John Stan Lee Tayoto - John Dave Tayoto (Interview)

I: So good morning po sir uhhm,So I have four questions po uhhm regarding cyber security on elections
and may mga follow up din po based sa sagot niyo. Okay lang po ba sa inyo na mainterview kayo?

P: Okay, sige go.

I: Okay po so question number one, what are the perceived challenges COMELEC will encounter during
elections?

P: Uhh, Unang-una diyan is yung data transmission.Uhhm since ang Pilipinas ay isla, so magkakaroon
tayo ng problema sa network transfer. Uhhm yon, Pangalawa uhhh, yung readiness ng mga VCM o Vote
Counting Machines. So kailangan dapat. Kasi noon, may mga reports na nagkaroon ng sira or mga
pumalya dapat maayos nila ‘yon.

I: So I have a follow up question po uhhm, how will you describe the state of the country’s cyber security
specially for the election?

P: Uhhh, Tingin ko sa ngayon, medyo bata pa ang cyber security pagdating sa election since uhhh kaka
simula pa lang natin niyan uhhh meron pa namang time para maayos o mapolish yung kanilang cyber
security policies.

I: Okay po uhhm. Question number 2, how can the COMELEC ensure safe and fair elections utilizing the
technology for elections?

P: Uhhm, Sa tingin ko uhhm, dapat paigtingin pa yung technology or mas gumamit pa ng mas latest na
technology katulad ng cloud puwede nila I-consider ‘yon para hindi mahirapan ang transfer at data
processing.

I: May follow up questions po ako, what do you think would be the best change in our technology for us
to have a fair and safe elections?

P: Uhhm, Sa tingin ko, kailangan ng COMELEC magkaroon ng 3rd-party auditing firm. Kasi ngayon ang
kapartner nila ay Smartmatic. So kung magpapasok tayo ng pangatlong auditing firm, kailangan yung
auditing firm nayon ay open, transparent sa mga results ng mga ginagawa at mga results ng COMELEC
at ng Smartmatic na rin.

I: So may follow up questions pa din po ako uhhm. What should COMELEC do to prevent SD cards from
corrupting?

P: Uhh, Ang pwede nila gawin diyan ay una is kailangan reliable yung brand ng SD card at yung
performance maganda rin dapat uhhh na testing nila yan bago nila i-implement sa mga machines at dapat
yung backup meron din.
I: Another follow up question po uhhm, can we let cyber security independently secure the information of
people’s ballot during elections?

P: Uhhh, Sa tingin ko hindi independently or hindi tayo dapat mag-rely lang sa cyber security dahil uhhh
cyber security is just a part of a whole system. So kung mayroong mga part na hindi na masasakop ng
cyber security para ma-ensure ang security ng information so marami paring factors pero dapat nasa gitna
din ang cyber security diyan.

I: So question number 3, what are the strategies that can safeguard cyber security?

P: Uhhm, Cyber security kailangan uhhm lahat ng pagdadaanang proseso ay tested. Gaya nga ng sabi ko
kanina uhhm, makakatulong kung mayroon tayong 3rd-party auditor para makita kung saan mayroong
butas ang cyber security natin. At pangalawa, yun nga, yung mga proseso yung bawat papano nila
ginagawa o nai-implement yung cyber security.

I: Why does cyber security need to be reinforced in the upcoming elections?

P:Uhhm, Ayon, napaka importante niyan para makita o maintindihan ng mga mamamayan na seryoso ang
gobyerno para protektahan ang data natin at pwede rin siya maging precedence para sa mga iba pang
government offices na kailangan maimplement or makapag pa-implement ng magandang cyber security
policies sa buong sistema ng gobyerno.

I: So follow up question po uhhm, how do you prevent hackers from getting the sensitive information of
the voters for the upcoming elections in our country with our current technology?

P: Uhhh, Maraming paraan, maraming proseso, part ang cyber security para ma-prevent, ma-secure ang
data. Unang-una is yung tinatawag na “Server Hardening”. Dapat ay yung mga servers na ginagamit nila
ay tested. Dapat dumaan sa penetration testing. At pangalawa, yung security training ng mga staff
kailangan, kasi sabi nga uhhh mga tao, users ang pinaka weakest links ng cyber security so kailangan
trained silang mabuti and dapat uhhm, hindi sila, yon, trained sila i-secure yung data, hindi dapat sila
nababayaran. Something like that.

I: Okay po uhhm last question, what cyber security measures should be implemented?

P: Uhhh madami, uhhm unang-una sa mga hardware machines so kailangan yon tested nga uhhm reliable
kasama diyan yung kuryente. Pangalawa is ayon yung sa software uhhh kailangan tested din dumaan din
sa penetration testing at kailangan din uhhm pumasa sa mga tests na dapat uhhh dinadaan ng mga
systems.

I: So may follow up question pa po ako don, uhhm relate don, what cyber security protocols do you think
should be implemented?
P: Uhhh, yon uhhm pinaka importante nga is yung penetration testing so ito ay para sa software. Uhhh sa
hardware naman, ganon din uhhh kailangan din reliable yung mga machine pati yung mga specs tas uhhm
kailangan rin naka ayon dun sa services ng hino-host nilang server

I: So last na po na follow up, do you think COMELEC should upgrade the softwares used in the vote
counting machines?

P: Importante yan kasi ang updates sa mga software, mga upgrades ay uhhm na-aaddress yung mga bugs
tsaka may mga fixes din at natatanggal yung mga exploits na tinatawag at kadalasan yung mga uhhm,
updates ay naiiwasan din yung mga uhhm, usual na ginagawa para ma-hack o ma–attack ang isang system
gaya ng DDoS attacks uhhh phishing yung mga malwares ayan.

