CHAPTER 4

This chapter is a presentation of the analysis and interpretation of the

research data gathered. It deals with the correlation of the research data with the

problems raised in order to arrive at a determination of the answers that this

study endeavors to find.

1. What is Republic Act No. 10173 or Data Privacy Act of 2012?

Information and communications technology plays a vital role in nation-

building and development of the country. In the information age, he who holds

information holds power. From macro-economic perspective, the free flow of

information is concededly vital to the growth of any nation, and key to the

success of any business. With the power that follows information, it is in the

interest of the State to govern the parameters by which such power will be held,

while at the same time ensuring the free flow of information to promote

innovation and growth.

From the perspective of citizens and individuals, the State also protects

their fundamental human rights to privacy of communication. And with the

exponentially increasing availability of ways and means to access personal data

and information, it becomes the duty of the State to guard against transgressions

of the individuals rights.

37
 Republic Act No. 10173, otherwise known as the Data Privacy Act of

2012, is one formidable piece of legislation. Its application encompasses all

walks of business, from the banking and finance sector, to labor and human

resources, schools, and even non-profit organizations. This is of course not to

say that the Data Privacy Act of 2012 finds no application to individuals and

citizens. On the contrary, the units of information supplied by individuals and

citizens in the Philippines comprise the whole, which the Data Privacy Act of

2012 protects. Thus, access to private and personal information belonging to

individuals is covered by its mantle of protection in the same and unyielding

manner as trade secrets held by global conglomerates and multinationals.

Data Privacy Act of 2012 protects all forms of information that are

personal, private or privileged. It covers all persons, whether natural or juridical,

with particular emphasis to companies or juridical entities involved in the

processing of protected information.

It is important to note however, that by its very title, the law only protects

information that is considered private. Information that has been publicly

available or accessible before its enactment continues to the public. The value

that the Data Privacy Act of 2012 adds to the present state of Philippine law is

the manner by which private or confidential information is protected. To be more

specific, the passage of this law has, to a great extent, upgraded the value of

data and its protection in the Philippines. To this end, the law specifies and

38
provides stringent parameters for their access, and imposes grave sanctions,

both penal and pecuniary, for unlawful use or disclosure of information.

As a matter of fact, the Data Privacy Act of 2012 upgraded the pecuniary

liability for a violation of its provisions. Never before has there been pecuniary

liability expressly specified in a law, as high as up to Five Million Pesos

(P5,000,000.00). Moreover, unlike in the past where negligence in handling

confidential information is not met with penal sanction, the Data Privacy Act

punishes negligence in handling information with great severity. Finally, it is only

until its enactment that a large-scale violation of data privacy was defined. It may

be important to state that law imposes the maximum penal sanction where the

personal information of at least one hundred (100) persons is harmed, affected or

involved.1

2. What are the factors affecting the enactment of the National Identification

System in the Philippines?

Human Rights and Privacy Issue

The increasing sophistication of information technology with its capacity to

collect, analyze and disseminate information on individuals has introduced a

1Atty. Norieva D. de Vega, A. K. (2016). Data Privacy in the Philippines. Retrieved November 20,
2017, from Nicolas & De Vega Law Offices: http://ndvlaw.com/data-privacy-in-the-philippines/

39
sense of urgency to the demand for legislation. Furthermore, new developments

in medical research and care, telecommunications, advanced transportation

systems and financial transfers have dramatically increased the level of

information generated by each individual. Computers linked together by high

speed networks with advanced processing systems can create comprehensive

dossiers on any person without the need for a single central computer system.

New technologies developed by the defense industry are spreading into law

enforcement, civilian agencies, and private companies.

According to opinion polls, concern over privacy violations is now greater

than at any time in recent history.2 Uniformly, populations throughout the world

express fears about encroachment on privacy, prompting an unprecedented

number of nations to pass laws which specifically protect the privacy of their

citizens. Human rights groups are concerned that much of this technology is

being exported to developing countries which lack adequate protections.

Currently, there are few barriers to the trade in surveillance technologies.

Civil libertarians and human rights activists reject the idea of a national ID

card based on three reasons: functionality creep, the potential for misuse due to

identity fraud, and the privacy issue. The common denominator that runs

2 Simon Davies "Re-engineering the right to privacy : how privacy has been transformed from a
right to a commodity", in Agre and Rotenberg (ed) "Technology and Privacy : the new landscape",
MIT Press, 1997 p.143.

