The National Citizens' Movement for Free Elections (NAMFREL) on Thursday said that connecting the automated counting machine (ACM) to the internet during the voting period makes it vulnerable to online attacks.

NAMFREL made the statement following the Facebook post of a vice mayoral candidate in Reina Mercedes, Isabela, alleging ACMs are vulnerable to possible attacks.

In a now-deleted video, lawyer and certified public accountant Jeryll Harold Respicio instructed the Electoral Board not to connect the ACM to the internet "until such time that the election returns have been printed and the ACM is ready to transmit the election results."

"It is true that any system or device connected to the internet is exposed to potential attacks by malevolent actors," NAMFREL stressed.

"NAMFREL volunteers in the field of cybersecurity agree with Atty. Respicio's assertion that connecting the ACM to the internet during the voting period renders the ACM vulnerable to possible attacks," the poll watchdog furthered.

To mitigate risks of potential attacks on the automated election system (AES), the Commission on Elections (Comelec) has laid out security measures, including controlled access to the ACM through the use of smart cards as keys with corresponding passwords for each member of the Electoral Board and encryption of the election returns prior to transmission.

Moreover, it will also generate unique hash codes of the machine executable code of the ACM software and other software for the other components of the AES.

It also requires the use of secure transmission channels under Republic Act No. 8436, as amended by the Election Automation Law.

Citing Comelec Resolution No. 11098, NAMFREL noted that upon unpacking the ACM on election day, no device is connected to the ACM USB port nor the ethernet port.

"NAMFREL has long been monitoring Comelec’s preparations of the AES since the 2010 national and local elections and observed that the established practice is that the voting and counting machines were connected to the telecommunications infrastructure only after the printing of first batch of elections returns was completed," it said.

"For the 2025 national and local elections, the ACM will not be connected to the internet during the voting period," it added.

Upon its observation during the preparations of the AES, NAMFREL said the Comelec has ensured the implementation of security measures that will protect the AES from possible attacks.

Further, to dispel any doubt, NAMFREL said it recommends to the Comelec the inclusion of a provision that explicitly instructs the Electoral Board "not to connect the ACM to the internet until after the first batch of nine copies of the election returns shall have been printed and the ACM is ready to transmit the election returns to designated servers."