I: So ayon po uhhm, thank you po dahil nag pa interview po kayo. Thank you po ulit.

Ricardo Gayagoy Jr. - Kamilo Tan (Interview)

I: Without further ado, let’s now go to the first question po which is what are the perceived challenges
COMELEC will encounter during the elections?

R: Uhhh, ang isang challenge dyan is mostly cybersecurity nga since hindi naman highly informed lagi
ang Philipines sa mga, challenges sa electronic securities and ganon gawa ng, di tayo ganon kaupdated
about technology sa mga ganon.

I: Considering the technology to be used, do you think the Philippines is ready for the upcoming
elections?

R: Well, oo naman since meron na sila nung kiosk na ginagamit, ready naman sila. Problem nalang nila
ay yung pag safeguard nun.

I: Do you think the current vote-counting machines will be accurate?

R: Ou naman hanggang’t hindi sya natatampered. Mostly accurate since pagna programmed and
machined na rin naman, as is naman yon eh.

I: How will you describe the state of the country’s cybersecurity, especially for the election?

R: Hindi ko sya ganon kagamay kaso base sa experience and sa pagcheck ng mga site (inadubile). Kinda
low, gawa ng, mostly outdated kasi mga gamit na language sabay mga softwares na ginagamit, malimit sa
Philippines ay hindi, lincensed maagi o sa mga back-end lang siya ginagawa. Kaya not that good.

I: Uhh, ok. So for the question po, how can the COMELEC ensure safe and fair elections utilizing the
technology for elections?
R: Uhh, mostly proper security lang. Proper security ng data na ginagamit nila plus, at highly maintaned
yung mga ginagamit nilang kiosks para safe.

I: What do you think would be the best change in our technology for us to have fair and safe elections?

R: Uhh, same, proper security sa mga kiosks plus ano, good management since don magaano lahat eh,
once naman mabypass yung mga security at mga data leak, madali na siya madaya eh.

I: Can we let cybersecurity independently secure the information of people’s ballots during elections?

R: Yes dapat highly trusted sila plus known na strict ang security sa pagguard nila sa mga ballots.

I: Ok po, so for the third question po, What are the strategies that can safeguard cybersecurity?

R: Uhh, First is highly renowned dapat yung mga gamit nilang cybersecurity sa mga anti-hacking. Plus
yung kiosks nila, hindi dapat matatampered yung hardcoded na program sa machine para iwas tamper
plus pag may mga disconnect, dapat macheck lagi yung mga kiosks at dapat as is, so walang tamper
manyayari. Kasi most likely, yung mga marurunong kayang-kaya itamper yung kiosk eh kapag alam nila
yung way o paano siya nagawa.

I: Ok, How does cybersecurity play a role in elections?

R: Uhh, Highly since ngayon kasi yung kiosks na gamit natin sa pagboto eh, less na yung mga manual-
voting. So once na, may mga breach, easing-easy na madaya yung mga votes na masesent from central
database.

I: Why does cybersecurity need to be reinforced in the upcoming elections?

R: For mga fraud-voting at yung rigged elections kaya kailangan siya bigyan ng importansya.

I: How do you prevent hackers from getting the sensitive information of the voters for the upcoming
elections in our country with our current technology?

R: Uh, I say, proper handling lang ng mga (inaudible-9:53) information ng mga passwords or mga keys
para maacess yung mga data. At update nila lagi yung mga given software securites, license ng mga gamit
para most likely secured at less known sa mga hacks and back-end na hacking.

I: Ok, last question po for number four: What cyber security measures should be implemented?

R: Uh, First, best is sa database security since doon na iststore lahat ng data most likely sa mga elections.
Next ay sa kiosks key securities para di matampered yung mga kiosks kasi once na maedit, kayang-kaya
madaya yung counting nung ano eh at kailangan ng verification. Well next is di naman sya cybersecurity
kaso mostly personal lang sa kiosks, importante din naman may alam yung taong naggawa ng kiosk para
di siya madaya.
I: Like yung expert po sa gumawa ng ano, cybersecurity?

R: Nung sa mga kiosks, kung alam nila kung tampered yung kiosks kapag ka-ano, kasi mas (inaudible-
11:46) nababasa yung program data ng mga kiosks eh kasi nilalagay lang mga sa mga arduino o chips eh,
basta macheck lang nila yon para may verifications. Madali na ma-ano.

I: Do you think COMELEC should upgrade the softwares used in the vote-counting machines?

R: Yes kasi most updated yung mga softwares at mga database na ginagamit nila most secure kasi every
update at upgrade, may come in security features kasi yon yung pinapatch ng bawat upgrades.

I: Um,Ok po, uh, nakuha naman po lahat ng mga tanong, nasagutan naman po lahat ng mga kailangan.
Um, that will be all po para po sa interview po namin ngayon. Thank you po sa pagpaparticipate po sa
research namin and if wala na pong questions, you may now leave po, if ok na po mga sagot niyo.

I: Thank You Po.

Ricardo Gayagoy Jr.- John Joseph Ruru Campos (Interview)

Interviewer: Ricardo Gayagoy Jr.

Participant: Mr. John Joseph Ruru Campos

I: What are the perceived challenges that the Comelec encountered during elections po?

P: Sorry paulit.

I: Ung perceived challenges that the Comelec encountered during elections po?

P: uh okay uh first kasi ung cyber attacks kasi pwede yung mga cyber threats kasi during our
elections pwedeng sa malware uh backdoors o kaya ay ano malware or backdoors mga ganon kasi pwede
maging threats during election tsaka network security so sa tingin ko uhm pwedeng ay ulet ng question ok
lang?

I: Ok lang po. What are the perceived challenges that the Comelec encountered during elections po?

