“I believe that any violation of privacy is nothing good”, thus said Lech Walesa, former President of Poland, Nobel Peace Prize winner, and human rights activist. To him, and to other civil libertarians, privacy in all of its aspects is an absolute right which no one may justifiably intrude into, not least by the government itself or by its agents. The possible rationale for this supposition is that this right to privacy is a constitutionally-enshrined and protected right which is recognized the world over. Therefore, to violate such constitutional concept is incongruous to what free society is all about.
With the fast-paced and ever changing world however, it is no longer that easy to assert the concept of a fully free society without acceding to some allowable state restrictions on privacy rights. Germane to the concept of privacy of information or data privacy, or the right to personal privacy is the concept of national security. It is within this backdrop that I attempt to discuss the significance, or the lack of it, of the national identification system in relation to the Republic Act No. 10173 or the Data Privacy Act.
THE PRESENT THREAT TO PHILIPPINE SECURITY
The Philippines is home to a chopsuey of acronym-based groups, a number of whom are composed of self-styled freedom fighters. There are those that espouse communist or socialist agenda; there are those radical fundamentalist groups; those who advocate secession or independence from the seat government’s power; those who sponsor extremist ideologies and those who are simply, well, political groups led by vicious warlords. Of these are the diverse arms-carrying groups, led by these political, socialist, or religious ideologues. Most often than not, these groups abdicate peace by weapons that injure, maim, or kill innocent civilians. Moreover, most of the time, authorities remain clueless as to the identity of the perpetrators. Even with the vast network of intelligence equipment to help the security forces, still, few or none at all ever comes to being solved. These groups, sad to say, are just there, always waiting for the right time to perpetrate another misdeed.
Among these groups are the so-called Muslim fighters in the South divided into the Moro National Liberation Front (MNLF), the Moro Islamic Liberation Front (MILF), the dreaded Abu Sayyaf Group (ASG) and the New People’s Army (NPA). Just lately though, the Moro Islamic Liberation Front inked a peace covenant with the government which paved the way towards a lasting peace in Mindanao, or at least in the areas where they have a strong presence. Others still, are just plain criminal elements, or terror groups, or just manifest transgressors of law, peace and security of the nation. Even then, these groups still do not constitute the entire security threat pie alone.
With the rapid advancement in the technological sphere, and because of the seeming effortless acquisition of new technology, which are in abundance commercially, and likewise in the thriving black market, enterprising people with motives for gain or terror became easily the newest kids on the crime block. This new class of security threat had already caught the attention of law enforcement and security forces in most parts of the world. These so-called cybercrime groups have now reached our country’s shores. Even our very own Philippine National Police (PNP) admits that the country has now become a “haven for transnational organized crime syndicates involved in cyber pornography, cybersex dens, illegal online gambling, credit card fraud, and identity theft due to weak laws against cyber crimes xxx” (Philippine Daily Inquirer, 2011). These threats need to be addressed through a law or laws intended to insulate innocent and law-abiding citizens from criminal gangs involved in cybercrimes and identity thieves and by the same token pursue, ferret out and prosecute the latter, if so warranted.
Surely, this cannot be ignored as they have far-reaching implications with respect to the safety and security of the nation as well as with the Philippine economy eventually. These gangs can be tracked, tailed, subjected to surveillance and ultimately unmasked through a law that has teeth but at the same time tailored according to constitutional precepts to make it palatable to the people at large. Apparently, it is on this pretext that Administrative Order (A.O.) No. 308, otherwise known as “Adoption of a National Computerized Identification Reference System” had been foisted upon the people that it prompted no less than a sitting Senator of the Republic to question the same, and won his case, in the Court.
NATIONAL IDENTIFICATION SYSTEM
In 1996, President Fidel V. Ramos issued Administrative Order (A.O.) No. 308. This administrative issuance aims to facilitate transactions of basic government services in all government offices and instrumentalities through a computerized system. Alongside its primary goal, this order is aimed to reduce bureaucratic red tape, fraudulent transactions, and peripherally, arrest the tide of corruption in government institutions. At the very least, perhaps.
Ideally, A.O. No. 308 was intended to rationalize the diverse field of government agencies providing essential services to the general public. The said order however never realized its potential as it was thumbed down by the Supreme Court in its 1998 ruling in the case of Blas F. Ople v. Ruben Torres, et. al. (G.R. No. 127685 July 23, 1998). The Court, speaking through former Chief Justice Reynato Puno, declared Administrative Order No. 308 null and void for being unconstitutional as it violates the right to privacy. According to the Court, the said AO No. 308 “does not tell us in clear and categorical terms how these information gathered shall be handled. It does not provide who shall control and access the data, under what circumstances and for what purpose. These factors are essential to safeguard the privacy and guaranty the integrity of the information.”
