INTRODUCTION
“I believe that any violation of
privacy is nothing good”, thus said Lech Walesa, former President of Poland,
Nobel Peace Prize winner, and human rights activist. To him, and to other civil libertarians,
privacy in all of its aspects is an absolute right which no one may justifiably
intrude into, not least by the government itself or by its agents. The possible rationale for this supposition is
that this right to privacy is a constitutionally-enshrined and protected right
which is recognized the world over. Therefore,
to violate such constitutional concept is incongruous to what free society is
all about.
With the fast-paced and ever
changing world however, it is no longer that easy to assert the concept of a
fully free society without acceding to some allowable state restrictions on
privacy rights. Germane to the concept
of privacy of information or data privacy, or the right to personal privacy is
the concept of national security. It is
within this backdrop that I attempt to discuss the significance, or the lack of
it, of the national identification system in relation to the Republic Act No.
10173 or the Data Privacy Act.
THE PRESENT THREAT TO
PHILIPPINE SECURITY
The Philippines is home to a
chopsuey of acronym-based groups, a number of whom are composed of self-styled
freedom fighters. There are those that espouse communist or
socialist agenda; there are those radical fundamentalist groups; those who
advocate secession or independence from the seat government’s power; those who
sponsor extremist ideologies and those who are simply, well, political groups
led by vicious warlords. Of these are
the diverse arms-carrying groups, led by these political, socialist, or religious
ideologues. Most often than not, these
groups abdicate peace by weapons that injure, maim, or kill innocent
civilians. Moreover, most of the time,
authorities remain clueless as to the identity of the perpetrators. Even with the vast network of intelligence
equipment to help the security forces, still, few or none at all ever comes to
being solved. These groups, sad to say,
are just there, always waiting for the right time to perpetrate another
misdeed.
Among these
groups are the so-called Muslim fighters in the South divided into the Moro
National Liberation Front (MNLF), the Moro Islamic Liberation Front (MILF), the
dreaded Abu Sayyaf Group (ASG) and the New People’s Army (NPA). Just lately though, the Moro Islamic
Liberation Front inked a peace covenant with the government which paved the way
towards a lasting peace in Mindanao, or at least in the areas where they have a
strong presence. Others still, are just
plain criminal elements, or terror groups, or just manifest transgressors of
law, peace and security of the nation. Even
then, these groups still do not constitute the entire security threat pie alone.
With the rapid advancement in the technological
sphere, and because of the seeming effortless acquisition of new technology,
which are in abundance commercially, and likewise in the thriving black market,
enterprising people with motives for gain or terror became easily the newest
kids on the crime block. This new class
of security threat had already caught the attention of law enforcement and
security forces in most parts of the world.
These so-called cybercrime groups have now reached our country’s shores.
Even our very own Philippine National
Police (PNP) admits that the country has now become a “haven for transnational
organized crime syndicates involved in cyber pornography, cybersex dens, illegal
online gambling, credit card fraud, and identity theft due to weak laws against
cyber crimes xxx” (Philippine
Daily Inquirer, 2011). These
threats need to be addressed through a law or laws intended to insulate innocent and law-abiding citizens
from criminal gangs involved in cybercrimes and identity thieves and by the
same token pursue, ferret out and prosecute the latter, if so warranted.
Surely, this cannot be ignored as they have far-reaching
implications with respect to the safety and security of the nation as well as
with the Philippine economy eventually.
These gangs can be tracked, tailed, subjected to surveillance and
ultimately unmasked through a law that has teeth but at the same time tailored
according to constitutional precepts to make it palatable to the people at
large. Apparently, it is on this pretext
that Administrative Order (A.O.) No. 308, otherwise known as “Adoption of a
National Computerized Identification Reference System” had been foisted upon
the people that it prompted no less than a sitting Senator of the Republic to
question the same, and won his case, in the Court.
NATIONAL
IDENTIFICATION SYSTEM
In 1996, President Fidel V. Ramos
issued Administrative Order (A.O.) No. 308. This administrative issuance aims
to facilitate transactions of basic government services in all government
offices and instrumentalities through a computerized system. Alongside its primary goal, this order is
aimed to reduce bureaucratic red tape, fraudulent transactions, and peripherally,
arrest the tide of corruption in government institutions. At the very least, perhaps.
Ideally, A.O. No. 308 was intended to rationalize
the diverse field of government agencies providing essential services to the
general public. The said order however
never realized its potential as it was thumbed down by the Supreme Court in its
1998 ruling in the case of Blas F. Ople v. Ruben Torres, et. al. (G.R. No.
