The breach could be the biggest-yet hack of government-held data, according to Trend Micro. A breach of the Philippines’ Commission on Elections (Comelec) affecting about 55 million people could be the largest hack of government-held data ever, according to security specialists. Government representatives have downplayed the seriousness of the breach, which took place late last month, but IT security firm Trend Micro said its analysis of the exposed data found that it included sensitive information such as passport numbers and fingerprint records. “Every registered voter in the Philippines is now susceptible to fraud and other risks,” Trend said in an advisory. “With 55 million registered voters in the Philippines, this leak may turn out as the biggest government related data breach in history.”
The Commission on Elections yesterday asked the National Bureau of Investigation (NBI) to look into the hacking of the Comelec’s website last Sunday.Comelec spokesman James Jimenez said they have referred the case to the NBI’s cybercrime division as a group identifying itself as “LulzSec” has claimed uploading parts of the Comelec’s database to its Facebook account. “That matter has actually been referred to the NBI cybercrimes. So right now, the first step really is to validate whether or not the data they posted are authentic… At this point, I really don’t know if it’s the real deal and that’s the first thing that we want to find out,” Jimenez said. The NBI, however, said it has yet to receive the request from the Comelec. “None yet,” said Victor Lorenzo, executive officer of the NBI’s cybercrime division.
The Commission on Elections (Comelec) on Tuesday (January 26) came up with the trusted build of the software that will be used to run the election management system (EMS) of the May 9 national and local polls. The supplier of the software, Smartmatic-Total Information Management (TIM), and the international certifier, SLI Global Solutions, put the trusted build together based on the customized source code reviewed by SLI in Denver, Colorado, USA. They were supervised by members of the Comelec and representatives from the Technical Evaluation Committee of the Department of Science and Technology (DOST). On its website, the Comelec defines the trusted build as “the process whereby the source code is converted to machine-readable binary instructions (executable code) for the computer. It is performed with adequate security measures implemented to give confidence that the executable code is a verifiable and faithful representation of the source code.”
Some 45,000 out of the 97,519 vote counting machines (VCMs) that will be used by the Commission on Elections (Comelec) in the coming synchronized local and national polls have arrived in the country. Comelec spokesman James Jimenez on Friday disclosed that of the number, 20,944 units had been delivered to the Comelec’s warehouse in Santa Rosa, Laguna, while the remaining 24,000 were still awaiting release by the Bureau of Customs (BoC). According to Jimenez, full delivery that accounts for the remaining 52,575 machines would be made by the end of the month as agreed upon by the Comelec and technology provider Smartmatic Corp. He explained that the voting machines would undergo hardware testing before they are accepted by the poll body to ensure that they are functional.
The Commission on Elections (Comelec) will reactivate three of the four security features of the Precinct Count Optical Scan (PCOS) voting machines that were deactivated during the 2010 and 2013 elections. “All those features are there but as to whether we will enable the features, chances are [we will reactivate] at least three out of four,” Comelec Chairman Andres Bautista said on Tuesday. The four security features are the ballot verification or ultra violet detectors, the source code review, the digital signature and the voter verified paper audit trail.
The Commission on Elections (Comelec) inspected the Smartmatic production facility in Taiwan, where voting machines for next year’s polls are being produced. The Comelec was accompanied by members of the Joint Congressional Oversight Committee on Suffrage and Electoral Reforms, election watchdog Parish Pastoral Council for Responsible Voting (PPCRV), and members of the media. Smartmatic first won the bid for the lease purchase of 23,000 machines in June, and another contract for 70,977 vote-counting machines (VCMs) in September. On December, the Comelec made a repeat order for another 3,000 machines to Smartmatic to ensure that the machine-to-voter ratio will be kept at 1:800.
The Commission on Elections in 2010 and 2013 trusted Smartmatic, a purportedly Venezuelan firm, that its counting of votes in those election years would be completely aboveboard. The Comelec will again give its full trust to Smartmatic in the national election next year as the Filipino people decide who will run this country in the next six years. For such a crucial role in our democratic process, the Comelec knows exactly what it is dealing with, and who the owners of Smartmatic are. Right? Amazingly, no. Neither the Comelec nor Smartmatic has disclosed the full details of the firm’s ownership. What’s worrying is that a detailed investigation by the US Embassy in Caracas, Venezuela (which, one would presume, had inputs from its intelligence services), where the firm is purportedly based, concluded:
“Smartmatic is a riddle. The company came out of nowhere to snatch a multi-million dollar contract in an electoral process that ultimately reaffirmed Chavez’s mandate and all but destroyed his political opposition. The perspective we have here, after several discussions with Smartmatic, is that the company is de facto Venezuelan and operated by Venezuelans. The identity of Smartmatic’s true owners remains a mystery. Our best guess is that there are probably several well-known Venezuelan businessmen backing the company and who prefer anonymity either because of their political affiliation, or perhaps, because they manage the interests of senior Venezuelan government officials.”
The Supreme Court (SC) on Tuesday, December 1, temporarily ordered the Commission on Elections (Comelec) not to deactivate the registration of 2.5 million voters who failed to have their biometrics taken for the 2016 elections. SC spokesman Theodore Te said the SC’s temporary restraining order (TRO) covers the Comelec’s “No Bio, No Boto” (No Biometrics, No Vote) policy. Te said the TRO is “effective immediately and until further orders.” In a text message to Rappler on Tuesday, Comelec Spokesman James Jimenez said around 2.5 million voters completely failed to have their biometrics taken.
More Filipinos abroad are expected to come out and participate in the May 2016 elections. Commission on Elections Chairman Andres Bautista over the weekend said the Comelec is eyeing higher turnout for the overseas absentee voting (OAV). Bautista said Filipinos abroad are not only expected to register but also actually participate and vote in the coming elections. “We are also trying to beat that of the voter turnout. We are targeting hopefully at least half-a-million to vote for the 2016 elections,” Bautista said.
The Commission on Elections (Comelec) has ruled out the possibility of conducting Internet voting for the 2016 presidential elections. “Personally, I favor Internet voting, but unfortunately, our laws at present do not allow it,” Comelec commissioner Arthur Lim said Wednesday. According to Lim, there are two pending bills in Congress on Internet voting. However, current preparations for the 2016 polls are already focused on the automation of the elections.