Senators Imee Marcos and Vicente Sotto III claimed that it had been established from a closed-door meeting that Smartmatic’s servers were compromised, but the election software provider vehemently denies this
MANILA, Philippines – The Commission on Elections (Comelec) and the 2022 polls’ software provider Smartmatic asserted that there was no data breach of their servers, after two senators dropped a bombshell on the alleged “security breach” involving Smartmatic.
“The Comelec’s system was not hacked,” Comelec Commissioner George Garcia said during a press conference on Thursday, March 17.
Earlier on Thursday, Senate President Vicente Sotto III and Senate electoral reforms panel chairperson Imee Marcos had claimed that Smartmatic’s system has been compromised, a conclusion that was supposedly established during a closed-door session organized by the Joint Congressional Oversight Committee (JCOC) and attended by top poll officials.
Imee, the sibling of 2022 presidential aspirant and dictator’s son Ferdinand Marcos Jr., has been pushing for a return to a manual counting of votes, amid belief that her brother was the victim of automated elections cheating when he ran for vice president in 2016. Marcos Jr. has lost the case in the Supreme Court.
“We have to admit that a very serious breach occurred. It may not be technically hacking. However, we feel it compromises the processes and operations of Smartmatic in very serious ways,” Marcos said.
“A Smartmatic employee put out their laptop, and allowed the contents to be copied by a certain group,” added Sotto, who is running for vice president in the 2022 elections.
Marcos said some of the supposed stolen data were uploaded on Facebook, but it is unclear if there were sensitive data leaked in connection with the 2022 elections.
“Some said the information there was from 2016. Despite that, I’m worried, because some of the data were ledgers containing Smartmatic procedures, and pictures of their offices,” she said.
A ranking official of the Department of Information and Communications Technology first floated the claim during a joint congressional hearing in late January, but did not offer proof.
Comelec Commissioner Marlon Casquejo, at the time, had said that even if Smartmatic’s system was compromised, the Comelec would have been unaffected, because the data allegedly stolen was not yet available online.
“The participation of the provider is providing the software itself. We do not give them sensitive information,” Casquejo said. “In the event there are hacking incidents in our provider, we are pretty much sure that the election is still intact.”
On Thursday, Smartmatic insisted the 2022 automated election system was not hacked, and that Smartmatic’s infrastructure was not compromised.
“A now-former employee downloaded public and non-sensitive, day-to-day operational materials from a repository readily available to all Smartmatic staff and shared it with individuals outside the company. These individuals have attempted to blackmail Smartmatic and demand money,” it said in a statement.
“Smartmatic is not involved in the processing and storing of personal data of any voter for the 2022 elections,” added Christopher Louie Ocampo, a lawyer for Smartmatic, during a chance interview.
The Comelec was also hesitant to divulge details from the executive session, but when asked to confirm Marcos’ statement, Garcia said the poll body “learned a lot” from the National Brueau of Investigation, which supposedly told lawmakers the probe is not yet finished because it had “to verify and re-verify.”
“We committed, aside from the issue of transparency and accountability, that we will have to be sure our system will be safe and accurate,” Garcia said.
Bulletin report casts a long shadow
The executive session appeared to have dug deeper into a January 10 Manila Bulletin report of an alleged hacking into the Comelec’s servers, with hackers supposedly stealing 60 gigabytes’ worth of sensitive election-related data.
Manila Bulletin tech editor Art Samaniego has stood by his team’s story, claiming it was based on screenshots and a 44-page PDF file, among other things. But the Bulletin’s methodology in verifying the screenshots remained unclear.
The poll body has since pointed out loopholes in the report, including the claim that the PINs and passwords of vote-counting machines were stolen by hackers.
In 2016, the poll body grappled with a major hacking incident two months before the polls, with hackers leaking a voter records database online.
The scandal, now known as “Comeleak,” is considered the biggest leak of personal data in Philippine history, and among the biggest breaches of a government-held database in the world. – Rappler.com