Monday, May 20, 2013

Was Malacanang correct in its explanation of RA 10372?



Republic Act 10372 was signed into law last February 28, 2013.  It amends certain provisions of Republic Act 8293 more commonly known as the Intellectual Property Code of the Philippines.  It became controversial due to the fact that its amendments, according to critics, violate constitutional rights of the people such as the right to due process, the right against unreasonable searches and seizures, and the equal protection clause.  Its passing and signing into law was not highly publicized as there were more pressing issues our country (and the media) focused on during those times (Sabah/Kiram issue.)
To address the constitutional issues, the government on its official web portal www.gov.ph, through its post, “FAQs to the amendments to the Intellectual Property Code of the Philippines,” answered what it held to be the most frequently asked questions (FAQ’s) as regards RA 10372.  There were six (6) FAQs which the post seeks to clarify in very simple and short terms. 
The task is to look into the Q&A post by the government and see if the questions were satisfactorily answered based on the amending law and to include some meaningful comments.
FIRST ISSUE

Question:  Am I still allowed to import books, DVDs, and CDs from abroad?

Answer:  Yes. In fact, the amendments to the Intellectual Property Code have removed the original limitation of three copies when bringing legitimately acquired copies of copyrighted material into the country. Only the importation of pirated or infringed material is illegal. As long as they were legally purchased, you can bring as many copies you want, subject to Customs regulations.
Comment:  The answer seems correct as Sec 14 of RA 10372 provides that:
“Sections 190.1. and 190.2. of Republic Act No. 8293 are deleted in their entirety.”
            Said sections of RA 8293 provided for limitations as to the number of original/non-infringed copies of copyrighted materials allowed to be brought into the country.  It allows one (1) copy if for personal use while up to three (3) copies if for other purposes such as religious, research and educational ones.  The entire sections having been removed may be interpreted as removing the said limitations and allowing as much copies as a person would want to bring into the country, subject to customs regulations, and for as long as copies qualify under the “fair use” as provided under intellectual property laws.
            The critics were doubtful and suspicious as to the removal of said sections previously setting a limit which actually protects the individual for as long the number of copies one would bring does not exceed such limit.  They worry that the removal may actually work against those who would want to bring a copy home with them as perhaps they fear that now any amount of copy of a copyrighted material would trigger the suspicion from authorities leading to a possible intrusion into ones rights.
            The government having clarified that such removal opens for individuals to carry as much “legal” copies, I would have to take their word for it and concede that since Intellectual Property laws only seek to deter introduction of infringing copies into the country, then it is right to say that the removal of the sections actually removed the limits.  Perhaps the procedure for determination in points of entry, if for example there are multiple copies of a copyrighted material brought in, is another story and would be properly addressed by the implementing rules and regulations. 
            The answer puts in perspective the main issue here under the intellectual property law which is the legality or illegality of the acquisition of a material, and not the number of copies, carried into the country.
SECOND ISSUE
Question:  Is the reproduction of copyrighted material for personal purposes punishable by this law?
Answer:  No. Infringement in this context refers to the economic rights of the copyright owner. So, if you transfer music from a lawfully acquired CD into a computer, then download it to a portable device for personal use, then you didn’t commit infringement. But if, for example, you make multiple copies of the CD to sell, then infringement occurs.
Comment:  The answer doesn’t appear responsive to the question.  It provides a contextual reply and then proceeds by giving a situation-based example which is about data transfer and not about reproduction.
At best, the reproduction only addressed by the answer is the reproduction of code under Section 185.1 of RA 10372 which it defines as “decompilation” and in more detail:
which is understood here to be the reproduction of the code and translation of the forms of a computer program to achieve the interoperability of an independently created computer program with other programs may also constitute fair use under the criteria established by this section, to the extent that such decompilation is done for the purpose of obtaining the information necessary to achieve such interoperability.
            Reproduction, under section 171.9 of the amending law, is defined as:
“the making of one (1) or more copies, temporary or permanent, in whole or in part, of a work or a sound recording in any manner or form without prejudice to the provisions of Section 185 of this Act.”              
If one is to look closely at both RA 8293, the old law and RA 10372, the amending law, “reproduction” is allowed even without the consent of the copyright owner only in very special circumstances. 
Among the special situations are mentioned in Sections 184, 185 and 188.1 of RA 8293.  Sec. 184 provides for “specialized format exclusively for the use of the blind, visually- and reading-impaired persons” with further qualification that such “be made on a nonprofit basis and shall indicate the copyright owner and the date of the original publication.”  On the otherhand section 185 lists what are situations of “fair use” that dies not consist infringement of copyright while under Sec. 188.1 if reproduction is for reprographic or preservation purposes then it is allowed even without consent of the author or copyright owner provided that they be reproduced only in limited copies.
Taking note of the aforementioned sections, it is clear that reproduction may only be done under very exceptional circumstances and for exceptional purposes, otherwise these qualifications should not have been provided at all.
Nowhere under the amending law, RA 10372, was non-profit reproduction of copyrighted materials for personal purposes mentioned as being allowed. 
It would have been better if the government’s answer to the FAQ qualified the definition and extent of “personal purpose.”
The implied effect of the law is that reproduction is allowed and is not an infringement of copyright if, although seemingly done in public, it is done for purposes of going beyond the music or to “digest” it further such as in research, criticism, comment, news reporting, and not for the sake of merely listening to it or sharing it to the public.
            RA 8293, Chapter XV, Section 212, provided for the exceptions which included “personal purpose” but Sec 21 of RA 10372 amended the said section, mutatis mutandis, providing that what should now apply when it comes to reproduction of performances (for the performer and producers alike) would be Chapter VIII on Reproduction of Copyrights.  Chapter VIII however does not provide for a discussion of “personal purposes” and in relation to the first FAQ in the post, the limitation for importation for personal use was completely deleted.  It only provides for an exclusive list of what does not constitute infringement and “personal purposes” is not included.
 The answer to this second issue is inadequate to address the question directly, as the law itself appears to be.
THIRD ISSUE
Question:  Is the possession of, for example, a music file procured through an infringing activity a violation of this law?
Answer:  Only if it can be proven that the person benefitting from the music file has knowledge of the infringement, and the power and ability to control the person committing the infringement. 
