Comelec to limit data on poll precinct finder to prevent another leak | Inquirer News

Comelec to limit data on poll precinct finder to prevent another leak

/ 11:55 AM April 04, 2017

20160111 FAIR ELECTIONS ACT FORUM / COMELEC Chairman Andres Bautista attends the Fair Elections Act Forum held at COMELEC Main Office, Intramuros, Manila. INQUIRER PHOTO / ELOISA LOPEZ

Commision on Elections Chairman Andres Bautista got into trouble when a massive data leak from the Comelec precinct finder in the months before the May 2016 elections was uncovered.  The National Privacy Commission has recommended his indictment for negligence and his failure to prevent the data breach. INQUIRER PHOTO / ELOISA LOPEZ

MANILA — To prevent a repeat of the 2016 “Comeleak” data breach, the Commission on Elections is considering limiting the information publicly available on its website’s precinct finder service.

Comelec spokesperson James Jimenez pointed out that in verifying one’s voter registration status for example, data such as a voter’s residential address need not be made available online.

Article continues after this advertisement

He explained that responses to such a question may be limited to a “yes” or a “no.” Verifying the district where one has been registered as a voter can be done by inputting one’s address.

FEATURED STORIES

“If we can limit the information that it is strictly responsive to the question, then that is a form of data protection,” Jimenez said.

He added: “We can remove the availability of other information in the database so it won’t be that inviting to hackers.”

Article continues after this advertisement

The poll spokesperson made the remarks at a recent forum in Manila during which he discussed the Comelec’s efforts to protect the data of millions of voters following last year’s “Comeleak” fiasco.

Article continues after this advertisement

In March 2016, the Comelec website was defaced and hacked, with sensitive voter information of over 77 million voters compromised and leaked on the Internet.

Article continues after this advertisement

Last month, the National Privacy Commission said Comelec chairperson Andres Bautista might be indicted and criminally prosecuted for the data breach.

Among the corrective measures were the designation of a data protection officer, a privacy impact assessment, and the creation of a privacy management program and breach management procedure.

Article continues after this advertisement

Jimenez noted that one of the vulnerabilities of the Comelec website prior to the data breach was its precinct finder feature.

“If you can create a database which is limited as to its content of information, it may be harder to hack. That includes deciding what information is available online,” he said.

Comelec spokesman James Jimenez says steps are being taken to prevent another data leak. (INQUIRER FILE PHOTO)

Comelec spokesman James Jimenez says steps are being taken to prevent another data leak. (INQUIRER FILE PHOTO)

For now, the precinct finder service has been taken off the website while the poll body is improving its data protection measures.

“Instead, we encourage people to use for their queries our social media accounts which have real operators,” Jimenez said.

Another improvement in the Comelec’s data protection measures was its protection using multiple firewalls and hosting of its website under a facility of the Department of Science and Technology.

He added that Comelec executive director Jose Tolentino Jr., the poll body’s data protection officer, has been tasked to come up with data protection measures to prevent a repeat of the data breach.

“Right now, they are preparing that whole suite of solutions for the challenges that we’ve identified from the hacking incident,” Jimenez said.

So far, the Comelec has not yet received any reports of identity theft stemming from the hacking incident. The poll body set up a dedicated voter care hotline a few months after the “Comeleak.”

Jimenez said the NTC warned them that identity theft cases might take long to develop, and that the poll body has been keeping its voter care hotline open.

He noted that the information leaked on the Internet last year was not 100 percent accurate since the leaked data included voters who were already delisted or multiple registrations of a single voter.

Jimenez said the images of the biometric data of voters, such as fingerprints, were untouched by the hackers.

The Comelec spokesperson assured the public that its data security set-up has improved since the data breach incident last year, two months before the 2016 national and local elections.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

“The NTC described it as much improved. We have a data protection officer, we have a secure location for our database, and it is located behind multiple firewalls. The NTC said it is better than when the hacking happened,” Jimenez added.  SFM/rga

TAGS: Comeleak, Commission on Elections, Computer, Crime, data breach, data leak, Elections, hackers, hacking, Internet, Justice, law, privacy, technology

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.