MANILA, Philippines - Prosecutors have recommended P600,000 bail for the temporary release of the 23-year-old information technology graduate arrested for allegedly hacking the website of the Commission on Elections (Comelec).

Paul Biteng underwent inquest proceedings yesterday after his arrest last week by agents of the National Bureau of Investigation (NBI) in his house in Sampaloc, Manila.

The P600,000 bail recommended for Biteng is for three separate offenses broken down into P200,000 each: illegal access, data interference and illegal use of devices.

The offenses are punishable with six to 12 years imprisonment under the Cybercrime Prevention Act.

Joven Senados, city inquest prosecutor, told The STAR they “still have to create information on our charge sheets” before filing charges with the court.

The Manila city prosecutor found probable cause to charge Biteng for defacement of the Comelec website on March 27. The hacking affected certain functions like the precinct finder and post finder for registered voters.

The logs from Biteng’s personal computer, as well as from his smartphone, could help the NBI strengthen the case against the suspect, authorities said.

Harold Alcantara, Biteng’s counsel, stressed his client had nothing to do with the defacement of the Comelec website or the leak of the supposed database of registered voters.

“He only works as a security analyst, whose job is to check the vulnerability of certain websites to hacking,” Alcantara said.

Shortly after the NBI and Comelec announced the arrest of Biteng last Wednesday, a website wehaveyourdata.com emerged, containing a search engine for 70 million Filipino voters.

The database, taken down a day after it came out, included voters’ names, birthdays, addresses and even passport numbers and fingerprint codes.

The NBI is still trying to identify the two others who might have colluded with Biteng in defacing the website.

Alcantara said Biteng is ready to post bail today once he receives a copy of the case being readied against him.

But as prosecutors are building up a case against Biteng, charges are also being readied against the Comelec over the alleged breach in its system that resulted in a massive leak of voter information.

Romel Bagares of the Center for International Law (CenterLaw) said they would file a complaint against the poll body for violating provisions of the Data Privacy Act.

CenterLaw, representing a research fellow of the Philippine Institute of Development Studies, also asked the Comelec to immediately report to the Data Privacy Commission (DPC) the real extent of the breach in its system.

Jose Ramon Albert, a former secretary general of the National Statistical Coordination Board and a member of the advisory council of the United Nations Global Pulse, said Comelec has the obligation to report the breach in compliance with the Data Privacy Act.

In a demand letter addressed to Comelec chairman Andres Bautista, Albert – through the CenterLaw – demanded that the poll body report the breach within 24 hours.

The Data Privacy Act mandates government agencies to notify the DPC and the affected subjects of the nature of the breach, including possibly compromised sensitive personal information as well as measures being taken to address the incident.

Evasive

Albert said Bautista and Comelec spokesman James Jimenez have been less than forthright in reporting about the breach and have even downplayed it by claiming the information leaked by hackers was publicly available anyway.

“It spared no one,” said Bagares and fellow lawyer Gilbert Andres also of CenterLaw, referring to personal information compromised. “It bears stressing that the personal information involved in the breach was not voluntarily provided by voters. In the first place, the Comelec obtained possession of the sensitive personal information by requiring voters to submit them.”

In the demand letter, CenterLaw noted that the apology issued by Jimenez for the creation of the dubious website has raised more questions than answers.

“The Comelec’s long silence on what has been dubbed as the worst incident of data theft in digital history is simply incomprehensible,” the demand letter read.

“The letter stresses the things Comelec should have already done as a result of this breach,” said Bagares in a separate text message to The STAR.

“With or without (compliance with the demand letter), we will file (a case)… The issue of liability is separate,” he added.

Comelec, for its part, said it would make sure no more hacker would attack its website as it seeks help from information technology experts to counter further threats to its system.

Bautista gave the assurance in Pangasinan as he cited the arrest of Biteng and the ongoing search for two other suspected hackers by the NBI.

He said computer and electronic paraphernalia seized from Biteng would undergo forensic investigation by the NBI.

The poll chief said they have launched an internal investigation to determine how the hacking became possible and what steps should be taken to prevent a repeat of the incident. – With Janvic Mateo, Jess Diaz, Eva Visperas