National ID System

The National ID Debate:

Is the Philippines Ready?

Foundation for Media Alternatives

 

Introduction

In March 2016, the Philippines made headlines when the personal data of around 55 million registered voters were leaked online. In the wake of the controversy, discussions on security and privacy resurfaced among legislators and the public. Among those taken up were relevant policy proposals, like the establishment of a national identification (ID) system.

A national ID system is a State apparatus often used to verify the identities of individuals who avail of public services or engage in certain public transactions.[1] Under a typical system, a person is assigned an ID number at birth or upon reaching the legal age. It usually covers a country’s citizens, although resident foreigners have also been included from time to time.

The experience of countries that have adopted such a system shows varying outcomes—not all, suffice to say, turned out okay.

The first ID systems were instituted for the purpose of identifying and eventually discriminating against people of minority ethnicities, politics, or religions.[2] Consider the ancient civilization of Babylon, which, around five millennia ago solved its problem of having to identify the slaves in its capital by tattooing or branding the face or back of their hands.[3] Since then, ID cards have been used for purposes ranging from the enforcement of a quota system to the implementation of stricter border control, including social engineering efforts on populations subject to various levels of State surveillance.

Today, they are used for a number of reasons, the most visible of which is the provision of government services and the management of public and private transactions. The idea is that a national ID, as an effective authentication mechanism, can help improve service delivery by addressing societal exclusion issues brought about by the lack of or shortage in official identification documents.[4] Such notion, however, does not address the reality that’d systems are also used by those in power to exercise control, particularly over vulnerable or under-served populations.[5]

In the United Kingdom, the government enacted the Identity Cards Act in 2006, which made use of a biometric-based identity card. The system called for the creation of a centralized National Identity Register which stored vast amounts of personal data, including biometric information. Four years later, the law was repealed, leading to the permanent cancelation of the identity scheme. One reason cited for the law’s failure was its supposed fixation on collecting biometric data despite having no clear underlying purpose or use. For critics, it was all just “one massive data collection exercise “that offered little to no benefit to the people.[6]

India’s experience is different but no less problematic. Its Aadhaar Project is perhaps the most commonly cited “success story” among national ID systems. Managed by the Unique Identification Authority of India (UIDAI), it was established mainly to deliver key government services to the people. For some observers like the World Bank (WB), Aadhaar may be considered a transformational tool in empowering the poor and underprivileged. It has led to the creation of a digital infrastructure through which social and financial transfers can take place.[7]Not everyone, however, are convinced. Researchers Kevin Donovan and Carly Nyst, for instance, note how, even with national IDs, marginalized Indians still find formal banking difficult. Without significant reforms, they feel that Aadhaar and other ID infrastructures will simply become tools of age-old discrimination.[8]Recent developments seem to confirm such reservations: (a) the Project is now being associated with function creep, or the use of a tool or system for purposes or functions that go beyond its originally stated goals and purpose[9](b) various groups are also concerned about the maintenance of the system being outsourced; (c) a 2018 report noted that it only takes500 Rupees and 10 minutes to gain access to the Aadhaar database.[10]

National ID and the Philippines

For the Philippines, one of the earliest attempts to establish a universal ID scheme was in 1973when President Ferdinand Marcos signed Presidential Decree No. 278, which called for a National Reference Card System and the creation of a National Registration Coordinating Committee. It sought to replace all existing identification systems prescribed by government agencies with a single National Reference Card, covering not only Filipinos but also the country’s resident foreigners. None of these plans materialized.

More than two decades later, in 1996, President Fidel Ramos issued Administrative Order (AO) No. 308, which the mandated the adoption of a National Computerized Identification Reference System. The issuance was challenged before the Supreme Court and did not see the light of day. It was stricken down on several grounds, including its violation of privacy rights. The AO, according to the Court, failed to establish proper parameters (e.g., specific biological characteristics that will be collected, particular biometrics technology that will be used, etc.), thereby posing a significant threat to the right to privacy by making it easy to misuse or abuse the accumulated personal data.

In 2005, it was President Gloria Macapagal-Arroyo’s turn to try her luck. She issued Executive Order No. 420, which sought to harmonize and streamline the ID systems of all government agencies and government-owned and –controlled corporations through a unified multi-purpose identification (UMID) scheme. Like Ramos’s AO, the validity of the Order was also questioned via a court petition.[11]This policy, however, came out of the debacle unscathed. Ruling favorably, the Court noted that it sets adequate limits to data collection, and even provides strict safeguards to protect their confidentiality. It also doesn’t give government agencies any additional data collection powers.

Meanwhile, in Congress, legislators in both chambers have long toyed with the idea of establishing the country’s first national ID system. And thus far, the current (17th) Congress appears to have the best chance of making it real.

In the Senate, four bills have been filed as of this writing, all lodged within a span of three months.[12]These are now being taken up in a Technical Working Group that is set to produce a consolidated version of the different proposals. By comparison, three bills were filed in the Senate in the previous Congress, and none of them went beyond committee level discussions.

At the House of Representatives, national ID proposals usually meet little to no opposition. Things are no different in this Congress, with House Bill No. 6221—already a consolidated bill—having already been approved on third and final reading, and transmitted to the Senate. In the previous (16th) Congress, House Bill No. 5060 was also passed on third and final reading with only one negative vote. Shortly thereafter, however, the Office of the President clarified that the proposal was not a priority of the administration.

The following table provides outlines the salient features of the two consolidated national ID bill spending before Congress:

KEY FEATURES HB 6221 SB (TWG Version as of

February 08, 2018)
Title Filipino Identification System Philippine Identification System
Coverage/Scope Filipinos who are at least 18 years old 1.        All Filipinos

2.        All residents of the Philippines, including citizens of foreign countries residing in the country for an aggregate period of more than 180 days during any calendar year
Components 1.        Common Reference Number (CRN)

2.        Filipino Identification Card (FilID)

3.        Filipino Citizen Registry

 1.        PhilSys Number (PSN)

2.        Philippine Identification Card (PhilID)

3.        PhilSys Registry
Data Entries at least 35, including biometric information:

·         10 on the face of the card

·         19 stored in the smart chip of the card

·         35 in the database

“Pertinent authorities” are allowed to require other information “for the purpose of attaining the objectives of the FilSys”

 10 only, including biometric information:

·         5 on the face of the card
Definition of Biometric Information Data about a person’s external characteristics or quantitative analysis that provides a positive identification of an individual such as voice, photograph, fingerprint, signature, iris, palm, or such other identifiable feature captured by a device called Data Capture.

1.        Left primary finger code

2.        Right primary finger code

3.        Left backup finger code

4.        Right backup finger code

5.        Facial image exception code

 Facial image, fingerprint, and iris scan of an individual.

1.        Facial image

2.        Full set of fingerprints

3.        Iris scan
Implementing Agencies 16 government agencies, with the Philippine Statistical Authority managing, maintaining, and administering the database.

 

The Department of Information and Communications Technology (DICT) provides technical assistance.

 

The National Privacy Commission (NPC) provides technical assistance.

 

Access is restricted to the implementing agencies, subject to the appropriate clearance, and limited only to the extent necessary for the performance of their respective functions relative to the FilSys.

 Philippine Statistical Authority

 

 

 

 

 

The DICT provides technical assistance.

 

 

PhilSys Policy and Coordination Council, which has at least 13 members. The Council can modify or expand its membership, as necessary.
Use/s of the ID Official government-issued identification document of the cardholder when dealing with national government agencies, local government units, government -owned and -controlled corporations (GOCCs) and government financial institutions (GFIs).

 

 

 

In transactions requiring proof or verification of a Filipino citizen’s identity or personal circumstances, such as in the performance of the following acts:

 

1.        Acknowledging any document before a notary public

2.        Taking an oath of office upon election or appointment to any position in the government service;

3.        Applying for and receiving any license, certificate or permit from any public authority;

4.        Paying any tax or fee, receiving any money sourced from any public fund; and

5.        Entering into any other transaction with a government agency or office.

 Official government-issued identification document of cardholders in dealing with all national government agencies, local government units (LGUs), government-owned or controlled corporations (GOCCs), government financial institutions (GFIs), and all private sector entities.

 

 

In transactions requiring proof of identity and proof of address, such as, but not limited to:

 

1.        Application for eligibility and access to social welfare and benefits given by the government, including but not limited to those provided to under Section 82 of Republic Act No. 10963;

2.        Application for services and benefits offered by GSIS, SSS, PhilHealth, HDMF, and other government agencies;

3.        Transactions with any government agency;

4.        Voting identification;

5.        Securing tax identification number and other tax-related transactions;

6.        Admission to any government hospital, health center or similar institution;

7.        Application for admission in all schools, colleges, learning institutions and universities, whether public or private;

8.        Opening of bank accounts and other transactions with banking and financial institutions;

9.        Applications for passports; and

10.     Other similar transactions or uses that may be defined in the implementing rules and regulations.
Protection Against Unauthorized Disclosures, Sharing, or Publication of Registered Data No person may disclose, collect, record, convey, disseminate, publish, or use any personal data registered with the FilSys, give access thereto or give copies thereof to third parties or entities, except in the following circumstances:

 

1.        When the holder of the FilID expressly authorizes the disclosure of such information to a third person, entity, or agency;

2.        In case of accident, disaster or fortuitous events, when information on the medical history of the holder such as the blood type or special medical needs or other relevant information are needed by medical institutions and health service workers;

3.        When the interest of public health or safety so requires; or

4.        Upon the order of any competent court.

 No person may disclose, convey, disseminate, publish, or use any information of registered persons, give access thereto or give copies thereof to third parties or entities, except in the following instances:

 

 

1.        When the registered person provides express consent;

2.        When the interest of public health or safety so requires; and

3.        Upon the order of any competent court.
Private entities required to accept ID as proof of identity, without requiring additional documents YES YES
Effect of Failure to Present the Card If transacting business with the government, biometric data shall be accepted.

 

Failure to present the card shall not be a ground to deny or limit the grant of basic government service, as long as the transaction allows the non-presentation of the FilID.

 Silent. It may be inferred, however, that an individual may simply present his/her ID Number and allow his biometric information to be collected for authentication.
Punishable Acts 1.        Use of false information in applying for a FilID, or the procurement of a card through fraud, and the subsequent use of the card in a legitimate transaction

2.        Willful and unjustified refusal to accept, acknowledge, or recognize the FilID as the only official identification of the owner

 1.        Refusal to accept, acknowledge and/or recognize the PhilID as the only official identification of the holder/possessor, without just and sufficient cause

2.        Use of the PhilID in an unlawful manner or to commit a fraudulent act or for an unlawful purpose

3.        Willful submission of or causing to be submitted a fictitious name or false information in the application, renewal, or updating in the PhilSys

4.        Unauthorized printing, preparation, or issuance of a PhilID

5.        Willful falsification, mutilation, alteration, or tampering of the PhilID

6.        Except for the one to whom it was issued, use or unauthorized possession of a PhilID without any reasonable excuse, or the possession of a fake, falsified, or altered PhilID

7.        willful transfer of the PhilID or the PSN to any other person

8.        accessing the PhilSys without any authority

9.        willful use or disclosure of data or information

10.     For officials, employees or agents who have the custody or responsibility of maintaining the integrity of the PhilSys:

a.        malicious disclosure or processing of data or information

b.       providing access to the System or allowing the processing or disclosure of any data or information therein without any authority from the law, due to negligence

 

Analysis

Unlike other measures proposed or at least backed heavily by law enforcement authorities and national security agencies, a national ID debate is more difficult to traverse for rights advocates given its ability to boast of some inherent virtues that are markedly absent among its peers. The more commonly cited benefits include the following:

  1. Better delivery of and access to government services. That a good universal ID system can improve efficiency and reduce cost both to the government and citizens of the delivery of and access to public services remains the most invoked reason for supporting such a system. There is no denying that an identification problem can exclude one from much-needed social service programs.
  2. Financial Inclusion. Economic experts and other authorities also note the potential of having an ID system address the country’s financial inclusion challenges. Here in the Philippines, it has been suggested that a national ID could enable unemployed Filipinos who typically do not have access to other IDs to avail of financial and banking services.[13]
  3. Law enforcement. Governments also see ID systems important when fighting terrorism and various crimes like illegal immigration and identity fraud. In 2016, when a commercial bank became involved in an $81M money laundering case, government agencies echoed calls for the establishment of a national ID system in order to prevent similar incidents in the future.[14]
  4. Public Safety. A centralized database can also prove useful during national emergencies, calamities, and other public safety concerns. When the MERS (Middle East respiratory syndrome) virus broke out in 2014, the Department of Health found it difficult to track down the other passengers of an airliner that had a Filipino who tested positive for the virus. The Health Secretary then stated it would have been easier if they had an extensive database of Filipinos to help them in their search.[15]
  5. Social Inclusion. National IDs are also believed to promote social inclusion by providing official identification for individuals that usually have no access to such documents.[16]

Resistance to the introduction of an ID system also proceeds from a number of issues. The backlash surrounding similar proposals in other jurisdictions has sometimes been so great that countries like Australia, New Zealand, and the US steer away from introducing national ID cards at least in the near term. Other concerns include:

  1. Surveillance and Privacy Rights Violations. A national ID system gives any government unprecedented access to a huge cache of its citizens’ personal data. That is quite possibly the greatest danger it poses in any given society, no matter how strong the safeguards a country’s constitution or statutes offer against its potential abuse or misuse. For the American Civil Liberties Union (ACLU), use of an ID system inevitably leads to the normalization of the surveillance of citizens, and this will almost always promote discrimination and harassment in the long run.[17]This point is all too real for local rights advocates and activists who are afraid that such a system could be used to compile information on political opposition and other parties critical of the administration.[18]At the House of Representatives, the seven lawmakers who opposed the current proposal highlighted how the system poses a threat to the right to privacy of Filipino citizens. Representative Emmi de Jesus, in particular, cautioned against the provision allowing for the collection of other information determined by participating government agencies, to wit:

“This is alarming, especially in the context of the non-stop extrajudicial killings among peasants, political activists, indigenous peoples, and even the current controversial murder of poor Filipinos in the name of the war on drugs. An unlimited expanse of personal data placed in the hands of a regime that relies heavily on dictatorship and fascist methods can only mean intensified surveillance and state profiling, which might even lead to more killings […] Enabling a fascist, big brother state to collect and centralize sensitive personal information about its citizens will never solve the basic ills of social services delivery.”[19]

  1. Infringements of Other Civil Liberties. Privacy violations are usually a precursor to graver human rights abuses. Accordingly, any government with the ability to keep tabs on its population via an ID system will necessarily have the ability to shift to other more oppressive acts, such as cracking down on free speech, freedom of assembly, and other related rights.
  2. Doubts over Effectiveness Against Crime and Terrorism.A national ID system is just one item in a familiar wishlist readily given by governments when asked what they need to help contain or eradicate crime and threats against the State. Time and again, however, they fail to produce substantial evidence showing just how effective these measures are. Here in the Philippines, a 2005 report by the Senate Economic Planning Office noted the absence of any proof that a national ID system increases security against terrorism. Citing a report by Privacy International, it admitted that 80% of the 25 countries affected by terrorism from 1986 to 2004 actually had identity card systems in place, with a third of them employing biometrics technology.
  3. Function Creep. Described earlier as the use of a tool or system for purposes beyond those originally declared, function creep will always pose a risk to the privacy of individuals registered in an ID system. In the draft bill currently pending at the Philippine Senate, the protection against unlawful disclosure of registered information do not apply when the additional use is required by the “interest of public health or safety”. Who gets to make such determination is not stated, making it prone to abuse by any number of government agencies or officials with their own vested interests.
  4. Costs. A key concern, particularly for government agencies expected to shoulder the responsibility of implementing an ID system, is cost. Many observers believe that identity management programs are inherently expensive and require significant financial commitment from the government in order to work. For 2018, the Philippine government has allotted PhP2 billion to the Philippine Statistics Authority to prepare for the rollout of a domestic ID system.[20]
  5. Data Security. Another issue often raised relates to the ability of the government to protect data under its control or custody. In the local scene, the Comelec incident only served to reinforce public perception that the government is incompetent or poorly equipped to manage and maintain a secure information system. If it is incapable of protecting a voter registration database, how can it be expected to fare better when handling a bigger and more complex system?
  6. Technical Complexity and Logistical Issues. Apart from cost, a number of other factors make an ID system difficult to implement. This is particularly true in countries where IDs and other documents can be fraudulently acquired quite easily (i.e., the Philippines).These factors include:(a) migration; (b) distance from and access to registration centers by citizens and residents; and (c) ill-equipped and unprepared registration centres.

Conclusion

National ID systems everywhere are always immersed in controversy. This trend is poised to continue given the growing interest by governments in their potential uses. For the different stakeholders, the challenge has always been finding the proper balance between upholding legitimate State interests and those of the individual—the right to privacy being only one of them.

To those keeping a close watch on the impact of ID systems on privacy rights, one positive development these past few years here in the Philippines has been the passage of the country’s first comprehensive data protection law: Republic Act No. 10173, also known as the Data Privacy Act of 2012 (DPA). The law provides numerous legal safeguards that ensure the security and protection of personal data.

With the DPA, all debates surrounding an ID proposal must now be properly guided by the principles and standards enshrined in the law. The need for such a system must now be pitted against the dangers its poses and the data security measures prescribed by the DPA. More importantly, if the proposal were to garner Congressional approval, adopting a “privacy by design” approach and appropriate accountability mechanisms naturally becomes imperative.

That said, one cannot simply rely on the DPA to keep any national ID system in check. Any privacy advocate worth his or her salt knows that a significant degree of caution is called for especially during these troubling times. One should be constantly wary of any effort or measure that aims to give more power to an administration that already has a stranglehold over all three branches of government. Giving it also an identity management scheme to tinker with may already be one measure too many.

 

[1] Senate Economic Planning Office (2005), National Identification System: Do We Need One?

[2] Privacy International (1996) as cited in Senate Economic Planning Office (2005).

[3]Ketan Mukhija and Yugank Goyal, National Identity Cards: A Step Towards “Better” Governance? Center for Civil Society, New Delhi, Summer Internship Programme, 2005, p. 3.

[4] Alan Gelb and Julia Clark (2012), Building a Biometric National ID: Lessons for Developing Countries from India’s Universal ID Program

[5] Privacy International (2018). Identity Policies: The Clash Between Democracy and Biometrics. Retrieved from: https://privacyinternational.org/node/1100

[6] Aaron K. Martin (2012), National Identity Infrastructures: Lessons from the United Kingdom

[7] Shweta Banerjee (2015). Aadhaar: Digital Inclusion and Public Services in India. Retrieved from: http://pubdocs.worldbank.org/pubdocs/publicdoc/2016/4/655801461250682317/WDR16-BP-Aadhaar-Paper-Banerjee.pdf

[8] Kevin P. Donovan and Carly Nyst (2013).Privacy for the Other 5 Billion. Retrieved from: http://www.slate.com/articles/technology/future_tense/2013/05/aadhaar_and_other_developing_world_biometrics_programs_must_protect_users.html

[9]Privacy International (2018), supra. See also: Want to open a Facebook account? Keep your Aadhaar card by your side. Published December 27, 2017. Retrieved from: https://economictimes.indiatimes.com/tech/internet/want-to-open-a-facebook-account-keep-your-aadhaar-card-by-your-side/articleshow/62267904.cms

[10]Rs 500, 10 minutes, and you have access to billion Aadhaar details, by Rachna Khaira. Published January 4, 2018. Retrieved from: http://www.tribuneindia.com/news/nation/rs-500-10-minutes-and-you-have-access-to-billion-aadhaar-details/523361.html

[11]Kilusang Mayo Uno v. Director General of NEDA. G.R. No. 167798. (2006)

[12] Senate Bill No. 1500 filed on July 18, 2017, Senate Bill No. 1510 filed on July 25, 2017, Senate Bill No. 1577 filed on September 4, 2017, and Senate Bill No. 1579 filed on September 6, 2017.

[13]Chris Schnabel (2016). National ID to benefit unemployed, unbanked Filipinos. Retrieved from:http://www.rappler.com/business/industries/209-banking-and-financial-services/134125-national-id-benefit-unemployed

[14]See: SEC bats for national ID system vs dirty money, by Doris Dumlao-Abadilla. Published April 1, 2016, 2:02 AM. Retrieved from: http://business.inquirer.net/209073/sec-bats-for-national-id-system-vs-dirty-money; and

National ID system to combat crime – senatorial candidate. Published April 4, 2016. Retrieved from:http://www.update.ph/2016/04/national-id-system-to-combat-crime-senatorial-candidate/3833

[15]National ID system needed to locate disease carriers, says Ona, by Bobby Lagsa. Published May 2, 2014. Retrieved from: http://newsinfo.inquirer.net/599110/national-id-system-needed-to-locate-disease-carriers-says-ona

[16]Id.

[17]American Civil Liberties Union. 5 Problems with National ID Cards. Retrieved from: https://www.aclu.org/5-problems-national-id-cards

[18]Solon sees nat’l ID as tool to stifle dissent, by Gerry Baldo. Published May 26, 2015.Retrieved from: http://www.tribune.net.ph/metro/solon-sees-nat-l-id-as-tool-to-stifle-dissent

[19] Plenary Proceedings of the 17th Congress, Second Regular Session. Vol. 2, No. 21. Friday, September 8, 2017. http://congress.gov.ph/legisdocs/congrec/17th/2nd/17C2RS-VOL2REC21-20170908.pdf

[20]Senate to pass national ID system bill by early 2018by Camille Elemia. Published December 04, 2017. Retrieved from: https://www.rappler.com/nation/190328-senate-national-id-system-bill-early-2018.