40
through these arguments is the extent through which the government would hold

power vis--vis its citizens.

According to human rights activists, an ID system can be a double-edged

sword because it can suffer from functionality creep which means it can serve

purposes other than its original intent. Thus, even if the original rationale for an

ID system is simply to cut government red tape, a government may eventually

use it as a mechanism for repression against political opponents or to

discriminate on the basis of race or ethnicity. For instance, as mentioned earlier,

the Rwanda genocide in 1995 was facilitated by the use of ID cards. Newspaper

reports recounted that Rwandans who presented ID cards bearing Tutsi

identification were hacked to death by the Hutu militia.

While supporters claim that ID systems can be legislated to specifically

state the purpose of its implementation, critics believe that this is not a

guarantee. The context or political environment within which ID systems are

implemented is not static, hence the potential for abuse is very great.

The advent of biometrics and microchips technology also has profound

implications. Critics argue that the potential for abuse and invasion of privacy is

even greater with the use of biometrics since it is vulnerable to identity fraud. The

citizen is no longer in control of his personal information. For instance, the

research claims that facial recognition and iris scanning can sometimes be

41
defeated by presenting a picture of someone elses face or iris 3 Activists on the

other hand, are more concerned with information security such as unauthorized

changes to or disclosure of biometric data stored in a central database or on an

identity document 4

Proponents of ID systems on the other hand contend that the use of a

Personal Identification Number (PIN) such as that found in automatic teller

machines enhances data security and enables citizens to have control of the

data they wish to reveal. In addition, they claim that identity fraud and disclosure

can be prevented by investing in technology that will ensure the integrity of the

system and minimize the potential for misuse. They also argue that laws can be

enacted that can establish the rules on access, data storage and disclosure

pertaining to the national database.

Aside from the issue of misuse, ID system opponents believe that the idea

of a government tracking the activities of its citizens violates a citizens intrinsic

right to privacy. They say that a government intruding in the affairs of citizens is

dangerous and has dire consequences for social order. Moreover, the extent of

personal information that will be collected by the government and whether it

really serves a legitimate aim is a cause of alarm to rights activists. Supporters

3 Congressional Research Service (CRS) Report for Congress. Biometric Identifiers and Border
Security: 9/11 Commission Recommendations and Related Issues by Daniel Morgan and
William Krouse, Resources, Science and Industry Division and Domestic Social Policy Division.
February 7, 2005
4 Id.

42
of an ID system, on the other hand, contend that people who do not violate laws

have nothing to hide and should therefore have no reason to fear a government

monitoring their activities.

The goals and methods of privacy protection and of preventing

discrimination overlap in part, differ in part, and may conflict at times. An

awareness of these overlaps, differences, and the potential for conflict is

valuable.

Privacy protection does not primarily seek to prevent discrimination. Many

personal characteristics are used legitimately to distinguish between individuals.

Physicians use age, sex, and racial data to make appropriate choices about

treatment of patients. These choices are not necessarily improper. Merchants

use information about age and credit of customers for transactions that are lawful

and profitable. These activities are not necessarily improper. Government

agencies use personally identifiable information to make decisions about the

allocation of benefits to individuals. These decisions are not necessarily

improper.

Information privacy often seeks to minimize the collection of information as

a general principle. In some cases, data not collected may have consequences

for discrimination goals. For example, a society might prohibit the collection of

handedness information in order to prevent discrimination against left-handed

individuals. Yet without the availability of handedness information, it may be

43
impossible to determine after-the-fact if discrimination occurred anyway. Those

making discriminatory judgments might rely on unrecorded information or on

other information that correlates with handedness in some way.

In some instances, individuals will be improperly classified and treated

unfairly because the information used for classification is wrong. One privacy

standard gives individuals the right to inspect and seek correction of records. An

accurate record may prevent improper discrimination, though this is not always

the case. Having correct information furthers both privacy and discrimination

objectives.

