A CONGRESSIONAL bicameral conference committee approved early this week the consolidated version of a bill establishing a national identification system. The ratification of the proposed law by both houses of Congress is set for Monday. Once ratified the bill will then be forwarded to the Office of the President for executive action.
The primary objective of this planned national ID system (NIDS) is to provide a valid proof of identity for all citizens and resident aliens as a means of simplifying public and private transactions. It likewise aims to eliminate the need to present other forms of identification when transacting with the government and the private sector, subject to appropriate authentication measures. It is also envisioned to be a social and economic platform which will ensure seamless delivery of government services.
There is nothing in the soon-to-be-law that mentions the use of the national ID system as a precautionary measure to prevent a terrorist attack. However, I read some media reports saying that the issuance of ID cards can guard against terrorists and suspected criminals.
It was also reported that the Philippine Statistics Authority (PSA) is tasked to implement the ID system, maintain the centralized database and issue the “tamper-proof” cards to every Filipino. These cards would contain basic information about the cardholders, including some biometrics data.
There is no doubt that the issuance of a national ID to every citizen is “doable.” However, is the collection of the individual’s private data safe?
Way back in August 2016, I wrote about the proposed national ID system in this column. I am reproducing portions of that write-up which are relevant to the current issue.
Previous attempts to establish NIDS
President Fidel V. Ramos, way back in 1996, issued Administrative Order (AO) 308, implementing a National Computerized Identification Reference System. However, the Supreme Court struck it down on July 23, 1998, in the notable case of Blas F. Ople v. Ruben D. Torres, et al.
Former Chief Justice Reynato S. Puno wrote the decision and even commended then Senator Ople in his effort to “prevent the shrinking of the right to privacy, which the revered Mr. Justice Brandeis considered as ‘the most comprehensive of rights and the right most valued by civilized men’.” In that petition, Ople prayed to invalidate Administrative Order 308 on “two important constitutional grounds, viz: one, it is a usurpation of the power of Congress to legislate, and two, it impermissibly intrudes our citizenry’s protected zone of privacy.” The Supreme Court granted the petition and declared AO 308 null and void for being unconstitutional.
What are these constitutional issues? First, the Supreme Court held that, “AO 308 involves a subject that is not appropriate to be covered by an administrative order.” Basically, Congress could have passed a law relative to the national ID system, instead of the President issuing an AO. Second, “because facially it violates the right to privacy.” Simply put, it breached the people’s zone of privacy, which is recognized and enshrined in several provisions of our Constitution.
On April 13, 2005, then President Gloria Macapagal-Arroyo issued Executive Order 420, requiring all government agencies and government-owned and-controlled corporations to streamline and harmonize their identification (ID) systems. Again, this was challenged by various groups and petitions were filed before the Supreme Court. Likewise, the same two issues were raised: first, it was a usurpation of legislative power by the President and; second, it infringes on the citizens’ right to privacy.
Collection of private data into one repository
A typical information Technology (IT)-based infrastructure for the NIDS would entail a central computerized database system, remote online access points and telecommunications facilities.
All of the data that would be provided by the citizens – name, address, birth date, civil status, (even biometrics data) etc. – would be stored in one huge repository, the central computerized database. This would be under the care of the PSA.
Various government agencies, for example the Department of Foreign Affairs (DFA), would then have their own remote access facility, normally a computer workstation. In the course of its daily operations the DFA would access the central computerized database online, query the same and check the authenticity of a passport applicant, download the personal information of the applicant, and make some data updates if necessary (say, passport number issued to the applicant). Over time, the central database would contain complete dossiers of each and every Filipino.
Considering that the government does not have its own national broadband network, most probably the remote access can be effected by using the existing commercial telecommunications facilities. This is where the danger lies. A commercial telecommunications facility is designed for public use. Couple this with inadequate network security on the part of the government agencies and you have a recipe for disaster.
With such vulnerabilities, it opens up the possibility that “would-be-hackers” might be interested in getting through the NDIS for their own personal gain.
Exposure of private data to the public
Will this centralized database of the NIDS be secured? Is there a risk that our private data will be exposed to the public? What are the technical and internal controls to prevent data leakage?
As I have mentioned in my other published articles, all information technology systems and computer devices can be compromised. No software application is perfectly written. Any software system would tend to have bugs, which could be exploited.
I said before that, “the reality is that the government does not have an established and effective security mechanism to protect its computer systems and communications networks from determined hackers.”
