APRIL 21, 2016




The data breach on the Commission on Election’s (COMELEC) data system last March 27 has serious implications not just for the security and privacy of registered voters, but also for the integrity of the elections.


When we register as voters, personal information we hold private – contact information, complete address, passport number, fingerprint information and the likes – become part of the COMELEC data system. We voluntarily submit these information with an implicit assurance from COMELEC that these will be kept private and not be published publicly on the internet.


On March 27, the abovementioned information of 55 million registered voters were taken from the COMELEC databases and leaked online by two different hacker groups. This lays open the identities of more than half of the country’s population to identity theft. Identity theft “is the deliberate use of someone else’s identity… without permission, to commit fraud or other crimes .”


A more worrisome implication of the COMELEC data leak is that the exposed voter information can be used as an added tool to commit electoral fraud. It now serves as a data source for targeted intimidation of voters, vote buying, and harassment.


This data leak is not a simple security breach that can be downplayed, as the COMELEC has done. It is amazing that a Commission full of lawyers cannot understand and comprehend that privacy is a basic human right and that the data leak is a violation of every voter’s right to it. Only a Commission or department with little value for privacy and data integrity will trivialize this situation. The COMELEC should be held liable for this incompetence.


As the COMELEC continues to downplay the impacts of the data breach, we also need to ask if the Election Management System (EMS), a component of the Automated Election System, is not similarly compromised.


EMS is responsible for ballot template generation, SD card configuration, results generation and other tasks. It also stores counts of voters per precinct. Questions remain as to the safeguards being employed by the COMELEC to ensure the accuracy, reliability and transparency of the system.


COMELEC’s disregard of the necessary safeguards for the automated election system and the downplaying of the voters’ information leak sharply reflects the Commission’s insincerity in conducting credible, accurate, peaceful and transparent elections come May 9.


The people should be vigilant against electoral fraud, possible identity theft, and voter disenfranchisement.#


*Photo credits to Trend Micro