IN THE LIGHT OF REPUBLIC ACT 10173 OR

by elzr22

IN THE LIGHT OF REPUBLIC ACT 10173 OR THE DATA PRIVACY ACT OF 2012, CAN NOW THE GOVERNMENT VALIDLY PURSUE A NATIONAL COMPUTERIZED IDENTIFICATION REFERENCE SYSTEM?

 

A Briefer

When Administrative Order 308 1 was issued in December 12, 1996 many were fascinated and lauded President Fidel Ramos for his move. Reading through the text of the order’s title, who would not want it? It seems that the conventional practice of bringing and presenting one identification card for every transaction a client enters with a government agency is history. Now, a client will only be required to show one identification card to enable him to transact business with several, if not all, agencies of the government. Although it was a welcome development in a large sense, it went through harsh public debates after Blas F. Ople, a learned and able member of the Philippine Senate questioned its constitutional standing in the 1987 Philippine Constitution.

The petition cited two fatal constitutional issues, namely: usurpation of the power of Congress to legislate, and intrusion on the citizens’ right to privacy. In order to achieve the objective of testing the propriety and timeliness of adopting a National Computerized Identification Reference System in the light of Republic Act 10173 or the Data Privacy Act of 2012, this paper shall aim to present a modest discussion on the “broad, abstract and ambiguous concept of privacy,” 2 vis-à-vis its significance amid the fast-developing computer technology era.

But first, it is necessary to understand the discipline behind computer information systems to capture governments’ and private industries’ motivation why they continually seek for ways to achieve efficiency in their day-to-day dealings with their clientele, and sustain such efficiency.

Computer Information System or (CIS) is a field studying computers and algorithmic processes, including their principles, their software and hardware designs, their applications, and their impact on society. 3

 

Undisputedly, one such impact is the radical change in the way we plan and execute things over the last few decades. Particularly in imparting or interchanging our ideas and opinions with the rest of the world in every area of human living, this includes government administration. The exponential advances in the computer age are proven to have presented meaningful advantageous combination of circumstances. For instance, one person or one group will find it difficult to throw away the convenience of increasing knowledge with available information right in their fingertips using electronic tools. Used intelligently, items of information kept in a computer could work wonders, especially for people in government, designated with the task of making key decisions and so on.

India’s UID or Universal ID Program for example, the country ventured in building their capacity to provide a novel identity system to its target 1.2 billion residents. Considering its obviously thick population, India was determined to institute a successful biometric identification technology across its geographical and territorial borders. According to a study conducted by the Center for Global Development back in 2012, the UID initiative is India’s ambitious attempt to establishing an organized identification system ever. It started the largest biometric identification program in the world with more than 200 million people enrolled in its database when it was first launched. 4

Primarily, India’s government framed the program as its basis for efficient delivery of welfare services. It would also act as a tool for effective monitoring of their various programs and schemes for the government to implement in the years to come.

For Singapore, the National Registration Act of 1965 5, legislates the issuance and usage of the National Registration Identity Card (NRIC). All persons lawfully residing in Singapore are compelled to have themselves registered under this system, save in certain few exceptions. Card holders are not all the time required to produce their NRIC. They are however encouraged to do so in instances affecting immigration, police and military matters. Persons are also under obligation to present the card if they wish to seek accommodation in transient houses like hotels, hostels or boarding houses. Of course, like in most public and private business practices here and abroad, the NRIC is a required document for certain government procedures or in commercial transactions such as the opening of a bank account to verify the identity of a potential client.

It has a number of privacy issues though. Full and complete NRIC numbers are stored in the government’s database to identify winners of lucky draws. Moreover, books can be borrowed from the National Library Board without the hassle of authenticating further a borrower’s identification. This is done by simply running through a scanner the barcode embedded in his NRIC. It seems for Singaporeans it is an unassumingly fraud-free identification scheme working for them. Until issues of integrity and possible identity theft in these types of transactions took a step forward. To ensure the people’s continued confidence in the system, the last three digits and letters in the NRIC have been authorized to be displayed and published in public. 6

Let us examine the Philippine experience.