Data protection standards sometimes seek to prevent or minimize the

collection of so-called sensitive information. The European Union places

additional restrictions on the collection of special categories of data, including

data related to racial or ethnic origin, political opinions, religious or philosophical

beliefs, trade-union membership, and health or sex life.5 The Directive does not

make the purpose of the limitations explicitly clear, but limiting collection of data

that many people consider more private may further both pro-privacy and anti-

discrimination goals. In contrast, the US limits the ability of federal agencies to

collect information about an individuals exercise of First Amendment rights (free

speech, religion, free press, assembly, and petitioning the government).6

5 EU Data Protection Directive at Art. 8. Member States can establish other types of sensitive
information.
6 US Constitution, amend. 1, http://www.law.cornell.edu/constitution/billofrights#amendmenti.

44
 A privacy or data protection regime will not be adequate to the task of

reducing the cumulatively disparate impact of autonomous discriminators.

Privacy and data protection regimes focus primarily on the correctness of the

personally-identified information stored within a database. It simply will not be

economically or even technically feasible for data subjects to assess and then

challenge the correctness or accuracy of the data or analytical models used by

sentinels, agents, or environments. 7

Crime Prevention

ID system advocates hail its benefits in combating terrorism, illegal

immigration, crime and tax fraud. Because of the technology and data-driven

nature of todays society, a national ID system could easily track offenders. ID

supporters claim that the notion that citizens are being observed will enhance

public order and as such decrease opportunities for crime. 8 However, opponents

belie this claim. The London School of Economics study on the viability of the

proposed ID system in the United Kingdom points out that the police in

developed countries believe that the lack of identification procedures does not

pose a problem in investigation. It is evidence gathering and prosecution that

7 Oscar Gandy, Engaging Rational Discrimination: Exploring Reasons for Placing Regulatory
Constraints on Decision Support Systems, 15 Ethics and Information Technology 12:2942, 39
(2010).
8 London School of Economics and Political Science. The Identity Project. An Assessment of the

UK Identity Cards Bill and Its Implications. Interim Report. London, March 2005.

45
remain as big obstacles for the resolution of crimes. Nonetheless, using crime

trends across Europe the LSE observed that there are fewer crimes in countries

without ID cards.

In the Philippines as in other countries, the use of Tax Identification

Numbers (TINs) as de facto national ID cards has been proposed to curb tax

evasion and fraud. 9 According to the proponents, this could be used as a base

for an integrated ID system. However, it has been argued that causes of tax

evasion are often deeply rooted in human and organizational issues that

technology may not be entirely capable of solving such as non-declaration of true

assets.10 Hence, although it may expand the tax base in such a way that it will

cover the underground economy, the presence of an ID system will not entirely

solve the many persistent ills of the countrys tax system. In the same vein, it is

safe to assume that if the coverage of ID cards is confined to citizens of a

particular country, then it will not deter foreign nationals from committing

terroristic activities.

Criminals gather personal information by stealing mail, workplace records,

or other information, or they use high-tech methods such as hacking of websites,

fraudulent email (phishing), social media sites, or purchasing information from

companies selling background information about individuals. The criminals use

9 Baviera, J. and Mendoza, A, Jr. Expanding and Enhancing the Usage of the Tax Identification
Number (TIN). December 18, 2002
10 Privacy International Interim Report. Mistaken Identity; Exploring the Relationship Between

National Identity Cards and the Prevention of Terrorism, April 2004

46
the information to open credit accounts, take over existing accounts, obtain

government benefits or services, or in other ways. Identity theft has grown in

volume and cost in recent years. Losses in the United States are uncertain but

total billions of dollars annually.11

While the crime of identity theft is not limited to the United States, much of

the worlds identity theft activity affects Americans. There are many reasons,

including the widespread availability of personally identifiable information about

US citizens, the reliance on Social Security Numbers for credit and identification

purposes, lack of effective privacy laws, and the wealth of the country. Identity

theft is an industry complete with the wholesale buying and selling of personal

data by criminals. The Internet makes it possible for criminals to engage in

identity theft from any place in the world. Today, poorer countries may not be

prime targets for identity thieves, especially those operating via the Internet.

However, this could change as cell phones, bank accounts, and Internetbased

transactions spread. Any personal identification system must consider the

possibility that identity thieves will look for ways to capture and exploit identifying

information.