The proposed National Computerized Identification Reference System could have been a good law were it not for these apprehensions by some parties including the Court. These apprehensions may still be assuaged though by refining the questioned provisions or through another law that could better explain the same.
But, first things first. Before we could proceed any further, it is indispensable that we discuss, or at least try to, some of the merits or demerits, the pros as well as the cons, the good side and the bad, the advantages or disadvantages of the National ID system. By this, we may be able to recognize the possible beauty of the system, more so if it be guaranteed by a fool-proof law.
Proponents of the system see in the law a tool for easy access by any individual transacting business with or availing of the services of government offices and instrumentalities. There they appreciate a mechanism to consolidate all available data from every government office into one super-data infrastructure on a national level. The end result would be that of efficiency in government transactions. Opponents of the system have a different look however. They see an unlimited potential for abuse or misuse of the system as will prevent, say, identity theft resulting in fraud or fraudulent transactions. Foremost of these raised fears is the issue of invasion of privacy. Free societies and democratic institutions want unbridled and unrestrained rights. They often see State agents getting hold of various information about them as prying into the privacy of their lives. And they simply do not like living under constant fear of unwarranted intrusion into their private lives. For one reason or another, these people do not trust the State with much of the data or information that the vast powers of the State may get their hands into. This is the kind of threat to privacy that the Court has taken into great consideration in Ople v. Torres. Such threat, the Court declares, “comes from the executive branch of government which by issuing A.O. No. 308 pressures the people to surrender their privacy by giving information about themselves on the pretext that it will facilitate delivery of basic services. Given the record-keeping power of the computer, only the indifferent fail to perceive the danger that A.O. No. 308 gives the government the power to compile a devastating dossier against unsuspecting citizens”. But, is this really the case? Is this fear unfounded? Or, is it more apparent than real? If so, how will the government refine the system to preclude abuse or misuse? Will it bring more harm than its perceived good? Alternatively, will it render truth to what the American essayist and cyber libertarian political activist John Perry Barlow has once said that, “[R]elying on the government to protect your privacy is like asking a peeping tom to install your window blinds”.
SUFFICIENT MECHANISM TOWARDS A NATIONAL ID SYSTEM
The government’s setback in the declaration by the Court of the unconstitutionality of Administrative Order No. 308 prompted some legislators to file various bills in both Houses of Congress touching on the revival of the national identification system. These bills however are still pending in either House. In August 15, 2012, Republic Act 10173 or the Data Privacy Act of 2012 was approved into law. It created a National Privacy Commission composed of experts in the field of information technology and data privacy, to monitor the strict implementation of the provisions of the law in accordance with international standards on data protection and privacy.
The meat of the said law is the processing of personal information and sensitive personal information and the congruent rights of the person called the data subject. Thus, there are the rules on access and the possibility of subsequent disclosure to authorized persons only, and key principles on their storage or retention either for scientific, historical, and statistical purposes have been carefully laid out.
The law states in Section 2 thereof, thus, “[T]he State recognizes the vital role of information and communications technology in nation-building and its inherent obligation to ensure that personal information in information and communications systems in the government and in the private sector are secured and protected”. This policy direction gives, in itself, an assurance of protection to persons whose information or data are gathered or processed for lawful use.
Along this line, the law has set parameters under which the processing of personal information is to be made as well as on how must the personal information controller or processor, as defined in the law, must operate with the end in view of facilitating government services sans any modicum of abuse and without sacrificing the policy objectives of the said law. First of these is that no information should be processed absent any consent by the data subject. Another is that subject to some recognized exceptions, the law prohibits the processing of sensitive personal information and privileged information. Parenthetically, exclusionary rule applies rendering inadmissible any evidence gathered on privileged information.
The law likewise spells out the rights of the data subject which include, inter alia, informing a person whether a personal information pertaining to him shall be, is being, or has been processed as well as the methods utilized for automated access if allowed by the data subject. Clearly, the data subject is given much freedom to exercise his rights under the said law like the right to have reasonable access to every data or information and their attendant circumstances as to rule out any iota of doubt on the processes with which his personal information is/are being handled. Needless to say, a data subject may even demand that his personal information which are found to be false or are being used for fraudulent purposes be removed from the personal information controller’s filing system. On this note, the provision on the transmissibility of the rights of the data subject to his lawful heirs and assigns in case of his death or incapacity bears much significance as it entitles the latter an unrestricted privilege to demand the same rights as if it were the data subject himself still enforcing the said rights. This way, no party in interest could claim a denial of his or his predecessor’s rights under the Data Privacy Law.