Before, the common orientation in enrolling members into a government program would be somewhat of a catalogue system. This is similar to what we see in libraries and bookshops when we want to access a good book or other reading materials. One terrible aspect though in using this system back in those days is its utilization of index cards or sometimes not having adequate budget, paper, in collecting personal details of a person. Once accomplished they are compartmentally separated and locked up in huge metal cabinets organized in alphabetical order for future reference. Later on it proved to be useless since more and more people have to be registered into its database, only to be compounded with the problem of lack of manpower.  In relation to public offices, the author of this paper personally saw how it was like to have his data processed and kept in paper when he had to deal with his government for the first time. It could  be attributed perhaps to the low level of consciousness of the government during that time on the tremendous work output of computers and was content with the usual “slow-but-sure” mentality they have been used to when they run things around the office. Although there has been a gradual pick up in improvement over the years, but with the upsurge of the Philippine population nearly at 92.1 million in the last census conducted in the Third quarter of 2012 7 the organizational setbacks of public agencies seemed to be going on the increase.

Executive Order 420: A Breakthrough

When former President Gloria Arroyo issued Executive Order No. 420 8 she had her eyes focused on leaving a legacy that lives up to her leadership appendage – “Strong Republic”. She hoped to offset organizational setbacks by modernizing the government identification system. In her order which was issued on April 13, 2005, the president required all government agencies, and government-owned and controlled corporations to streamline and harmonize their identification systems. To pursue this goal, the Director General of the National Economic Development Authority was charged with the implementation and to see to it there is collateral facility of the other purposes reasonably contemplated in the executive order.

This gave birth to the Unified Multi-Purpose Identification System. The first to adopt the system was the Government Service Insurance System or GSIS followed by other agencies such as SSS, PhilHealth, DFA, POEA, Philippine Postal Corporation, and the BIR. A National Task Force (NTF) was created, through NEDA Memorandum Order No. 01, Series of 2005 9 to ensure the effective coordination and implementation of E.O. 420. Major stakeholders had long thought and discussed about modernization. People responded with high expectations that with this new found development there will be greater efficiency in every aspect of handling governmental affairs, starting with the processing of personal data of an individual as basic. Different government ID systems and databases have been harmonized and unified, while making it more convenient for citizens to negotiate business with government or private entities. Using a single identification system, government agencies, such as the GSIS, the Social Security System (SSS), the Philippine Health Insurance Corporation (PhilHealth), and the Home Development Mutual Fund (Pag-IBIG) will be able to get rid of redundant databases, cut operational and logistical costs fairly and establish a system link that affords eCard holders maintaining a common reference number (CRN) the benefit of availing services without going through the usual inconvenience.

So far this is the closest the government has come in making out its plans into a reality to institute the reforms it promised its citizens to do. Now there is fast, centralized access to databases of data subjects’ personal information, reference reading, and are easily customizable to meet an organization’s requirements.

Assessing this present breakthrough, what’s wrong with Administrative Order 308?

Administrative ‘dis-Order’ 308

Petitioner Blas F. Ople argues that the establishment of a national identification system requires the approval of Congress by way of a law. A.O. 308 he said usurps illegally the power of the legislature to enact laws. In Section 1 of Article 6 of the 1987 Constitution, it states that the legislative power shall be vested in the Congress of the Philippines which shall consist of a Senate and a House of Representatives, except to the extent reserved to the people by the provision on initiative and referendum. Moreover, Ople added that only Congress, through the House of Representatives, is given the exclusive right and authority to appropriate funds for public expenditure 10, not the executive department. Lastly, he was apprehensive that there will be wanton disregard of the people’s right to privacy if the order shall yield obligatory force upon them.

Undaunted, respondents claimed that the instant petition is, firstly, not a justiciable question as would warrant a judicial review by the Supreme Court. Having been issued by the Office of the President, they said, the substance of the order should rather be treated as a political issue which relates mainly to matters of administrative policy directed by the executive branch of government to bureaus and offices under its control to enable the discharge of executive/administrative duties effectively, and not a case involving legality of a particular measure. Second, the act of issuing the order was well within the scope of the President’s jurisdiction as they said there was no actual encroachment on the lawmaking domain of Congress. Same with the exercise of congressional appropriation powers, respondents assured that the funds necessary for the implementation of the identification reference system will be sourced from the budgets of the concerned agencies, to wit: Presidential Management Staff Office, the National Economic Development Authority, Department of the Interior and Local Government, Department of Health, Government Service Insurance System, Social Security System, National Statistics Office and National Computer Center. All these agencies will allocate a portion of their respective budget from the annual funding appropriated to them by Congress to be able to fulfill the objective of the program. Finally, protection of an individual’s interest in privacy shall be observed at all times.

In its decision, the High Court rejected the respondents’ submissions.

