Whatever the outcome of Commission on Elections (Comelec)’s investigation on the unauthorized changes made by Smartmatic-Total Information Management Corp. (Smartmatic) in the transparency server used by the Parish Pastoral Council for Responsible Voting (PPCRV), it is undeniable that the Venezuelan-owned company committed a serious violation not only of its supply contract but also of the country’s electoral laws. If only to show that our laws and rules are not to be trifled with, the harshest penalty possible ought to be imposed on Smartmatic – perpetual disqualification from any Philippine elections. After all, there are many (and bigger) providers of electronic voting systems in the world other than Smartmatic. Comelec chairman Andy Bautista’s explanation (surprisingly echoing Smartmatic’s excuse for lack of a better alibi) that the correction of the computer script of the Comelec transparency server was merely a “cosmetic change” and did not affect the poll results, is at best ill-informed and speculative, and at worst misleading. Well-intentioned or not, the supposedly “minor” change does not justify Smartmatic tampering with the electronic canvassing system, more so while the bulk of the voting results were being transmitted to the Comelec servers.
Top officials of the Commission on Elections (Comelec), Parish Pastoral Council for Responsible Voting (PPCRV) and the Comelec service provider Smartmatic are facing election sabotage charges before the Office of the Ombudsman (OMB) for allegedly changing the computer script (hash code) or program which may have altered the counting of the votes. Most of the respondents were not named in the 27-page complaint except for Henrieta de Villa of PPCRV and Marlon Garcia Smartmatic, the Venezuelan IT expert who allegedly changed the script together with unnamed Comelec technicians to accommodate the letter “ñ.” The complaint was filed jointly by the Mata sa Balota Movement (MBM)) and the Coalition of Clean Air Act of the Philippines which asked Ombudsman Conchita Carpio Morales to look into the hash code switch which they claimed seriously affected the integrity of the counting of the votes in the May 9 national and local elections.
The breach could be the biggest-yet hack of government-held data, according to Trend Micro. A breach of the Philippines’ Commission on Elections (Comelec) affecting about 55 million people could be the largest hack of government-held data ever, according to security specialists. Government representatives have downplayed the seriousness of the breach, which took place late last month, but IT security firm Trend Micro said its analysis of the exposed data found that it included sensitive information such as passport numbers and fingerprint records. “Every registered voter in the Philippines is now susceptible to fraud and other risks,” Trend said in an advisory. “With 55 million registered voters in the Philippines, this leak may turn out as the biggest government related data breach in history.”
The Commission on Elections yesterday asked the National Bureau of Investigation (NBI) to look into the hacking of the Comelec’s website last Sunday.Comelec spokesman James Jimenez said they have referred the case to the NBI’s cybercrime division as a group identifying itself as “LulzSec” has claimed uploading parts of the Comelec’s database to its Facebook account. “That matter has actually been referred to the NBI cybercrimes. So right now, the first step really is to validate whether or not the data they posted are authentic… At this point, I really don’t know if it’s the real deal and that’s the first thing that we want to find out,” Jimenez said. The NBI, however, said it has yet to receive the request from the Comelec. “None yet,” said Victor Lorenzo, executive officer of the NBI’s cybercrime division.
The Commission on Elections (Comelec) on Tuesday (January 26) came up with the trusted build of the software that will be used to run the election management system (EMS) of the May 9 national and local polls. The supplier of the software, Smartmatic-Total Information Management (TIM), and the international certifier, SLI Global Solutions, put the trusted build together based on the customized source code reviewed by SLI in Denver, Colorado, USA. They were supervised by members of the Comelec and representatives from the Technical Evaluation Committee of the Department of Science and Technology (DOST). On its website, the Comelec defines the trusted build as “the process whereby the source code is converted to machine-readable binary instructions (executable code) for the computer. It is performed with adequate security measures implemented to give confidence that the executable code is a verifiable and faithful representation of the source code.”
Some 45,000 out of the 97,519 vote counting machines (VCMs) that will be used by the Commission on Elections (Comelec) in the coming synchronized local and national polls have arrived in the country. Comelec spokesman James Jimenez on Friday disclosed that of the number, 20,944 units had been delivered to the Comelec’s warehouse in Santa Rosa, Laguna, while the remaining 24,000 were still awaiting release by the Bureau of Customs (BoC). According to Jimenez, full delivery that accounts for the remaining 52,575 machines would be made by the end of the month as agreed upon by the Comelec and technology provider Smartmatic Corp. He explained that the voting machines would undergo hardware testing before they are accepted by the poll body to ensure that they are functional.
The Commission on Elections (Comelec) will reactivate three of the four security features of the Precinct Count Optical Scan (PCOS) voting machines that were deactivated during the 2010 and 2013 elections. “All those features are there but as to whether we will enable the features, chances are [we will reactivate] at least three out of four,” Comelec Chairman Andres Bautista said on Tuesday. The four security features are the ballot verification or ultra violet detectors, the source code review, the digital signature and the voter verified paper audit trail.
The Commission on Elections (Comelec) inspected the Smartmatic production facility in Taiwan, where voting machines for next year’s polls are being produced. The Comelec was accompanied by members of the Joint Congressional Oversight Committee on Suffrage and Electoral Reforms, election watchdog Parish Pastoral Council for Responsible Voting (PPCRV), and members of the media. Smartmatic first won the bid for the lease purchase of 23,000 machines in June, and another contract for 70,977 vote-counting machines (VCMs) in September. On December, the Comelec made a repeat order for another 3,000 machines to Smartmatic to ensure that the machine-to-voter ratio will be kept at 1:800.
The Commission on Elections in 2010 and 2013 trusted Smartmatic, a purportedly Venezuelan firm, that its counting of votes in those election years would be completely aboveboard. The Comelec will again give its full trust to Smartmatic in the national election next year as the Filipino people decide who will run this country in the next six years. For such a crucial role in our democratic process, the Comelec knows exactly what it is dealing with, and who the owners of Smartmatic are. Right? Amazingly, no. Neither the Comelec nor Smartmatic has disclosed the full details of the firm’s ownership. What’s worrying is that a detailed investigation by the US Embassy in Caracas, Venezuela (which, one would presume, had inputs from its intelligence services), where the firm is purportedly based, concluded:
“Smartmatic is a riddle. The company came out of nowhere to snatch a multi-million dollar contract in an electoral process that ultimately reaffirmed Chavez’s mandate and all but destroyed his political opposition. The perspective we have here, after several discussions with Smartmatic, is that the company is de facto Venezuelan and operated by Venezuelans. The identity of Smartmatic’s true owners remains a mystery. Our best guess is that there are probably several well-known Venezuelan businessmen backing the company and who prefer anonymity either because of their political affiliation, or perhaps, because they manage the interests of senior Venezuelan government officials.”
The Supreme Court (SC) on Tuesday, December 1, temporarily ordered the Commission on Elections (Comelec) not to deactivate the registration of 2.5 million voters who failed to have their biometrics taken for the 2016 elections. SC spokesman Theodore Te said the SC’s temporary restraining order (TRO) covers the Comelec’s “No Bio, No Boto” (No Biometrics, No Vote) policy. Te said the TRO is “effective immediately and until further orders.” In a text message to Rappler on Tuesday, Comelec Spokesman James Jimenez said around 2.5 million voters completely failed to have their biometrics taken.