Comelec chief: No identity theft complaint so far after ‘Comeleak’

Commission on Elections chair Andres Bautista on Friday said that so far no voter has complained to them about identity theft after the so-called "Comeleak" data theft.

In an interview on "News to Go," Bautista noted that the poll body had set up a Voter Care Hotline in April after the hacking incident last March, where a group of hackers gained access to the Comelec website and defaced its page.

A second group took advantage of the same vulnerability and managed to steal the agency's voter database, which happened to be accessible from the site.

"Meron po kaming Voter Care Hotline na kung merong botante na may problema sa identity theft, puwede siyang tumawag at sumangguni. Ito po ay itinatag namin noong April 2016. Hanggang ngayon wala pang botante na naghahain ng complaint, so sa aming palagay hindi pa naman talaga naging problema ito," Bautista said.

He also noted that they formed a task force to look into "additional security measures" that may be put in place after the incident, and that the poll body's mover to coordinate with the National Bureau of Investigation had led to the arrest of two suspected hackers believed directly involved in the data theft. 

Bautista appeared on television a day after the National Privacy Commission recommended the filing of criminal charges against him and the poll body over data leak.

In its findings released Thursday, the NPC said Comelec violated Sections 11, 20, and 21 of Republic Act No. 10173, or the Data Privacy Act of 2012.

Bautista was found to have violated the same sections, as well as Section 22, in relation to Section 26 of the same Act.

Under the provisions,  the head of an agency "shall be responsible for complying with the security requirements." 

'Guinea pig'

Bautista also told News To Go that the NPC should think about the practical application of its rules in line with the law. 

He reiterated that it was "too much" for the NPC to recommend the filing of criminal charges against him over the so-called "Comeleak."

"Pagka-tiningnan mo sa provisions [ng batas] 'yan, subject to such standards as the Commission may provide. Eh wala pang nagawang standards dahil wala pang implementing rules and regulations," he said.

"Saka sa ganyang pag-iisip, halimbawa ma-hack ang website ng Supreme Court, ang kakasuhan ba si Chief Justice? Kapag na-hack ang website ng Malacañang—at nangyari na yata ito noon—ang kakasuhan ba ay ang Pangulo?" 

"I think dapat pag-isipan ng National Privacy Commission 'yung praktikal na pagpapatupad ng batas," he added.  

He said that the NPC was founded just shortly before the hacking of the Comelec website happened, which made the Comelec hacking case the first incident it's handling.

"Meron nang mga ibang ahensya na na-hack dati. Ang problema kasi 'yung Data Privacy Act, ipinasa ng Kongreso noong 2012, kaya lang 'yung pagbuo ng National Privacy Commission nangyari lang nu'ng Marso 2016. Tumama sa hacking ng Comelec [website] kaya kami ang ginawang parang guinea pig," he said.

"Isa pang problema, wala pang implementing rules and regulations 'yung batas dahil nabuo 'yung National Privacy Commission nu'ng Marso 2016... kaya hindi sigurado kung anong dapat naming sundin tungkol sa data privacy measures," he added.  

Bautista said Comelec, through the Office of the Solicitor General, will file a motion of reconsideration over NPC's findings.

"Pero kung hindi nila iga-grant 'yun, meron pa namang recourse sa korte," he added. —LBG, GMA News