BBM camp files cybercrime complaints vs Smartmatic, COMELEC IT personnel

24 May 2016

The camp of Vice Presidential candidate Senator Ferdinand “Bongbong” R. Marcos Jr. today filed charges of violation of the Cybercrime Law against Smartmatic and the Commission on Elections (Comelec) personnel for illegally changing the script of the transparency server of the poll body on the night of the elections.

In a 15-page complaint filed before the Manila Prosecutor’s Office, Abakada Rep. Jonathan dela Cruz, Campaign Advisor of Senator Marcos, charged Smartmatic personnel Marlon Garcia, a Venezuelan national and head of the Technical Support Team; Elie Moreno, an Israeli national and Project Director and Neil Banigued and Mauricio Herrera, members of the Technical Support Team; and Comelec IT experts led by Rouie Peñalba, Nelson Herrera and Frances Mae Gonzalez who are all assigned at the Information Technology Department (ITD), for violation of Section 4(a) of the Cybercrime Prevention Act of 2012 or R.A. 10175.

Accompanied by lawyer Jose Amor Amorado, Head of the BBM Quick Count Center, Dela Cruz said the group clearly violated Section 4 (a) of the said law by intentionally altering computer data, without right and altering and interfering with the functioning of a computer and computer network by inputting, deleting and altering computer data and program, without right or authority.

Dela Cruz pointed out that the said respondents were tasked to ensure the credibility of the elections by manning the transparency server at the Pope Pius XII Catholic Center Building in Manila. No other personnel is allowed in the transparency server except the Comelec, through the ITD.

Despite such rules, according to Dela Cruz, respondents entered the transparency server and changed the script without authorization on the night of the elections when the transmission was in full swing. He said the server could not have been opened without the consent of the Comelec IT personnel because they had the other password to open it.

“They were all present when the script was changed by Smartmatic personnel and that despite the Comelec IT’s declaration that they did not authorize Smartmatic to change the script, that is a matter of defense because they had the other password. How then was Smartmatic able to open the server without getting the Comelec password? Their presence there constitute implicit consent to the change,” Amorado, in an interview after the filing, pointed out.

Dela Cruz said by such act, respondents committed a security breach in the AES (Automated Election System), particularly in the script of the transparency server, thereby, compromising the integrity and credibility of the 2016 elections, in addition likewise the confidentiality, integrity and availability of computer data and systems.”

The said act is punishable by imprisonment of at least six years to 12 years.

Dela Cruz added that they discovered the unauthorized intrusion exactly 24 hours later in the evening of May 10, 2016 when representatives of the United Nationalist Alliance (UNA) and Nationalist People’s Coalition (NPC) reported that the hash codes have been changed.

They then went to the transparency server and after a short investigation, Mauricio Herrera told them that they had changed the script because of a character in the name of the candidate.

“After a short investigation, Mauricio Herrera, SMARTMATIC engineer, reported that he has identified the issue with the inner hash. He explained at around 7:30pm on 9 May 2016 SMARTMATIC announced that they would release an update to the results file script that would fix a reported issue involving the “Ñ” character being replaced by the “?” character,” Dela Cruz said.

The partylist representative pointed out that the unauthorized change was confirmed by Peñalba and Moreno in their several official pronouncements.

Dela Cruz also pointed out that several Comelec Commissioners also confirmed that the change was illicit and unauthorized.

“Indeed, the act of “tweaking” the script of the transparency server caused widespread anxiety and concern amongst the nation. The lapses in protocol have undermined the credibility and integrity of the 2016 Elections including the confidentiality, integrity and availability afforded to computer data and systems,” he said.

He further stated that the defense of cosmetic change will not exculpate the respondents because of the nature and description of the offense. He said it is enough that the change was made without authority.

“From the above premises, respondents have committed a breach in the AES that violated the confidentiality, integrity and availability of the computer data and systems thereof,” he said.

Another criminal complaint for violation of R.A. 8436 as amended by R.A. 9369 or the Automated Election Law was earlier filed by Dela Cruz before the Comelec against Garcia, Moreno, Banigued and Peñalba for their authorized script change in the transparency server.