Rep. Elpidio Barzaga, Jr., vice-chair of the House Committee on Electoral Reforms and Suffrage on Friday sought a congressional investigation into the security of the computer system of the Commission on Elections.
Barzaga added thay the poll body should make sure that its computer system and data banks are secured so as not to compromise the integrity of the elections.
Barzaga filed House Resolution 2436 in response to a news report that a group of hackers was allegedly able to breach the servers of the Comelec and has downloaded more than 60 gigabytes of data including, among others, usernames and PINS of vote-counting machines (VCM).
“If the data hacking incidents are true, the public has to know “its effects on the integrity of our electoral process,” said Barzaga, former chairperson of the House electoral reforms and suffrage committee.
The resolution said the investigation should also look into the existing automated electoral process as a whole, “evaluating its strengths, vulnerabilities and accuracy to ensure integrity of the electoral process.”
“Considering that the switch to an automated electoral process spans a considerable length of time, it should be determined if the COMELEC has addressed challenges related thereto,” the senior lawmaker said in the resolution.
Barzaga underscored the need for an automated election system, saying it was necessary “in response to increase public confidence and fears of electoral corruption.”
“Despite concerns and challenges in the move toward automation, public confidence has increased in the automated electoral system,” said the president of the National Unity Party (NUP).
The Manila Bulletin tech news team report has said the other downloaded files are highly sensitive data such as network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code captures of the bureau of canvassers with login and password.
The other downloaded files were network diagrams, IP addresses, list of all privileged users, domain admin credentials, list of all passwords and domain policies, access to the ballot handling dashboard, and QR code capture of the bureau of canvassers with login and password.
“Sensitive data downloaded also included a list of overseas absentee voters, location of all voting precincts with details of board of canvassers, all configuration list of the database, and list of all user accounts of Comelec personnel,” said the MBTechnews.
The Comelec has claimed that the VCM could have not been hacked or stolen because “such information still does not exist in COMELEC systems simply because the configuration files – which includes usernames and PINs – have not yet been completed.”
The poll body has said such information still does not exist in Comelec systems simply because the configuration files – which includes usernames and PINs – have not yet been completed, which it said: “calls into question the veracity of the hacking claim.”
As for the rest of the allegations, Comelec spokesman James Jimenez said, the article offers scant substantiation for its assertions despite claiming that the authors had “verified that there was an ongoing hack.”
While Jimenez has admitted that the security of the Comelec’s website is not high, he stressed that the Automated Voting System (AVS)
ran on a different, more secure network and that the recent hack will not affect the machines.
Jimenez is confident of the security features of the AVS and has been reassured that things will go smoothly during the elections.
While Comelec officials claimed that there were no sensitive information stored in the database, the resolution said a report by Trend Micro said massive records of sensitive personally identifiable information (PII), including passport information and fingerprints data were leaked.
The poll body has also assured he public that the poll body will release this week the final report on the alleged hacking of their servers.