THE legislators who authored and co-sponsored the proposed bills on the creation of a National ID System (NIDS) in both houses of Congress may have another reason to justify the NIDS.
The events in Marawi forced residents to flee to other cities and areas where they feel they will be safe. And, as Marawi residents fled their city, they passed through checkpoints set up and manned by the military and the police. It has been reported that while residents were able to present identification documents, they were still detained, interrogated about their movements, forced to have their pictures taken, and their names and addresses collected.
Some local government units have implemented a No-ID, No Entry policy. An ID, in this instance, serves as an internal passport to cross a border from one local jurisdiction to another.
Senate Bill 95 and House Bill 12 seek to establish an identification system through which a Filipino ID card will be issued to each citizen or resident foreigner that will serve as the Filipino citizen’s or resident foreigner’s official identification document “to curb the perennial problem of red tape in the government bureaucracy and to simplify the processes relative to public and private services”.
How the proposed bills will meet the stated objective is not clear except perhaps that when the ID Card is presented, no other identification document will be required. It is unclear how the proposed legislations will curb red tape and result in a more efficient and simplified process in government transactions. No data or study that supports the stated objective has ever been presented.
The identification system “shall gradually concert and consolidate all existing government-initiated identification systems into one, integrated and efficient identification system.” With this in mind and with over 100 million citizens residing inside the country and abroad, the Philippine Statistics Authority (PSA), the lead implementing agency, will establish an automated system for the collection and maintenance of pertinent data about each Filipino citizen.
The identification system will be designed to collect each citizen’s personally identifiable information (PII). At a minimum, a citizen’s name, birth date, gender, signature, picture, and biometric data such as fingerprint and/or retina scan will be collected. The ID Card will have the capability to store a citizen’s PII and a unique number shall be assigned. A citizen will practically be identified by a unique number. Sensitive personal information may also be stored in the ID Card; for example, a citizen will be revealed to have availed of the services at a government medical institution.
The proposed bills do not specify how data will be protected against unlawful disclosure or unauthorized access, use, and processing. Perhaps guidance can be gleaned from the Data Privacy Act but the 2016 ComeLeak incident which occurred twice in less than a year demonstrated the state of data protection in government agencies. It exposed the weakness in government agencies’ capacity and capability to protect data that they hold.
There are provisions which punish and/or penalize citizens who supply false information in applying for an ID Card, procuring an ID Card through fraudulent means, using a fake ID Card, or refusing to acknowledge an ID Card. Likewise, the proposed bills provide to punish and/or penalize public officials or employees who connive with a citizen who committed any of the prohibited acts previously enumerated.
The proposed bills, however, do not provide for penalties and/or punishment for illegal acts– the unauthorized disclosure, access, copying, use, or processing of data in the identification system or the ID Card. Perhaps, guidance can be gleaned from the Cybercrime Prevention Act in this regard.
But, even with the most stringent information security policies and procedures coupled with the most sophisticated technology solutions, the weakest link in the information security chain is the people who will be charged with the responsibility to collect data and manage the identification system.
Potentially, a citizen may not have control as to what data will be stored in the ID Card. On the flipside, safeguards are not provided to limit what data will be read by government agencies or private organizations to whom the ID Card is presented.
Just as data is easily harvested from credit cards as past reported incidents have shown, data from the ID Card may just as easily be harvested. Data illegally harvested or a lost or stolen ID Card may put the citizen in danger of identity theft. A citizen’s fingerprint and retina scan data is irreplaceable.
The greater danger is the potential for abuse and misuse of the identification system and the data collected and stored in it, especially when the identification system envisioned by the proposed bills reaches the state of final consolidation of all government-initiated identification systems. With the ease of linking, integrating, and interconnecting systems between and among government agencies and, perhaps, even with private sector systems, the identification system can very well be at the core of such an act which may result in creating and organizing dossiers of citizens and may further be used as a surveillance system which will violate citizens’ right to privacy of personal information protected by the Data Privacy Act. The Philippines could end up becoming a state where Big Brother will be watching.
The identification system and the ID Card will not minimize or eradicate red tape in government nor result in a more efficient delivery of services. Rather, there is a need for government to embrace good governance principles of transparency, predictability, and accountability.