Cybercrime raps filed vs. Comelec, Smartmatic staff over script change

A party-list representative on Tuesday filed a complaint for violation of the anti-cybercrime law against officials of technology provider Smartmatic-Total Information Management and employees of the Commission on Elections over the alleged tampering of the automated election system (AES) used in the May 9 national elections.

In a complaint filed with the Manila Prosecutor's Office, Abakada-Guro party-list Rep. Jonathan dela Cruz accused the respondents of committing a security breach in the AES, particularly in the script of the transparency server, "compromising the integrity and credibility of the 2016 elections, in addition to the confidentiality, integrity and availability of computer data and system."

Dela Cruz said the Smartmatic officers' actions were in violation of Sections 4(a)(1), (3), and (4) of Republic Act No. 10175.

The particular violations are defined by the law as:

• (a) Offenses against the confidentiality, integrity and availability of computer data and systems:
• (1) Illegal Access. – The access to the whole or any part of a computer system without right.
• (3) Data Interference. — The intentional or reckless alteration, damaging, deletion or deterioration of computer data, electronic document, or electronic data message, without right, including the introduction or transmission of viruses.
• (4) System Interference. — The intentional alteration or reckless hindering or interference with the functioning of a computer or computer network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or program, electronic document, or electronic data message, without right or authority, including the introduction or transmission of viruses.

Named respondents were Smartmatic technical support team head Marlon Garcia, Smartmatic project director Elie Moreno, technical support team member Neil Banigued, Mauricio Herrera, Comelec information technology officer Rouie Penalba, and Comelec employees Nelson Herrera and Frances Mae Gonzalez.

"When respondents, without notice to the Comelec en banc and without securing the authority of the latter, unilaterally decided to change the script of the transparency server, they became liable for illegal and unauthorized accessing of a computer system, intentional alteration of computer data and intentional altering and interfering with the functioning of computer and computer network by inputting, deleting and altering computer data and program," the complaint stated.

The supposed "security breach" that the complainant was referring to was when Smartmatic made an adjustment to the script to fix an issue involving the "Ñ" character being replaced by "?".

After learning that the data package in the script contained a special character "?" in the name of the candidate, Garcia said they made the necessary "cosmetic change" on the script to correct the error.

Garcia had said that there was no longer any need to notify the Comelec chairman and commissioners about the modification he made, saying: "There are just certain matters that need to be escalated to en banc."

Comelec Commissioner Rowena Guanzon, however, said that the Smartamtic should have notified the poll body about the modification made in the script of the transparency server.

"Indeed, the act of 'tweaking' the script of the transparency server caused widespread anxiety and concern amongst the nation. The lapses in protocol have undermined the credibility and integrity of the 2016 elections including the confidentiality, integrity and availability afforded to computer data and systems," read the complaint.

Even assuming that the script change did not affect the unofficial tally, Dela Cruz said that the respondents still cannot escape criminal liability since they did it without authority from the Comelec.

"The Cybercrime Prevention Act of 2012 is a special law. I was advised that 'as a special law, the nature of the offense is malum prohibitum, and as such, criminal intent is not an essential element,'" the complaint read.

The camp of vice-presidential candidate Sen. Ferdinand "Bongbong" Marcos also filed last Friday with the Comelec a complaint for violation of  the Automated Election Law against Moreno, Garcia, Banigued and Peñalba still in connection with the unauthorized script change.

Marcos had been insinuating that the introduction of the new script in the Comelec servers might have affected the counting of votes, pointing out that it was after the incident that his lead of over one million votes against closest rival, Camarines Sur Rep. Leni Robredo, began to diminish until she overtook him past 3 a.m. on May 10.

Robredo’s lead allegedly started to accelerate at an unprecedented “liner” rate of 45,000 votes for every additional one percent of votes counted.

The congresswoman, who has since claimed victory, took exception to Marcos' statements and challenged him to back his allegations with evidence.

Congress is due to begin the canvassing of votes for presidential and vice presidential elections this week. —ALG, GMA News