Sunday, May 5, 2013

national ID system


TOPIC: Will RA10173 provide sufficient mechanism to the introduction of a national ID system in the Philippines without the constitutional issues that have arisen in the case of Ople v Torres?

BACKGROUND

 National Computerized Identification Reference System

President Fidel V. Ramos issued Administrative Order 308 entitled “Adoption of a National Computerized Identification Reference System”. Under this administrative order, a citizen is given a Population Reference Number (PRN) which serves as a common reference number to establish a linkage among concerned agencies[1] with the use of Biometrics Technology that provides a precise confirmation of an individual’s identity through fingerprint, hand geometry, palm vein authentication, retina scan, iris scan, face recognition, signature or voice analysis[2]. A citizen is also mandated to have an identification card and present his PRN in order to transact business with the government agencies and avail of the latter’s basic services and securities.

The said Administrative Order is predicated to create a scheme that would facilitate a convenient business transaction with basic service and social security providers and other government instrumentalities; and in order to reduce, if not totally eradicate, fraudulent transactions and misrepresentations by persons seeking basic services[3].

This Administrative Order was declared by the Supreme Court null and void for being unconstitutional.

Republic Act 10173

Republic Act 10173 or the “Data Privacy Act of 2012” was enacted by the congress to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.[4]
 
This Act basically contains the following:
1.      Definition and Enumeration of the functions of the National Privacy Commission, an independent body, which administers and implement the provisions of the said act, and ensures the compliance of the country with international standards;[5]
2.      The principles of transparency, legitimate purpose and proportionality which would serve as a guide in the process of personal information;[6]
3.      The rights of the data subject[7], the individual whose personal information is processed;[8]
4.      The security of personal information[9] and sensitive personal information;[10]
5.      Accountability for transfer of personal information;[11] and
6.      Penalties.[12]



ISSUES OF THE NATIONAL COMPUTERIZED IDENTIFICATION REFERENCE SYSTEM UNDER THE CASE OF OPLE V TORRES GR. 127685


1.      The use of Biometrics Technology

Administrative Order 308 does not state what specific biological characteristics and what particular biometrics technology shall be used to identify people who will seek its coverage.

There are different measurements of biometrics. An individual may automatically be verified or identified through the use of technology based on behavioral or physiological characteristics:[13]
 
a.       Behavioral characteristics are those which are influenced by the individual’s personality and includes voice print, signature and keystroke; and
b.      Physiological Characteristics are the physical characteristics of an individual such as fingerprint, retinal scan, hand geometry or facial feature.

There should be a measurement specified in the said Administrative Order that would result to a unified system with the use of biometrics technology; none specification of which would result to an unstandardized method of collecting personal information of an individual that would do no good in gathering information. Imagine one government agency which uses fingerprint in order to collect data or identify an individual, then another government agency that uses retina scan to identify the same person and verify that the person is who they say they are. On the second scenario, all the different government agencies will uniformly use fingerprint in collecting and verifying data or identity of an individual, which then would be more efficient?

On the first scenario, the data bank of the national identification system must have all the biometrics of an individual such as the voice, fingerprint, retinal scan, facial feature and the like, while on the second scenario, fingerprint would suffice.

2.      Presentation of National ID and Record of Transactions


Under the said administrative order, a citizen cannot transact business with the government agencies delivering basic services to the people without the contemplated identification card and everytime the former transacts with the latter, the former must present his PRN.

The Supreme Court, in the case of Ople v Torres[14], assumes that “whenever an individual transacts with the government agency, such transactions will necessarily be recorded. The individual’s file may include his transactions for loan, availments, income tax returns, statement of assets and liabilities, etc. The more frequent the use of PRN, the better chance of building a huge formidable information base through the electronic linkage of the files”

In this case, the government would be able to monitor all the movements and transactions of an individual. Government agencies may take advantage of the said gathered information and use the same for its own gainful purpose. Furthermore, if such data be accessed by an individual, he/she may prejudice the data subject as to the latter’s right to privacy through abuse of such data. Human by nature has an insatiable thirst for power, and in the modern age of information technology, knowledge, as embodied by the information attached to a PRN of a data subject, is power, a temptation which is too great for some of our government agencies or authorities to resist.

3.      Purpose of the encoded data


Administrative Order 308 failed to state whether the encoding of data is limited to biological information alone for identification purposes. 

The Solicitor General claims that the adoption of the Identification Reference System will contribute to the generation of population data for development planning. This is an admission that the PRN will not be used solely for identification but the generation of other data. Clearly, the indefiniteness of the administrative order can give the government the roving authority to store and retrieve information for a purpose other than the identification of the individual though its PRN.[15]

Lack of specific purpose as to the use of the data would allow the government agencies to use the same without any limitations. This kind of system will impair the relationship of the private and public sectors, would prevent growth of the country, and result to its destruction. Public trust may even be lost. Data taken may be misused or be distributed by those persons who have access thereto which may result to an unmanageable leakage or divulgement of personal information.

Pieces of these personal information are given by individuals in confidence to the government thus must be confined within the limits and must be secured as provided for by law, which, in the case at bar, the administrative order failed to provide. Therefore, absence of such, presupposes imminent danger as to the privacy of a data subject which may even jeopardize one’s security or safety.