A national identification database with or without biometric identifiers

may become the target of criminals who want to exploit identity information. It

could also become the target of other governments looking for dissidents,
11Jeffrey Stinson, How much do you make? It'd be no secret in Scandinavia, USA Today, June
18, 2008, http://usatoday30.usatoday.com/news/world/2008-06-18-salaries_N.htm.

47
expatriates, or others. Anyone seeking to destabilize a countrys activities that

rely on an identification system might target that system. The more any single

identification system is used, the greater the vulnerability

Technology Environment: The Use of Biometrics

The rapid advancement in information technology in the past decade has

spawned a new generation of ID systems that are vastly different from its

predecessors. The introduction of biometric ID systems is a case in point.

Biometrics is a state of the art technology that uses physical characteristics of

persons as a means of identification. Developed and used only in the last fifteen

years, biometrics has been used for three purposes: for identity verification,

identity discovery and identity exclusion.12 Unlike traditional identification cards

with photographs of the bearer, biometrics uses the physical characteristics of a

person such as retina, fingerprint or voice.

Biometric technology is not without its limitations. Aside from the

staggering cost, there are conditions that can affect its implementation.

Specifically, some human features used in biometrics change as people age.13 It

also cannot be used by individuals who lack relevant body parts or which have

been damaged by disease or accidents such as those with failing eyesights. It

can also fail in two ways: a false positive and a false negative. False negative
12
Supra Note 41.
13
Supra Note 42

48
occurs when an ID system scanner yields a negative result in matching the

identity of the person and his biometrics when in fact there is a real match. Thus,

if this happens in criminal investigations, the real perpetrator may go scot-free if

authorities purely rely on the scanners findings. False positive occurs when a

persons biometrics incorrectly matches those of another persons. This usually

results in the persons being wrongly accused of committing crimes.

Computer security measures as well as other standard physical and

process security measures offer protections against misuse of identification

information. Biometric identification systems may be subject to the same threats

as other identification systems, with the important exception that it may be

impossible to reissue an individuals compromised biometric identifier. Unless a

systems security is perfect a seemingly unattainable goal any identification

system must be capable of reissuing an identifier following compromise of the

original number or biometric.

Privacy concerns are surfacing as incorporating biometric features in

national identification programs has rapidly increased. While biometric features

have the potential to strengthen national security and surveillance, they may also

impinge on existing privacy rights of citizens, raising questions on how to

safeguard citizens from abuse. 14 Four countries report privacy challenges

14Malik, T. (2014). Technology in the Service of Development: The NADRA Story. Center for
Global Development. Retrieved 20 November 2017, from
<http://www.cgdev.org/publication/ft/technology-service-development-nadra-story>

49
(China, India, Philippines, and Sri Lanka), though evidence suggests a general

concern over the potential for abuse rather than concrete examples of privacy

violations. In China, for example, we find evidence of concern over the increased

ability for police to track citizens movements and monitor political and religious

dissidents, with fears that information linked to the ID program can be used to

target or arbitrarily detain certain groups.15 Many countries are adopting

accompanying data protection laws along with their ID programs to address

privacy concerns relating to widespread and easy access to personal information

across government agencies. Certain programs have implemented targeted

security measures concerning information access and citizen privacy. For

example, strict clearance levels are required to access the UID database in India

and software has been put in place by NADRA in Pakistan that allows citizens to

see what organizations or individuals have accessed their data.16 While these

systems have the potential to address some concerns over citizen privacy and

information abuse, we do not find supporting evidence that these measures have

changed public perception on the security of information and privacy within their

respective countries.

The most controversial form of biometrics -- DNA identification -- is

benefiting from new scanning technology which can automatically match DNA

15 Chen, D. (2003). China Readies Super ID Card, a Worry to Some. The New York Times.
Retrieved from <http://www.nytimes.com/2003/08/19/world/china-readies-super-id-card-aworry-
to-some.html>.
16 Id.

50
samples against a large database in minutes. Police forces in several countries

such as the United States, Germany and Canada are creating national

databases of DNA. In the United Kingdom and the U.S., police have been

demanding that all individuals in a particular area voluntarily provide samples or

face being placed under scrutiny as a suspect.