And I say it again now – the proposed NDIS is doable, but, in the hands of an incapable and technically clueless implementing government agency (probably together with their not sufficiently expert personnel), there is a great risk that the unsuspecting citizens’ private data would not only be exposed to the public, but be under the complete control of some unscrupulous individuals and politicians – putting our fundamental right to privacy at risk. The potential for misuse of our private data, collectively gathered through time, would always be there.
allinsight.manilatimes@gmail.com
www.facebook.com/All.Insight.Manila.Times
The primary objective of this planned national ID system (NIDS) is to provide a valid proof of identity for all citizens and resident aliens as a means of simplifying public and private transactions. It likewise aims to eliminate the need to present other forms of identification when transacting with the government and the private sector, subject to appropriate authentication measures. It is also envisioned to be a social and economic platform which will ensure seamless delivery of government services.
There is nothing in the soon-to-be-law that mentions the use of the national ID system as a precautionary measure to prevent a terrorist attack. However, I read some media reports saying that the issuance of ID cards can guard against terrorists and suspected criminals.
It was also reported that the Philippine Statistics Authority (PSA) is tasked to implement the ID system, maintain the centralized database and issue the “tamper-proof” cards to every Filipino. These cards would contain basic information about the cardholders, including some biometrics data.
There is no doubt that the issuance of a national ID to every citizen is “doable.” However, is the collection of the individual’s private data safe?
Way back in August 2016, I wrote about the proposed national ID system in this column. I am reproducing portions of that write-up which are relevant to the current issue.
Previous attempts to establish NIDS
President Fidel V. Ramos, way back in 1996, issued Administrative Order (AO) 308, implementing a National Computerized Identification Reference System. However, the Supreme Court struck it down on July 23, 1998, in the notable case of Blas F. Ople v. Ruben D. Torres, et al.
Former Chief Justice Reynato S. Puno wrote the decision and even commended then Senator Ople in his effort to “prevent the shrinking of the right to privacy, which the revered Mr. Justice Brandeis considered as ‘the most comprehensive of rights and the right most valued by civilized men’.” In that petition, Ople prayed to invalidate Administrative Order 308 on “two important constitutional grounds, viz: one, it is a usurpation of the power of Congress to legislate, and two, it impermissibly intrudes our citizenry’s protected zone of privacy.” The Supreme Court granted the petition and declared AO 308 null and void for being unconstitutional.
What are these constitutional issues? First, the Supreme Court held that, “AO 308 involves a subject that is not appropriate to be covered by an administrative order.” Basically, Congress could have passed a law relative to the national ID system, instead of the President issuing an AO. Second, “because facially it violates the right to privacy.” Simply put, it breached the people’s zone of privacy, which is recognized and enshrined in several provisions of our Constitution.
On April 13, 2005, then President Gloria Macapagal-Arroyo issued Executive Order 420, requiring all government agencies and government-owned and-controlled corporations to streamline and harmonize their identification (ID) systems. Again, this was challenged by various groups and petitions were filed before the Supreme Court. Likewise, the same two issues were raised: first, it was a usurpation of legislative power by the President and; second, it infringes on the citizens’ right to privacy.
Collection of private data into one repository
A typical information Technology (IT)-based infrastructure for the NIDS would entail a central computerized database system, remote online access points and telecommunications facilities.
All of the data that would be provided by the citizens – name, address, birth date, civil status, (even biometrics data) etc. – would be stored in one huge repository, the central computerized database. This would be under the care of the PSA.
Various government agencies, for example the Department of Foreign Affairs (DFA), would then have their own remote access facility, normally a computer workstation. In the course of its daily operations the DFA would access the central computerized database online, query the same and check the authenticity of a passport applicant, download the personal information of the applicant, and make some data updates if necessary (say, passport number issued to the applicant). Over time, the central database would contain complete dossiers of each and every Filipino.
Considering that the government does not have its own national broadband network, most probably the remote access can be effected by using the existing commercial telecommunications facilities. This is where the danger lies. A commercial telecommunications facility is designed for public use. Couple this with inadequate network security on the part of the government agencies and you have a recipe for disaster.
With such vulnerabilities, it opens up the possibility that “would-be-hackers” might be interested in getting through the NDIS for their own personal gain.
Exposure of private data to the public
Will this centralized database of the NIDS be secured? Is there a risk that our private data will be exposed to the public? What are the technical and internal controls to prevent data leakage?
As I have mentioned in my other published articles, all information technology systems and computer devices can be compromised. No software application is perfectly written. Any software system would tend to have bugs, which could be exploited.
I said before that, “the reality is that the government does not have an established and effective security mechanism to protect its computer systems and communications networks from determined hackers.”
And I say it again now – the proposed NDIS is doable, but, in the hands of an incapable and technically clueless implementing government agency (probably together with their not sufficiently expert personnel), there is a great risk that the unsuspecting citizens’ private data would not only be exposed to the public, but be under the complete control of some unscrupulous individuals and politicians – putting our fundamental right to privacy at risk. The potential for misuse of our private data, collectively gathered through time, would always be there.
allinsight.manilatimes@gmail.com
www.facebook.com/All.Insight.Manila.Times
No comments:
Post a Comment