On the issue of justiciability, the High Court explained that the order is being assailed as invalid per se and as infirmed on its face. The fact that there exists a direct attack on its constitutionality, it was incorrect of the respondents to maintain that the contents thereof were simply the President’s design to provide policy direction over his administration. Second, it cannot be conveniently argued that A.O. 308 is no more than an implementing order by the executive department because it establishes a system that is first of its kind that has never been encountered even by administrations in the past. It takes the character of a law that Congress is solely authorized to adopt. Lastly, the respondents were unable to convince the High Court that the Order is impervious to abuse and misuse. It wants of safeguards and foolproof mechanism that could calm the public amid today’s dangers of cyber hacking and identity theft.

Striking a Happy Balance

The High Court in granting the petition certainly did not intend to put a barrier to the executive branch’s efforts to enhance technology development within its tract of authority. It merely stepped up to its duty to quell abuses of discretion on the part of government instrumentalities, in this case, the Office of the President. Though not clear whether Senator Ople’s petition was in the nature of a certiorari, still, the Court was prompted to suspend its rules of procedure as Administrative Order 308 involved clear violations of the Constitution which urgently need to be addressed. Speaking through Justice Puno in Ople vs. Torres, the High Court confirms that while it finds A.O. 308 constitutionally infirmed, it is not at all opposed to the electronic service delivery of government agencies to improve general bureaucratic performance. In fact, the Court recognizes the employment of many information systems in different countries to meet social objectives. To name a few, the facility of better law enforcement, more efficient management of credit and insurance programs, improvement of telecommunications and streamlining of financial activities. 11 The benefits of the computer have revolutionized information technology. It developed the internet, 12 introduced the concept of cyberspace 13 and the information superhighway where the individual, armed only with his personal computer, may surf and search all kinds and classes of information from libraries and databases connected to the net. The databases that are created concentrate on larger data centrality thereby making the information coverage a huge advantage for the government.

But make no mistake, privacy of an individual is a cardinal subject that is very personal to our laws, especially to our fundamental law. In Republic Act 386 14, it states that “[e]very person shall respect the dignity, personality, privacy and peace of mind of his neighbors and other persons” and punishes as actionable torts several acts by a person of meddling and prying into the privacy of another.” 15 The High Court is not an advocate of anti-development. Like what was said, it is not antagonistic of acts of a co-equal branch of government (e.g. executive) such that it intends to place in between them a competition to test which has greater power and might. This is the beauty of having a tripartite system of government. Aside from the fact there is separation of powers among three departments of government, checks and balances have been instrumentalized so that neither one branch can whimsically abuse its given discretion. Public offices, agencies and instrumentalities, including government-owned and controlled corporations are free to promulgate regulations in carrying out their objectives, such that when there is conflict between these regulations and our supreme law (Constitution), the role of the judiciary becomes pertinent.

Privacy: “Broad, abstract and ambiguous concept.”

The national identification system of President Ramos could have passed the stringent standards of our legal system, those are, conferment of a right, imposition of a duty and affording of protection to the Filipino public. But no. Suspicious of its real motives, the petitioner challenged it before the High Court as a sinister attempt of the government to control its citizens by intruding into their right to privacy.

By an 8-6 vote, the order was struck down as an invalid police measure. Writing for the majority, Justice Reynato S. Puno declared that the order “pressures the people to surrender their privacy by giving information about themselves on the pretext that it will facilitate the delivery of basic services. Given the record-keeping powers of the computer, only the indifferent will fail to perceive the danger that A.O. No. 308 gives the government the power to compile a devastating dossier against unsuspecting citizens.” 16

 

In his famous Griswold vs. Connecticut opinion, Justice Hugo Black wrote, “‘privacy is a broad, abstract and ambiguous concept.” There is no one sense of privacy which can be extracted from the various Court decisions which have touched upon it. The mere act of labeling something “private” and contrasting it with “public” implies that we are dealing with something which should be removed from government interference. According to those who emphasize individual autonomy and civil liberties, the existence of a realm of both private property and private conduct should, as much as possible, be left alone by the government. It is this realm which serves to facilitate the moral, personal and intellectual development of each individual, without which a functioning democracy is not possible. 17

On the other hand, Justice Douglas’ view points out that liberty in the constitutional sense must mean more than freedom from unlawful governmental restraint; it must include privacy as well, if it is to be a repository of freedom. The right to be let alone is indeed the beginning of all freedoms. As a matter of fact, this right to be let alone is, to quote from Mr. Justice Brandeis “the most comprehensive of rights and the right most valued by civilized men. The concept of liberty would be emasculated if it does not likewise compel respect for his personality as a unique individual whose claim to privacy and interference demands respect. 18

Timeliness and Propriety of a National ID System

We had Administrative Order 308 thumbed down by the Supreme Court because it trespasses and walks into the hallowed precincts of man’s privacy unnecessarily. The Court came right on time to stall what could be a sure future danger to man’s life, liberty and property that could be too great and overwhelming to reverse had it not.

