LIST OF MEMBERS

LEADER:
Magbitang, Angela Grace
GROUP MEMBERS:
Cortez, Noel Ilustre, Airish
Dumaguing, Dylan Gabriel Suarez, Alec
Edillon, Joshua Lloyd Tayoto, John Stan Lee
Galang, Sam Isaak
Gayagoy, Ricardo Jr.

Research Adviser: Mr. June Ray O. Filler

Content Adviser: Mr. Gian P. Crespo

Chapter 1

RESEARCH TITLE: Vote S.A.F.E., Pilipinas: Strengthening Cybersecurity in Preparation for

National Elections as Basis in Formulating Institutionalized Policies

Introduction:
This research is conducted to give importance to strengthening cybersecurity as
a way to lessen the risk of encountering cyber attacks, problems, tampering, and glitches
during the 2022 National Election. Since 2010, we have been using an automated voting
system for national elections and has been that way even for local ones. Despite this, the
machines are vulnerable to tampering and glitches. COMELEC (2019) has admitted that
multiple VCMs malfunctioned and multiple SD Cards corrupted, resulting in what the
Senate calls, “the 7-hour glitch”. Without proper testing and inspections, situations like
these can happen and can cause inconveniences to the voters, the government, vote
counters, and COMELEC on the day of elections.

The Philippine government's Department of Information and Communications

Technology (DICT) (Filipino: Kagawaran ng Teknolohiyang Pang-Impormasyon at
Komunikasyon) is in charge of planning, developing, and promoting the country's
information and communications technology (ICT) agenda in support of national
development. The Department of Information and Communications Technology (DICT)
will be the Executive Branch's principal policy, planning, coordinating, implementing, and
administrative organization for planning, developing, and promoting the country's ICT
development agenda. (10844)

In 2012, The Philippine Data Privacy Act of 2012, also known as the Philippine
Republic Act No. 10173, was established to prevent citizens’ private information from
being leaked without their authorization. It expresses “to protect the fundamental
human right of privacy, of communication while ensuring free flow of information to
promote innovation and growth.” Resulting in the government founding the National
Privacy Commission (NPC) in 2015 to keep an eye on and guarantee that the right to
privacy and data protection is being enforced in our country. The Data Privacy Act is
implemented in every business firm, institution, agency, etc., in the Philippines. It cannot
only monitor the processing of Personal Data but also protect the rights of a person.

A popular misunderstanding is that cyberattacks are confined to nations that use

voting machines or other high-profile election technologies. While the types of cyber-
risks, adversaries, and attack vectors vary by country, EMBs—along with high-level
officeholders, security agencies, and democracy assistance providers—now agree on
the need to invest more in understanding, preventing, and mitigating the risks that new
technologies bring to democracy. Voter registration, voting, vote counting, result
transmission, and aggregation technologies, websites for result publication and other
online election-related services, institutional and private email accounts and
communication systems, and broader national infrastructure, such as e-government
systems, power grids, and communication links, are the main targets of hacking attacks
against election-related technology.

The research focuses on ways to improve the country’s cybersecurity in advance

for the upcoming National Elections. Additionally, the study will also determine whether
or not we are secured from cyber-attacks and coding problems, and if the government
is really aware of the situation of our cybersecurity plan in the Philippines. The study will
help to know if we need to strengthen our cybersecurity not only for the vote-counting
machines from glitches and attacks, but also for our assurance as well. Furthermore, the
paper does not aim to provide definitive solutions to existing issues in the system but to
provide data to the public about the country’s cybersecurity as a whole.

The nation’s election will be held at the start of May of 2022 and we need to
prepare the safety of the people with their information. The purpose of the study is to
have a more secure and safe voting system in the upcoming elections. It also aims to
prevent problems and lessen the vulnerabilities of using the automated election system
to secure the privacy of each individual's ballot. Strengthening cybersecurity also
lessens the risk of the technology to be used as an instrument towards turning what is
supposed to be a worry-free and honest election into an unfair and stressful one.
Additionally, it can also increase the public’s trust towards the government’s actions
and their reliability.

Statement of the Problem:

This study aims to understand the importance of strengthening cybersecurity to
combat cyber attacks and issues on vote-counting machines in the coming 2022
National Elections. To obtain all essential knowledge, data, and information, the
research sought to answer the questions as follows:
Research Questions:
1. What are the perceived challenges COMELEC will encounter during
elections?
2. How can the COMELEC ensure safe and fair elections utilizing the
technology for elections?
3. What are the strategies that can safeguard cybersecurity?
 4. What cyber security measures should be implemented?