127685 July 23, 1998). The Court,
speaking through former Chief Justice Reynato Puno, declared Administrative
Order No. 308 null and void for being unconstitutional as it violates the right
to privacy. According to the Court, the
said AO No. 308 “does not tell us in clear
and categorical terms how these information gathered shall be handled. It does
not provide who shall control and access the data, under what circumstances and
for what purpose. These factors are essential to safeguard the privacy and
guaranty the integrity of the information.”
The proposed National Computerized
Identification Reference System could have been a good law were it not for
these apprehensions by some parties including the Court. These apprehensions may still be assuaged
though by refining the questioned provisions or through another law that could
better explain the same.
But, first things first. Before we could proceed any further, it is
indispensable that we discuss, or at least try to, some of the merits or
demerits, the pros as well as the cons, the good side and the bad, the
advantages or disadvantages of the National ID system. By this, we may be able to recognize the
possible beauty of the system, more so if it be guaranteed by a fool-proof
law.
Proponents of the system see in the law a tool for
easy access by any individual transacting business with or availing of the
services of government offices and instrumentalities. There they appreciate a mechanism to
consolidate all available data from every government office into one super-data
infrastructure on a national level. The
end result would be that of efficiency in government transactions. Opponents of the system have a different look
however. They see an unlimited potential for abuse or misuse of the system as
will prevent, say, identity theft resulting in fraud or fraudulent
transactions. Foremost of these raised
fears is the issue of invasion of privacy.
Free societies and democratic institutions want unbridled and
unrestrained rights. They often see State
agents getting hold of various information about them as prying into the
privacy of their lives. And they simply
do not like living under constant fear of unwarranted intrusion into their
private lives. For one reason or
another, these people do not trust the State with much of the data or
information that the vast powers of the State may get their hands into. This is the kind of threat to privacy that
the Court has taken into great consideration in Ople v. Torres. Such threat, the Court declares, “comes from the executive branch of
government which by issuing A.O. No. 308 pressures the people to surrender
their privacy by giving information about themselves on the pretext that it
will facilitate delivery of basic services.
Given the record-keeping power of the computer, only the indifferent
fail to perceive the danger that A.O. No. 308 gives the government the power to
compile a devastating dossier against unsuspecting citizens”. But, is this really the case? Is this fear unfounded? Or, is it more apparent than real? If so, how will the government refine the
system to preclude abuse or misuse? Will
it bring more harm than its perceived good?
Alternatively, will it render truth to what the American essayist and cyber
libertarian political activist John Perry Barlow has once said that, “[R]elying on the government to protect your
privacy is like asking a peeping tom to install your window blinds”.
SUFFICIENT MECHANISM
TOWARDS A NATIONAL ID SYSTEM
The government’s setback in the declaration by the
Court of the unconstitutionality of Administrative Order No. 308 prompted some
legislators to file various bills in both Houses of Congress touching on the
revival of the national identification system. These bills however are still pending
in either House. In August 15, 2012,
Republic Act 10173 or the Data Privacy Act of 2012 was approved into law. It created a National Privacy Commission
composed of experts in the field of information technology and data privacy, to
monitor the strict implementation of the provisions of the law in accordance
with international standards on data protection and privacy.
The meat of the said law is the processing of
personal information and sensitive personal information and the congruent
rights of the person called the data subject.
Thus, there are the rules on access and the possibility of subsequent
disclosure to authorized persons only, and key principles on their storage or
retention either for scientific, historical, and statistical purposes have been
carefully laid out.
The law states in Section 2 thereof, thus, “[T]he
State recognizes the vital role of information and communications technology in
nation-building and its inherent obligation to ensure that personal information
in information and communications systems in the government and in the private
sector are secured and protected”. This
policy direction gives, in itself, an assurance of protection to persons whose
information or data are gathered or processed for lawful use.
Along this line, the law has set parameters under
which the processing of personal information is to be made as well as on how
must the personal information controller or processor, as defined in the law,
must operate with the end in view of facilitating government services sans any
modicum of abuse and without sacrificing the policy objectives of the said
law. First of these is that no
information should be processed absent any consent by the data subject. Another is that subject to some recognized
exceptions, the law prohibits the processing of sensitive personal information
and privileged information. Parenthetically, exclusionary rule applies
rendering inadmissible any evidence gathered on privileged information.
The law likewise spells out the rights of the data
subject which include, inter alia, informing a person whether a personal
information pertaining to him shall be, is being, or has been processed as well
as the methods utilized for automated access if allowed by the data subject. Clearly, the data subject is given much
freedom to exercise his rights under the said law like the right to have
reasonable access to every data or information and their attendant
circumstances as to rule out any iota of doubt on the processes with which his
personal information is/are being handled.