P: So un nga about sa malware siguro at tsaka network security

I: So follow up question naman po. Is considering the technology po na ginagamit po natin ngayon sa
PIlipinas. Do u think the Philippines is ready for the upcoming elections po?

P: Ofcourse (laughs) oo naman syempre.

I: Ah okay. Um how will you describe the state of the country's cybersecurity especially for the elections
po?

P: Ah paulet?

I: (Inhales) I describe niyo po yung state ng country’s cybersecurity po especially po sa elections po

ngayon

P: Sa tingin ko kasi kung comelec naman yung hahawak non eh mayroon silang strong network security
siguro di naman basta basta mapapasok ng ibang,ibang un unauthorized personnel ganon? Um siguro
kung sakaling mapasok yon ng mga unauthorized ang tingin ko siguro kung mapapasok lang yon sa loob
lang din ng security nila kasi imposible mapasok ng unauthorize yung isang isang system ng isang
comelec eh kung maintindihan niyo lang ung ug buong security nila. Um ayun siguro nasagot ko ba yung
tanong?

I: Okay. 2nd question naman po how can the Comelec ensure safe and fair elections utilizing the
technology for elections po?

P: Hmmm Paulet.

I: Pano po um maeensure yung security or safe at fair utilizing ng technology po natin ngayon sir. During
elections.

P: Hmm Siguro parehas lang din ng sagot ko sa sa una ung pag ung pag ung pag sesecure ng about sa
cyberthreats about sa malware sa backdoors tsaka sa network security ung pagpapatibay lang ng mga ung
mga yon ung tatlong yon kasi un lang yun ung sa tingin ko na pwede maging threat (stutters) during
election.

I: Ok po. So can we let cybersecurity independently secure the information of people’s ballots during
elections po?

P: Yes oo

I: Ok

P:un lang yun sagot don yes (laughs)

I: Ok ok.So number 3 question po is what are the strategies that can safeguard cyber securities po?

P: Hmmm Paulet?

I: (inhales) What are the strategies that can safeguard cyber securities po?
P: Safeguard?
I: Opo.

P: Ah ok. Parang ganun lang din eh ung ung sagot don eh parang parehas lang nung ung pano maiiwasan
ung about sa threat sa pagpapatibay ng network security nila and sobrang hirap kasi
Pasukin nung nung system nila kung iisipin.

I: Hmmm

P: Siguro kung para hindi mapasok maprotektahan lang nila ung more more security sa system security
talaga tsaka lalo na sa internet sa IOT security kasi ung IOT uh security smart device and ano bayon?
Mga network niya nakakabit sa device kunwari uh dun sa pagbibilang ng ballota is ang gamit nila is
parang laptop ganon merong mga internet connection un pwedeng mapasok nung ibang unauthorized
person mga ganon siguro ang pagpapatibay lang nila doon is ung network security ulet ganon.

I: Oh (amazed).

P: Lalo na pati ung application security ung ayun yun lang.

I: Ok. Sooo why does cybersecurity need to be i-reinforced in the upcoming elections po?

P: Sobrang kailangan nila ng cybersecurity. Kasi maraming tao ang gagamit nung um maraming tao ang
boboto so marami ding kailangan na device na kailangang gamitin so kailangan talaga ung mga bawat
device na gamitin nila is cyber secured para maging fare ung botohan at ang pagbibila ang Pagbibibilang
also.

I: Mmmm ok. Number 4 question po last. What cybersecurity measures should be implemented like
softwares or anti anti hacks po parang ganon po.

P: (Dog Barking) Uh wait babasahin ko nga ung ano ung question. What cybersecurity measures should
be implemented?

I: Yes po.

P: Ah ok. Siguro more on network security talaga ngayon kasi dun tayo laging nadadali about sa ano
(7:26 inaudible).

I: Mmm

P: Parang lagi application security lang at at network security yung pwede nating ma implement ng
comelec eh para ma para masabing nating cyber secured yung election. Ayun.
I: So one more follow up question po. Do you think the Comelec should upgrade the softwares used in the
vote counting machines?
P: sa tingin ko oo. Kasi ung ung ginagam Ang alam ko kasi about sa ginagamit ngayon na app is
upgraded na di na yung tulad ng dati na sobrang dali pasukin ung tipong kunwari ang basa don sa isang
vote sa isang boto halimbawa lang to ha? Is Bong Bong Marcos ang mababasa is Leni ganon kasi
nangyari yan nung 2016 biglang naubos yung biglaan naging power nag brownout ba ganon? Parang
ganon ung tendency nila eh nag brownout tapos biglang nabago agad yung vote or Leni lahat yung boto at
ngayon maraming nakita ko nung pag ano uh sa mga nung binuksan ko ug kelan ba yon? February yata o
March may kumalat na mga soft mga balita o kaya about cybersecurity na kayang pasukin ng
unauthorized person ung ung system na kaya nilag baguhin ung kunwari ung ung isa nakapangalan na
Manny Pacquiao kaya nilang baguhin ung Bong Bong Marcos lahat ganyun ganun. Un lang.

I:Mmm So may na breach noon sir?

P: Yes meron

I: Parang ganon ba? Ah ok. Soo Let's see. I guess ayun lahat po ng mga tanong na sagutan niyo naman
po.Uh I think we can conclude this na pong interview na po to. That would be all po for today. Thank you
po sa pag pa participate po sa amin sa in sa interview po sa research.

P: Sorry ah kakagising ko lang din kasi.

I: Its ok po Its ok po sir at least po nakapag sagot po tayo ngayon. Pwede na po kayo mag leave if wala na
po kayong questions.

Airish Ilustre - Donald Soriano (Interview)

I: So for the first question po, What are the perceived challenges COMELEC will encounter during
elections po?

