No government in the world today, not even the United States, is prepared to fight hackers, a cybersecurity expert declared at a forum on cybersecurity, PilipinasCon 2018, in Taguig City this week. Elections worldwide are being hacked. “Every single counting machine is hackable,” said cybersecurity expert Marc Goodman. At a recent underground hacking conference, he said, 25 different counting machines were broken into remotely and directly. Filipino hackers, he added, committed the biggest government data breach in history when they broke into the Comelec’s voter database and published it online in April, 2016, a month before the election that year.
Articles about voting issues in the Republic of the Philippines.
The Philippine electoral system is vulnerable to cyberattack and the government may not be prepared for it, an American cybersecurity expert has warned. Marc Goodman, founder of the Future Crimes Institute and chairman of policy, law and ethics at Silicon Valley’s Singularity University, said governments around the world, particularly the Philippines, were woefully unprepared for threats brought by the automation. The capability of the government to protect its cyber assets was placed in doubt after the “biggest data breach in history” in March 2016, when the database of voters was hacked by the Anonymous group more than a month before the May 2016 national elections.
The son of former Philippine dictator Ferdinand Marcos on Monday took a step towards securing a recount of votes in an election for vice president last year in which he says he was unfairly robbed of victory. The son, also called Ferdinand Marcos but popularly known as Bongbong, lost the election for vice president last May to social activist and lawyer Leni Robredo by about 260,000 votes. He has objected to the result ever since and the Supreme Court ruled in February that his protest was valid, but he has to pay for a recount of the votes.
The Philippine Supreme Court will allow a protest into the disputed election of the country’s vice president, giving the son of the late dictator Ferdinand Marcos a chance to prove his claim that he was robbed of the number two post. Social activist Leni Robredo was elected vice president in May 2016, winning by about 260,000 votes over Marcos’ son and namesake. Popularly known as Bongbong, he said he was the rightful winner and votes were stolen from him. Marcos had asked the court to order a recount of more than a million votes in the south and nullification of balloting in three provinces. Robredo in turn asked the court to reject his petition. On Thursday, Marcos released the court’s Jan. 24 ruling which found his petition “sufficient in form and substance”.
The Senate committee on electoral reforms is set to conduct an inquiry into the hacking of the Commission on Elections (Comelec) database, an incident considered the worst recorded breach on a government-held personal database in the world. In her Senate Resolution 260, electoral reforms committee chair Sen. Leila de Lima said there is a need to find the extent of damage the hacking caused to the voters’ database and the integrity of ordinary people’s personal information. “There is no denying that the Comelec data breach is unacceptable. Those responsible should be fully prosecuted and punished, whether they are foreign or domestic actors,” De Lima said, stressing that the breach is everyone’s problem. “Online lawlessness should be nipped at its bud,” she added.
What a difference one month makes. In December, Commission on Elections (Comelec) Chair Andres Bautista basked in the glow of an agency that was hailed globally as the Electoral Commission of the Year for the successful May 9, 2016, polls. A month later, he was facing potential criminal prosecution over the March 2016 hacking of the Comelec website that has since been described as one of the worst breaches of a government-controlled database. The National Privacy Commission said on Thursday that Bautista had committed “gross negligence” under the Data Privacy Act of 2012, or Republic Act No. 10173. This came to light following an investigation of a “data breach” from March 20 to 27 last year. The breach exposed almost 77 million voter registration records. Sensitive information, such as voters’ full names, addresses, passport details and birthdays were posted on online platforms and a website that has since been taken down. So notorious was the event that it even has its own name: Comeleak.
The Commission on Elections (Comelec) has announced that Smartmatic-Total Information Management Corp. would have no role in the ongoing diagnostics of the old precinct count optical scan (PCOS) machines. Comelec chair Andres Bautista said the poll body opted not to adopt the plan of previous election officials to involve Smartmatic in the diagnostics project involving around 81,896 PCOS machines. Bautista explained that the Comelec is not obliged to include the technology provider, which served in that capacity in the last three automated national and local polls. “The PCOS machines came from Smartmatic, but it is already the property of the Comelec and the government of the Philippines,” he said.
Philippines: AES hacking issue raised anew and Smartmatic’s demand for P2B payment | The Manila Times
On December 9, 2016, a number of news websites carried the news that President Barack Obama had ordered a full review of possible Russian hacking of the recent United States election. Questioning whether an automated election system (AES) can be hacked or not raises concerns about the integrity of the AES and the credibility of election results that the system generates. The Philippine experience in automating the elections is no different. Concerns were raised on possible vulnerabilities of the AES used in the last three elections. Everything happens inside the machine and those internal mechanisms are shielded from public observation But can the voting machines really be hacked? Just as in the US, none of the vote counting machines (VCMs) used in the Philippine elections is connected to the Internet; they connect to the transmission network only when they are ready to transmit the election returns to the city or municipal canvassing and consolidation system (CCS) and other servers. Hackers would not be able to hack into the VCMs since the transmission network is configured as a virtual private network with the appropriate security measures in place, and the time period to perform hacking activities is very short. Potentially, however, the CCS and other servers are exposed to possible attacks since the CCS and other servers are open for much longer periods while they wait to receive transmissions from the VCMs and CCS.
The Commission on Elections (Comelec) on Wednesday began returning more than 1,000 vote-counting machines (VCM) to its supplier despite opposition from former Sen. Ferdinand “Bongbong” Marcos Jr. whose poll protest was based partly on allegations that the election results had been manipulated with the use of VCMs. In an urgent manifestation and motion on Oct. 21, Marcos asked the Presidential Electoral Tribunal (PET) to “prohibit the poll body from releasing the subject VCMs” after the Comelec informed Supreme Court Chief Justice Maria Lourdes Sereno it plans to return the machines to Smartmatic-TIM. The Marcos camp also asked the PET to determine whether these VCMs were used in the vice presidential race, which the former senator lost by about 260,000 votes to Leni Robredo, the Liberal Party candidate. On June 29, Marcos filed his electoral protest and asked the PET to stop Robredo’s inauguration. He said votes that were counted for Robredo were fraudulent, contesting the results in 39,221 clustered precincts in 25 provinces and five cities.
The camp of Sen. Ferdinand “Bongbong” Marcos Jr. on Sunday blamed the Commission on Elections (Comelec) and the Bureau of Immigration for the “escape” of a Smartmatic emgineer facing criminal charges in connection with the May 9 elections. The Marcos camp had asked the Comelec to ask the Immigration bureau to issue a hold departure order (HDO) against all personnel of Smartmatic accused of violating the Cybercrime Law but the request was not granted. Smartmatic is the technology provider to last month’s local and national polls. The respondents were charged for their alleged involvement in unauthorized alteration of the script of the transparency server at the height of the transmission of votes just hours after voting closed.