MANILA, Philippines — More than 1,000 netizens have confirmed attendance to a protest rally at the Department of Justice (DOJ) on Monday to call on the filing of charges against the Commission on Elections (Comelec) over the so-called Comeleak.
Hacker group Anonymous Philippines, which will organize the protest, is urging the DOJ to investigate the poll body over its failure to protect voter data that has been stolen and leaked online.
RELATED: IT experts: 'Comeleak' a breach of public trust
Ironically, it was members of the same hacker group that defaced the Comelec website last March 27.
One of the arrested hackers, Paul Biteng, denied that he was the one who leaked the stolen database from the poll body. Another hacker was reportedly arrested by the National Bureau of Investigation Friday.
RELATED: NBI arrests 2nd Comelec hacker
The database, initially released by a group called LulzSec Pilipinas, was used by still unknown individuals to come-up with www.wehaveyourdata.com, an independent website allowing Internet users to search the database for information.
RELATED: Filipino voters' data leaked via search engine
LulzSec Pilipinas is also affiliated with Anonymous Philippines, as claimed by its Facebook page before it was taken down.
Leak 'spared no one'
Earlier, the Center for International Law (CenterLaw) said it will file charges against Comelec for violation of the Data Privacy Act.
Lawyer Romel Bagares said the poll body should be held liable over the leak.
CenterLaw, representing a research fellow of the Philippine Institute of Development Studies, also sent a letter to Comelec Chairman Andres Bautista to immediately report to the Data Privacy Commission (DPC) the breach on its system that resulted in the leak.
Jose Ramon Albert, also a former secretary general of the National Statistical Coordination Board and a member of the advisory council of the United Nations Global Pulse, said Comelec has the obligation to report the breach in compliance with the Data Privacy Act.
He cited provisions of the Data Privacy Act which mandates government agencies to notify the DPC and the affected subjects the nature of the breach, the sensitive personal information possibly involved, and the measures it took to address the incident.
The letter noted that Bautista and Comelec spokesperson James Jimenez has been less than forthright in reporting about the breach and earlier downplayed it by claiming that the information leaked by hackers are no more than the kind that is publicly available.
However, citing the information that was made accessible by the site wehaveyourdata.com last week, Albert noted that his sensitive personal information was made accessible to anyone online.
“It spared no one,” said lawyers Gilbert Andres Bagares of CenterLaw. “It bears stressing that the personal information involved in the breach was not voluntarily provided by voters. In the first place, the Comelec obtained possession of the sensitive personal information by requiring voters to submit them.”
RELATED: Banks warned vs identity theft ‘Comeleak’ website taken down
CenterLaw said Comelec has the legal obligation to designate who are the officials accountable for its compliance with the provisions of the law.