R: Well, for me, based on our, uh, experience from the past elections, um, that is, uh, feeding the ballot into
the machine. And of course the long queues, ibig sabihin, uh, the past election, uh, mayroon tayong
naexperience, yung pagfefeed ng mga ballot, nagkakaroon tayo ng error right. So yan ang past,uh,problem.
And of course, nagkakaroon siya ng long queue meaning, natatagalan siya basahin okay. That's why
maririnig natin sa balita ngayon, nagkaroon sila ng simulation. Okay, so sa simulation na yon they have
400, uh, ballots and then mayroon silang nagkaroon na actual votes 390 out of the 400. So we expect yung
map election. So ibig sabihin nun yung actual total number of registered voters, right? So let's say 390 ,
400, we expected, uh, 400, but yung naging actual lang is 390, right? So sa ngayon, nagkaroon sila ng
successful election process from voting to canvasing of votes for now. So, tama lang na nagkaroon tayo ng,
uh, ng simulation kasi matagal naman tayong nagkaroon na tinatawag na EVM, so EVM, meaning
electronic voting machine, right? So para mapabilis yung ating elections. So for me, yan yung number one,
yung number one is feeding of the ballot into the machine at long queues ng ating, uh, votes. Yan yung
challenges.

I: So for the follow-up question po, uh, considering the technology to be used, do you think the Philippines
is ready for the upcoming elections?
R: Yes, because we have, uh, EVM or when you said EVM, that is like I said, I, like I mentioned earlier,
that is electronic voting machine, so our EVM are ready. Okay. And deployed, uh, in a different, uh, sa mga
bayan- bayan diba kumbaga sa probinsya dindeploy natin yan, available na siya and ready na tayo yes.

I: So next po for the following up, follow question po, uh, do you think the current vote counting machines
will be accurate po sir?

R: Yes. You know, why bakit, uh, you know, yes, it'll be an accurate kasi. Uh, like I said, nagkaroon tayo
ng 400, uh, kanina nabanggit ko, nagkaroon tayo ng 400 yung simulation, and ang actual vote natin, uh, I
heard the news 390. That is simulation so then yung real number non (inaudible-4:54) pressing. So, uh,
successful naman based on the simulation ng COMELEC, ok. Lalo ngayon mas mararami
magpaparticipate. Right. Alam kong naririnig nyo yan, maraming mas magpaparticipate ng mga, lalo na
yung mga kabataan this coming election. So maganda naging open ang COMELEC na nagkaroon sila ng
simulations doon sa mga, uh, tinatawag nating (stutters), I mean yung simulations ng pagload diba ng mga,
tawag dito, nung mga ballot doon sa machine and nagkaroon din ng mabilis na pagbasa doon sa EVM, yes.

I: Lastly sir, sa follow up question po sa number one. How will you describe the state of the country’s
cybersecurity, especially for the election po sir?

R: Um, Airish, ako sisimulan ko dalawang klase lang, when it comes cybersecurity, dalawa lang sasabihin
ko, una yung voter registration process, kailangan magkaroon ito ng security of voter registration. Laging
nating tandaan yon kasi yung voter registration process, uh, dapat yung registration sa database, ay, hindi
magkaroon ng inherently vulnerable area. Ano ibig kong sabihin? Dapat yung voter registration
madetermine natin maging legitimate, bakit kamo? Dahil, um, kung hindi ito magiging legitimate,
halimbawa na stolen, nagamit socially, kumbaga nagamit siya socially engineered yung voter behavior. So
maririnig naman natin siguro yung naencrypt yung data. Dapat hindi siya maeencrypt diba, so, kumbaga
hindi siya mabubuksan, so dapat yung data, become unusable diba. Kasi yung voter, halimbawa ikaw
Airish, um, nagregister ka, dumaan ka sa tamang process, so kailangan yung data ng voter na yon, hindi
sya magamit o hindi siya manakaw sa kung saan man database nakastore yung ating, uh, ating data ng mga
Filipino., Like kung naririnig natin way back 2016. Diba may nagkaroon ng hacker anonymous pero
maganda naman yung hacking na nangyare kasi iniinform lang nila yung COMELEC, na napepenetrate
nila yung kanilang website. Ininform lang na isecure nila dapat yung lahat ng registration, uh, voter
registrationng mga FIlipino. Yan yung number one voter registration process must secured at hindi dapat
na dedecrypt. Okay. Dahil ang sinasabi ko hindi dapat siya, uh, maging legitimate voter dapat lahat.

Okay. On top of the data na sinasabi kong voter registration process, kailangan yung, hindi dapat magkaroon
data breach, sa data privacy dahil, um, dahil nga kailangan maalagaan natin yung personal identifiable
information, o yung tinatawag natin TII during the voter registration process, yon yung number one tandaan
mo, and number two, doon sa follow-up question mo. Doon na nagkakaroon yung sa actual electoral
process, anp ibig sabihin natin by electoral process? Ito na yung actual na bumuboto ka diba, so during the
vote counting process, so diba, uh, bumuboto na tayo then iniiscan na cinocount na agad yung ng machine
eh diba, ng VCM.So kailangan at the end of the election, kailangan lahat ng vote ng election return,
matransmit agad doon sa central transparency ng server. Ibig sabihin, naibabato na agad sa server diba,
yung bumuto halimbawa si Airish, si Donald bumoto kaagad, kasi ang talagang tamang process dyan. Uh,
mascan, kaya nga iniiscan kaagad yon eh. Mascan then yung counting machine (VCM) at the end of the
elections, sabi ko nga maaggregate lahat ng votes sa election returns. So yung transmitted, uh, sa lahat ng
central transparency server. So ibig sabihin from there, yung result ng collected at transmitted , uh, sa board
of the canvassers ng municipal provincial at state levels diba. Lagi nating tandaan yan, associated data
networks. So dapat hindi naiiiwan unsecured at quite vulnerable sa cyber threats, oh diba. Yun lang ang
dalawang tatandaan ninyo palagi voter registration process must be legitimate, actual electrical process
must secure during transmission.