 

Executive Order 420 came years later. Unlike A.O. 308, E.O. 420 operates on limited and specific data gathering of a person’s private information. The purpose was to reduce costs, achieve efficiency and reliability, insure compatibility, and provide convenience to the people served by such entities. The limitation is narrowed to fourteen (14) specific items, namely: Name, Home Address, Sex, Picture, Signature, Date of Birth, Place of Birth, Marital Status, Name of Parents, Height, Weight, Two index fingers and two thumbmarks, Any prominent distinguishing features like moles or others, and Tax Identification Number. 19

The ponencia in KMU vs. Director General of NEDA and Bayan Muna vs. Eduardo Ermita, Justice Antonio Carpio makes more clear the substantial variance that saves E.O. 420 from its critics. According to him, on its face, E.O. 420 shows no constitutional infirmity because it even narrowly limits the data that can be collected, recorded and shown compared to the existing ID systems of government entities.  Moreover, E.O. 420 further provides strict safeguards to protect the confidentiality of the data collected, in contrast to the prior ID systems which are bereft of strict administrative safeguards.  

The right to privacy does not bar the adoption of reasonable ID systems by government entities.  Some one hundred countries have compulsory national ID systems, including democracies such as Spain, France, Germany, Belgium, Greece, Luxembourg, and Portugal.  Other countries which do not have national ID systems, like the United States, Canada, Australia, New Zealand, Ireland, the Nordic Countries and Sweden, have sectoral cards for health, social or other public services. Even with E.O. 420, the Philippines will still fall under the countries that do not have compulsory national ID systems but allow only sectoral cards for social security, health services, and other specific purposes. 20

 

It was thought initially though that E.O. 420 is the revival of the national identification system in 1996. Apparently it is not. In a majority decision, again, in KMU vs. Director General of NEDA and Bayan Muna vs. Eduardo Ermita, the members of the High Court beg not to compare E.O. 420 with A.O. 308. There is no way the two could be synonymous to each other neither in form nor in substance, or both, that members of the tribunal can sleep soundly in the night without worrying of any government intrusion of the populace’s right to privacy. E.O. 420 never assumed that it takes the nature of a law. As it stands today, participant government agencies in the UMID system are absorbed completely by the success of the system. At any rate Congress is not precluded from passing a law that will resurrect the junked National Computerized Identification Reference System.

On July 25, 2011, Congress enacted Republic Act 10173 or the Data Privacy Act of 2012. 21  The State’s policy is to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth. The State likewise recognizes the vital role of information and communications technology in nation-building and its inherent obligation to safeguard individual personal information in information and communications systems in the government and the private sector of citizens who, for evident reasons, do not have much of a choice but to go and chase the world outside.

Unfortunately and in my opinion, RA 10173 does not meet the dynamics that could rightfully stress the basis for creating the long sought national identification system. What it does is merely complementary of a law which is already in existence (E.O. 420). E.O. 420 has laid the basic ground work for data collection and storage, what it probably needs at this point is a strict legislative measure that would shield it from abuses and misuses, and this is where RA 10173 comes into play. In other words, having an executive order on the one hand, and an Act of Congress on the other will work to bring to life a national computerized identification reference system.

 

I do not agree.

 

The intention of A.O. 308 may be good but not good enough if such goodness will only mean an encroachment of a person’s right to privacy having proved in Ople vs. Torres. The author of this paper, however, is driven by academic and personal circumstances to speak his mind. In which case let us give A.O. 308 one last hard look as he sums up this paper.

The first and second ‘WHEREAS’ clauses of the order unveil the innermost sentiments of the executive department to undertake a colossal project of founding a nationwide id system. To wit:

“WHEREAS, this will require a computerized system to properly and efficiently identify persons seeking basic services on social security and reduce, if not totally eradicate, fraudulent transactions and misrepresentations;

WHEREAS, a concerted and collaborative effort among the various basic services and social security providing agencies and other government instrumentalities is required to achieve such a system; x x xbold letters supplied.

If we are to have a new version of this proposed system today, I am certain that Congress will adopt these sentiments and probably expound the same pointedly to achieve the State’s declared policy with regard to system computerization as well as a guarantee to privacy protection. I struggle to express my personal approval of the Data Privacy Act as the measure that A.O. 308 would have properly envisioned, either it standing independently or in collaboration with E.O. 402 or any other regulation prevailing for that matter.