Cost Estimates

The huge cost entailed in implementing an ID system is the usual

constraint faced by countries, especially those from the developing world such as

the Philippines. It is estimated that implementing an ID system in the Philippines

would cost P1.6 billion, according to computations by the Office of

Representative Teddy Casio. However, this is a conservative estimate

considering that the proposal covers only the labor force. Moreover, the estimate

covers only the cost of the ID and does not include the administrative costs such

as the maintenance of the database, cost of registration, and the funds

necessary to fix the unconsolidated databases of government employees. 17

Some proposals in the Senate offer conservative budgetary allocation for an ID

system ranging from P20 million to P500 million. Even the cost of implementing

EO 420 is not clear. What it says is that the budget will be sourced from budgets

17Government of the Philippines, World Bank and Asian Development Bank.2003. Philippines:
Improving Government Performance: Discipline, Efficiency and Equity in Managing Public
Resources.

51
of participating agencies. Ensuring effective implementation and the integrity of

an ID system will require huge costs. The government should have a firm cost

estimate for this project if it is bent on making an ID system work. Based on other

country experiences, the cost can be prohibitive for a cash-strapped government.

In the United States alone, the cost estimate of their ID system is about $17.4

billion within its ten-year phased implementation. 18 Ultimately, the cost of an ID

system depends on the level of technology, the coverage and system

specifications.

The most common financial and capital challenges are associated with

delays or indefinite suspensions in enrollment and production (Cambodia

National ID, Cote dIvoire, Malawi, Tanzania, and Uganda). The National

Registration and Identification program in Malawi experienced a one-year delay

until it was allocated additional funding from the national budget 19, while the

program in Cote dIvoire was repeatedly suspended due to insufficient funds to

deploy and pay the technical enrollment teams. 20 Beyond the initial costs

incurred, countries must be able to further bear the ongoing costs associated

with data management, security, and continual enrollment. Cambodias IDPoor

18 French, Angela. Real ID: Big Brother Could Cost Big Money, Citizens Against Government
Watch (CAGW). October 17, 2005.
19 Chilunga, Z. (2015, June 23). Goodall adjust Malawi budget to K930bn: To meet Judiciary,

Education demands.
20 The Carter Center. (2013). Voter Identification Requirements and Public International Law: An

Examination of Africa and Latin America. The Carter Center. Retrieved from
<https://www.cartercenter.org/resources/pdfs/peace/democracy/des/voteridentificationrequiremen
ts.pdf>.

52
program saw great success with initial enrollment in part through partner financial

support, but faces uncertainty in the funding needed to maintain systematic

coverage long-term (Cambodia Ministry of Planning, n.d.). Countries may also

face challenges with the costs of training and building labor and technical

capacity for implementing and managing ID programs. Cost challenges extend

beyond operational delays and we find evidence that limited financial resources

affect the relative ability of a country to negotiate the details of national

identification program design, as seen in three countries (Mozambique, Niger,

and Uganda). While technology costs are falling, developing identification

systems with biometric technology is costly.21 Mozambique entered a

controversial and reportedly disadvantageous contract with the private firm

Semlex, speculated to have been driven by financial constraints forcing the

country to outsource card development. Niger also reported abandoned biometric

features in their voter registration cards due to their cost, despite a consensus

that it would be a more reliable option to ensure fair elections. 22

There is much disagreement over how much establishing and

implementing a national identification system would cost. Those who oppose

such a system say a national identification card would cost billions of dollars to

21 Gelb, A., & Clark, J. (2013). Identification for Development: The Biometrics Revolution. CGD
Working Paper 315. Washington, DC: Center For Global Development. Retrieved from
<http://www.cgdev.org/content/publications/detail/1426862>.
22 University of Florida. (2015). Voter Identification and the Electoral Lists: Burkina Faso.

TransSaharan Elections Project. Retrieved 20 August 2015, from

<http://sahelresearch.africa.ufl.edu/tsep/themesissues/voter-identification/burkina-faso/>.

53
administer, and that a system able to reliably identify forged cards would be

particularly expensive. The Social Security Administration has estimated that

creating counterfeit resistant Social Security cards would cost $4 billion. 23 The

ACLU says the cost of such a system has been estimated at as much as $9

billion. Simple smart cards cost $10-$35 a person.24 The costs of a national

system would include paying for card readers, staff and overhead, essentially,

opponents argue, creating a new bureaucracy to administer the system. Even

implementing a biometric identification system just for immigrants would be

costly. For example, the reader machines that the INS currently uses to scan

laser visas used by some Mexican immigrants cost $2,400 each.25 Foreign

tourists, workers and students enter this country more than thirty million times

every year, so the cost of issuing the cards and assembling the databases could

be enormous. Moreover, integration of the databases of the various government

agencies would cost a great sum as well, given their current state of disconnect.