I: Nagkaidea po ako kahit papano (laughs).

R: Kasi, ano, katulad ngayon ang election May 2022 ay talagang dyan tayo nakakatutok. So kung naririnig
nyo nagkakaroon tayo ng threat like ransomware. So during election, nagkakaroon for example, hopefully
hindi naman man, unsecured election returns data. And I intercepted. So during the transmission process
ng hacker. Bakit?, kasi nagsteal sya with holes in data by encrypting it and turn so yung, halimbawa okay.
Nagkaroon na nga ng ransom doon na dinedemand ng ransom na magprovide ka ng, uh, nagdedemands
kana sa ransom to provide the decryption key. So ibig sabihin yung hacker ninanakaw na niya yung data
and then gumagamit na sya ng encryption took cover up the (inaudible-11:01) diba, so example nga lang,
it serve the (inaudible-11:06) importance of securing this network connection in the first place as even just
the process connected the network. So make it kailangan yung data ay vulnerable, so yon yung down the
line, na sinasabi kong voter registration process and Al actual electoral process, kailangan yon yung maopen
sa lahat ng voters ngayon, (inaudible-11:31) and government ay open naman diba. so kailangan lang
paliwanagan kung paano magkakaroon ng, um, data breach o tinatawag natin nga na data security threat,
diba yun lang naman eh, very simple, so kelangan, uh, effective controls noh, effective control na hindi
maacess yung data, and clearly define yung data na hindi maacess ng iba. Okay?

I: Okay po, yes, so for the second question po (interrupted).

R: Add ko lang din Airish para magkaroon ka ng idea.

I: Opo.

R: Kung naririnig mo dapat yung COMELEC Has reliable back-up. Ok?Kung sakali magkaroon ng
cybersecurity na threat o hack, kailangan during that time magkaroon ng back-up ang COMELEC dahil
whatever happened, di mo man maacess to yung back-up mo will help those to preserve the integrity of the
election return, tama?

I: Opo.

R: Will help the integrity election return data, and also provide a guarantee ng data na hindi maapektuhan
in the event na magkaroon ng ransomware andthat is my, my personal opinion na dapat gawin ng
COMELEC.
I: Yes po, So sir, should I proceed for the question number 2 po?

R: Yes.
I: Okay, for the question number two po, How can the COMELEC ensure safe and fair elections utilizing
the technology for elections?

R: Well, for me, una na nga nasabi ko para maging ensure safe and per election utilizing, yun nga, uh,
kailangan during transmissions diba ng mga, uh, vote (inaudible-13:29) returns natin. Kailangan yon talaga
matransmit agad sa servers Uh, uh, ang inisiip kasi natin ngayon, paano magiging safe at magiging fair
yung elections, diba? Kailangan talaga tignan ng mabuti yung transmission like per ano yan eh,um, yung
nabanggit ko kanina like yung nabanggit ko kanina sa per municipal diba, um, tawag dito, yon. Para maging
fair siya so kailangan pagkatapos masend ng maayos yung mga votes returns sa server, or sa mgamunicipal
kasi mayroon tayong tinatawag na vote counting machine, right. Ayon kailangan matighten security natin,
yung measures ng voting, uh, counting machines katulad nung ginamit natin sa 2016,presidential elections
kung matantandaan niyo yon.

I: So, sir, for the follow up question po, uh, what do you think would be the best change in our technology
for us to have fair and safe elections po? Katulad nung kanina po uli.

R: Number one? Yes. Uh, stable internet, lagi natin iniisip yan kasi alam ko sa mga lahat ng aspirant
president ngayon na tumatakbo, isa yan sa kanyang plataporma. Bakit kamo? Kung saan bawat municipal
magkakaroon ng stable internet (inaudible-15:22), um, pag yung ballot inano mo na kaagad sa machine
then doon sa mismong precinct na yon, automatically dapat pagqueue o magbasa ng ballot mo, return bato
agad sa server. Pero kung ikaw mayroon kang weak internet, mahirap.

I: Mahirap po, so next po, for the follow question po, What should COMELEC do to prevent SD cards from
corrupting?

R: Well, ang sagot ko lang dyan, dapat encrypted. Pagsinabi nating encrypted, hindi agad-agad mabubuksan
ng kahit sino man. Halimabawa, kasi alam mo naman ibig sabihin ng SD card. Ang SD cards kasi dyan
sinisave lahat ng mga votes natin, diba? So, number one dapat hindi siya nadedecrypt, ibig sabihin di agad
nabubuksan. So yung authorized personnel lang dapat kahit yan ay, uh, halimbawa like 2016`kung
matatandaan natin, nagkaroon ng nakawan ng SD cards diba. So nakawin nya yon o sabihin natin, number
one, nakawin or (inaudible-16:35) yon, dapat hindi talaga sya na dedecrypt o mabubuksan authorized by
the DICT (The Department of Information and Communications Technology) government should be the
authorized and also the COMELEC kahit nga COMELEC, basta dapat DICT lang. Yon lang yung sagot
dyan, hindi dapat manakaw man o itabi man yan ay dapat good encrypted.

I: Sir, for the last follow-up question po for number two po, can we let cybersecurity independently secure
the information of people’s ballots during elections?