4.      Security of privacy / Lack of proper safeguard

There are no clear and categorical terms on how the gathered data shall be handled nor does the said administrative order provide who shall control and access the data. These factors are essential to safeguard the privacy and guarantee the integrity of the information.
Due to the rapid technological advancements and its continuous development, there is a probability that some individuals or groups may enter the said system and thus jeopardize the whole system of national identity reference especially if the said persons would have access to the data bank.

What are the consequences for lack of proper safeguard?

  • ·        Data are easily updated and stored in the data bank and when an individual gains access thereto, he/she may easily copy the same and gain knowledge of certain individuals; The said person may track down all the movements of a certain individual, obtain knowledge to the latter’s assets and liabilities or financial capabilities, or other personal information included in the data bank;
  • ·         Data may easily be altered, destroyed, or restored by people who have access thereof;
  • ·         Data may be distributed to third persons, in which case, the authority has no means to prevent leakage; Unauthorized disclosure of data;
  • ·         Data may be misused;
  • ·         Confidential information may be accessed and take advantage of;
  • ·         The biometrics and PRN may be mishandled and abused by people who have or may have access thereto;
Administrative Order 308 does not provide any accountability with regard to the government agencies involved and those who have access thereto, nor does it provide for any penalty for violation of the rules in the said order so as to protect the data subjects and pieces of information gathered from the latter.  Lack of such security enables intrusion with the privacy of individuals involved which clearly violate one’s constitutional right.


MAIN QUESTION

Few years after the declaration of the unconstitutionality of the Administrative Order 308, RA10173 was enacted by the congress. Now we come to the main question: “Will RA10173 provide sufficient mechanism to the introduction of a national ID system in the Philippines without the constitutional issues that have arisen in the case of Ople v Torres?”

ANSWER

YES. The issues under 3 and 4 have been properly addressed by Privacy Act of 2012

As to the purpose of the encoded data
There are general principles provided as a guide under the Privacy Act in the processing of personal information such as transparency, legitimate purpose and proportionality. In this case, limitations are set in order to prevent misuse and abuse of the data obtained by the government agencies. Said entities are bound only by specified and legitimate purpose for which they have obtained the data and shall be retained only for as long as it is necessary to obtain such purpose.

Security of privacy / Lack of proper safeguard
The Privacy Act had created a National Privacy commission to administer and implement the provisions of the said Act. Through the commission, the personal information controllers and other government agencies shall be strictly monitored and mandated to comply with the provisions of the Act which would prevent leakage of the data. 

With regard to confidentiality, the commission shall ensure at all times the confidentiality or any personal information that comes to its knowledge and possession[16] which would afford protection as to an individual’s privacy and against its unauthorized distribution.

Furthermore, the data subject is provided with specific rights that would secure him/her against unscrupulous individuals who opt to gain information that would prejudice the former’s right to privacy and other constitutional and statutory rights.

The Privacy Act also specified how the personal information should be handled and distributed which would guarantee the integrity of the information through transparency and at the same time provide greater protection with regard to the personal data of an individual.

Lastly, to discourage devious, whimsical, and capricious individuals or government agencies to take advantage of their position in having access and obtaining personal information of the data subject, the Privacy Act has provided penalties for violators of such Act.

However, with regard to the first issue, I think it would be best that in creation of the National Computerized Identification System, the measurement of the biometrics technology must be specified in order to standardize the method of collecting personal information of an individual

As to the second issue, I believe there is nothing wrong with having a national ID and recording of the transactions of an individual provided that the provisions laid down under the Privacy act of 2012 be strictly complied with and the data shall not be used beyond the purpose for which the same was taken. 

Introduction of the National ID System in the Philippines would be beneficial to the public in a sense that it would facilitate convenient and smoother transactions between a private individual/groups and government agencies. It will speed up the current bureaucratic process in a sense that no need to fall in a long line and bring different government ID’s so as to validate one’s identity. At the same time, reduce fraudulent transactions and misrepresentations by persons seeking basic services. Through the National ID System, criminals would also be easier to trace such as when a warrant of arrest in criminal cases have been issued, those who evade taxes, etc… 




There is a vast development in technology that we cannot hamper nor totally prevent. Indubitably, such technological advances possess a threat that may not only destroy the life of an individual, but also its environment and society. If one does not know how to adapt to change and would hide behind the shadows of the past and continue to live within the means of ignorance, one is prevented from surviving the present and the future. Oddly, technology offers enormous opportunities only if one would take advantage of the complex advancements of such technologies, and the knowledge and information that may be taken from such in order to grow and contribute for the betterment of the society.







[1] Sec 4 Administrative Order 308 (1996)
[3] Ople v Torres G.R. No. 127685 July 23, 1998
[4] REPULICT ACT NO. 10173
[5] Chapter 2 RA10173
[6] Chapter 3 RA10173
[7] Chapter 4 RA10173
[8] Par (c) Sec3 RA 10173
[9] Chapter 5 RA10173
[10] Chapter 7 RA10173
[11] Chapter 6 RA10173
[12] Chapter 8 RA10173
[13] Ople v Torres
[14] GR no. 127685 July 23, 1998
[15] Ople v Torres G.R. No. 127685 July 23, 1998
[16] Sec 8 RA10173
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)