However, supporters say a national identification card system would not be

expensive. Gartner Group, a technology research and consulting company, says

that a card might cost $8 per person and a commercial reader $50 (If a card were

to be issued for every American, this would translate to a cost of at least $2

23 Testimony of ACLU Legislative Counsel Katie Corrigan for the Subcommittee on Government
Efficiency, Financial Management and Intergovernmental Reform on the Establishment of a
National ID Card System, November 16, 2001
24 Lorraine Woellert, National Ids Wont Work, Business Week, November 5, 2000, p. 90.
25 Jonathan Peterson, High Tech, Low Effort at INS; Security: Critics Say the Agency Should

Have Improved Its ID Procedures Long Ago, Los Angeles Times, November 19, 2001, p. A1.

54
billion for the cards).26 This, supporters say, is a reasonable expense for greater

security. The cost of the effects of a terrorist attack must also be taken into

consideration when undertaking any analysis of the cost issue. The World Trade

Center attack cost New York City dearly; while still not entirely known, it is

certainly in the many billions of dollars. Cost estimates of systems used in other

countries vary widely, and are greatly affected by what they take into account.

The UK Governments Informational Technology Center said that a national

smart card would cost between five and eight pounds ($5$11) each, but this

figure did not include such costs as administration and compliance. The Home

Secretary at that time estimated the cost would be double this amount.27

Administrative Efficiency

A "Golden Rule" of informational privacy is that information collected by

the government for one purpose should not be used for another purpose without

the consent of the person to whom such information pertains.

The most commonly used reason for having a national ID system is that it

reduces government red tape and makes the delivery of public services more

efficient. An ID system is particularly useful in public transactions involving a

huge segment of the population such as voting and benefits availment. Studies

however argue that an ID system may in fact disenfranchise a significant

26 Paul Magnusson, Yes, They Certainly Will, Businessweek, November 5, 2001, p. 90.
27 Identity Cards Frequently Asked Questions, Privacy International, August 24, 1996.

55
segment of the population. According to Demos, a public interest group in the

US, a state law requiring voter identification based on drivers license in Indiana,

Georgia and Arizona resulted in the disenfranchisement of people who do not

possess motor vehicles or do not drive such as the disabled and the elderly. 28 It

is also difficult to see how an ID system can minimize fraud in voting and social

security benefits availment if the endemic problems of the bureaucracy

(overlapping of functions, lack of careerism, etc.) are unresolved. Interestingly,

New Zealand, the country that is regarded as having one of the most efficient

bureaucracies in the world, has no ID system in place.

The security safeguards principle is a high level statement that personal

data should be protected by reasonable security safeguards. The principle

specifies the need for protections against loss, unauthorized access, destruction,

use, modification, or disclosure. Concerns about identity theft suggest that record

keepers bear a significant burden of protecting their data subjects from being the

subject of criminal activity. Because security requirements vary over time and

technology, the principle goes no further than generalities.

Legal and Policy Environment

Aside from budgetary issues, the legal and policy environment must be

adequately prepared to implement an ID system. In the Philippines the 1987

28 Demos. Statement in Opposition to a Natonal Voter Identification Card.
http://www.demos.org/ pate337.cfm

56
Constitutions concept of privacy leans more on the citizens right to privacy in

ones abode than privacy of ones personal information. The only laws that can

be cited that somehow protects citizens against government intrusion in ones

affairs are the decades-old Bank Secrecy and Anti-Wiretapping laws. Hence,

should the government proceed with the planned ID system, Congress should

pass a Privacy Law similar to that in the United States and a Data Protection Act

such as in the United Kingdom to protect citizens rights over their personal

information.

The use of an identification system can, but need not, create detailed

usage or transaction records. Consider an ID card that a user presents to engage

in a transaction or activity that is reported to a central database. The central

database may keep a record each time it receives a request for identification.

