Comelec leak a 'gross betrayal of public trust' – IT groups

MANILA, Philippines – IT groups hosted a technical forum in Makati City on Saturday, April 23, to hear out worried Filipinos following last month’s hacking of the Commission on Elections (Comelec) website and the leak of voters’ personal information online.

The forum organizers also discussed the repercussions of this data leak, and pushed for increased vigilance not only in personal privacy matters, but also in the 2016 national and local elections.

Blogger and TXTPower president Tonyo Cruz decried the Comelec’s failure to protect voters’ registration records from the hackers.

“This is not [just] a personal problem of each voter. This is a gross betrayal of public trust,” said Cruz. He even pointed out that the Comelec "has not admitted directly to voters that [the leaked files] was our voter data."

The Computer Professionals Union (CPU), one of the forum organizers, echoed Cruz’ sentiment.

“Voters have an implicit trust in the Comelec that whatever information they submit during registration will be kept safe and private,” said CPU deputy coordinator Mac Yanto in a statement.

With the data leak, Yanto said that the Comelec “betrayed that trust and let down the voting public” when it failed to protect its website. (READ: Data leak enough to impeach Comelec execs – lawyers)

Meanwhile, Rick Bahague of VoteReportPH frowned on the Comelec’s attempt to “downplay” the hacking incident and data leak. "What happened was not a simple matter. And Comelec is trying to calm us down, that everything is OK. But it's not," he said.

Bahague also claimed that the Comelec has the budget in 2015 and 2016 for ICT-related expenses, which he said would presumably include spending to secure its website. “They cannot say that they don’t have the money [to strengthen its website’s security],” he noted. 

Students, IT groups also present in technical forum. They are curious, worried, alarmed following #Comeleak. @rapplerdotcom — Michael Bueza (@mikebueza) April 23, 2016

Damage done

Days after the Comelec website was hacked and its database leaked on March 27, IT experts already feared that individuals with criminal intent will take advantage of this to commit fraud and identity theft.

Less than a month later, on April 21, a website took the data leak to a whole new level by putting up a searchable “portal” that shows voters’ personal information in readable format.

That website has since been taken down, but IT experts say the damage has been done, with the data still likely circulating online.

“You cannot remove the data once it’s on the Internet,” reiterated Isaac Sabas of Pandora Security Labs.

Sabas and other IT experts have advised Filipinos to be aware of the risks and take measures to protect themselves.

Among others, Sabas suggested that Filipinos should now increase their level of trust, and be more aware of "social engineering" and other fraudulent schemes.

He also recommended that companies conduct awareness campaigns and define new protocols on handling employees’ personal information.

Vigilance, call to action

Speakers at the forum called on the IT community and all Filipinos to be more watchful not only on the issue of the data leak, but also during the May 9 elections. 

“It is really a challenge for us. Let’s help each other out in making Filipinos understand this issue. Like how they should also understand the automated election system (AES),” said Bahague.

He also renewed the push for the implementation of safeguards in the automated election system (AES), which the country will use for the 3rd time on May 9. (READ: How does the PH automated election system work?)

These include having Boards of Election Inspectors (BEI) supply their own digital signatures, having a way to verify the programs installed in vote-counting machines, and performing a complete end-to-end transmission testing. 

“Without these safeguards on the AES, the election results would lack trustworthiness,” said Bahague.

TXTPower’s Cruz also warned Comelec and other groups to not set aside the data leak issue. “If we belittle this issue, this has repercussions beyond identity theft,” he said.

Cruz: This is an issue that goes beyond our political divisions. We must unite behind the fact that we were betrayed. @rapplerdotcom — Michael Bueza (@mikebueza) April 23, 2016

At the end of the forum, the organizers, speakers, and attendees signed a manifesto to help secure voter privacy and demand from the Comelec that it bridge the gaps in its information security systems. 

Meanwhile, IT and citizen groups are looking to file a case against the Comelec soon, said the CPU in its statement.

Saturday’s technical forum on the Comelec data leak was organized by consumer advocacy group TXTPower, the Computer Professionals Union, and 8layer Technologies Inc, in partnership with VoteReportPH and other IT and civil society groups. – Rappler.com

Michael Bueza

Michael Bueza is a researcher and data curator under Rappler's Research Team. He works on data about elections, governance, and the budget. He also follows the Philippine pro wrestling scene and the WWE. Michael is also part of the Laffler Talk podcast trio.

image