Devious plot?
A government agency called the National Privacy Commission (NPC) hogged the headlines last week following a controversial decision on the so-called “Come-leak.” Or this was the incident involving the hacking in March last year of the voters’ database of the Commission on Elections (Comelec). The hacked data allegedly compromised the personal information of more than 55 million Filipino voters taken from the Comelec’s official list of registered voters’ here in the Philippines, including overseas Filipino workers (OFWs).
The three-man NPC singled out Comelec chairman Andres Bautista for his alleged “negligence” for not appointing a data protection officer as mandated by the Data Privacy Act of 2012, or Republic Act (RA) 10173. In a full blown press conference he called last Thursday, NPC chairman Raymund Liboro announced their ruling and entirely blamed Bautista for the “Come-leak” that happened a few months before the May 9 presidential elections.
At dawn of March 27 last year, self-styled “hacktivist” group called Anonymous Philippines, defaced the Comelec website. They came out with an open statement claiming they merely wanted to show that hacking might expose the vulnerability of the entire electoral process of the Comelec’s automated elections using Smartmatic technology adopted for the third time in the Philippines. The hacking affected certain functions like the precinct finder and post finder for registered voters.
Curiously also over the weekend, Reuters dispatched a story about Central Intelligence Agency (CIA) findings that have validated that some Russian officials purportedly tried to discredit the last US presidential election process by hacking into the database of the US Democrat party to make it appear Moscow backed president-elect Donald Trump’s campaign. Trump has rejected the broad intelligence community’s assessment that Russia staged cyber attacks during the election campaign to undermine Democratic rival Hillary Clinton. Russia has rejected the hacking allegations.
The NPC ruling against the Comelec flabbergasted the Comelec chairman who could not make heads or tails on how the three-man Commissioners could come up with such conclusions based on what he deplored as “mis-appreciation of facts and legal points” against him. Even the most sophisticated countries like the US, Bautista pointed out, fell victim to hackers.
“I just would like to make it clear that the hacking incident is not related to the results of the 2016 elections,” Bautista posted on his Twitter account @ChairAndyBau.
But what further raises the hackles of Bautista was NPC’s singling him out and charging him when the Comelec was the victim of the hackers.
Worse, Bautista noted, the NPC came up with their ruling without taking into account the Comelec compliance report submitted to them. Based on timelines, the NPC in June 2016 ordered the Comelec to submit a “compliance report” on or before Dec.31 that year. The poll body submitted the “compliance report” on Dec.29. The NPC handed down its decision dated Dec.28.
Because of this NPC ruling, there are now suggestions to impeach the Comelec chief. While indeed he heads the seven-man Comelec as a collegial body, Bautista fumes, the NPC did not give any culpability to the six Comelec commissioners nor the head of the information technology of the poll body.
The NPC has also recommended to the Department of Justice (DOJ) Secretary Vitaliano Aguirre II to conduct “further investigation for possible prosecution” of personnel from National Bureau of Investigation (NBI) under the Cybercrime Prevention Act. In their ruling, the NPC disclosed that one of the computers used in the Comelec data breach had an IP address registered with the NBI, an attached agency under the DOJ.
Ironically, it was the Anti-Cyber Crime division of the NBI that investigated the “Come-leak.” The NBI filed charges of illegal access, data interference and misuse of devices, all under the Cybercrime Prevention Act, against the arrested suspected hackers Paul Biteng and Joenel de Asis, and unauthorized access or intentional breach under the Data Privacy Act against de Asis. The two accused hackers are now undergoing court trial in Manila.
Like the Comelec chairman, the NBI was much dumbfounded and confused how the NPC came out with such ruling.
Perhaps to better understand where this ruling is coming from, let us look at how the NPC came about and who are the three commissioners who drew up this questioned ruling.
With only four months left before he stepped down from office, former President Benigno “Noynoy” Aquino III appointed the three commissioners of the NPC. This was four years after the NPC was created by the Data Privacy Law or RA 10173.
Liboro, who was then an assistant secretary at the Department of Science and Technology (DOST) during the Aquino administration, took his oath of office on March 6 last year. Liboro, as the chairman of the commission, has a term of three years and may be reappointed for another three years. He has the rank of a cabinet secretary. The two other NPC commissioners were also Aquino appointees, namely, Ivy Patdu (a lawyer-doctor) and Damian Domingo Mapa (who was formerly connected with Microsoft Phl).
So it was only at that time the Aquino administration was able to officially activate the Data Privacy Law – which was approved way back in 2012. The law specifically put the commission under the Department of Information and Communications Technology (DICT). But it took awhile before the previous 16th Congress was able to approve into law the DICT.
Ex-president Aquino signed the law creating this new department under RA 10844, or the DICT Law of 2015 only on May 23 last year. Both the appointments of the three NPC commissioners and the signing into law of DICT smacked of “midnight” Executive actions of the former president.
Aside from impeachment initiatives against Bautista as Comelec chairman, suspicious calls started stirring questions on the sanctity of the results of the May 9 presidential elections handily won by former Davao City Mayor Rodrigo Duterte. The generally fraud-free elections were credited to the entire Comelec led by Bautista who have shown their independence from the powers that be.
Thus, it behooves the Aquino-formed NPC to clarify their ruling against the Comelec. Or else, this might be seen as a devious plot to place in serious question the election of President Duterte?
But what further raises the hackles of Bautista was NPC’s singling him out and charging him when the Comelec was the victim of the hackers.