Comelec website hacked

Machines hack-proof, Comelec insists

MANILA, Philippines - The official website of the Commission on Elections (Comelec) was hacked Sunday night, more than a month before the May 9 polls, raising fears that the voting machines may also be compromised.

The poll body’s database was leaked online after hackers defaced its website, www.comelec.gov.ph.

Comelec officials, however, allayed public fears about the security of the automated election system (AES) after the hacking.

The database was published on two mirror sites by a hacker group affiliated with Anonymous Philippines.

The hackers urged the Comelec to implement the security features of the vote counting machines.

The group said the database has a file size of around 340 gigabytes, with some of the tables supposedly encrypted by the Comelec.

“But we have the algorithm to decrypt those data,” the hackers said.

“What happens when the electoral process is so mired with questions and controversies? Can the government still guarantee that the sovereignty of the people is upheld? We request the implementation of the security features on the PCOS (precinct count optical scan) machines,” said Anonymous.

The group warned the Comelec that it would be closely monitoring how the poll body would administer the elections.

The hackers asked the Comelec to ensure that the May 9 polls would be credible.

A netizen expressed concern on the leak as the database might contain personal information, such as the names and birthdays of registered voters.

According to Comelec spokesman James Jimenez, the database that was leaked on social media was actually available for public use.

Jimenez said the website was restored at around 3:15 a.m. yesterday.

He said the hacking affected the precinct finder, video demonstration and the search function of the website.

“The website’s interface changed. But for the most part, the database are intact. As a standard procedure with any intrusion, we are taking the time to make sure that we remove all the malware codes that were penetrated,” Jimenez said.

The Comelec database remained deactivated as of press time yesterday as the agency was combing the system.

Jimenez assured the public that the AES is protected despite the incident.

“The Comelec website has been available to the public so if there are people who want to hack it, they have the opportunities to study its security features. We do not give high level of security in the website, even the precinct finder function, we have back up so it is protected,” he said.

Meanwhile, the Department of Science and Technology (DOST) said its web-hosting services do not include the Comelec as the latter has tapped the services of a private firm.

Denis Villorente, deputy director general for e-government and concurrent director of the DOST’s Advanced Science and Technology Institute (DOST-ASTI), said the Comelec website is not part of DOST’s flagship Integrated Government Philippines (iGovPhil) project.

“They are a constitutional commission. They didn’t avail (of DOST web-hosting services),” Villorente told The STAR in a text message.

DOST-ASTI has been tasked to implement Administrative Order 39 issued by Malacañang, which mandates government agencies to migrate to the Government Web Hosting Service (GWHS) and adopt the Unified Web Content Policy (UWCP) aimed at giving all government websites a common look and feel.

There are no reports so far of defacement of government websites under the GWHS.

New rules

With the issuance of voter receipt now a requirement for Comelec, former commissioner Gregorio Larrazabal said the poll body should have new rules on tackling electoral protest cases.

In an interview, Larrazabal said the release of voter receipt is not included in existing policies on dealing with protest cases.

“The old rules did not account for issuance of receipts. The Comelec has to take into consideration how this will affect the procedures in the revison of ballots and what’s the probative value of the receipts in terms of appreciation of evidence,” he said.

The Comelec has been ordered by the Supreme Court to activate a feature of the vote counting machines that prints voter receipts to allow voters to validate if their votes are counted accurately.

According to Larrazabal, digital image is still the “best evidence” in case there is an accusation of discrepancy in the counting of votes.

“However, considering the order of the SC for the issuance of the receipts, there has to be a determination of the probative value of receipts in terms of hierarchy of evidence. That has to be looked into,” he added.

He stressed voter receipts are not legally binding, especially since they do not contain specific information like the polling precincts number and the name of the voting centers.

The receipts, however, would have “evidentiary value” if combined with other evidence like the Minute of Voting and the ballots.

“The Comelec has to determine where it falls. Is it important or not as important as the ballots? When there is discrepancy on receipt generated, how will it impact the protest cases?” – Rainier Allan Ronda