Of equal importance also is the provision on the subcontracting the processing of personal information to a third party under Section 14 thereof, viz. the personal information controller ensures proper safeguards to maintain the confidentiality of the processed information. Evidently, liability falls with the controller. This requirement diminishes any or all excuses and finger pointing on the part of the responsible persons on account of the subcontracting the processing of personal information should questions of accountability arise in the process.
DATA PRIVACY LAW: A SECURITY PERSPECTIVE
It is submitted that the concept of privacy must be understood in the context of what it might mean to the concept of efficiency and security of government services. This being said, the appropriate question would be: what must be the general consideration for the right of privacy to concede to some other rights? What must the citizens of this country contribute to a great extent so that the security of the entire nation is not compromised?
The concept of security, within a national security perspective, is best brought to the minds of the citizenry that security and safety is both the responsibility of the State and its people. Thus, in exchange for safety and security in their homes or in their places of work, the citizenry should be able and willing to surrender a certain degree of personal privacy. An individual’s basic right to privacy is not absolute. It must be subject to some exigencies, more particularly where the interest of national security demands some sacrifice on the part of all stakeholders therein. It is not claimed herein that the right to privacy occupies a lower position in the hierarchy of constitutional rights. It is maintained nonetheless that this right should allow another right to temporarily overtake it with the end in view of cushioning any negative impact to the country’s economic and political maturity.
Indeed, it takes two to tango. While arguably it is the government’s responsibility to protect its own citizens and even those aliens who set foot in the country, it is likewise in the best interest of the general welfare that the people should do their share towards that goal by being not so squeamish with regard to their privacy. For after all, no government survives without an active citizenry, who equally shares the responsibility in fulfilling a secure and safe locality.
The people should fully put its trust in their government. After all, if people with not-so-good intentions can attack or compromise the privacy of any individual, why can’t freedom-loving people allow the State or state agents to perform a mandated task with a little interference from themselves. If in any case, the performance of such task is clothed with legality or made in furtherance of a larger but lawful objective, why not entrust the same to them? If we had nothing to hide ourselves, then we should not fear the government’s watchful eye. If we commit no transgression against the government and our fellowmen, then we are assured that our privacy is not being violated even as we sleep.
It is quite disturbing that we always find fault in everything that the government does and find a weakness in every law that it implements. Indeed, it amazes me no end To NOT allow the government some elbow room within which to execute its authority and utilize all available resources within constitutional bounds and in the end we cry for the government’s help when it is our turn to become victims of injustice caused by our overzealousness to protect our personal privacy.
Notwithstanding any opposition, it is respectfully submitted that now is the time to pursue more vigorously, not only the adoption, but also the full implementation of a national identification reference system as envisioned under the abovementioned administrative order in view of the ever present and persistent threat to the safety and security of the citizens in particular and the politico-economic stability in general. This may sound to be security paranoia at its best, but I hasten to say that in the current scheme of things, I’d rather that the government or its agents would pry into my not-so private personal data, than those criminal gangs eager to pounce and make a very quick cash on unsuspecting prey like a dyed-in-the-wool civil libertarian but whose intransigence or obstinacy renders him fair game to ill-motivated individuals or groups.
Taken in its entirety, I believe that the foregoing considerations relatively provide a sufficient mechanism towards the introduction of a national identification system. These provisions of the Data Privacy Act afforded the much-needed shot in the arm of the floundering campaign to establish finally an ID system akin to a one-stop-shop.
This might not be a panacea, or the cure-all sort of law, but at least we should try it. And really, that time is now.
1. http://en.wikipedia.org/wiki/Lech_Wa%C5%82%C4%99sa. Accessed May 02, 2013.
2.http://globalnation.inquirer.net/16203/philippines-now-haven-for-transnational-cyber-crime- groups%E2%80%94police. Last accessed May 3, 2013.
3. http://en.wikipedia.org/wiki/John_Perry_Barlow. Accessed May 3, 2013.
4. http://www.chanrobles.com/administrativeorders/administrativeorderno308.html#.UYbzvRcwqUQ . Last accessed May 3, 2013.
5. http://www.gov.ph/2012/08/15/republic-act-no-10173/. Last accessed May 3, 2013.
The contents of this blog are only the opinions of this writer and are not intended in any way to serve as a legal advice.