Smartmatic: System not hacked after Imee Marcos claim

Willard Cheng, ABS-CBN News

Posted at Mar 21 2022 07:04 PM

Senators Tito Sotto and Imee Marcos speak to the media after the hearing of the Senate Committee on Electoral Reforms and People’s Participation held inside a restaurant in Intramuros, Manila on March 17, 2022. George Calvelo, ABS-CBN News/file 
Senators Tito Sotto and Imee Marcos speak to the media after the hearing of the Senate Committee on Electoral Reforms and People’s Participation held inside a restaurant in Intramuros, Manila on March 17, 2022. George Calvelo, ABS-CBN News/file 

MANILA — Electronic voting technology firm Smartmatic on Monday maintained its system was not hacked following the claim of Sen. Imee Marcos last week of a "serious security breach". 

Quoting the National Bureau of Investigation (NBI), Smartmatic lawyer Christopher Louie Ocampo told the House Committee on Suffrage and Electoral Reforms that "the election is safely above the fray."

"The NBI itself has also publicly stated that Comelec's servers are offline and under heavy security. It has categorically and emphatically stated that there has been no hacking of the Comelec infrastructure. Any which way you look at it - the election is safely above the fray," Ocampo said.

Marcos, following an executive session, claimed that based on a Facebook post by a group called XSOX, a contractual worker of Smartmatic leaked content of his work laptop.

Ocampo denied that the alleged incident compromised the upcoming May elections. 

“Please note, too, that Smartmatic's system wasn't hacked. What the former employee did is wrongdoing completely unrelated to Philippine elections and doesn't deserve to be called hacking. He downloaded non-sensitive, day-to-day operational materials from a repository readily available to all Smartmatic staff. He then shared it with individuals outside the company, who have attempted to blackmail Smartmatic for money,” Ocampo said.

NBI Cybercrime Division chief Vic Lorenzo said the NBI is looking at the possibility that the former employee is still in direct contact with the group XSOX that is allegedly behind a Facebook page that has claimed that it had allegedly hacked the website of various entities.

"May mga investigation stages pa kami that we have to fulfill for us to verify and prove that he is actually in direct participation of XSOX. But as of now, with the participation of Smartmatic, we are convinced that we could prosecute yung former employee ng Smartmatic for illegal access, and obstruction of justice. We are confident that we could wrap this up by the end of this month,” Lorenzo told the House committee members.

Smartmatic reiterated that the source code and software of the Automated Election System (AES) delivered by Smartmatic to Comelec “underwent exhaustive audits in the country and internationally” and that it went through “a rigorous review, led by the Comelec with the active participation of experts and representatives of political parties” and these were also accredited by an international certifying entity.

“We would like to highlight that as soon as the source code was officially turned over to Comelec, it went through an unbroken chain of custody that points to an AES that is wholly governed and controlled by Comelec,” Ocampo said.

Smartmatic said allegations of data breach should first be verified.

“This is the reason why Smartmatic humbly requests that these statements and alleged data be verified first, because right now it is just a source of speculation based on an anonymous group posting screenshots of data and photos on Facebook, which are not verified, and are very possibly fabricated or manipulated,” Ocampo said.

“Rest assured, Smartmatic has been coordinating with the proper entities to get to the bottom of the allegations and even the speculations. We have to fight disinformation head on. Instead of persecuting private companies, we urge authorities to apply the full might of the law in hunting down and prosecuting these criminals that threaten the very democracy of this country with disinformation,” he added.

Meanwhile, watchdog group Kontra Daya raised questions about the track record of Smartmatic as it pointed out that the source code review “has not has not been genuine” as the source code remains “proprietary or licensed, and not open source.”

“The fundamental problem with our AES is the presence of Smartmatic since 2010. Our issue with Smartmatic is not just because it is foreign-owned. The problem is the lack of full transparency on how it operates,” Kontra Daya’s Danilo Arao said before the House hearing. 

Arao explained that source code reviewers are exposed only to certain parts of the source code “and not its entirety.”

“Reviewers have only read the printout of the excerpts of the source code. They were not allowed to test the source code, much less take pictures of the printout so that they can test it at home,” Arao said, calling on the Comelec to “commit to open-source software.”

“We realize that we cannot make the changes now, but future election cycles can benefit from an open-source software,” Arao said as he asked the House of Representatives “to conduct further investigation on the track record of Smartmatic dating back to 2010,” saying that the conduct of source code reviews may have affected the election results.

“In the HOR's investigation, may we not forget the seven-hour delay in the release of election results and the glitches in the SD cards in the previous election cycle. It is about time that we focus on Smartmatic's track record, as no less than President Duterte himself suggested to the Comelec in 2019 that Smartmatic be disposed of and look for a new one that is free of fraud,” Arao said.

Comelec Commissioner George Garcia said the issue of alleged hacking will be on top of the agenda of the Comelec en banc’s meeting on Wednesday as it awaits results of the NBI’s investigation.


Watch more on iWantTFC