A former Philippine lawmaker and human rights lawyer have expressed concerns in the upcoming rolling out of the National ID System following the reports that the government-run FOI website was said to have been breached and left the submitted documents of the users out in the open.
Neri Colmenares, a senatorial candidate and former party-list congressman, warns that the National ID System could be a “data breach nightmare” because “it is not only violative of the people’s right to privacy but will even pose serious sovereignty and security implications to our country.”
Colmenares cites the history of the data breaches that have previously plagued the country as the basis for his warning saying that the existing regulation is not enough, and was not able to prevent the reported breaches.
“The Data Privacy Act is not defense enough to protect users as evidenced by the numerous data breaches like the Comelec, Grab, and now FOI data breaches,” the lawyer said in an interview.
The Philippines is set to roll out a national identification system as announced by the Philippines Statistics Authority (PSA), the government agency tasked to managing and collecting census data in the country. According to the agency, the registration for and the release of identification cards under the Philippine Identification System (PhilSys) will start in September.
The agency is targeting an initial batch of about six million individuals for the national ID system, according to Speaker Gloria Macapagal-Arroyo who led a House oversight committee hearing on early March. The agency aims to issue 100 million cards to all Filipino citizens and resident aliens by 2022.
GATHERING OF CITIZEN DATA
Filipinos and resident aliens who have been in their Philippine residency for at least five years may be able to register for the ID that would serve as a single and unified identification system in the country. The information that will be gathered for the new ID card would include biometrics (thumbprint, iris and face scanning), full name, sex, date of birth, place of birth, blood type, address, and if one is a Filipino or a resident alien. The agency said that information about marital status, mobile number, and email address are optional.
The registered citizen will then be given a unique PhilSys Number. The corresponding card will be issued days later after the information is authenticated.
With this amount of data the agency will be collecting from citizens, it is reasonable for the human rights lawyer to be wary of the new system. While the government agencies involved have said that they will thoroughly investigate the breach in the FOI website, Colmenares nonetheless warned them that data should be protected for the PhilSys roll out.
THE FOI WEBSITE BREACH
According to a local columnist, Wilson Chua, the ID he used on the government website www.foi.gobv.ph was leaked, and people can now search for it online using “eFOI ID.” The National Privacy Commission (NPC) is looking into the possible “gaps” in the interface of the website that may have caused the leak, one of the agency’s commissioner said Saturday. Mon Liboro, a commissioner from the National Privacy Commission said that the agency is looking at the website’s interface because there might be some gaps in the design, “in a way the process was offered or uploaded.
“It’s a case of our FOI frontliners, meaning the PCOO (Presidential Communications Operations Office), apparently overdid [the] transparency angle or aspect of this FOI service,” he said.
Colmenares said today that the breach might deter people from requesting documents under the FOI law. He said that the breach could be a potential cause of intimidation that would “subject well-meaning people to harassment or retaliation by powerful people who were the subject of their FOI request or their follower.”
“This will practically make people scared from employing FOI against corrupt public officials,” he added.
Lawyer Tristan De Guzman of the Office of the Assistant Secretary for Policy and Legislative Affairs said that the Malacañan was investigating the possible data breach.
Meanwhile, the Department of Information and Communications Technology believe that the data leak is an isolated incident. Nonetheless, the government agency, tasked to regulate anything related to information and communication technology including the internet, does not rule out the possibility of holding some of the government officials involved in the FOI website’s development and management will be held liable for the data leak.