Conceptual Framework:

The diagram shows the possible problems that the COMELEC will be facing
during the elections. Cyber attacks are common today because everyone depends on
the internet, and this election they'll be using a vote-counting machine. Vote-counting
machines have their advantages and disadvantages, vote-counting machines can
malfunction, and can affect the votes. To avoid this we must check for errors, and any
vulnerabilities that can affect the machine, they should do a risk assessment before
using the machine to avoid any malfunctions and errors that could lead to possible
data leaks. To achieve this goal of having fair and safe voting, they must be aware of
how to use technology and acknowledge the machine's vulnerabilities. Implementing
the security measures is important because it will ensure fair and safe voting, and
implementing the security measures will help to avoid those who are trying to make the
voting unfair.

Theoretical Framework:
In this study, the researchers utilize information technology in theory to further
emphasize the importance of being familiar with the structure of the technology used in
storing data. Information technology, usually abbreviated as IT, is the use of computers
and other devices as means of processing, creating, securing, and storing any form of
digital data.

The research presents IT as the key theory strengthening cybersecurity within the
vote-counting machines’ softwares. Being knowledgeable on how the hardware and
software works makes detecting errors and problems in the system easier. Additionally,
the ability to easily recognize said problems makes resolving issues faster and will be
improved upon.

Significance of the Study:

The use of electronic voting machines has been a convenience for registered
voters and vote counters alike. However, the vulnerability of the machines to cyber
attacks and issues could lead to serious problems in the upcoming elections if left
unchecked. This study aims to explain the concept of cybersecurity and the measures
to maintain a safe and secure election.

COMELEC. COMELEC will be more aware of how the election can be drastically
affected because of problems within the vote-counting machines. Also, learn how to
deal with upcoming problems with our cybersecurity at the upcoming election.

Registered Voters. Registered Voters will be more aware of how COMELEC

processes their ballots. Registered Voters will have a deeper understanding on how
glitches and issues can be troublesome to COMELEC.

Civil Societies/Communities. Civil Societies/Communities will know more about

the vulnerabilities of the equipment used in elections. This will make them aware of the
coming problems in the election.

Education Sector. Education sectors will learn more about cybersecurity in the
Philippines and also educate students about the basic concepts of cybersecurity.

LGUs. Local Government Units will learn how to improve cybersecurity and inform
their citizens about the cybersecurity for elections.

Future Researchers. Future researchers will learn from this research and may be
used as a reference for their studies or for additional research.

Chapter 2

Research Design:
This research is doing a case study approach in order to further understand the
events that transpired involving COMELEC and the vote-counting machines. A case
study provides the proper instrument for researchers to understand an event (Baxter &
Jack, 2008). It can also be an approach where a case or multiple cases are examined
through deep investigations involving multiple sources of information (Creswell, 2011).
The researchers will conduct investigations by analyzing multiple articles, existing
documents, and interviews narrating on the situation and vulnerability of the nation’s
equipment used in elections. In addition, the researchers will conduct interviews with I.T.
specialists to gain more insight and provide data necessary in disseminating the
strategies to safeguard the country’s cybersecurity.

Population:
The chosen population for the research is I.T specialists who are willing to
participate in the study. Because the study requires specific answers and details on the
software of the technology used in the automated technology system, the researchers
need informants who are familiar with the structure of the vote-counting machines,
both hardware and software. As a result, the selected informants are limited to (5) to
(10) I.T specialists; the specialists must also possess information and understanding
regarding the background and concept of cybersecurity; the researchers picked I.T
specialists because they believe that they can gain valuable information from them.
Furthermore, the specialists must have a degree in IT-related courses. Additionally, the
specialists must be living in the Philippines and are registered voters. The purpose of this
is so that the population is eligible for when the researchers can conduct an interview
regarding the specialist's opinions and insights about the upcoming election and the
country's cybersecurity dangers. With the help of the selected participants, we can
gather credible information based on their opinions and answers.

Sampling Technique:
The researchers made use of the non-probability sampling technique in this
study, specifically choosing purposive sampling. Purposive sampling is when researchers
carefully select their informants, or rely on the researchers’ judgments in selecting
informants who have specific qualities that are required for the study (McCombes,
2019; Alchemer, 2021). This sampling technique is utilized by the researchers by planning
out the qualification for an informant to be interviewed. The researchers listed the
following qualifications that are deemed useful for the objectives of the research: I.T.
Graduate, has background in hacking/or cybersecurity, Philippine resident, and
registered voter. The researchers will be conducting interviews talking about
cybersecurity and its status in the country, and the perceived challenges COMELEC will
be facing on election day. By conducting this, data will be provided on what policies
must be established in strengthening cybersecurity for the vote-counting machines to
be used for the upcoming election.