Comment:  The answer provided above is based on Sec 216 (b) of RA 10372.  The section however does not talk of mere possessing but beneffiting from the infringed material and so therefore the answer is not responsive to the question.  The law does not of itself provide an answer as to whether mere possession would punishable.  One provision, Sec. 216.1 (6) 2nd par., however implies that the act of infringing itself, whether or not known to the offender who happens to commit it, is civilly punishable.  Still that part does not address the question on mere possession.
FOURTH ISSUE
Question:  Is jailbreaking or rooting[*] my phone or device illegal?
Answer:  No. Jailbreaking or rooting by themselves are not illegal. However, downloading pirated material, or committing infringement with a “jailbroken” phone increases the penalty and damages imposed on the person found guilty of infringement.
Comment:  On this Q&A, the government is correct in stating that jailbreaking otherwise known as rooting is not illegal. This is primarily based on the US Library of Congress’ declaration back in July 2010 that it is a right of all owners of products such as Iphone and Ipad.
            Rightly so, jailbreaking allows the owner of the Iphone, Ipad or other like devices to maximize its use by removing the restrictions set by the manufacturer as regards various features made available by other technology providers and developers of software applications.  The product is not altered.  The usability, flexibility and enjoyment of the device are increased, to the benefit of the owner.
FIFTH ISSUE
Question:  Are mall owners liable for infringement activities of their tenants?
Answer:  Mall owners are not automatically penalized for the infringing acts of their tenants. When a mall owner or lessor finds out about an infringement activity, he or she must give notice to the tenant, then he or she will be afforded time to act upon this knowledge. As stated above, the law requires that one must have both proven knowledge of the infringement, and the ability to control the activities of the infringing person, to be held liable. The mall owner must also have benefitted from the infringement.
Comment:  I would have to agree that subject to certain conditions, the mall owner may be held liable for acts of infringements committed by his tenants.  It should be presumed that the owner shall ultimately be the one to blame not just if he has actual knowledge and control of the situation but if there is a proliferation of the infringing activities. Such should lead authorities to safely assume that he is tolerating the violation of intellectual property laws in exchange for the profit earned through the rents paid him.
            Under Section 217.3 of RA 8293 it is not just the fact that the possessor of the article knows that it is a product of infringement which could be the basis for his liability but he may also be held liable if he “ought to know” or perhaps, should know.  In the same wise, the mall owners should be held accountable if on its face there appears to be an encouragement of selling or displaying products inside the establishment which were obviously infringed, by the fact that many of the said items are being sold by most of the store operators, even at least, on a particular section of the mall.  Obvious here may be determined by whether the store owners or sellers have the proper rights to distribute the items they are selling, or just basing on the price of an original and an infringed item, or simply due to the history of the place or establishments.
            To qualify the “non-automatic” penalizing of the mall owners only based on their knowledge and control would hamper the drive to discourage copyright infringement in malls and major establishment.  It may be circumvented and be used as an excuse in denying liability.  There is a need to stress that there are instances that mall owners “ought to know” that such illegal activities are going on inside their establishments so that they too would be the ones vigilant in the fight for the rights of artists, producers and the like, in protecting the products of their creativity.  That way, the amendment brought about by sec 216 (b) of RA 10372, pertaining to knowledge and control, would be more effective.
SIXTH ISSUE
Question:  Is it legal for the Intellectual Property Office (IPO) to visit businesses to conduct searches based on reports, information, and complaints?
Answer: The IPO may visit establishments based on reports and complaints; this in itself is constitutional. However, if the IPO intends to perform a search and seizure, it must comply with constitutional requirements, such as having a search warrant. A warrant wouldn’t be required, however, if the IPO is accompanied by the Bureau of Customs or the Optical Media Board—two agencies that can perform a search and seizure on their own right without a warrant (per Republic Act No. 1937 and 9239, respectively).
Comment:  This would be among the more controversial issues among these FAQ’s as this part is where the law intended to expand the powers of the Intellectual Porperty Office (IPO), or at least it attempted to do so.
            It was merely an attempt as there was not a clear discussion as to the purpose of such visiting power and to what action the IPO may take if it is found that there is a violation of the IP law.  There was a patent attempt to liken the IPO to become just like what other govenment agencies such as the Optical Media Board (OMB), National Bureau of Investigation (NBI) and Bureau of Customs (BoC) are capable of when it comes to enforcing laws subject of their respective jurisdictions.
            There are two things which the above mentioned agencies can do which the IPO has not yet possessed even with the passing of RA 10372.  First, the said agencies can act on their own, the IPO cannot and has to await complaints by artists, authors and other copyright holders.  Second is that these agencies can enforce on their own, which the IPO cannot do.  Under the amended Section 7 of the intellectual property law, the IPO Director and his Deputy Director can:
Undertake enforcement functions supported by (emphasis supplied) concerned agencies such as the Philippine National Police, the National Bureau of Investigation, the Bureau of Customs, the Optical Media Board, and the local government units, among others;
            Without giving the IPO the power to act and enforce on its own, RA 10372 merely re-designates the Intellectual Property Office as a “middleman” kind of government agency tasked to accept complaints and coordinate with other government agencies for purposes of enforcement.  The “visiting” powers conferred by RA 10372 is rendered purposeless for it seems there was no need to include it in the law if the only power that the IPO has, on its own, is exactly to visit  since it has to have assistance if it wants to pursue further actions against violators.
            The legality of their visiting power as conferred by Sec 7 (d) law and all the more their non-existent right to perform search and seizure operations on their own, as attempted to be created by sec 7 (d) need not be discussed here as there is none in, or if there is, it can only be said to be useless and purposeless.
Final Comment:
Noticeable is the fact that in the end the post provides that:
The procedure and safeguards for this are to be spelled out in the Implementing Rules and Regulations.”
Perhaps that would be the reason why the six (6) questions and answers would appear to be very straightforward and doesn’t appear to be apprehensive about constitutional rights issues as it would when critics would attack the amendatory law.  The government maybe confident that whatever loopholes the wordings of RA 10372 have, the IRR would be able to cover.  However, according to critics of RA 10372, such as Professor Jj Disini, the implementing rules cannot suffice to fix the loopholes of a law since one cannot write something on the IRR which is contrary to law and the it would be impossible to address every flaw, the very reason why there is an injunction on the Cybercrime Law.