Depending on how those records are maintained, the file for each individual

could reveal each time the individual obtained benefits from a government

agency, patronized a merchant, used a credit card, received health care,

withdrew money from an automated teller machine, borrowed a book from a

public library, accessed the Internet, used public transportation, or engaged in

any other activity that relied on verification of identity. The record would not only

show the activity possibly include a variety of details about the transaction,

such as amount withdrawn from an ATM but the time and location when the

activity occurred. The resulting centralized file would provide a detailed history of

57
each individuals activities, perhaps over an extended period. That type of

identification system with its comprehensive activity records would constitute a

surveillance system.

For many individuals, a detailed transaction history may be a matter of

limited concern most of the time because their activities are routine and

mundane. However, political figures, celebrities, journalists, law enforcement

agents, military members, judges, dissidents, refugees, and other classes of

users may feel differently. For some, a compiled transaction history may become

fodder for political campaigns, personal enemies, blackmailers, newspapers,

police, government security monitors, and others.

Other Issues

Meanwhile, the level of computerization in most Philippine government

agencies is low. This can be gleaned from a recent study by the National

Computer Center (NCC) on the use of information technology in government

agencies. The study showed that as of 2003, 50 percent of national government

agencies still use dial-up connections. Others still use outdated software.

Moreover, only 14 percent of government offices use Pentium 4 computers. The

study also showed that networking among government agencies is still not

58
prevalent.29 As such, it is unimaginable how a proposed ID system which

presupposes huge investments in information technology can even be thought of

at this time.

Moreover, according to the National Statistics Office (NSO), ten percent of

Filipino children are unregistered or do not possess birth certificates. This is a

perennial problem that can pose a big constraint to a planned ID system as this

would marginalize millions of Filipinos. The implications of the proposal to the

welfare of indigenous people who often lack identification should also be looked

into.

Congress should not set us on a track that would undermine our privacy,

threaten equality, and challenge our very understanding of freedom. The ACLU

strongly believes that our country must be safe, but security measures must be

effective and need not come at the cost of our fundamental liberties. Congress

should reject national identification systems in any form.

3. Based on jurisprudence, is national identification system violates the

constitutional right of a person against right to privacy.

The recent talks on reviving the plan to implement a national identification

(ID) system bring back the case of, Ople vs. Torres, the Supreme Court struck

29National Computer Center. Information and Communication Technology (ICT) Resources

Survey 2002-2003, June 30, 2003.

59
down Administrative Order 308 which seeks to implement the National

Computerized Identification Reference System.

Ople vs. Torres (G.R. No. 127685, 23 July 1998, penned by Chief Justice

Reynaldo Puno)

In 1996, President Fidel Ramos issued Administrative Order No. 308,

entitled Adoption of a National Computerized Identification Reference System,

the pertinent portions of which reads:

ADOPTION OF A NATIONAL COMPUTERIZED IDENTIFICATION

REFERENCE SYSTEM

WHEREAS, there is a need to provide Filipino citizens and foreign

residents with the facility to conveniently transact business with basic service and

social security providers and other government instrumentalities;

WHEREAS, this will require a computerized system to properly and

efficiently identify persons seeking basic services on social security and reduce,

if not totally eradicate, fraudulent transactions and misrepresentations;

WHEREAS, a concerted and collaborative effort among the various basic

services and social security providing agencies and other government

instrumentalities is required to achieve such a system;

60
 NOW, THEREFORE, I, FIDEL V. RAMOS, President of the Republic of

the Philippines, by virtue of the powers vested in me by law, do hereby direct the

following:

SECTION 1. Establishment of a National Computerized Identification

Reference System. A decentralized Identification Reference System

among the key basic services and social security providers is hereby

established.

xxx

SEC. 4. Linkage Among Agencies. The Population Reference Number

(PRN) generated by the NSO shall serve as the common reference

number to establish a linkage among concerned agencies. The IACC

Secretariat shall coordinate with the different Social Security and Services

Agencies to establish the standards in the use of Biometrics Technology

and in computer application designs of their respective systems.

A.O. 308 involves a subject that is not appropriate to be covered by an

administrative order and usurps the power of Congress to legislate Congress is

vested with the power to enact laws, while the President executes the laws. The

Presidents administrative power is concerned with the work of applying policies

and enforcing orders as determined by proper governmental organs. An

administrative order refers to acts of the President which relate to particular

61
aspects of governmental operation in pursuance of his duties as administrative

head shall be promulgated in administrative orders. An administrative order is an

ordinance issued by the President which relates to specific aspects in the

administrative operation of government. It must be in harmony with the law and

should be for the sole purpose of implementing the law and carrying out the

legislative policy.

