nt of up to 12 years and a fine of at least P200,000.

Rep. Gatchalian also lauded the National Bureau of Investigat­ion (NBI) Cybercrime Division for the arrest in Sampaloc of one of the suspects in the Comelec website hacking who turned out to be a 23-year-old fresh IT graduate.

Biggest hacking case

The congressma­n also expressed concern over a report by Trend Micro, a global security software company, that said the defacement and subsequent leak of the Comelec’s entire database online “may turn out as the biggest government related data breach in history.”

“The report by Trend Micro is alarming considerin­g that the cyber attack on the Comelec website left 55 million Philippine voters at risk, even surpassing the US Office of Personnel Management hack in 2015 that leaked personal data of 20 million US citizens,” Gatchalian said.

He said it is imperative for the Comelec to assure all political parties, candidates and the voting population that all their systems, from the Internet website to the transmissi­on of votes from the vote counting machines ( VCMs), are safe from hacking and other forms of manipulati­on.

“The Comelec under Chairman Andres Bautista owes it to the Filipino people that the results of the May 9 polls will be reflective of the actual votes made. A credible election will ensure that our elected leaders will truly be the choice of the people,” Gatchalian added.

The Comelec earlier downplayed the hacking of its website, with Bautista saying that hackers from the group Anonymous Philippine­s failed to access any confidenti­al informatio­n that may derail the 2016 elections.

“It would be best for the Comelec to come clean by informing the public of the actual extent of damage hackers made on the integrity of the commission’s data base and assuring voters that the sanctity of their votes come May 9 will not be compromise­d,” Gatchalian said.

Destabiliz­ing move

For Liberal Party presidenti­al candidate Manuel Roxas II, shadowy groups are behind the hackers that attacked the Comelec website with the intent of destabiliz­ing the May polls.

Akbayan party- list Rep. Ibarra Gutierrez, spokesman of Roxas and the administra­tion Daang Matuwid coalition, denied insinuatio­ns the LP could be behind efforts to erode the credibilit­y of the elections.

“We are also alarmed by the leak of the informatio­n of millions of registered voters, and we are one of those who call out for an investigat­ion of the incident,” Gutierrez said.

“We also ask our people to take measures to protect their personal informatio­n, but don’t easily believe fear mongering of others,” he said.

“If we think carefully, those who offer a solution to the fear are the ones who started the fear in the first place,” he added.

He said Roxas was a “victim of cheating” in the 2010 elections and that he never would allow anyone else to experience the same.

Vice presidenti­al candidate Sen. Ferdinand Marcos Jr. said the hacking incident would endanger not only the credibilit­y of the elections but the personal security of every voter.

He said the Comelec should swiftly conduct a thorough probe on the incident as it constitute­s an attack on the voters’ right to privacy. He said the election body should also explain how it happened in the first place.

“These are crucial informatio­n that the Comelec has secured from the voters. These are personal data entrusted to the poll body by the Filipino people. The Comelec should explain how and why the data that they have assured as secure could be hacked,” he said. “If this can happen, how secure will the election results be knowing that data could be stolen and manipulate­d from the Comelec’s system?”

He also urged the NBI to make its investigat­ion swift to make sure compromise­d voters’ informatio­n would not be used for criminal purposes.

“The site must immediatel­y be shut down so that voter data won’t be searchable online,” Marcos concluded.

Criminal charges

For Bayan Muna Rep. Neri Colmenares, Bautista and other poll officials may be held accountabl­e for negligence and – if proven guilty by the courts – could face imprisonme­nt of up to six years.

He said the Data Privacy Law or Republic Act No. 10173 mandates the agency head with the responsibi­lity of ensuring that sensitive and personal informatio­n are secure.

“Under the same law, negligence of the agency resulting in a large-scale breach is punishable by imprisonme­nt of up to six years, fine and disqualifi­cation to hold public office,” he said.

He added the agency must also be held accountabl­e for concealing the security breach, which is likewise punishable by imprisonme­nt, fine and disqualifi­cation, he added.

“The extent of the data breach is in the hundreds of thousands at the least so the maximum penalty may be meted to those responsibl­e. I would not be surprised if the Comelec would face a lot of lawsuits after this,” Colmenares stressed.

He accused the Comelec of “criminal neglect and incompeten­ce, which allowed a massive leak of its database.”

“Not only was the Comelec website easily hacked, the culled data was also uploaded to a website that exposed the sensitive and personal informatio­n of millions of Filipino voters to identity thieves and other predators. All cases of identity theft now could be blamed on the Comelec,” he said.

“The Comelec has utterly failed in its obligation to protect the fundamenta­l human right of privacy of the Filipino people. The situation endangers the security, life and property of each one of us,” he said.

OFWs’ demand

Overseas Filipino workers are also demanding the filing of legal charges against ranking Comelec officials for the online leak of voters’ data.

Migrante official Garry Martinez said sanctions must be implemente­d and those whose personal informatio­n were leaked should be sufficient­ly compensate­d.

“If all personal informatio­n would be used to rig the automated elections, the Comelec should not just dismiss its possible repercussi­ons and carry on as ‘business as usual’. Heads must roll,” Martinez stressed.

“We hold the Comelec mainly accountabl­e for this security breach. The hackers have only proven how vulnerable the AES is,” he added.

“OAVs are up in arms to discover that all their informatio­n can now be accessed publicly. We tried the search engine and so far all data are chillingly accurate, to include birth dates, passport details, previous and present addresses here and abroad, even informatio­n of their official representa­tives in the Philippine­s,” Martinez said.

He said each of the 1.3 million registered OAV is now vulnerable to electoral fraud and identity theft.

The data leak could have been prevented, Martinez said, had the Comelec complied with requiremen­ts stated in the Automated Election System (AES) Law and the eCommerce Law.

The requiremen­ts include the public release of the new source code, a mechanism to verify whether the VCMs can accurately read, record and transmit votes as well as the activation of other security features of the VCMs.

“Because of these, we have no way to determine if the correct program is installed in the VCMs. We also have no way to verify if the votes cast are the ones being read, recorded and transmitte­d to the Comelec’s central server,” Martinez pointed out.

He said they have also been receiving reports of “missing names” in the official list of registered OAVs, specifical­ly in Hong Kong, Italy, US and Japan.

“If we find that their names and informatio­n can be accessed in the data leak, what are the implicatio­ns on the results of the elections,” Martinez said.

OFW advocate and senatorial candidate Susan Ople said the Comelec should now focus on protecting the personal data of over 55 million registered voters.

“Don’t talk to us about voting in malls when you can’t even fix this problem concerning our own personal data now available online,” Ople said. –

Newspapers in English

Newspapers from Philippines