             Overall, the Q&A post of the government regarding RA 10372 is not as helpful as it may have wanted it to be as it clearly missed some of the more important issues which should have been answered.  It was not only due to the simple way the questions were answered but perhaps because the law itself is lacking in substance required to provide for a meaningful legislation.

Monday, May 6, 2013

The Impact of RA 10173 with the landmark case of Ople vs Torres



Purpose & Relevance
The purpose of the paper is to look into RA 10173 or the Data Privacy Act of 2012 and explore the possibility as to whether the said law may help address the points raised by the Supreme Court in its decision in the case of Ople v Torres and, for purposes of academic discussion, may sway said decision as regards the establishment of a national ID system.
The introduction of RA 10173 which could potentially address the shortcomings of Administrative Order 308 as enunciated in Ople may help alter the Court’s as well as the general public’s acceptance of a national ID system which does not merely operate to establish a unified identification system but also with the potential of becoming a key part of an individual’s record of identity, while living or sojourning in the Philippines. 
Nearly 15 years stand between the decision in Ople and the enactment of RA 10173. It is well to note that within that decade and a half, there has been a great leap as to how data privacy is viewed by the general public in terms of their openness in giving out personal information and how the courts now treat technology and its products as being more and more reliable or acceptable for use in its proceedings and decision-making.
Background in the Ople v Torres case
In July 23, 1998 the Supreme Court rendered a decision in favor of the petitioner, Senator Blas Ople, who opposed Administrative Order 308 issued by President Fidel Ramos establishing the National Computerized Identification Reference System, more popularly known as the national ID system.
Ople’s main contentions were that the national ID system lays the groundwork for a system which will violate the individual’s right to privacy and that its issuance is an encroachment upon the legislative powers of Congress not only due to the fact that it involved appropriations of public funds but more so because of its subject matter and scope.
The decision of the Supreme Court in favor of Ople, primarily on the right to privacy, centered on the Court’s strong apprehension as to the implications brought about by the AO 308’s failure to provide “what specific biological characteristics and what particular biometrics technology shall be used to identify people who will seek its coverage.”  It also held that the purpose of the generation of the PRN or the Population Reference Number was not confined to the sole purpose of identifying each individual but may also be used for other things remotely related to the avowed purposes of the administrative order.
As can be gleaned from the decision, there was also a doubt as to the data integrity or how the records will be handled and protected from potential intrusions and misuse and as to how much control the data subject has over the information he gave to the data controller.
The dissenters were not as pessimistic as those who voted for the majority decision.  They were not as threatened and did not see AO 308 giving the government the power to go so far as gathering data which could potentially work to the detriment of the individual by the apparent misuse or intrusion of the information by those who would have access to them.
Background in RA 10173
Signed into law by President Noynoy Aquino on August 15, 2012, RA 10173 establishes the National Privacy Commission responsible for ensuring that the privileged and personal sensitive information of an individual, also known as the data subject, will be properly handled by the data controllers and processors as defined by the law.  Under this law, government agencies will have a linkage
The law provides guidelines as to how such information will be processed –including but not limited to such procedures as gathering, storing, retrieval, editing, and transfer of data.  It also sets out measures as to the right of the data subject as regards the personal data she or he provided and her or his right to be informed of any process done with such information, subject to exceptions.  
RA 10173 criminalizes any breach of the measures provided to ensure the privacy of the individual’s personal and sensitive information.  It provides for penalties and imprisonment whether the prohibited act be done intentionally or through neglect.
RA 10173 vis-à-vis AO 308
RA 10173, however, does not have the same aim as AO 308 as its only concern is to set forth guidelines as to how sensitive personal information, once gathered from data subjects, primarily by the government, will be managed properly for the protection and peace of mind of said individuals. Unlike AO 308, it does not go so far as to establish a national ID system carried out through assigning each individual with a reference number and linking the different government agencies for ease of delivery of services to them by consolidating their voluntarily given personal records.
At best RA 10173 may be treated as a precursor to such a national identification system only with the preliminary purpose of laying the groundwork for ensuring integrity in data management and elimination of doubts as to possible intrusions and misuse of such data. 
In fine, RA 10173 only concerns itself with the data gathering, storing and maintenance of its integrity during any process done to it with the ultimate goal of giving the individual confidence over the safety and privacy of any personal or sensitive information given up by her or him.
RA 10173 vis a vis Ople
On its face RA 10173 addresses one of the main concerns of the Supreme Court in the Ople decision: data privacy processing.  Processing under RA 10173 “refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.”
In the Ople case, one of the main apprehensions of the Supreme Court was that AO 308 did not provide who has control and access to the personal data and under what circumstances and for what purposes such data is to be accessed.  RA 10173 addresses said issue by defining who a data controller and a data processor is in the event that sensitive and personal information would be taken from individuals and providing for their responsibilities in maintaining the privacy of such as well as their liabilities should they fail to conduct the proper procedures.  Even the superioirs or heads of the National Privacy Commission may be held liable in some instances.
As mentioned above the law seems to define processing or data process as anything which may be done to the data.  Knowledge and consent of the individual is vital all throughout any process done to his personal or sensitive information.  Even the mere retrieval of the data has to be brought to the attention of the data subject, except for some general circumstances as when the data is to be used purely for research or statistical reports purposes.
Being able to stress the importance of the individual’s knowledge, consent and right as to the data she or he provided can help lessen  the apprehensions as to the possible impact on one’s civil liberties as the individual would seem to have full access to her or his data and knowledge of what is done to it even after it has been collected from her or him.  In relation thereto, care has to be taken that proper standards be set as to how under Subsection 2, Paragraph f, Section 20 of the law, the Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest or in the interests of the affected data subjects.”