A.O. No. 308 establishes for the first time a National Computerized

Identification Reference System. It does not simply implement the Administrative

Code of 1987. This administrative order redefines the parameters of some basic

rights of the citizenry vis-a-vis the State, as well as the line that separates the

administrative power of the President to make rules and the legislative power of

Congress. It deals with a subject that should be covered by law.

A.O. No. 308 violates the right to privacy

In striking down A.O. 308, the SC emphasized that the Court is not per se

against the use of computers to accumulate, store, process, retrieve and transmit

data to improve our bureaucracy. The SC also emphasized that the right to

privacy does not bar all incursions into the right to individual privacy. This right

merely requires that the law be narrowly focused and a compelling interest

justifies such intrusions. Intrusions into the right must be accompanied by proper

safeguards and well-defined standards to prevent unconstitutional invasions.

62
 The right to privacy is a constitutional right, granted recognition

independently of its identification with liberty. It is recognized and enshrined in

several provisions of our Constitution, specifically in Sections 1, 2, 3 (1), 6, 8 and

17 of the Bill of Rights. Zones of privacy are also recognized and protected in our

laws, including certain provisions of the Civil Code and the Revised Penal Code,

as well as in special laws (e.g., Anti-Wiretapping Law, the Secrecy of Bank

Deposit Act and the Intellectual Property Code).

The right to privacy is a fundamental right guaranteed by the Constitution.

Therefore, it is the burden of government to show that A.O. 308 is justified by

some compelling state interest and that it is narrowly drawn. The government

failed to discharge this burden.

A.O. 308 is predicated on two considerations: (1) the need to provide our

citizens and foreigners with the facility to conveniently transact business with

basic service and social security providers and other government

instrumentalities and (2) the need to reduce, if not totally eradicate, fraudulent

transactions and misrepresentations by persons seeking basic services. While it

is debatable whether these interests are compelling enough to warrant the

issuance of A.O. 308, it is not arguable that the broadness, the vagueness, the

over breadth of A.O. 308, if implemented, will put our peoples right to privacy in

clear and present danger.

63
 The heart of A.O. 308 lies in its Section 4 which provides for a Population

Reference Number (PRN) as a common reference number to establish a linkage

among concerned agencies through the use of Biometrics Technology and

computer application designs. Biometry or biometrics is the science of the

application of statistical methods to biological facts; a mathematical analysis of

biological data. The methods or forms of biological encoding include finger-

scanning and retinal scanning, as well as the method known as the artificial

nose and the thermogram. A.O. 308 does not state what specific biological

characteristics and what particular biometrics technology shall be used.

Moreover, A.O. 308 does not state whether encoding of data is limited to

biological information alone for identification purposes. The Solicitor Generals

claim that the adoption of the Identification Reference System will contribute to

the generation of population data for development planning is an admission that

the PRN will not be used solely for identification but for the generation of other

data with remote relation to the avowed purposes of A.O. 308. The computer

linkage gives other government agencies access to the information, but there are

no controls to guard against leakage of information. When the access code of the

control programs of the particular computer system is broken, an intruder, without

fear of sanction or penalty, can make use of the data for whatever purpose, or

worse, manipulate the data stored within the system.

64
 A.O. 308 falls short of assuring that personal information which will be

gathered about our people will only be processed for unequivocally specified

purposes. The lack of proper safeguards in this regard of A.O. 308 may interfere

with the individuals liberty of abode and travel by enabling authorities to track

down his movement; it may also enable unscrupulous persons to access

confidential information and circumvent the right against self-incrimination; it may

pave the way for fishing expeditions by government authorities and evade the

right against unreasonable searches and seizures. The possibilities of abuse and

misuse of the PRN, biometrics and computer technology are accentuated when

we consider that the individual lacks control over what can be read or placed on

his ID, much less verify the correctness of the data encoded. They threaten the

very abuses that the Bill of Rights seeks to prevent.30

30
Ople vs Torres, G.R. No. 127685 July 23, 1998

65