MANILA, Philippines — The Department of Information and Technology (DICT) and the National Privacy Commission (NPC) said Wednesday that the alleged data breach of the Commission on Elections (Comelec) server was unlikely to have taken place, echoing the earlier claims of the electoral commission.
Comelec previously denied that a hack involving personal information of voters took place, as reported by Manila Bulletin's Tech team earlier this year.
Related Stories
The article said that a hackers' group was able to breach the Comelec system and download 60 gigabytes (GB) worth of files containing usernames, IP addresses, and pins of vote-counting machines (VCMs), among others.
In a Senate hearing on Wednesday, DICT Acting Secretary Emmanuel "Manny" Caintic said the breach was not possible because personal information which hackers obtained, did not exist.
"'Yung datos na iyon [ay] wala pa sa amin, hindi ganun ding kalaki. ("We don't have that data with us. The data we have is not that big.") It all boils down to the fact that we haven't even turned the systems up here," he said.
"Ang kinompare natin is the claim na 60 GB so number one muna 'yung datos na nasa article ay hindi siya parehas dun sa makikita sa Comelec servers, sa systems imposed ng DICT. Precinct finder po iyon at Comelec results. Tsaka kung titignan mo, ang nandun po sa article ay mga IDs of VCMs," he added.
("We compared the article's claim of 60 GB of data. The Comelec's servers don't have such data. [Our website] only carries the precinct finder and the results. If you look at the article, it mentions that IDs of VCMs were also there.")
Caintic's statements are consistent with his agency's earlier claims that the information in question could not have been accessed because the VCM system was offline and that there was a lack of existing data related to the automated election system which could be hacked.
READ: Comelec data hack not possible – DICT
An NPC official, also present in the hearing, agreed with Caintic.
"We concur with our colleagues from other agencies that these (the information involved in the alleged breach) are not from Comelec servers," NPC Chief of the Complaints and Investigation Division Michael Santos said, citing intelligence gathered.
He broached the subject that it may have been a third party behind the leakage of data. When asked by Sen. Imee Marcos if the "third party" in question was Smartmatic, Santos answered: "Initially, that's our lead."
Smartmatic, Comelec's software contractor, was not readily available for comment as the Senate panel was not able to invite them to Wednesday's hearing.
Comelec Spokesman James Jimenez, who attended the hearing, questioned anew the vetting process of Manila Bulletin verifying the hacking allegations.
"It did not show how it verified the information... nor did it prove that it had in fact verified the information which led to...the Comelec essentially [saying], 'how could this have been a verified hack if the level of this information was not existing?,'" he said.