Allowing the personal infomation controller to be exempt from notifying the data subject, based on reasonable judgment, may lead to a slippery slope that could lead to a way for the controller, or the government for that matter, to escape responsibility with respect to the safeguarding of the privacy of data or from ever letting the data subject know that a process is being done.  Such can render the purported respect for the individuals knowledge and consent upon anything done to her or his personal and sensitive information to be nugatory and of no value.  It should be stressed that such case should only be allowed using the strictest of qualifications and may even require a court order or approval before proceeding  with such.
            If such a strict requirement can be established then perhaps RA 10173 may be said to have laid the foundation for other laws (or administrative order?) aimed at establishing a national ID system but only in so far as the apprehension involves data integrity and safety. 
Other grounds for the Supreme Court’s decision in favor of Ople
Encroachment upon the Legislative Power of Congress
            Whether the issuance of AO 308 is an encroachment upon the legislative powers of Congress or not would depend on how we understood AO 308.  In the case of Ople it appears that there were two main things that the majority impliedly saw in the administrative order.  First, that it is compulsory such that the government would eventually ask everyone to register and have a big repository of every activity and personal information that the data subject would give out to the government during every transaction she or he has with the latter.  Second is that the national ID system would be a unified identification system containing extremely personal information brought about by the provision of the AO pertaining to biometrics technology.  The dissenters however would hold the complete opposite. 
If we are to follow the position held by the dissenters, an unassuming position that is, then we may have already realized the fruit of what they were contemplating AO 308 was about.  The existence of the current Philippine Unified Multi-purpose ID is a linkage of various government agencies not just with the sharing of the information but also for the implementation of the project itself.  It is initially aimed at using one identification card for transactions with any of the major government offices offering various services to the public.  These include the SSS, GSIS, BIR, NSO and Pag-Ibig, with provisions of the “Uni-card” being used as a voter’s ID.  It also involves biometric scanning such as the Automated Fingerprint Identification System (AFIS) as well as a Central Verification and Enrollment System that will have the data record of some pertinent personal information of the individual.  It is not yet compulsory and not in lieu of all the other individual cards existing for each of the mentioned government agencies.  It does not mean that if one does not have the Uni-card she or he will not be able to transact with any of the government agencies.
If this is the view we will hold as that national ID system contemplated by AO 308, there would seem to be no problem in holding that RA 10173 would address the apprehensions of the Supreme Court in Ople. Safeguards as to how the personal and sensitive information has been put in place and there seems to be no other intent but to unify the records system of the government for improvement of services.
If we are, on the other hand, to take the position of the majority in the Ople case, which deemed AO 308 as unconstitutional, we would be looking into the idea of a national ID card system more akin to that contemplated in the Identity Cards Act of 2006 in the United Kingdom.  Such national identity reference system had provisions for the card to be used in lieu of a passport.  It had provisions for the card and the central record system to contain  fifty categories of information that the National Identity Register could hold on each citizen, including up to 10 fingerprints, digitised facial scan and iris scan, current and past UK and overseas places of residence of all residents of the UK throughout their lives and indices to other Government databases (including National Insurance Number) – which would allow them to be connected. The legislation on this resident register also said that any further information could be added.
A similar national identity card system had been proposed, largely debated, in many other countries – first world countries at that, but have miserably failed due to opposition mainly from different concerned groups, lawyers, activists and minorities.  In the UK, the failure had also been due to the challenges faced during implementation with the realization along the way of the pros and cons and as to what extent it may really benefit a country, considering that for first world countries such is pursued primarily to combat terrorism and internal security issue which although the threat is on a daily basis, the actual occurence will never be as often and actual cost, although considerably high may not measure up. with an all encompassing national ID system which is too costly and too exhausting for a government to fully implement, cumpolsorily and completely and altering the existing and somehow working identification systems.
If the view we take as to what AO 308 contemplated would be that of the majority then we can conclude that RA 10173 is nowhere near in even partially addresing the Courts decision (only for academic purposes, of course) as it would seem that it is not the laying of the groundwork for data  integrity and data privacy that is the most compelling of the apprehensions of the Supreme Court, and perhaps the general public.
The intent of laws or administrative orders aimed at establishing certain measures of identification for each member of the society, noble or threatening as it may appear, has yet to be truly effective in terms of application.  Laying guidelines as to how data is to be securely kept and properly maintained would be the only requisite in a perfect world.  Such improbable success in effective implementation has been proven even by nations who are deemed more technologically capable and who, in many terms, seem just capable to do so.
In reality, even though it was very well said in the ponencia that “as technology advances, the level of reasonably expected privacy decreases.” And that “The measure of protection granted by the reasonable expectation diminishes as relevant technology becomes more widely accepted” and even considering that more than a decade has passed since the Ople decision, and everyday we voluntarily give up many private, even real-time personal information  as to our activities, likes and whereabouts through the various social media apparently part of our daily existence, when it comes to the government playing the role of facebook, twitter, pinterest or four square in taking care of our personal information, sensitive or not, we make a 180 degree turn as to its acceptability and the fun is suddenly gone. 
Overall, it can be said that RA 10173 not being able to address the possibility of the issuance of AO 308 establishing a national ID system as contemplated by the majority decision in Ople is neither due to the AO’s lack of sufficient standard nor to its vagueness and not even due to the encroachment of the powers of the Congress by the President.  It is ultimately due to the fact that it is the government who is to handle our personal and sensitive information.  To this we are never ready.  If its the government , we neither consider it as playtime nor fun. 
(My research as to the national ID systems in other countries is not as detailed but I would presume that for now such an idea is only possible of implementation in countries such as China and Russia.)