R: Well for me, kung sasabihin mo ang cybersecurity independently, kasi magkakaroon, halimbawa
pagsinabi ba nating independently, kailangan itong kinuha mong, uh, third party, diba si government tapos
ito yung third party. So, parang, uh, pinagbabayaan sa kanila na sila yung bahala, for the security ng mga
ballots natin na information, people ballots during election. So for me, kailangan, uh, for me ah, kung ako
tatanungin mo dahil nga, um, like yung mga nangyare sa Smartmatic before, nawalan tayo ng people trust,
diba? Pero sa ngayon, I believe ang nangyaring process ngayon, si Smartmatic nagprprovide nalang siya
ng system pero at that time wala nang pake alam si Smartmatic. Si government na ang may pakalam nung
may mga precinct nga. Kasi dapat talaga, walang participation ang Smartatic with, with, with the, um, the
ballots to return kasi, halimbawa, binentahan kita ng cellphone pero wala na akong pake alam don,
nagprovide lang ako ng software sayo, ikaw na bahala magprotect ng data mo, ganon. So hindi dapat siya,
for me ah, kung yon yung interpretation nung question na yan , hindi dapat magkaroon ng third-party, the
government should be the one liable at maglagay sya ng tao doon, well meron naman talaga then DICT na
isecure yung data at maging transparent sa Pilipino para yung trust , uh, electronic data, uh, voting, uh, not
in processing and hindi magkaroon sila ng perception. Where what I mean to say, maling paniniwala na
nangdadaya pa din, diba?

I: Opo, so, sir, let's proceed to the third question po with three follow up questions for, uh, for number three,
what are the strategies that can safeguard or to protect something in cybersecurity po sir?

R: Well, isa lang naman ang laging sasabihin dyan, cybersecurity play a role in election. Number one,
kailangan talaga ay hindi nadedecrypt ang ating ballot returns sa server o magkaroon man ng hacking at
number two, talagang kailangan dapat may back-up para mapanatili lang, magkaroon man ng hacking, at
least mayroon kang makukuhang back-up kasi kapag nahack na yan Airish (inaudible-20:12) sayo eh. Ok,
kung may back-up ka, kailangan yon yung (inaudible-20:15) pero, of course kailangan yon yung currently
pinagaaralan ngayon ng DICT or the agency of the government na itaas yung level ng security kasi ilalagay
kita doon sa actual na nangyayari ngayon na ginawa DICT which is tamang proseso yon at kailangan of
course, maginvest when it comes sa security to safeguard our data. Pero sa ngayon, ang dapat gawin nila
ay dahil andyan, lagi dapat talagang encrypted noh and secured yung may back-up. Yon lang yung the best
na magagawa sa ngayon.

I: So for the follow up question, but how does cybersecurity play a role in elections po?

R: Well, ang cybersecurity kasi , um, yung pinapanatag nito sa mga Filipino na hindi madadaya sa madaling
salita, lagi naman ganon eh, diba, hindi madadaya at hindi mababaniwala ang kanilang vote, halimbawa
doon sa talagang, kanilang ineendorso na aspirant president, vice president and Senatoral. So ang, yon,
kailangan talaga matanggal yung perception ng mga Filipinos , hopefully siguro narining mo na yung, wag
na natin magbanggit, that was way back 2016, na nagkaroon, natulog lang (laughs), pagkatapos nalamang
na yung isa. So kailangan matanggal na yon, well doon pa rin ako kasi I'm intact naman with the
government, uh, news updates kasi sinusundan ko palagi yon, as an IT professional sinsundan ko a lot, lagi
talaga may butas naririnig natin diba kumbaga manonood ka sa TV or whatsoever pero kasi kailangan
makita ano ba yung ginagawa hakbang ng ahensya DICT para lang di matamper yung security diba, kung
maininforce yung kailangan, ngayon we have only 38 days, right this coming election. So yung
cybersecurity need talaga to reinforce yung, uh, like katulad ngayon naririnig natin baka daw magkaroo ng
blackout, oh diba (laughs). Aware ka don. Isa pa yon, na kailangan, for me, AIrish kung magkaroon man
ng blackout ha, diba mayroon VCM yung voting counting machine machines atska yung counting
machines, iiisa yon kung san nagcocount, diba. Then yung machine naman kung saan naten, if, um, ano
tawag dito, ang tawag doon sa machine na yon ay, uh, already mentioned it earlier. Yung EVM diba, right.
The electronic voting machine may, may SD card yon eh diba. Kung sakali magkaroon naman ng blackout,
hindi naman kaagad matratransmit eh. Ibig sabihin, um, mayroon naman back-up yon eh. May back-up
(inaudible-23:40) naman yung EVM diba yung electronic,uh, voting machine. So, patuloy pa rin ang
pagfeed don pagkatapos bumuto ng isang voter, diba. So given the situation nagkaroon brownout, Airish,
so tuloy pa rin dapat kasi may back-up naman so kapag nagkaroon na ng kuryente, narestore na. That is the
time na pwede mong isend uli yung tawag dito yung vote natin, sa na bumuto, kaya pede uli yon isend.
Kaya di ko nakikita na magkakaroon pa ng dayaan. Number one, yung VM natin may back-up naman, tuloy
pa rin pede makaboto dahil yung pagbibilog naman sa ballpen, di naman kailangan ng kuryente yon eh
(laughs) bilog-bilog ka lang. So yung machine naman, mayroong UPS yon, diba. So tuloy ka lang, kung di
man masend ngayon doon sa counting machines, later kapag nagkaroon ng kuryente , I think safe pa rin
and number two, katulad ng sinabi ko kanina, lagi ako babalik, dapat encrypted ang SD card. do you think
maano pa siya,uh, mahahack pa sya and, uh, I don't think na magkakaroon pa ng dayaan sa aking pananaw
ha, kasi yun na yon eh,ingatan mabuti and siguro naman bawat aspirant, uh, mga kanditato o president,
vice-president, meron naman na tinatawag na nakabantay diba. YON, yon yung nakikita ko. (inaudible-
25:25) (laughs).