Research Instrument:
The instrument to be used for gathering data is interviews with the selected
informants. The researchers will conduct a structured interview wherein the interviewers
will only ask the given guide questions prepared beforehand and no follow-up
questions added during the interview. The date and time of the interview will be
decided by the informant as they see fit into their schedule. Each interview session will
have one interviewer and one informant in order to maintain an organized and clear
interview conducted. If requested, the researchers may let the informants read the
guide questions in advance. The interviewees have the freedom to speak in Filipino,
English, or both. They may also choose between Zoom or Google Meet as their platform
for the interview for the safety of both the interviewers and interviewees. Additionally,
the interviews are recorded and transcribed, and will need the consent of the
informant before starting. If the informants request for anonymity or to go under
pseudonyms, they have the right to do as they please. The recording will not be
disclosed to anyone not involved in the research as the interview is conducted for
research purposes only. The results and data will be then gathered through observation
from the informants' responses in the interview.

Data-Collection Procedure:
For the data collection procedure, the researchers will be conducting interviews
with 5 informants working as I.T. specialists or have the following qualifications: I.T.
graduate, has background in hacking/or cybersecurity, Philippine resident, and
registered voter. The researchers will be posting announcements in social media as a
way to look for informants who are interested in participating in the interviews. The
announcement contains a brief explanation regarding the study, the needed
qualifications, a document containing more details and guidelines for the interviews,
and contact details for inquiries. Once the informants reach out to the researchers, they
will be answering a form for scheduling, the platform to be used for the interview, and
as proof they are consenting to having a recorded interview. The informants will be
receiving emails from their respective interviewers to confirm their schedule and the
platform they will be using, provided with a link to the conference room, alongside the
guidelines. During the interview, the informant may be able to speak either English or
Filipino as their language of choice, and may go under a pseudonym. The questions to
be asked in the interview focuses on the situation and status of cybersecurity in the
country, the technology and softwares used for the automated election system, and
the perceived challenges COMELEC will be facing on election day. The informants will
not be given any time limit for each question during the interview in order for them to
answer at their own pace. This will help both the informants and researchers to give
clear explanations and gather essential information more efficiently. After the
interviews, selected members of the research team will transcribe the interview while
other members are assigned in doing a thematic analysis of the gathered data.

Reference:
Alchemer (2021, May 20). Purposive sampling 101. Retrieved April 1, 2022, from

https://www.alchemer.com/resources/blog/purposive-sampling-101/

Baxter, P. & Jack, S. (2008, December 1). Qualitative case study methodology: study

design and implementation for novice researchers. Retrieved April 3, 2022, from

https://nsuworks.nova.edu/tqr/vol13/iss4/2/

Castagna, R. (2021, August). Definition: Information technology. Retrieved March 31,

2022, from https://www.techtarget.com/searchdatacenter/definition/IT

COMELEC (2019, June 4). Sen. Kiko to COMELEC: What happened in the 7-hour glitch?

Retrieved March 14, 2022, from

http://legacy.senate.gov.ph/press_release/2019/0604_pangilinan3.asp

Creswell, J.W. (2011, March 10). Educational research: Planning, conducting, and

evaluating quantitative and qualitative research 4th edition. Retrieved April 4, 2022,

from http://repository.unmas.ac.id/medias/journal/EBK-00121.pdf

DICT (2018, March). Department of information and communications technology.

Retrieved March 12, 2022, from https://dict.gov.ph/wp-content/uploads/2018/03/What-

is-DICT.pdf

IFES (2018, October). Cybersecurity in elections: developing a holistic exposure and

adaptation testing (HEAT) process for election management bodies. Retrieved March

12, 2022, from https://aceproject.org/ero-en/ifes-cybersecurity-in-elections

McCombe, S. (2019, September 19). Sampling methods: Types and techniques

explained. Retrieved April 2, 2022, from

https://www.scribbr.com/methodology/sampling-methods/

NPC (2012, June 6). Republic act 10173 – data privacy act of 2012. Retrieved from

March 12, 2022, from https://www.privacy.gov.ph/data-privacy-act/#0

SAVE FILE: Chapter1&2_SECTION_GroupNumber

Proof of Content Adviser’s Approval (Screenshot proof testifying the approval

of your Content and Statistics Adviser. SIGNATURES ARE NOT ALLOWED)