The Impact of RA 10173 with the landmark case of Ople vs Torres



Purpose & Relevance
The purpose of the paper is to look into RA 10173 or the Data Privacy Act of 2012 and explore the possibility as to whether the said law may help address the points raised by the Supreme Court in its decision in the case of Ople v Torres and, for purposes of academic discussion, may sway said decision as regards the establishment of a national ID system.
The introduction of RA 10173 which could potentially address the shortcomings of Administrative Order 308 as enunciated in Ople may help alter the Court’s as well as the general public’s acceptance of a national ID system which does not merely operate to establish a unified identification system but also with the potential of becoming a key part of an individual’s record of identity, while living or sojourning in the Philippines. 
Nearly 15 years stand between the decision in Ople and the enactment of RA 10173. It is well to note that within that decade and a half, there has been a great leap as to how data privacy is viewed by the general public in terms of their openness in giving out personal information and how the courts now treat technology and its products as being more and more reliable or acceptable for use in its proceedings and decision-making.
Background in the Ople v Torres case
In July 23, 1998 the Supreme Court rendered a decision in favor of the petitioner, Senator Blas Ople, who opposed Administrative Order 308 issued by President Fidel Ramos establishing the National Computerized Identification Reference System, more popularly known as the national ID system.
Ople’s main contentions were that the national ID system lays the groundwork for a system which will violate the individual’s right to privacy and that its issuance is an encroachment upon the legislative powers of Congress not only due to the fact that it involved appropriations of public funds but more so because of its subject matter and scope.
The decision of the Supreme Court in favor of Ople, primarily on the right to privacy, centered on the Court’s strong apprehension as to the implications brought about by the AO 308’s failure to provide “what specific biological characteristics and what particular biometrics technology shall be used to identify people who will seek its coverage.”  It also held that the purpose of the generation of the PRN or the Population Reference Number was not confined to the sole purpose of identifying each individual but may also be used for other things remotely related to the avowed purposes of the administrative order.
As can be gleaned from the decision, there was also a doubt as to the data integrity or how the records will be handled and protected from potential intrusions and misuse and as to how much control the data subject has over the information he gave to the data controller.
The dissenters were not as pessimistic as those who voted for the majority decision.  They were not as threatened and did not see AO 308 giving the government the power to go so far as gathering data which could potentially work to the detriment of the individual by the apparent misuse or intrusion of the information by those who would have access to them.
Background in RA 10173
Signed into law by President Noynoy Aquino on August 15, 2012, RA 10173 establishes the National Privacy Commission responsible for ensuring that the privileged and personal sensitive information of an individual, also known as the data subject, will be properly handled by the data controllers and processors as defined by the law.  Under this law, government agencies will have a linkage
The law provides guidelines as to how such information will be processed –including but not limited to such procedures as gathering, storing, retrieval, editing, and transfer of data.  It also sets out measures as to the right of the data subject as regards the personal data she or he provided and her or his right to be informed of any process done with such information, subject to exceptions.  
RA 10173 criminalizes any breach of the measures provided to ensure the privacy of the individual’s personal and sensitive information.  It provides for penalties and imprisonment whether the prohibited act be done intentionally or through neglect.
RA 10173 vis-à-vis AO 308
RA 10173, however, does not have the same aim as AO 308 as its only concern is to set forth guidelines as to how sensitive personal information, once gathered from data subjects, primarily by the government, will be managed properly for the protection and peace of mind of said individuals. Unlike AO 308, it does not go so far as to establish a national ID system carried out through assigning each individual with a reference number and linking the different government agencies for ease of delivery of services to them by consolidating their voluntarily given personal records.
At best RA 10173 may be treated as a precursor to such a national identification system only with the preliminary purpose of laying the groundwork for ensuring integrity in data management and elimination of doubts as to possible intrusions and misuse of such data. 
In fine, RA 10173 only concerns itself with the data gathering, storing and maintenance of its integrity during any process done to it with the ultimate goal of giving the individual confidence over the safety and privacy of any personal or sensitive information given up by her or him.
RA 10173 vis a vis Ople
On its face RA 10173 addresses one of the main concerns of the Supreme Court in the Ople decision: data privacy processing.  Processing under RA 10173 “refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.”
In the Ople case, one of the main apprehensions of the Supreme Court was that AO 308 did not provide who has control and access to the personal data and under what circumstances and for what purposes such data is to be accessed.  RA 10173 addresses said issue by defining who a data controller and a data processor is in the event that sensitive and personal information would be taken from individuals and providing for their responsibilities in maintaining the privacy of such as well as their liabilities should they fail to conduct the proper procedures.  Even the superioirs or heads of the National Privacy Commission may be held liable in some instances.
As mentioned above the law seems to define processing or data process as anything which may be done to the data.  Knowledge and consent of the individual is vital all throughout any process done to his personal or sensitive information.  Even the mere retrieval of the data has to be brought to the attention of the data subject, except for some general circumstances as when the data is to be used purely for research or statistical reports purposes.
Being able to stress the importance of the individual’s knowledge, consent and right as to the data she or he provided can help lessen  the apprehensions as to the possible impact on one’s civil liberties as the individual would seem to have full access to her or his data and knowledge of what is done to it even after it has been collected from her or him.  In relation thereto, care has to be taken that proper standards be set as to how under Subsection 2, Paragraph f, Section 20 of the law, the Commission may exempt a personal information controller from notification where, in its reasonable judgment, such notification would not be in the public interest or in the interests of the affected data subjects.”