I: Ayon nga po Sir eh, so for lastly po, follow up question po, how do you prevent hackers from getting the
sensitive information of the voters for the upcoming elections in our country with our current technology?

R: How? Saan ba tayo?

I:Uh, how do you prevent, niremove ko po yung isang question since nasagot naman na po? So three letter
C po, how do you prevent hackers from getting the sensitive information of the voters for the upcoming
elections in our country with our current technology?

R: Well, babalikan ko uli yung sinabi ko Airish (laughs), Doon sa actual electoral process. Diba, tama lang
naman yung mga questions na naka line-up. Well, to prevent, like I said, like I said, lagi akong babalik.
Unang-una dapat lagi nating, security of the voter registration database, isa yan sa example na dapat
inherently vulnerable service area. Okay, doon palang, kung ang registration ay nahahack na nila at
pagdating sa actual, why not? DIba, so both the registration kailangan maging lagi kong sinabi, maging
legitimate voter and, uh, or syempre, critical information dapat hindi talaga tulad ng sinasabi mo, hindi
talaga siya mastolen at hindi socially naengineered yung voter behiavior tapos may naencrypt yung data in
such a way data na yon for the database become unusable or manipulate yung data to produce more voters
yun yon eh, diba, where in fact, not legitimate on top of the data, integrity na yan, associated with the data
breach yung data privacy na lagi kong sinasabi, (inaudible-27:28) of legitimate voters that have given their
personally identified information during the voter registration, yon kunin mo yon, then okay. Balik uli tayo
sa actual electoral process, (inaudible-27:43) babalik talaga diba, oh (laughs). Yun nga, sinasabi ko palagi
during the vote counting processing ballots built by the, by the registered voters first is scan by the vote
counting machine in VCMs. So, and at the end in election day na iyon, yung VCMs aggregate both votes
in the election return. So which transmitted to the central yung sinabi ko kanina transparency server, so yon
yung lagi nating mababanggit sa balita. So from there yung results ng collected and transmitted to the board
of canvassers, at don syempre sa municipal, provincial state level associated with data networks. So wag
natin iiwanan left unsecured and quite vulnerable to the cyber threats. Okay?

I: And, uh, lastly, last question po sir, lastly, uh, what cybersecurity measures should we implement po sir?
R: Oh, well,tatlong bagay lang pwedeng sabihin talaga dyan, K. Ngayon pinagaaralan ng DICT, to well,
budget pa rin naman talaga dapat eh, diba. Yung itinaas yung level para magkaroon, kasi kung wala kang
platforms, or magandang platforms for the, uh, halimbawa, the DICT, di mo talaga masusunod yung
protocols, diba. Kailangan magkaroon sila ng mataas na level ng measurement ng kung ano man ginagawa
ng, kasi sa private katulad namin. Private, ok, naglalagay kami ng fire pole diba, internet, naglalagay kami,
from the internet, open yan, so kailangan magkaroon ng fire wall then sa firewall na yon nagkakaroon tayo
ng policy, para di tayo nakikita sa labas kumbaga ganon din dapat yung DICT or yung COMELEC yung
database natin, kailangan kung gumagamit ka man ng internet. So pero yung firewall mo, hindi ka nakikita
yung loob ng database mo,yung yon dapat gawin din ng DICT and I think yon naman yung ginagawa
ngayon ng DICT ng government, diba.

I: Opo sir.

R: So para masunod nila yung protocols, kasi syempre online na ngayon, so lahat naman kasi in a technical
way, kapag ikaw ay may internet, kahit sino man service provider, kapag open ka, open ka talaga so hindi
ka secured, so kailangan lagyan ng firewall na, uh, doon na pumapasok yung cybersecurity, hindi kana
naaccess, yon yung layman's terms ko, para di nagkakaroon ng tinatawag nating data breach or tinatawag
natin leak of data pero kasi, Airish. Share ko lang yung nangyare, that was two weeks ago, nabalitaan niyo
siguro yon na yung isang stop ng COMELEC, diba?

I:Opo sir.

R: (inaudible-30:43) ng data, diba, may (inaudible-30:46) siyang data right. (inaudible-30:48) siyang data,
pero ang excuses nyan, luma naman daw yon. Luma naman daw yung mga data pero for me, walang data
breach tandaan mo yan, walang leak of data pero dapat ka pa rin kasuhan. Bakit kamo? Dahil any data na
nagtrtrabaho sa COMELEC luma o bago yan, kakasuhan ka bakit ka nagpakopya ng data? Ang usapan
dyan, di ka dapat lalabas ng data, yon yung, kasi ngayon. Ang iniisip ng mga Filipino ay "ay, naglabas siya
ng data, oh excuses nalang, luma pero sabi ng COMELEC, di naman daw makakaapekto yon". Pero
syempre, binibigyan nating yung mga Filipino ng perceptions o maling paniniwala pero for me, kung ako
tatanungin, okay. Given hindi ka nagkaroon ng data breach, hindi nagleak o bakit ka nagpakopya ng datos,
eh ang laman nyan is almost COMELEC data pero dapat pa rin kasuhan yung (inaudible-31:51). Dapat
imbestigahan pa rin, like sinasabi ko, walang data breach, walang leak, pero bawal pa rin yung ginawa mo
kasi nagpakopya ka ng data ng laman eh puro, lalong lalo yung usapin ay eleksyon, diba?

I: Opo sir.