Needless to say, a data subject may even demand that his personal
information which are found to be false or are being used for fraudulent
purposes be removed from the personal information controller’s filing system. On this note, the provision on the
transmissibility of the rights of the data subject to his lawful heirs and
assigns in case of his death or incapacity bears much significance as it entitles
the latter an unrestricted privilege to demand the same rights as if it were
the data subject himself still enforcing the said rights. This
way, no party in interest could claim a denial of his or his predecessor’s
rights under the Data Privacy Law.
Of equal importance also is the provision on the
subcontracting the processing of personal information to a third party under
Section 14 thereof, viz. the personal information controller ensures proper
safeguards to maintain the confidentiality of the processed information. Evidently, liability falls with the
controller. This requirement diminishes
any or all excuses and finger pointing on the part of the responsible persons
on account of the subcontracting the processing of personal information should
questions of accountability arise in the process.
DATA PRIVACY LAW: A SECURITY PERSPECTIVE
It is submitted that the concept of privacy must be
understood in the context of what it might mean to the concept of efficiency
and security of government services.
This being said, the appropriate question would be: what must be the general consideration for
the right of privacy to concede to some other rights? What must the citizens of this country
contribute to a great extent so that the security of the entire nation is not
compromised?
The concept of security, within a national security
perspective, is best brought to the minds of the citizenry that security and
safety is both the responsibility of the State and its people. Thus, in exchange for safety and security in
their homes or in their places of work, the citizenry should be able and
willing to surrender a certain degree of personal privacy. An individual’s basic right to privacy is not
absolute. It must be subject to some exigencies,
more particularly where the interest of national security demands some
sacrifice on the part of all stakeholders therein. It is not claimed herein that the right to
privacy occupies a lower position in the hierarchy of constitutional
rights. It is maintained nonetheless
that this right should allow another right to temporarily overtake it with the
end in view of cushioning any negative impact to the country’s economic and
political maturity.
Indeed, it takes two to tango. While arguably it is the government’s responsibility
to protect its own citizens and even those aliens who set foot in the country,
it is likewise in the best interest of the general welfare that the people
should do their share towards that goal by being not so squeamish with regard
to their privacy. For after all, no
government survives without an active citizenry, who equally shares the
responsibility in fulfilling a secure and safe locality.
The people should fully put its trust in their
government. After all, if people with
not-so-good intentions can attack or compromise the privacy of any individual, why
can’t freedom-loving people allow the State or state agents to perform a
mandated task with a little interference from themselves. If in any case, the performance of such task
is clothed with legality or made in furtherance of a larger but lawful
objective, why not entrust the same to them?
If we had nothing to hide ourselves, then we should not fear the
government’s watchful eye. If we commit
no transgression against the government and our fellowmen, then we are assured
that our privacy is not being violated even as we sleep.
It is quite
disturbing that we always find fault in everything that the government does and
find a weakness in every law that it implements. Indeed, it amazes me no end To NOT allow the
government some elbow room within which to execute its authority and utilize
all available resources within constitutional bounds and in the end we cry for
the government’s help when it is our turn to become victims of injustice caused
by our overzealousness to protect our personal privacy.
CONCLUSION
Notwithstanding any opposition, it is respectfully
submitted that now is the time to pursue more vigorously, not only the adoption,
but also the full implementation of a national identification reference system
as envisioned under the abovementioned administrative order in view of the ever
present and persistent threat to the safety and security of the citizens in
particular and the politico-economic stability in general. This may sound to be security paranoia at its
best, but I hasten to say that in the current scheme of things, I’d rather that
the government or its agents would pry into my not-so private personal data,
than those criminal gangs eager to pounce and make a very quick cash on
unsuspecting prey like a dyed-in-the-wool civil libertarian but whose
intransigence or obstinacy renders him fair game to ill-motivated individuals
or groups.
Taken in its entirety, I believe
that the foregoing considerations relatively provide a sufficient mechanism
towards the introduction of a national identification system. These provisions of the Data Privacy Act
afforded the much-needed shot in the arm of the floundering campaign to establish
finally an ID system akin to a one-stop-shop.
This might not be a panacea, or the
cure-all sort of law, but at least we should try it. And really, that time is now.
REFERENCES:
2.http://globalnation.inquirer.net/16203/philippines-now-haven-for-transnational-cyber-crime- groups%E2%80%94police. Last accessed May 3,
2013.
4. http://www.chanrobles.com/administrativeorders/administrativeorderno308.html#.UYbzvRcwqUQ . Last accessed May
3, 2013.
5. http://www.gov.ph/2012/08/15/republic-act-no-10173/. Last accessed May 3, 2013.
6. http://www.lawphil.net/judjuris/juri1998/jul1998/gr_127685_1998.html
DISCLAIMER:
The contents of this blog are only
the opinions of this writer and are not intended in any way to serve as a legal
advice.
Walang komento:
Mag-post ng isang Komento