The Auditor hereby recommends for prosecution the officials of the Commission on Elections (Comelec) who may have violated the Data Privacy Act for negligence in implementing organizational, physical and technical security measures on personal data processing systems.
Privacy Commissioner John Henry D. Naga said in a statement on Wednesday that the Comelec must address the data breach concerns revealed in a newspaper report.
Naga said the National Privacy Commission (NPC) received information from that paper’s editor Art Samaniego on 8 January about a potential breach on Comelec servers. It was estimated that 60 gigabytes of data were downloaded illegally by a group of hackers. Naga assured the public that the NPC does not tolerate any act in violation of the Data Privacy Act.
No constitutional holdover powers deter “no-el” (no election) scenarios. The absence of constitutional holdover powers to all government officials, from the President to the lowest local government official, by June 2022, is a strong argument that the regular election set for 9 May 2022, will proceed as scheduled “unless otherwise provided by law.”
Not holding an election will really be a problem because the 1987 Constitution grants no holdover powers to the President, members of Congress, and all local government officials by June 2022. Their powers expire by force of law, and the country will be like a ship without a captain in the middle of the pandemic if no election will be timely held.
Keen political observers and advocates for clean and honest elections, however, find the reaction of Comelec “as taking advantage of the difficult situation for the President.” They believe that the President, being a lawyer will avoid interfering in the exclusive jurisdiction of a constitutional office.
The people are asking, “What happened to the directive of the President to the Department of Information and Communications Technology (DICT) to find a replacement for Smartmatic on automated election system?”
How come that despite the intent of the President to extract Smartmatic’s involvement from the Comelec automated elections, Smartmatic still won the bidding?
No less than the former Comelec chairperson Sixto Brillantes said that “Smartmatic ran solely the 2010 national and local elections and not the Comelec.” Add to this “the massive breach in early 2016 that exposed the personal data of millions of Filipino voters.” Is the hacking then coincidental with the candidacy of Bongbong Marcos?
In 2016, when Bongbong ran for vice president, six months before the election, hackers under “Anonymous Philippines” muddled through the Comelec website and downloaded voter information from servers. A hacker was apprehended but he turned out to be a fall guy. The real hackers are still at large, just as former Comelec chair Andres Bautista is also still at large. Smartmatic reportedly tried to “smartmatize” Digong’s votes but his margin was so huge their machine got burned out. But they still reportedly were able to steal millions of Digong’s margin.
This year, when Bongbong is running for president, barely four months before the election, the Comelec servers were hacked again and Comelec officials do not seem to be bothered about it.
In view thereof, this column is constrained to submit and hereby recommends that the following reports, circumstances and pronouncements of government officials be considered as prima facie evidence and reasonable grounds for the Office of the Ombudsman to conduct an investigation and prosecute if warranted, the Comelec officials concerned as mandated by the Data Privacy Act.
According to the report, the hackers allegedly downloaded 60 gigabyes of data from the Comelec’s servers, supposedly compromising the 2022 national and local elections.
The hackers allegedly accessed the national diagrams, IP addresses, list of all privilege users, domain admin policies, access to the ballot handling dashboard, and QR code captures of the board of canvassers with login and password.
But still, Comelec spokesperson James Jimenez said there were no pieces of evidence that would support the alleged data breach.
The NPC, meanwhile, said it is already investigating the alleged leak requiring the Comelec to submit on 21 January the result of its probe on the alleged hacking incident potentially involving personal information just a few months before the 9 May 2022 national and local elections.