Philippines rejects voter registration deadline extension, upgrades IT systems

The Commission on Elections (Comelec) in the Philippines has denied a possible extension to the biometric voter registration procedures beyond January 31, reports the Manila Bulletin.

Comelec Chairman George Erwin Garcia made the announcement on Monday, saying that eligible applicants should take advantage of the Register Anywhere Program (RAP) as long as it is available.

RAP booths, which allow individuals to submit documents and have their biometrics captured, are also being added across the country following a December announcement suggesting the move.

A RAP booth was reportedly launched at the central office of the Department of Social Welfare and Development (DSWD) in Quezon City earlier this week, and more will be added between today (January 25) and tomorrow at the Senate of the Philippines in Pasay City and at the House of Representatives in Quezon City.

As of January 23, Garcia had confirmed roughly one million individuals had registered to vote.

NPC clears Comelec, Smartmatic of 2022 data breach

In an eventful second half of January, Comelec and its automated election system (AES) partner Smartmatic have also been cleared of responsibility by the National Privacy Commission (NPC) for a data breach that occurred in January 2022 and involved the theft of roughly 60GB of data.

More specifically, a statement provided by Comelec spokesperson John Rex Laudiangco suggests that the breaches in the servers of Comelec and Smartmatic affected survey forms and overseas voter lists.

A subsequent investigation allegedly revealed that Comelec and Smartmatic are not liable for the Concealment of Security Breaches Involving Sensitive Personal Information under Section 30 of the Data Privacy Act (DPA).

The breach does not allegedly involve sensitive personal information or information that may be used by threat actors to conduct identity fraud. Further, the unauthorized acquisition would not be likely to enable a real risk of serious harm.

“CID could not provide substantial evidence that directly links the alleged breach in Smartmatic’s servers to Comelec’s servers or system,” Laudiangco says. “Thus, Comelec may not be held liable for the violation of Section 30 of the DPA in relation to the overseas voters’ list.”

Comelec to establish cybersecurity division

In the wake of the breach that it has allegedly been cleared of, Comelec announced last week it would be upgrading its information technology (IT) infrastructure to increase security and prevent hacking in the future.

“We are continuously studying and training the use of new technology, especially those related to the elections, with the help of Commissioner (Nelson) Celis, who is a known IT expert,” Laudiangco explains.

At the same time, the Comelec spokesperson clarifies that the NPC did call for the prosecution of now-dismissed Smartmatic Ricardo Argana and other employees for either unauthorized access or international breach under Section 29 of the DPA.

As for the upgrade of its tech infrastructure, Laudiangco says the Commission will focus on hardening hardware solutions and deploying encryption across all software tools.

“This involves all the Comelec’s system, whether those directly related to the elections or in our day-to-day operations,” he explains.

“Our officials and personnel are currently training on cybersecurity so that we can already establish this new office, which is necessary if we are to keep in step with the advancement of technology.”

Article Topics

biometrics  |  cybersecurity  |  data privacy  |  elections  |  Philippines  |  Smartmatic  |  voter registration