Solons seek congressional probe of ‘Comeleak’

Two party-list representatives asked Congress Wednesday to probe the security breach on the Commission on Elections (Comelec) website last March, which supposedly exposed the private information of some 55 million voters.

In House Resolution 2694, Bayan Muna party-list representatives Carlos Isagani Zarate and Neri Colmenares asked the House committees on suffrage and electoral reforms, and human rights to conduct a joint investigation on the data hack, popularly known as “Comeleak.”

The lawmakers said the shortcomings and vulnerabilities of the Comelec’s database and security systems protocols should be reviewed considering the ease with which hackers were able to access the poll body’s website.

They noted that in 2015, Congress allotted P295.8 million to fund the Comelec’s Information System Strategic plan, which was aimed at strengthening the polling body’s information system.

“With such amount, there is a need to review how this appropriation and strategic plan were implemented,” Zarate and Colmenares said.

The lawmakers said the automated election system (AES) must be scrutinized ahead of the May 9 elections since the data hack has exposed the public to the threat of fraudulent and criminal activities related to identity theft.

“It is highly urged that Congress and Malacañang not only compel both COMELEC and Smartmatic to prove that the AES was not compromised by the data breach, but also exercise its oversight in ensuring the transparency of the whole AES,” they said.

Smartmatic-Total Information Management (TIM) is the multinational company which bagged the lease contract for the supply of the new vote counting machines that will be used in the upcoming polls.

On March 27, members of the groups Anonymous Philippines and LulzSec Pilipinas defaced the Comelec website and hacked into the database containing personal identifiable information of 55 million voters, respectively.

In a matter of days, the whole database was posted online by LulzSec Pilipinas and was made available for the public’s downloading.

The incident was considered by information technology (IT) communities and companies as one of the biggest data breaches in recent history.

Barely a month after the Comelec’s website was compromised, the hackers launched a website which would allow people to search through the leaked data.

While authorities have continued to assure the public that the information cannot be used for polling fraud, it can nevertheless be used for other cybercrimes including identity theft and phishing.

Given the gravity of the security breach, Zarate and Colmenares expressed concern over the Comelec’s claim that sensitive biometrical information were not included in the leak, as they are still in the process of verifying its accuracy.

Thus, they said it is imperative for the House to hold accountable not only those who have infiltrated the Comelec’s database, but those “who showed misfeasance and nonfeasance in failing to protect and uphold the personal information of almost the whole populace.” —ALG, GMA News