Share this
Twitter
Digg
Del.icio.us
Reddit
Yahoo
Googlize this
Facebook
Export PDF
Print
E-mail
In 2005, Young Radicals, a group blog of youth netizens, introduced online protesting to the public by garnering enough support to “Google bomb the president” at the height of the Hello Garci scandal.
They got the idea from Internet activists in the United States who linked certain search words to manipulate the results of online search engines such as Google. The result: a search for key words “pekeng pangulo (fake president)” on any Google browser was directed to President Gloria Macapagal Arroyo’s website.
The youngradicals’ project was arguably the first of its kind in terms of interactive online protest and campaigning. Google bombing the president’s website, according to then youth activist-blogger-turned-legislator Raymond Palatino, was just one of the many ways Internet users could express their dissent against the Hello Garci controversy.
On January 3, 2008, hackers re-directed the websites of the Deparment of Justice, Philippine National Police Criminal Investigation and Detection Group and the Information Technology and Electronic Commerce Council to the official website of Enchanted Kingdom. The deed appeared to be a sarcastic commentary on a speech made by Pres. Arroyo in 2006 inviting the public to join her in realizing her own enchanted kingdom, the Philippines as a First World country in 20 years.
Unlike the Google bombers, however, the 2008 hackers remained anonymous and did not involve collective action from netizens. The DOJ initially investigated the incident but failed to catch the hackers. Time passed and the hacking incident just eventually earned its place in history as one of the first high-tech online practical jokes in the country.
Joke turned sinister
Online protest took on a more sophisticated, less wholesome and entirely sinister turn when five government websites, those of the Department of Health, Department of Social Welfare and Development, National Disaster Coordinating Council, Department of Labor and Employment and the Technical Education and Skills Development Authority, fell prey to hacking these recent weeks. The NDCC, ironically, is directly under the office of the secretary of National Defense.
Among them, the most controversial were the DOH hackers which depicted DOH Sec. Duque blowing a bunch of male genitalia; and the most recent, the TESDA hackers who were considered by far to be the most political in the message they left at the defaced website.
The TESDA hackers, in a second-page statement criticizing the Arroyo government and the Commission on Elections (Comelec) for commissioning a “vulnerable” poll automation system, also re-directed visitors to the website of Smartmatic.
Which raises the question: Had the series of recent infamous hacking of government websites been done in another period and in different contexts, would they have been also as easily regarded as harmless, funny even, online practical jokes?
A quick scan of initial and immediate reactions to the hacking of the TESDA website in Twitter messages offer an array of reactions ranging from awe and admiration to foreboding and apprehension.
Perhaps the most serious reactions point to the recent hacking incidents as a manifestation of the vulnerability of government websites, especially in a time when the country is preparing for a milestone IT project that could affect the lives of all Filipinos. This implication renders the hacking incidents as more than just a joke and something that has to be taken seriously. If these sites, government sites no less, can be hacked so easily, just how vulnerable is poll automation to technical glitches and intervention?
One Technews columnist even went so far as to ask his editor to inform a government agency that their system is prone to hacking due to old vulnerabilities, to which the operator of said government agency presumably replied, “Okay lang naman yon kung ma-hack eh, wala naman silang makukuha.”
The government, for its part, has also expressed concern. President Arroyo herself ordered the Commission on Information and Communications Technology (CICT) to conduct a probe on the matter. Presidential Spokesperson Gary Olivar, when asked for a reaction to the hackings, has asked Comelec and Smartmatic to step up online security measures for the poll automation.
Despite all these, however, the Comelec has refused requests from different concerned sectors to make public the source code of the software to be used for the Automated Elections System.
Poll automation at risk?
AESWatch2010 did not mince words in its recent assessment of the Comelec’s readiness for the country’s first ever automated polls when it said that poll automation is already imperiled.
It based its evaluation on the STAR (System, Trustworthiness, Accountability, Readiness) Scorecard which gauged the AES’s efficiency from the quality of machines, preparedness of the conduct of poll automation, compatibility of geographical and system requirements to the actual transmission and canvassing of votes.
Most glaring in the AESWatch 2010 assessment was the failure of Comelec and Smartmatic to release the source code. According to them, “RA 9369 Sec.12 was not complied with because the source code was not made available and open to any interested political party or groups which may conduct their own review. Thus putting in doubt the reliability and trustworthiness of the system.”
The source code is written by the programmer of the system. It will generate ALL the private-public key pairs needed for the teachers, Board of Election Inspectors (BEI) and the Board of Canvassers (BOC) to verify votes.
According to Dr. Pablo Manalastas, Phd, IT consultant and fellow of the Center for People Empowerment in Governance (CenPeg), the source code of any computer program is “the set of human readable computer programming instructions,” meaning to say that whoever is in knowledge of the source code will have control over the entire election process. The Comelec, by refusing to release the source code, effectively grants this sole privilege to Smartmatic alone, a foreign entity. For the first time, on election day, the BEI and BOC will see their set of private keys!
“In effect, the BEI will be signing with the Smartmatic private keys, so it is, in fact, Smartmatic that will sign ALL the precinct election returns, which is against the provision of RA 9369 on digital signing of the precinct ER,” Dr. Manalastas stresses.
The source code is also very relevant and integral to the trustworthiness of the automated polls because it in effect enables voter verification. The poll automation law states that the election system must provide the voter a system of verification to find out whether or not the machine has registered his choice. Making the source code public is one way to achieve this function.
Apart from the internal systems, vulnerabilities can also be evaluated in the preparations, thus affecting the actual conduct of elections in that of the quality and compatibility of the machines and the transmission of votes.
Based on Comelec’s latest calendar dated October 10, 2009, 10 out of 27 activities in preparation for poll automation have not yet been completed, among them the delivery of machines and software components. Cenpeg fears that these delays compromise succeeding tasks in the poll automation preparation timetable such as the certification of the system and the configuration of the machines. Furthermore, basic aspects such as transmission, the delivery and deployment of the machines are not yet in place.
If these pertinent measures for the safeguarding of the automated polls are found lacking barely over 100 days before election day, how can the government and the Comelec then assure the public that the hacking of the poll automation system, not unlike the previous hacking of government websites, can be prevented?
AESWatch’s plea to the Comelec is telling: Don’t hack it, prepare contingency plan now.
Photo: Smartmatic machines c/o Flickr. Some rights reserved.
Add this page to your favorite Social Bookmarking websites
