ILOILO City – Information Technology (IT) group Computer Professionals’ Union (CPU) cautioned lawmakers and the public against proposals for a National ID currently pending before the House and the Senate.
“However it is rationalized or justified, the implementation of a mandatory National ID system coupled with a National Citizens’ Registry is a threat to our constitutionally and universally enshrined right to privacy,” said Rick Bahague, national coordinator of CPU.
“It is also a convenient pretense for broader state surveillance and police powers over citizens. We have to be cautious of such moves that will impinge on our basic freedoms, namely the rights to privacy, non-discrimination, and freedom of movement,” added Bahague.
It can be recalled that in 1998 the Supreme Court struck down President Fidel Ramos’ A.O. 308, noting that “its broadness, vagueness, and overbreadth…will put our people’s right to privacy in clear and present danger.”[1]
“Existing proposals for a National ID system exercise the same broadness, vagueness and over-breadth that deemed A.O. 308 null, void, and unconstitutional,” explained Bahague. To wit:
1. Loss of individual control over what can be read or placed in the National ID Card and Registry Record
While pending proposals point to the collection of basic personal information such as the holder’s photograph, name, birth date, gender, date of issue, and signature, other provisions explicitly point to collection of other data as deemed necessary (Sec.4 of H.B.12).
“This raises a host of privacy threats, chief among which is that Filipinos, as a data subject, no longer have control over what can be read or placed in the National ID Card and Registry Record,” said Bahague. “Once enacted, Filipinos will be required to submit even the most sensitive information as part of the mandatory registration and updating of National ID data.”
A very sensitive type of personal information proposed to be included in the National ID Card is biometric data. In pending proposals, the storage of at least biometric data in the National ID Card itself (Sec.4, H.B.12) is stipulated, which includes the medical history of the holder for access in the event of accidents and disasters (Sec.10, H.B.12).
“This raises a host of privacy issues. First of all, the non-specificity of biometric data may include even the most invasive of data requests, among them gait, voice, and DNA profiles. Secondly, this can lead to profiling and discrimination on the basis of age, medical condition, or ethnicity.” explained Bahague.
In addition, the group added that the inclusion of biometric data into the National ID adds a layer of risk for Filipinos. “You cannot change your fingerprint if this has been used by an identity thief. And if your card gets lost, which about five percent of national ID cards have been shown to do, then these sensitive data might be used against you,” added Bahague.
“With no specific rules on what kind of personal data will be required from Filipino citizens, very risky situations will arise from the theft , tampering, or hacking of National ID Registry data. Relying on the private sector to collect, process, store, or transmit our personal data, on the other hand, will pose conflict of interest and even more privacy issues,” explained Bahague.
2. Lack of assurance that personal data will be collected, processed, analyzed, transmitted and accessed for unequivocally specified purposes
While pending proposals enthuse that a National ID is needed to ease government as well as private transactions, other provisions point to the use of the National ID Card for other non-defined purposes (Sec.12 of H.B.12).
“This is a very broad and dangerous proposal. Its lack of specificity as well as transparency augurs poorly for data privacy, personal freedom, and the security of data subjects themselves,” explained Bahague.
CPU highlighted that personal data has evolved from markers of identity into a valuable capital. In 2011, the World Economic Forum declared personal data as a “new asset type”[2]. Companies like Google, Facebook and Twitter have raked in trillions of dollars by collecting, aggregating, analyzing and selling users’ personal information derived from posts, browsing history, and other online activity to advertisers and marketers. Facebook, for example, made $27.63 billion in revenues in 2016, 97% of which came from advertising revenues alone[3]. The company even has a metric called Average Revenue Per User, which now falls to an average of $4.83 per user – multiplied by 1.86 billion users worldwide.
“In this context, the registry of personal information of 100 million Filipinos can be construed as a treasure trove of assets (worth $483 million, at least by Facebook standards) for data brokers, employers, landlords, credit agencies, mortgage brokers, direct mailers, civil litigants, hackers, and even the government. The lack of clear and unequivocal rules on the purpose of the National ID Registry is surely a loophole that various actors, chief of which is the business sector, will all too gladly take advantage of,” said Bahague.
3. Pretext for super-police powers and political persecution by the State
The deliberate broadness, vagueness and over-breadth of proposals for a National ID System are enabling factors for more pervasive and invasive surveillance systems. Biometrics embedded in the National ID Card coupled with geolocation tracking (through RFID chips, for instance), video surveillance (mandatory in several areas like Quezon City), and facial recognition software can enable state as well as non-state actors to track the every move of each Filipino citizen. This is an unwarranted invasion of our privacy and the right to be left alone.
“Amid a backdrop of rising impunity and extra-judicial killings, the use of a National ID system to go after government critics and legitimate dissenters is not far-fetched . As such it will become an instrument of political persecution and will lead to the further erosion of Philippine democracy, not unlike the authoritarian regime of Ferdinand Marcos who first enacted a National Reference Card System in 1973,” said Bahague.
The IT group also highlighted the limitations of a National ID System. “Even the most sophisticated technology is as good as the human that uses it,” explained Bahague. “With more than one hundred million personal information from Filipinos here and abroad to be handed over to various individuals and offices to input, process, manage, secure, and store, human errors and lapses are bound to occur.”
“The #Comeleak incident of 2016, which compromised the data of 55 million voters, has magnificently exposed the inherent weaknesses of government systems to manage and secure personal data as well as account for its own inability to do so,” said Bahague.
“And despite current laws that penalize the use and creation of fraudulent IDs, these have not stopped a thriving economy on fake IDs and credentials to thrive in places like Recto,” said Bahague.
The IT group ended that while the need to deliver more streamlined services is a valid one, a new National ID system is not the solution. “Present government IDs like the SSS and GSIS IDs should suffice. Instead of looking into costly, superficial, hi-tech solutions to improve the delivery of government services, lawmakers should address inherent and systemic problems of graft, red tape, and corruption,” said Bahague. “What they need is a strong political will to clean up the bureaucracy, starting with the their ranks.” (panaytoday.net)