Electronic voting technology firm Smartmatic on Monday maintained its system was not hacked following the claim of Sen. Imee Marcos last week of a “serious security breach.”
Quoting the National Bureau of Investigation (NBI), Smartmatic lawyer Christopher Louie Ocampo told the House Committee on Suffrage and Electoral Reforms that “the election is safely above the fray.”
“The NBI itself has also publicly stated that Comelec’s servers are offline and under heavy security. It has categorically and emphatically stated that there has been no hacking of the Comelec infrastructure. Any which way you look at it – the election is safely above the fray,” Ocampo said.
Marcos, following an executive session, claimed that based on a Facebook post by a group called XSOX, a contractual worker of Smartmatic leaked content of his work laptop.
Ocampo denied that the alleged incident compromised the upcoming May elections.
Meanwhile, the House of Representatives Committee on Suffrage and Electoral Reforms has tackled the issues on ballot printing and alleged hacking of Smartmatic’s system.
The committee, chaired by Negros Occidental Rep. Juliet Marie De Leon Ferrer, in an online meeting Monday, continued its discussion on the latest preparations of the Commission on Elections for the May 9 national elections.
Rep. Elpidio Barzaga, Jr. of Dasmarinas City in Cavite, committee vice-chairperson, raised the ballot printing process, as well as the absence of representatives during its printing process.
“And that is the reason why everybody is doubting whether or not these ballots printed or reprinted are actually accurate or not,” Barzaga said.
Comelec Commissioner George Garcia clarified that not all of the reported 5,992,763 printed ballots are totally defective.
He said as of Monday, the 21st, Comelec had identified 105,853 purely defective ballots.
He also invited the committee to observe the random sampling of the ballots that were printed without the watchers, observes, and representatives of various political parties.
The panel also discussed the issue of the alleged breach and compromise of the Smartmatic system.
Smartmatic Legal Counsel Christopher Louie Ocampo issued a statement stating the Automated Election System (AES) source code and software were subjected to extensive audits both locally and internationally.
Ocampo also said that Comelec’s servers and infrastructure were independent and that the poll body never shared electoral data with Smartmatic.
Their statement also mentioned that no hacking took place in their own system and that their former employee is completely unrelated to Philippine elections.
“He downloaded non-sensitive, day-to-day operational materials from a repository readily available to all Smartmatic staff,” according to the statement. Ocampo also said that the uproar came from a Facebook page of a group known as “XSOX” filled with false information.
At the same time, Smartmatic, the electronic voting technology firm, maintained Monday its system was not hacked, following the claim last week of Sen. Imee Marcos, chair of the Senate committee on electoral reforms, of a “serious security breach.”
It quoted Ocampo who told the House Committee on Suffrage and Electoral Reforms that “the election is safely above the fray.”
“The NBI itself has also publicly stated that Comelec’s servers are offline and under heavy security. It has categorically and emphatically stated that there has been no hacking of the Comelec infrastructure. Any which way you look at it – the election is safely above the fray,” Ocampo said.
Marcos, following an executive session of the Senate committee, claimed that based on a Facebook post by a group called XSOX, a contractual worker of Smartmatic leaked content of his work laptop.
Ocampo denied that the alleged incident compromised the upcoming May elections.
“Please note, too, that Smartmatic’s system wasn’t hacked. What the former employee did is wrongdoing completely unrelated to Philippine elections and doesn’t deserve to be called hacking. He downloaded non-sensitive, day-to-day operational materials from a repository readily available to all Smartmatic staff. He then shared it with individuals outside the company, who have attempted to blackmail Smartmatic for money,” he said.
NBI Cybercrime Division chief Vic Lorenzo said the NBI was looking at the possibility that the former employee was still in direct contact with the group XSOX allegedly behind a Facebook page that claimed it had allegedly hacked the website of various entities.
“There are still investigation stages that we have to fulfill for us to verify and prove that he is actually in direct participation of XSOX. But as of now, with the participation of Smartmatic, we are convinced that we could prosecute the former employee of Smartmatic for illegal access, and obstruction of justice. We are confident that we could wrap this up by the end of this month,” Lorenzo told the House committee members.
Meanwhile, watchdog group Kontra Daya raised questions about the track record of Smartmatic as it pointed out that the source code review “has not been genuine” as the source code remains “proprietary or licensed, and not open source.”
“The fundamental problem with our AES is the presence of Smartmatic since 2010. Our issue with Smartmatic is not just because it is foreign-owned. The problem is the lack of full transparency on how it operates,” Kontra Daya’s Danilo Arao said before the House hearing.
Arao explained that source code reviewers are exposed only to certain parts of the source code “and not its entirety.”
“Reviewers have only read the printout of the excerpts of the source code. They were not allowed to test the source code, much less take pictures of the printout so that they can test it at home,” Arao said, calling on the Comelec to “commit to open-source software.”
Smartmatic reiterated that the source code and software of the Automated Election System delivered by Smartmatic to Comelec “underwent exhaustive audits in the country and internationally” and that it went through “a rigorous review, led by the Comelec with the active participation of experts and representatives of political parties” and these were also accredited by an international certifying entity.
“We would like to highlight that as soon as the source code was officially turned over to Comelec, it went through an unbroken chain of custody that points to an AES that is wholly governed and controlled by Comelec,” Ocampo said.
Smartmatic said allegations of data breach should first be verified.
“This is the reason why Smartmatic humbly requests that these statements and alleged data be verified first, because right now it is just a source of speculation based on an anonymous group posting screenshots of data and photos on Facebook, which are not verified, and are very possibly fabricated or manipulated,” Ocampo said.
“Rest assured, Smartmatic has been coordinating with the proper entities to get to the bottom of the allegations and even the speculations. We have to fight disinformation head on. Instead of persecuting private companies, we urge authorities to apply the full might of the law in hunting down and prosecuting these criminals that threaten the very democracy of this country with disinformation,” he added.