The Senate committee on electoral reforms is set to conduct an inquiry into the hacking of the Commission on Elections (Comelec) database, an incident considered the worst recorded breach on a government-held personal database in the world. In her Senate Resolution 260, electoral reforms committee chair Sen. Leila de Lima said there is a need to find the extent of damage the hacking caused to the voters’ database and the integrity of ordinary people’s personal information. “There is no denying that the Comelec data breach is unacceptable. Those responsible should be fully prosecuted and punished, whether they are foreign or domestic actors,” De Lima said, stressing that the breach is everyone’s problem. “Online lawlessness should be nipped at its bud,” she added.
The Commission on Elections (Comelec) on Wednesday began returning more than 1,000 vote-counting machines (VCM) to its supplier despite opposition from former Sen. Ferdinand “Bongbong” Marcos Jr. whose poll protest was based partly on allegations that the election results had been manipulated with the use of VCMs. In an urgent manifestation and motion on Oct. 21, Marcos asked the Presidential Electoral Tribunal (PET) to “prohibit the poll body from releasing the subject VCMs” after the Comelec informed Supreme Court Chief Justice Maria Lourdes Sereno it plans to return the machines to Smartmatic-TIM. The Marcos camp also asked the PET to determine whether these VCMs were used in the vice presidential race, which the former senator lost by about 260,000 votes to Leni Robredo, the Liberal Party candidate. On June 29, Marcos filed his electoral protest and asked the PET to stop Robredo’s inauguration. He said votes that were counted for Robredo were fraudulent, contesting the results in 39,221 clustered precincts in 25 provinces and five cities.
The camp of Sen. Ferdinand “Bongbong” Marcos Jr. on Sunday blamed the Commission on Elections (Comelec) and the Bureau of Immigration for the “escape” of a Smartmatic emgineer facing criminal charges in connection with the May 9 elections. The Marcos camp had asked the Comelec to ask the Immigration bureau to issue a hold departure order (HDO) against all personnel of Smartmatic accused of violating the Cybercrime Law but the request was not granted. Smartmatic is the technology provider to last month’s local and national polls. The respondents were charged for their alleged involvement in unauthorized alteration of the script of the transparency server at the height of the transmission of votes just hours after voting closed.
Whatever the outcome of Commission on Elections (Comelec)’s investigation on the unauthorized changes made by Smartmatic-Total Information Management Corp. (Smartmatic) in the transparency server used by the Parish Pastoral Council for Responsible Voting (PPCRV), it is undeniable that the Venezuelan-owned company committed a serious violation not only of its supply contract but also of the country’s electoral laws. If only to show that our laws and rules are not to be trifled with, the harshest penalty possible ought to be imposed on Smartmatic – perpetual disqualification from any Philippine elections. After all, there are many (and bigger) providers of electronic voting systems in the world other than Smartmatic. Comelec chairman Andy Bautista’s explanation (surprisingly echoing Smartmatic’s excuse for lack of a better alibi) that the correction of the computer script of the Comelec transparency server was merely a “cosmetic change” and did not affect the poll results, is at best ill-informed and speculative, and at worst misleading. Well-intentioned or not, the supposedly “minor” change does not justify Smartmatic tampering with the electronic canvassing system, more so while the bulk of the voting results were being transmitted to the Comelec servers.
Top officials of the Commission on Elections (Comelec), Parish Pastoral Council for Responsible Voting (PPCRV) and the Comelec service provider Smartmatic are facing election sabotage charges before the Office of the Ombudsman (OMB) for allegedly changing the computer script (hash code) or program which may have altered the counting of the votes. Most of the respondents were not named in the 27-page complaint except for Henrieta de Villa of PPCRV and Marlon Garcia Smartmatic, the Venezuelan IT expert who allegedly changed the script together with unnamed Comelec technicians to accommodate the letter “ñ.” The complaint was filed jointly by the Mata sa Balota Movement (MBM)) and the Coalition of Clean Air Act of the Philippines which asked Ombudsman Conchita Carpio Morales to look into the hash code switch which they claimed seriously affected the integrity of the counting of the votes in the May 9 national and local elections.
The breach could be the biggest-yet hack of government-held data, according to Trend Micro. A breach of the Philippines’ Commission on Elections (Comelec) affecting about 55 million people could be the largest hack of government-held data ever, according to security specialists. Government representatives have downplayed the seriousness of the breach, which took place late last month, but IT security firm Trend Micro said its analysis of the exposed data found that it included sensitive information such as passport numbers and fingerprint records. “Every registered voter in the Philippines is now susceptible to fraud and other risks,” Trend said in an advisory. “With 55 million registered voters in the Philippines, this leak may turn out as the biggest government related data breach in history.”
The Commission on Elections yesterday asked the National Bureau of Investigation (NBI) to look into the hacking of the Comelec’s website last Sunday.Comelec spokesman James Jimenez said they have referred the case to the NBI’s cybercrime division as a group identifying itself as “LulzSec” has claimed uploading parts of the Comelec’s database to its Facebook account. “That matter has actually been referred to the NBI cybercrimes. So right now, the first step really is to validate whether or not the data they posted are authentic… At this point, I really don’t know if it’s the real deal and that’s the first thing that we want to find out,” Jimenez said. The NBI, however, said it has yet to receive the request from the Comelec. “None yet,” said Victor Lorenzo, executive officer of the NBI’s cybercrime division.
The Commission on Elections (Comelec) on Tuesday (January 26) came up with the trusted build of the software that will be used to run the election management system (EMS) of the May 9 national and local polls. The supplier of the software, Smartmatic-Total Information Management (TIM), and the international certifier, SLI Global Solutions, put the trusted build together based on the customized source code reviewed by SLI in Denver, Colorado, USA. They were supervised by members of the Comelec and representatives from the Technical Evaluation Committee of the Department of Science and Technology (DOST). On its website, the Comelec defines the trusted build as “the process whereby the source code is converted to machine-readable binary instructions (executable code) for the computer. It is performed with adequate security measures implemented to give confidence that the executable code is a verifiable and faithful representation of the source code.”
Some 45,000 out of the 97,519 vote counting machines (VCMs) that will be used by the Commission on Elections (Comelec) in the coming synchronized local and national polls have arrived in the country. Comelec spokesman James Jimenez on Friday disclosed that of the number, 20,944 units had been delivered to the Comelec’s warehouse in Santa Rosa, Laguna, while the remaining 24,000 were still awaiting release by the Bureau of Customs (BoC). According to Jimenez, full delivery that accounts for the remaining 52,575 machines would be made by the end of the month as agreed upon by the Comelec and technology provider Smartmatic Corp. He explained that the voting machines would undergo hardware testing before they are accepted by the poll body to ensure that they are functional.
The Commission on Elections (Comelec) will reactivate three of the four security features of the Precinct Count Optical Scan (PCOS) voting machines that were deactivated during the 2010 and 2013 elections. “All those features are there but as to whether we will enable the features, chances are [we will reactivate] at least three out of four,” Comelec Chairman Andres Bautista said on Tuesday. The four security features are the ballot verification or ultra violet detectors, the source code review, the digital signature and the voter verified paper audit trail.