Allowing the personal infomation controller to be exempt from notifying the data subject, based on reasonable judgment, may lead to a slippery slope that could lead to a way for the controller, or the government for that matter, to escape responsibility with respect to the safeguarding of the privacy of data or from ever letting the data subject know that a process is being done.  Such can render the purported respect for the individuals knowledge and consent upon anything done to her or his personal and sensitive information to be nugatory and of no value.  It should be stressed that such case should only be allowed using the strictest of qualifications and may even require a court order or approval before proceeding  with such.
            If such a strict requirement can be established then perhaps RA 10173 may be said to have laid the foundation for other laws (or administrative order?) aimed at establishing a national ID system but only in so far as the apprehension involves data integrity and safety. 
Other grounds for the Supreme Court’s decision in favor of Ople
Encroachment upon the Legislative Power of Congress
            Whether the issuance of AO 308 is an encroachment upon the legislative powers of Congress or not would depend on how we understood AO 308.  In the case of Ople it appears that there were two main things that the majority impliedly saw in the administrative order.  First, that it is compulsory such that the government would eventually ask everyone to register and have a big repository of every activity and personal information that the data subject would give out to the government during every transaction she or he has with the latter.  Second is that the national ID system would be a unified identification system containing extremely personal information brought about by the provision of the AO pertaining to biometrics technology.  The dissenters however would hold the complete opposite. 
If we are to follow the position held by the dissenters, an unassuming position that is, then we may have already realized the fruit of what they were contemplating AO 308 was about.  The existence of the current Philippine Unified Multi-purpose ID is a linkage of various government agencies not just with the sharing of the information but also for the implementation of the project itself.  It is initially aimed at using one identification card for transactions with any of the major government offices offering various services to the public.  These include the SSS, GSIS, BIR, NSO and Pag-Ibig, with provisions of the “Uni-card” being used as a voter’s ID.  It also involves biometric scanning such as the Automated Fingerprint Identification System (AFIS) as well as a Central Verification and Enrollment System that will have the data record of some pertinent personal information of the individual.  It is not yet compulsory and not in lieu of all the other individual cards existing for each of the mentioned government agencies.  It does not mean that if one does not have the Uni-card she or he will not be able to transact with any of the government agencies.
If this is the view we will hold as that national ID system contemplated by AO 308, there would seem to be no problem in holding that RA 10173 would address the apprehensions of the Supreme Court in Ople. Safeguards as to how the personal and sensitive information has been put in place and there seems to be no other intent but to unify the records system of the government for improvement of services.
If we are, on the other hand, to take the position of the majority in the Ople case, which deemed AO 308 as unconstitutional, we would be looking into the idea of a national ID card system more akin to that contemplated in the Identity Cards Act of 2006 in the United Kingdom.  Such national identity reference system had provisions for the card to be used in lieu of a passport.  It had provisions for the card and the central record system to contain  fifty categories of information that the National Identity Register could hold on each citizen, including up to 10 fingerprints, digitised facial scan and iris scan, current and past UK and overseas places of residence of all residents of the UK throughout their lives and indices to other Government databases (including National Insurance Number) – which would allow them to be connected. The legislation on this resident register also said that any further information could be added.
A similar national identity card system had been proposed, largely debated, in many other countries – first world countries at that, but have miserably failed due to opposition mainly from different concerned groups, lawyers, activists and minorities.  In the UK, the failure had also been due to the challenges faced during implementation with the realization along the way of the pros and cons and as to what extent it may really benefit a country, considering that for first world countries such is pursued primarily to combat terrorism and internal security issue which although the threat is on a daily basis, the actual occurence will never be as often and actual cost, although considerably high may not measure up. with an all encompassing national ID system which is too costly and too exhausting for a government to fully implement, cumpolsorily and completely and altering the existing and somehow working identification systems.
If the view we take as to what AO 308 contemplated would be that of the majority then we can conclude that RA 10173 is nowhere near in even partially addresing the Courts decision (only for academic purposes, of course) as it would seem that it is not the laying of the groundwork for data  integrity and data privacy that is the most compelling of the apprehensions of the Supreme Court, and perhaps the general public.
The intent of laws or administrative orders aimed at establishing certain measures of identification for each member of the society, noble or threatening as it may appear, has yet to be truly effective in terms of application.  Laying guidelines as to how data is to be securely kept and properly maintained would be the only requisite in a perfect world.  Such improbable success in effective implementation has been proven even by nations who are deemed more technologically capable and who, in many terms, seem just capable to do so.
In reality, even though it was very well said in the ponencia that “as technology advances, the level of reasonably expected privacy decreases.” And that “The measure of protection granted by the reasonable expectation diminishes as relevant technology becomes more widely accepted” and even considering that more than a decade has passed since the Ople decision, and everyday we voluntarily give up many private, even real-time personal information  as to our activities, likes and whereabouts through the various social media apparently part of our daily existence, when it comes to the government playing the role of facebook, twitter, pinterest or four square in taking care of our personal information, sensitive or not, we make a 180 degree turn as to its acceptability and the fun is suddenly gone. 
Overall, it can be said that RA 10173 not being able to address the possibility of the issuance of AO 308 establishing a national ID system as contemplated by the majority decision in Ople is neither due to the AO’s lack of sufficient standard nor to its vagueness and not even due to the encroachment of the powers of the Congress by the President.  It is ultimately due to the fact that it is the government who is to handle our personal and sensitive information.  To this we are never ready.  If its the government , we neither consider it as playtime nor fun. 
(My research as to the national ID systems in other countries is not as detailed but I would presume that for now such an idea is only possible of implementation in countries such as China and Russia.)