R: Yon yung bibigay na idea sayo, para at least yung mga Filipino o kayong mga estudyante, "onga noh,
kayo naba nabalitaan na hindi naman makakaapekto pero lagi naging tatandaan, sundin natin ang batas
kahit luma, lalo na kung luma pa yung data nya. (inaudible-32:24), bawal ka pa rin magpakopya through
USB o kahit saan man yan. Kasi dapat dumaan yon Airish, halinbawa, nagpapakopya siya, dumaan pa rin
yon sa supervision kung sino naman yung nagreport.Approve pa nila kung kailangan kopyahin yung data,
at least dumaan sa tamang proseso, alam ng COMELEC, alam ng media, uh, na dumaan sa tamang proseso
na alin sunod sa batas, diba. Kasi nagkokopya ka ng data, dumaan ba sa tamang proseso, inapprove ba yon,
di nga nila sinabi, pero isa lang comment ko don. Dapat talaga kasuhan, kahi walang breach or walang leak
kasi naglabas ka ng date eh. Eh mainit na usapin yung eleksyon, diba.

I: Opo sir, lalo na ngayon sir, mainit po.

R: Kung paano mo tuloy ang mga kabataan, binibigyan mo silang ng maling, uh, paniniwala, kasi wala
naman alam yung lahat about sa data security diba. Sundin nalang natin yung batas, kasi may batas naman
tayo dyan that was created, uh, sorry if I'm mistaken from since, uh, 1998 in preparations of , uh, electronics,
uh, voting to give uo an idea.

I: Question po dalawang follow-up questions po, last na po ito, uh, What cybersecurity protocols do you
think should be implemented po sir?

R: Actually, parang nabanggit ko na yata (laughs). Sa B nalang tayo.

I: Opo (laughs), sa B nalang po sir, do you think COMELEC should upgrade the softwares used in the vote-
counting machines?

R: Yes. Bakit? Bakit kamo kailangan iupgrade kasi ang BIOS ay naguupgrade, so dapat yung, sabihin na,
simplehan nalang natin, ang purpose kasi ng paguupgrade ng mga softwares, eh para, halimbawa, sa mga
hacking para nababasa rin kung ano mga attempt o tempt na dapat magawa kasi yung virus naguupgrade.
So dapat yung antivirus naguupdate din in the leyman's terms . So dapat yung COMELEC,uhm software
upgraded in para, magkaroon ng added security, diba, kapag di mo inupdate parang cellphone, kapag di mo
inupdate, hindi hindi secured and then yung ibang mga features then, di mo rin magagamit,uh
mapapakinabangan, so kapag sinabi mong upgrade, ito ay pinpadagdag lang ang security ng softwares para
sa (inaudible-35:26) and hacking, yon yung purpose talaga non. HIndi po pwedeng ang software way back,
kelan ba tayo, di nga lang 2016 diba? Nagkaroon tayo ng EVMs, diba. We got, after five years. And let's
say 2000, if I mistaken, uh, 2011, alam ko yon yung nagkaroon tayo ng ano, diba. So on purpose talaga ng
upgrade is security added. Yun yon kaya nagupgrade.

Airish Ilustre - MELON MOYO (Interview)

I: Since you are an IT specialist I believe that you can help. But first, this study aims to understand the
importance of strengthening cyber security to combat cyber attacks and issues on vote counting machines
(inaudible) 2022 national elections to obtain all essential knowledge, data, and information. The research
sought to answer the questions as follow. So here is the question po. I have four questions with follow-up
two to three questions po. Are you ready Kuya?

P: Okay sige go.

I: Sige. For the number 1 question, what are the perceived challenges COMELEC will encounter during
elections?

P: Uhhh for me, uhhh tough challenges dito na magiging (inaudible)comelec is yung uhhh data breach
hacking. So uhhm, sa ngayon kasi uhhm pinaka laganap pa ngayon is hacking and uhhh data breach. Uhhh
so in terms of uhhh challenges that (inaudible) so ito yung possible na pwede nila maging problem during
election.

I: Okay po. For the follow up question kuya, considering the technology to be used, do you think the
Philippines is ready for the upcoming elections?

P: Uhhh I think yes, So meron naman silang laging time to prepare. So Philippines are always prepared for
the incoming elections. But uhhh syempre in terms of cyber security, no one knows everything to be happen
during that election.

I: Okay uhhh thank you. For the next follow up question po, do you think the current vote counting machines
will be accurate?

P: So for me it’s yes, since uhhh they are getting the right device uhhh they are planning, they got uhhh
wide research before they get the right machine for their voting equipments. So they are prepared but uhhh
issues are always coming so no one will uhhh… walang makakapag sabi na ganon ba talaga ka accurate
pero as far as I see they invest so the COMELEC will always get uhhh assured what they got from their
what they invest.

I: Lastly for the follow up question po sa number 1, how will you describe the state of the country’s cyber
security especially for the election?

P: Uhhh.

I: Like does our cyber security needs to be improve? Improvement po?

P: Uhhh for me, di pa gaanong katatag yung cyber security (inaudible) Philippines. So recently may mga
issues na hindi maiiwasan may mga na ha-hack na websites. So ito yung kailangan pang i-invest ng mga
research and ma–invest na maayos ng government natin to provide a secured uhhh connections, secured
organization.
I: Okay po thank you. For the second question kuya with a three follow up questions din po. So for the
number 2, how can the COMELEC ensures safe and fair elections utilizing the technology for the elections
po?
P: So I think, once they get the vote and they have the uhhh what do you call this? The final count, so
(inaudible) perspective, they are ensure enough to get the accurate vote.

I: For the follow up questions kuya, what do you think would be the best change in our technology for us
to have fair and safe elections po? Any thoughts, idea on how to strengthen po?

P: Uh, going back to