THE Manila Prosecutors Office has recommended the filing of a criminal complaint against new information and communications technology graduate Paul Biteng who admitted hacking the web site of the Commission on Elections (Comelec) recently.
Manila Chief Inquest Prosecutor Joven Senados said Biteng will be charged with a violation of the Cybercrime Prevention Act of 2012, specifically for illegal access, data interference and illegal use of devices.
The offense, according to Senados, is bailable for not less than P120,000 for each case.
The National Bureau of Investigation (NBI) arrested Biteng last week and he immediately admitted responsibility for the defacing of the web site of the poll body.
He, however, denied responsibility for the leakage of vital information of millions of registered Filipino voters in the Web.
The prosecutor found probable cause to file a case in court against Biteng based on the evidence presented by the NBI, including his computer and mobile phone, which were used in he alleged defacing of the Comelec web site.
The Comelec website was hacked by Anonymous Philippines on March 31. The poll body has warned registered voters whose personal data may have been part of the information released online by hackers to take precautionay steps by changing their e-mail passwords and alerting their credit-card providers.
The Comelec has also coordinated with the NBI to immediately take down the web site where the supposed personal information of registered Filipino voters can be accessed.
Comelec Spokesman James Jimenez admitted that the Comelec cannot prevent the data obtained by hackers from being posted anew through another web site since its host, where the hacked data was stored, is based in Russia.
He acknowledged that what the Comelec can do is to be on guard and take down any web site that would carry the data hacked from its system.
Meanwhile, the Center Law Philippines through lawyer Romel Bagares and Gilbert Andres said that the Comelec has the legal obligation under Section 20 (f) to notify the Data Privacy Commission and the 55 million registered voters registered about the breach in its system.
In a letter address to Comelec Chairman Andres Bautista, the group said the Comelec should inform those affected about the nature and extent of the breach, the sensitive information involved and the measures taken by the commission to address the breach.
The group warned the Comelec that under Section 30 of the Data Privacy Act, it is a crime to conceal security breaches involving sensitive personal information.
Such violation, the group added, may be meted with a penalty of imprisonment of one year and six months to five years and a fine of not less than P500,000, but not more than P1 million.
“Given the urgency of this matter—considering that as it has been nearly a month since the massive breach happened—we ask that the Comelec take immediate steps to so, within 24 hours from receipt of this letter.”