Tuesday, August 24, 2010

Manila Tourist Bus Hostage taking

Disappointing.. not a new word to ascribe to the police but what happened yesterday was downheartedly DISAPPOINTING.. prompting me to ask so many questions as to what role really the police play in our society? for on this one occasion for them to shine and show that, (behind those big beer belly of theirs, behind the very dirty and disgusting image that they have continuously and easily maintained anywhere in the country enough for the people to fear and not respect most of them even a bit,) they can actually, swiftly handle such a situation... they failed.

They did not know what to do. They have allowed the hostage situation to last from morning til night and yet come the moment that every good soul hoped would not happen, they faltered! Armalite shots were heard inside the bus and yet no team was there to handle the situation. After waiting the whole day, all they could do was rely on the snipers.

Please dont blame the media. If the media was not there, we'll definitely hear a different story from the police on how hard the situation was. Obviously it was hard since an ex-police was armed and threatening to hurt tourists if his requests will not be granted and in the situation he had the 'vantage point', according to the police. But then again, what are all their trainings for? Waiting the whole day and eventually coming up with at least 7 dead tourists! If it was not real life what happened yesterday during the 'attack' of the 'elite' 'SWAT" teams (yes, TEAMSSSS!) was a comedy show.

After almost an hour after 'armalite' shots were heard inside the bus (if the hostages were hit, they would have bled to death), they finally decided to attack (maybe for the purpose of killing the hostage taker, if everyone else was indeed dead as the escaped bus driver said).

