Names: Section: Professor:

Fortes, Zhaira Diamond M. 1K Atty. Ulpiano P. Sarmiento III

The "Philippine Identification System Act" or Republic Act No. 11055 was signed by
President Rodrigo Duterte on August 6, 2018. Under this law, Filipino citizens and foreign
residents of the country are required to register with the new identification system.
Information to be collected under the Philippine Identification System includes demographic
data such as full name, sex, date of birth, place of birth, blood type, address, and citizenship.
While marital status, mobile numbers, and email addresses are optional. In addition,
biometric information will also be recorded, including front-facing photograph, full set of
fingerprints, and iris scan. Also, other identifiable features may be collected if necessary.
This information will then be included in the new national ID card or “Phil ID”.

The national ID system has been one of the most controversial news of public
discourse upon its enactment. Proponents of the national ID system said that it can greatly
improve the delivery of government services, especially for those who lack proper
government-issued identification cards. According to Republic Act 11055, the system aims
to "eliminate the need to present other forms of identification when transacting with the
government and private sector." While the system has its benefits, data privacy experts worry
that several provisions blur the line between what’s appropriate and what may constitute a
violation of one’s privacy. Some of the arguments made in opposition of RA 11055 includes
the issue of surveillance and privacy rights violations, in giving the government
unprecedented access to a huge cache of its citizens’ personal data could cause a great danger
to any society, as confirmed by the history of many countries which offer examples of its
abuse or misuse. In line with this, the government naturally has to continually shoulder
expenses for acquiring and maintaining equipment, devices, logistics and processes to issue
an identification card to every citizen.

The main reason why the Philippine Identity Card is threatened to be an infringement to
civil liberty is the issue of surveillance and privacy rights violations. The privacy of all the
Filipinos is protected by the Data Privacy Act, or the RA 10173, organizations who deal with
personal details, whereabouts, and preferences are duty bound to observe and respect your
data privacy rights. If a party feels that his personal data has been misused, maliciously
disclosed, or improperly disposed, or if any of the rights discussed here have been violated,
the data subject has a right to file a complaint with the National Privacy Commission. This
was also included in the Implementing Rules and Regulations of RA 11055 (Section 22).
However, these measures seem more of curative rather than preventive, creating more
damage (if implemented) compared to the status quo before this system.

The convenience given by the National ID is very enticing and promising, however, there
is also the inconvenience given by the occasional (sometimes, frequent) glitches in the
system. If history was to be an indicator, it may be concluded that the Philippines was not
and may not be ready yet to implement a nationwide, centralized way of keeping personal
information. Some examples wherein the government system has been given private
information but glitches are still ever present and thus, compromise the safety and
confidentiality, are the: Unified Multi-Purpose Card used for SSS, GSIS, PhilHealth and
PAG-IBIG members; Passport information, including biometrics and personal information
such as addresses, occupation and salaries; and of course, the famous Comeleak which
happened last 2016 elections. According to an article in Inquirer and Manila Times, a hacker
group defaced the Comelec’s website, and a second hacker group posted the entire database
online, with mirror links where the data could also be downloaded. A research by Internet
security company Trend Micro first reported the breach. The leaked data include names,
birthdays, home addresses, e-mail, parent’s full names and in some cases passport details and
text markers of fingerprints of more than 55 million registered voters. These data make these
people susceptible to fraud and other crimes. This has been quoted by the TrendMicro as the
“biggest government-related data breaches in history”. The Philippine government had to ask
other countries for help regarding taking down the site which posted these pieces of information.
Meanwhile, the 2016 elections pushed through, but we have no idea how many thousands of
people have been affected in a negative light because of this leak in information. Another
incident rocked the poll body on January 11, 2017, when suspected robbers broke into the
office of the election officer in Wao, Lanao del Sur, and stole a computer. The Comelec
confirmed that the stolen computer contained a copy of the national list of registered voters
(NLRV).This is why the government must be more wary before creating another scheme
wherein a database full of private and personal information is taken away and supposedly used
for efficiency, especially for transactions in government and private offices.

If national issues on privacy are not enough to question and take a second look on the
implementation of this, there are also controversies regarding national identification cards of
other countries, the most prominent of them is the controversy regarding the Aadhar ID,
wherein for 500 rupees and 10 minutes, its database can be accessed. India had high hopes
for Aadhar, envisioning to help the government crack down on welfare fraud and corruption.
However, the system was vulnerable to breaches and faux pas. A Washington Post report
cites that clerical errors have prevented people from availing of government benefits and
services. The controversy surrounding Aadhaar revolves around questions of privacy and the
scope of government intervention. Some advocacy groups find the notion of a 1.18 billion-
entry government register of names, addresses, fingerprints and faces somewhat problematic.
The Indian Supreme Court earlier this year ruled that certain provisions of Aadhaar violated
the right to privacy because, unlike American Social Security Numbers, Aadhaar is
accessible to a range of both government and private organizations. These questions of
privacy are not unfounded. There have been claims of data leaks and disclosures—everything
from bank details to government portals and welfare beneficiary names—allegedly affecting
up to 100 million people.

Another issue raised by the implementation of this system is that there are no specific
provisions for the protection against abuse or misuse. Section 7, paragraph c of the enacted
law stated that the “Phil ID Card shall be the medium”, thus, limiting the medium to a card
with a chip and the necessary security features. This is a very expensive proposition which
would amount to almost $5 each, or about $500 million for a population of 100 million. The
medium for the national ID should be open in order to encourage banks and telephone
operators to provide the medium for the national ID for free or through shared costs provided
they can share in the authentication revenues. Section 17 of the law, or “Protection against
Unlawful Disclosure of Information/Records” is good, but paragraph b should be revisited
and re-examined because an individual’s consent or a court order to access private
information should be sufficient to protect public health or safety. There should be a specific
provision to protect the people from abuse or misuse of national ID, such as: (1) Deprivation
of social benefits and services due to lack of national ID; (2) Using the national ID for
profiling or surveillance of people, especially the vulnerable ones; (3) Using the national ID
to restrict movement or assembly of people; (4) Breach of the data base.