It merely affords the highest standard of protection to a data subject’s information purposively collected as a matter of protocol in building a database of all information in information and communication systems in the government and in the private sector – nothing else more. Consider this as a guide, an individual who is an indigent getting enrolled into a government program using the UMID system presently enforced. The fact of his indigency, its historical data, members of the family belonging in the same indigent community, their classification as a community, sum of money that may have been extended by the government (DSWD) as financial aid, the gravity of poverty, their skills and amount of education and any other events that best points to and identifies him as a human being, the whole of him as a pauper. Is E.O. 420, under Section 3, authorized to gather these information? Specified in the section, only FOURTEEN (14) items of information shall be collected from any person availing of certain services from the government using the UMID system. Expressio Unius Est Exclusion Alterius (The express mention of one thing excludes all others). 22

 

Thus, it is quite hard to think how the government can effectively embark on an efficient computerized identification system in the entire country if technical mechanisms which are so material and substantial in the face of threats to man’s sacred right to be let alone are absent.

It is the humble submission of the author therefore that Congress must pass a new law. This new law shall work centrally on the exploitation of recent development in information technology systems. And while our government is busy digitizing the way it does business with its citizens, the law must define three things: (1) a procedure and requirement for the gathering, storage, retrieval of the information that is comprehensive; (2) a security policy capable of delivering data subject information from natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination; and (3) a provision on penalty to serve as deterrence against unlawful acts.

In the light of Republic Act 10173 or the Data Privacy Act of 2012, can now the government validly pursue a National Computerized Identification Reference System?

No.

PUBLIC DISCLAIMER:      

The author is not a member of the Philippine bar. The contents of this writing are purely his own and not in any way intended to provide expert legal discussion on the sensitive character of the subject matter. Also, this written submission is being made to comply with the author’s final requirement in his subject for the 2012-2013 Summer class, Technology and the Law as a third year student at the Arellano University School of Law under the gracious auspices of his talented professor Atty. Berne Guerrero.

END NOTES:

[1] Adoption of a National Computerized Identification Reference System issued on December 12, 1996.

[2] Griswold vs. Connecticut  (1965)

[3] en.wikipedia.org/wiki/Information.systems.

[4] http://www.cgdev.org/files/1426583.

[5] statutes.agc.gov.sg

[6] en.wikipedia.org/wiki/National_Registration_Identity_Card.

[7] http://www.census.gov.ph/content/household-population-philippines-reaches-921-million.

[8] An Order Requiring All Government Agencies in Government Owned and Controlled Corporations to Streamline and Harmonize their Identification (ID) Systems, and Authorizing For Such Purpose the Director General of the National Economic Development Authority to Implement the Same, and for other Purpose.

[9] http://www.neda.gov.ph/references/EOs/NEDA%20Memorandum20%Order%20Final.doc.

[10] Section 24, Article 6, 1987 Philippine Constitution.

[11] Sloan, Law of Privacy Rights in a Technological Society, page 4[1986].

[12] The Internet is a decentralized network interconnected by the TCP/IP protocol. The Net was started as a military network ARPANET in 1969 by the US Department of Defense for the purpose of networking main frame computers to prepare against missile weapons. It opened to public research organizations and universities in 1983 and has been interconnected with commercial networks since 1990 (Kazuko Otani, “Information Security in the Network Age,” Philippine Law Journal, vol. 70: 1, 2 [1995]).

[13] Cyberspace is a place located in no particular geographical location but available to anyone, anywhere in the world, with access to the internet (Darrel Menthe, “Jurisdiction in Cyberspace: A Theory of International Spaces 4 Mich. Tel. Tech. L. Rev. 3 (April  23, 1998),  <http://www. law.umich.edu/ mttlr/volfour/menthe.html>.

[14] An Act to Ordain and Institute the Civil Code of the Philippines, June 18, 1949.

[15] Section 26 of Republic Act 386 otherwise known as the Civil Code of the Philippines.

[16] Constitutional Law by Isagani A. Cruz, former Associate Justice of the Supreme Court, 2007 ed.

[17] http://atheism.about.com/library/decisions/indexes/bldec_PrivacyIndex.html.

[18] sc.judiciary.gov.ph/jurisprudence/2012/july2012/193636.pdf

[19] KMU vs. Director General of NEDA, G.R. No. 167798; Bayan Muna vs. Eduardo Ermita, G.R. No. 167930

[20] http://sc.judiciary.gov.ph/jurisprudence/2006/april2006/G.R.%20No.%20167798.htm

[21] http://www.gov.ph/2012/08/15/republic-act-no-10173/

[22] http://en.wikipedia.org/wiki/List_of_legal_Latin_terms#E

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Advertisements