PLAN A. The first team attacked at the front. for fear that there might be a bomb at the hydraulic door (must have watched SPEED) they tried to smash the right portion of the wind shield. then shots came from the inside of the bus. all of them dropped and then disengaged (retreated!!!)

PLAN B. Then the next 'elite' team came again smashing the windows, this time at the back of the bus. then they kept throwing flashbangs and tear gases. And then what? Nothing. They piled up, some 15-20 of them, behind the bus beside a police mobile car. Then rapid shots came from inside the bus once again. This time a civilian 'usi' was hit.

PLAN C. Then they made another move (ala McGyver). Thinking that there might not be a bomb at the hydraulic door after all, or if there was one then they can open it without risking the life of one of their elite and precious police SWAT by tying a rope and then pulling the door using a police car. The comedy show that it was the rope snapped.

Can we blame those who look differently on us? Yes, we have produced great people and things, but which country does not?

On a daily basis, do our institutions work for us?

When meeting a policeman, do you ever feel SERVED and PROTECTED?

Tuesday, August 12, 2008

MIDTERMS

man...hell of a day today...finished with my 1st midterms in law school in one of our toughest subject yet under miss beth...and this is the 1st blog i've ever felt so freely to do, probably coz of that relief i got after that verbal exam...6 questions in 8 minutes...did pretty well i would say (and the teacher said it as well.hehe) although i wasnt the top in our batch of 5 (class was divided in 8 batches) thats ok, my batchmates were all good ones. anyway...

hoping that that momentum i got will continue... i think a big EFFORT really is needed and things will be all worth it... however it should not be an effort which is done thru cramming but on a daily basis... as one philosopher said... "you are what you do, therefore excellence is a habit"

Monday, March 3, 2008

Paradigm Shift

here comes the adjustment period in my work. i am now in sales, i used to be in purchasing. so it really is a challenge for me now to be the one negotiating instead of the one deciding if i like what's being presented to me. its like all the power is lost so suddenly. kind of disappointing but i do hope this adjusting thing would happen fast.
well i have my teammates and supportive bosses to help me. these bosses are so great in their leadership style. i've barely worked with them for so short a time but they are just always there for you and always full of wisdom in doing everything. its like you don't feel that you are a subordinate, its like they are your family and they are there as guides. i have friends in my team. some old friends, some new, but we kind of get along very very well in an instant. i sure hope things will patch up for some very few i havent touched based with. well you cant please everybody all the time that's what i should remember..

no more turning back now, i guess...

i feel so novice with the way i write...i have this friend she writes like she's a feature writer in a sports or food magazine..

Wednesday, February 27, 2008

For my friend Jochebed

With the best English that i know...i'll try to translate this song Anak by Mr. Freddie Aguilar...its a Filipino classic...

Nang isilang ka sa mundong ito - When you were born (here on this Earth)
Laking tuwa ng magulang mo - Your parents were overjoyed
At ang kamay nila ang iyong ilaw - And their hands were youre guiding light
At ang nanay at tatay mo'y - And your mom (mother) and dad(father)
Di malaman ang gagawin - They didnt know what to do (due to their happiness)
Minamasdan pati pagtulog mo - They watched you even as you were sleeping
At sa gabi'y napupuyat ang iyong nanay Sa pagtimpla ng gatas mo - And in the middle of the night your mom wakes up just to make you some milk (in the feeding bottle.hehe)
At sa umaga nama'y kalong ka Ng iyong amang tuwang-tuwa sa iyo - And in the morning your dad happily carries you on his lap

Ngayon nga ay malaki ka na - Now youve grown
Nais mo'y maging malaya - You want your independence/You want your space
Di man sila payag - Even if they dont want to let you go
Walang magagawa - There's nothing they could do
Ikaw nga ay biglang nagbago - Then you suddenly changed
Naging matigas ang iyong ulo - You became hard headed
At ang payo nila'y sinuway mo - And their teachings, you disregarded

Di mo man lang inisip na Ang kanilang ginagawa'y para sa iyo - You didnt even realize what they were doing were all for you
Pagkat ang nais mo'y - Cause what you wanted was
Masunod ang layaw mo - to follow your caprice
Di mo sila pinapansin - You never thought of them (or their sacrifice)

Nagdaan pa ang mga araw - So the days past
At ang landas mo'y naligaw - And you lost direction in life
Ikaw ay nalulong sa masamang bisyo - You got hooked on bad vice (drugs,etc)

At ang una mong nilapitan - And the first person you run to (when everything went wrong)
Ang iyong inang lumuluha - Your mom who was crying
At ang tanong,"anak, ba't ka nagkaganyan" - then she asked "my child, why have you become like this?
At ang iyong mata'y biglang lumuha ng di mo pinapansin - Then you did not notice, your eyes suddenly filled with tears.
Nagsisisi at sa isip mo'yNalaman mong ika'y nagkamali - You were sorry, You learned you had been wrong
Nagsisisi at sa isip mo'yNalaman mong ika'y nagkamali
Nagsisisi at sa isip mo'yNalaman mong ika'y nagkamali
Nagsisisi at sa isip mo'yNalaman mong ika'y nagkamali

Actually i think this song has in other version a next part were the child already had his family and the song says..."now you will understand how it is to become a parent"...I hope i didnt sound like a comedian in translating Tagalog to English.hehe