Lawmakers cite Smartmatic leak; let’s wait for NBI, says Comelec

Sen. Imee Marcos

Sen. Imee Marcos —Senate PRIB

MANILA, Philippines — Sen. Imee Marcos and Senate President Vicente Sotto III on Thursday said a hackers’ group had obtained confidential election data, which was first reported early this year, from Smartmatic Inc., the service provider of the country’s automated election system.

Marcos, chair of the joint congressional oversight committee (JCOC) on the elections, said an unidentified Smartmatic employee had allowed the hackers to copy data from a laptop issued by the company.ADVERTISEMENThttps://668b05dd78204e912b7f7c89a0c59f55.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

“We can confirm that there was indeed a security breach in the Smartmatic operations,” she told reporters after emerging from a closed-door session of the JCOC.

Sotto said he moved to disclose some of the details revealed during the executive session.

“We want to make sure that everything connected with the elections of 2022 is transparent and available to the public,” he said.

Sotto said the people linked to the alleged data breach were now considered “persons of interest” by the authorities.

The closed-door session was part of a JCOC inquiry into the data breach first reported by the Manila Bulletin in early January.

At that time, the Bulletin reported that its Technews team received a tip from a “source” about a “hacking” at the Comelec and discovered that the hackers downloaded more than 60 gigabytes of data which it said, “could possibly affect the May 2022 elections.”

The stolen data included usernames and PINs (personal identification numbers) of vote-counting machines (VCMs).

Comelec: Wait for NBI

The Comelec questioned parts of the Bulletin report, particularly the allegedly downloaded usernames and PINs of the VCMs, saying “such information still does not exist in Comelec systems” because the files that included them had not yet been completed.

Comelec Commissioner George Garcia said they would wait for the report of the National Bureau of Investigation to ascertain whether there was really a security breach.ADVERTISEMENThttps://668b05dd78204e912b7f7c89a0c59f55.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

He said NBI representatives were present at Thursday’s JCOC meeting and gave a briefing on its probe.

“They said it’s not yet finished, they are still verifying things and they have to summon people,” Garcia told reporters.

He said that when the NBI agents inspected the Comelec warehouse in Sta. Rosa, Laguna, on Jan. 15, they did not find any evidence of hacking, although that did not make the poll body “already comfortable.”

“We have to see the full report of the NBI,” Garcia said.

‘Criminal syndicate’

Marcos, who also chairs the Senate committee on electoral reforms, said the unidentified Smartmatic employee’s laptop was accessed by members of a group calling itself XSOX, which she suspected to be a “criminal hacking syndicate.”

“It is a bit surprising, and I am worried to a certain degree because of the depth and breadth of the data that is released that is still publicly available,” she said.

The group has a Facebook page where it posted some of the data, including personal information on Comelec personnel and Smartmatic operations which it claimed to have obtained.

“It may not be technically hacking. However, we feel that it compromises the processes and operations of Smartmatic in very serious ways,” Marcos said.

“What worries me is that there were some Smartmatic procedures, their ledgers, photos of their offices, contact persons in the Comelec, including details on who plays golf, or who drinks red wine,” she said.

Marcos was alarmed that Smartmatic gave contractual employees access to “very confidential” poll data. 

‘No truth to that’

Smartmatic representative Christopher Ocampo denied there was a “personal data breach” in Smartmatic operations “that could possibly affect the 2022 national and local elections.”

“We just want to clarify that that is not true. There’s no truth to that,” he told reporters.

The company provides the automated election system but is not involved in the processing or storing of personal data of any voter for the 2022 polls, he said.

Marcos said the JCOC was not yet making any conclusions pending the reports from the NBI, the Department of Information and Communications Technology, the National Privacy Commission, and from Smartmatic’s own “administrative investigation.”

Marcos said it may still be premature to state how the data breach would impact the May 9 elections.

There was no reaction from her brother, presidential aspirant Ferdinand Marcos Jr., who is topping the surveys for president.

Explain for nontechies

Barry Gutierrez, a spokesperson for Vice President Leni Robredo and chief rival of Marcos Jr., said all they wanted was a fair election but he urged the Comelec to “fully investigate and take appropriate action.”

“Regardless of the candidate we support, we can all agree on the importance of honest, peaceful, and credible elections,” he said. “But we should be responsible in making any claim regarding supposed ‘breaches.’”

Ernest Ramel, chair of Aksyon Demokratiko whose standard-bearer is Manila Mayor Francisco “Isko Moreno” Domagoso, declined to comment until the investigation is completed and “things are already clearly sorted out.”

Danny Arao, convener of Bantay Daya election watchdog, called on the Senate to be “more transparent” and give all the details disclosed during the executive session.

“The extent of the breach in Smartmatic servers/machines should be clear, in terms that ordinary, nontechie people can understand,” he said.

He also urged Marcos to step down as chair of the Senate electoral reforms committee because of a conflict of interest as her brother was a presidential candidate

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *