Home » Post Item » National ID System and Information Privacy

National ID System and Information Privacy

March 11, 2005

All this talk about National IDs and invasion of privacy is a reflection of the people’s lack of trust in the government. What fuels this mistrust is the absence of any controls limiting the ability of government to access the aggregated data.

But the debate has confused (perhaps left to the back burner) the critical difference between the existence of centralized databases and access to the data. People just assume that centralized databases means unfettered access. This is not necessarily true. Unfortunately, the Supreme Court in Ople v. Torres (striking down the earlier national ID system) added fuel to this fire. Even though the majority recognizes that the violation of the right to privacy is potential, it still concluded that the Ramos administrative order violated the Constitution. Now, I’m not a Constitutional Law expert but it seems to me that if no right has been violated, then there is no opportunity for the Court to exercise its power. In legalease, there is no “justiciable controversy” — this means that the courts are not permitted to intervene unless there is an actual violation of a right. But in Ople v. Torres, there was no actual invasion of privacy. Here’s what the Court said:

Given the record-keeping power of the computer, only the indifferent will fail to perceive the danger that A.O. No. 308 gives the government the power to compile a devastating dossier against unsuspecting citizens.”

Noone’s record had been compromised. Noone’s right to privacy had been violated. Noone had been discriminated against, oppressed, harrassed, or otherwise molested by the system. The Court ruled on the basis of “WHAT IF.”

More importantly, the standard set by the Court for any national ID system is so high that any law will almost always fail. The Court said

“They must satisfactorily show the presence of compelling state interests and that the law, rule, or regulation is narrowly drawn to preclude abuses.”

How can this be workable? If Congress says that the ID system is for efficient delivery of government services, it won’t be good enough. That argument was used in Ople and failed to pass muster. The irrationally high standard becomes apparent once a “compelling state interest” is identified. Let’s say this “compelling state interest” is counter-terrorism. If the Court’s standard is to be followed, the law creating the national ID sytem must limit the ID’s use only for counterterrorism, and no other. If that’s the case, then is it worthwhile to set up a national ID system for a singular purpose? Will the Court require that the ID system be junked once the “compelling state interest” is no longer present? It seems then that the Court has foreclosed the possibility of enacting any national ID measure — either because the state interest is not compelling enough or even if it is, it’s not economically viable.

To make matters worse, the Court crafted this doctrine based on the potential not an actual violation of the right to privacy.

To be sure, Congress must be guided by the High Court ruling although since GMA has appointed a majority of the sitting justices, then maybe Malacanang can swing any new legislation through this Court. Who knows? Although, in my book reversing the decision is not a bad thing.

Back to my point which is this: we need to distinguish between creating and maintaining databases and access. The proper subject of legislation isn’t just the creation of a centralized ID system but a law that limits access to the data only for specified purposes and respects the right of the people to control the data for accuracy and unauthorized uses. Here’s a proposed law drafted by the UP Internet and Society Program that addresses these issues.

But anyone who knows about privacy (or security for that matter) knows that having the legal framework is half the battle. There must be a culture of privacy — the widespread acceptance of the notion that access to personal information must be regulated. In my view, that culture already exists in the government. In my experience, government employees already zealously guard against unauthorized access to government records. I’m told that in the last 5 years, the SSS, BIR and other agencies have been working to share their electronic databases and still nothing has happened. For me, this is an indication that there is a culture of privacy protection among the folks in government who guard our data.

The bottom line is this: any national ID system statute must be accompanied with a law that articulates and protects the informational privacy of individuals. Otherwise, it won’t be acceptable to the people or the Courts.

If you want to learn more about information privacy, read this paper written by the folks at the Internet and Society Program.

Posted by JJ Disini at 11:07 am | permalink

Previous Comments

"Given the record-keeping power of the computer," eh? That sounds so technophobic.

Posted by Mike at March 28, 2005, 9:14 pm

I salute you on this one. Some people become paranoid over their privacy and I do not know why (I think there is nothing to be scared of if you have nothing to hide). Secondly, it is already given and we should know that the data the government collects through the use of National ID is needed to be regulated and there is a need for a limited access. Unless there is a realtime monitoring, again only court order would allow the investigation of a certain someone.

I think it is about users who are sometimes ignorant. Of course, such measure would require that it must be coupled with law to protect privacy, but given that fact some people would not accept such for reasons I do not know what.

I would like to give this example. Sometimes there are chain mails (bogus of course) that requires you to forward it to other people otherwise you are subject to service or account deletion (this happened in one of a webmail service, I junked the mail and still have my account up until now). The email says they can track how many people you send it too, just like the email that circulated that Bill Gates is giving out money. It is a fallacy for the following reasons I believe:

1.) No one can actually track your email, and even if they do they are not allowed to do that
2.) They are violating a basic constitutional right (Art III Sec 3) if they do that. Email is indeed a form of communication through the Internet as a medium.

In the Internet alone, our handles, login names, account, or email addresses are the digital equivalent of the "National ID" provided we register with accurate information. Everytime we login or commit a transaction, our actions are logged. This is a property of security known as "non-repudiation". But does anyone else know what you did? (Well, thats where spywares and adwares come in, they collect personal info and surfing habits but lets not get into that first). Of course none (but then some people hide their identity in the Internet, just to be safe). Out of the thousands of times logging in an account, no one knew when is that (even the service I logged on to doesn't really know or if they do, doesn't give out that information). The only possible way to do this (reveal logs and the like) is that if there is a threat to public safety or interest.

Maybe we really should educate people about this.

Another BTW, I am still an undergrad and I never thought our subject on Philippine Constituion could be this useful.

Posted by Francs at March 31, 2005, 10:38 am

All comments are moderated. Your comments will not appear here unless approved by the blog owner. Thank you.

Add a comment