PUBLIC FORUM ON THE IRR OF THE PHILSYS ACT (RA 11055)

October 2, 2018 9AM

UP SCHOOL OF STATISTICS AUDITORIUM
CONVENED BY: PHILIPPINE STATISTICS AUTHORITY

 Enacted 6 August 2018

 Public consultations held on 24-25 September (Manila, Visayas and Mindanao) and 2
October (Manila), plus online portal for taking comments
 Under the law, PSA (through the PhilSys Policy and Coordination Council) is the
implementing agency for the new law. It has 60 days from enactment of the law (or
until October 5) to formulate the implementing rules and regulations. The PSA has
partnered with the DICT and the NPC for the technology infrastructure.

Why this is important to us

 The law came into effect August 2018. Everyone is compelled to register beginning on
September 2019: Filipino and expat (resident aliens) alike. The implementing rules is
expected to be signed today, October 6.
 We need to integrate into our KYC process whatever authentication system and
database PSA (Philippine Statistics Authority, the lead government agency in this
initiative) will develop. This is a standalone system that we will send queries to
whenever we want to verify a person’s identity.
 The PhilID is designed to know whether person X is really person X. However, it also
stores all authentication requests so the person will be able to review if and when
somebody checks his identity, and who that requestor is. Moving forward, loan
applicants and third-party buyers will know whenever we do identity checks on them.
 It is not yet clear whether the PhilID card will be mandatory (and whether there will be
enough, on time) for everyone. The card will contain the demographic data and the QR
code incorporating the registrant’s fingerprint on it. The physical card itself is not
essential, but the assigned PSN (PhilSys Number) is needed to make the verification
query on the PSA database.
 The government plans to pilot-test this project on 1M Filipinos in 3 separate regions by
December. The process for that pilot project has yet to be drawn up.

CLAUSES DISCUSSED

Coverage  Applies to both Philippine citizens and resident aliens

except diplomats
 Uses of PhiID – any transaction with government and
private sector that would require proof identity
 ID only = proof of identity but not proof of eligibility to
receive or avail of services and transactions
 Mandatory registration for both Filipinos and resident
aliens
Primary purposes
Terms defined
What PSN is
PhilSys registry data
Documentary requirements
Cancellation/deactivation
of PSN
Authentication
Protection against unlawful
disclosure
 Single ID system
 Eliminate the need to present other forms of
identification
 Ease of doing business for the private sector
“Personal information” is similar to the definition in DPA 2012 –
any information that would directly identify an individual
PSN or PhilSys Number is
 Randomly generated
 Unique
 Permanent
 Assigned at birth or registration
Limited to demographic + biometric data as listed
Demographic data
 Full name
 Sex
 Birth date
 Place of birth
 Blood type
 Address (required: permanent; optional: present)
 Citizenship (including for resident alien)
 Optional: marital status, mobile number, email address
Biometric data
 Facial photo
 Fingerprints (10)
 Iris scan
For those who do not have any valid proof of identity, an
introducer who is of legal age and has his own PSN shall be
required for registration
Death, loss of Filipino citizenship, etc.
 Online authentication: PSN and biometric information
will be used to validate identity
 Offline authentication: presentation of PhilID and
matching the fingerprint in the QR code and OTP to
validate identity for transactions and services as
enumerated in the law
No disclosure unless with
 Consent of the data subject
 Court order
OPEN FORUM PANELISTS:
National Privacy Commission
Bangko Sentral ng Pilipinas
Philippine Statistics Office
Department of Information and Communication Technology

1. Address of the registrant

Q: The law just states “address” but IRR makes a distinction between permanent address and
present address
 What about for ambulant indigenous peoples and homeless persons – will they be made
to produce different addresses too?
 For purposes of running for local public office, will the PhilID be conclusive proof of your
domicile for purposes of eligibility in public office? Does this show your animus animus
revertendi or intent to return to a particular address?
A: COMELEC is the proper body to decide this issue. In any case, a person is allowed to make
changes to his registry information.

2. Integrity of the data

Q: There are 2 types of data that will be made here: digital database and physical ID printout.
What is being done to ensure the security of the data?
A: DICT and PSA have partnered together as early as 2016 to consolidate and de-duplicate the
civil registry databases to develop an authoritative database. Other government agencies that
have separate electronic databases will have to be linked as well for inter-operability. We
cannot guarantee 100% hack-proof system. The ID card itself is not as important as the PSN,
although the ID itself will have security features

3. Use of the ID
Q: Will my ID have to be authenticated every time I use it? Does that mean that the system will
always be online?
A: Yes, it will be authenticated every time. But each government agency will have its own
authentication process and other requirements for transaction. Yes, the dream is that the
system will be online all or almost all the time.

Q: Does the offline authentication mean that each government agency will have its own copy of
the database? How do you plan to ensure the integrity of the database in that case?
A: No, the government agencies won’t have their own database. The fingerprint you present in
person will have to be matched against the fingerprint embedded in the QR code on your card.
Then the agency will just have to match those 2 datasets to authenticate your identity “offline”.

4. Fingerprints of manual laborers are probably already busted. People with eye defects will
not have efficient iris scanning.
A: There are 3 biometric information: facial photo, iris scan, and fingerprint. A person can
provide at least 1 one of these.

5. Data access and storage

Q: Where are we going to store the data – onshore or on the cloud or offshore?
A: Government private cloud will be used, under the auspices of the PSA.
Q: How will the data be consolidated? Will there be a central database?
A: We are still looking at the best way to do this.

Q: Who has access to the database?

A: Management and overall access to the data rests on the PSA but actual access depends on
the decision of the PSA as regards actual use. The registrant shall have ultimate power to
allow/disallow a government agency to access and authenticate his personal information.

6. OTP and QR Code mechanism

Q: Are you going to store all 10 fingerprints on the QR code? That will mean having a big code,
which might not fit the card. Will you also need to have a mobile phone with signal for the OTP
to be sent? How about those people without a mobile phone?
A: This is still being finalized on the technology side.

7. Identity database vs functional database

Q: If I present my ID at a government hospital, will the DSWD know that I need help? Will
PhilHealth immediately discount the medical bills I receive? Will my local government agency
know immediately that I will be behind my taxes because I am hospitalized?
A: Your PSN is just an identity card, it does not store all the information about you. Each of the
government agencies will have to use that identity information in determining whether you are
qualified for whatever service you require. We want to break up the database so that there will
be no one central source of information about anyone, which also means that it will become
more attractive to hackers. We are also looking at tokenization of the databases so that deep
profiling of any individual will be made harder if not impossible.

8. Record history
Q: If this is just an identity card, why do we need a record history of all transactions you’ve
made?
A: Logs are limited only to date of authentication request, requesting entity, and response to
the request. What we want to ensure is that people will know whether there had been an
unauthorized authentication request that was made on his identity. It does not contain any
information regarding the nature of the transaction behind the authentication request. This is
different from the transaction log of the actual service that you availed of, which is outside of
the PhilSys.

Q: Should we not include a time limit for the record history retention?
A: We can consider this. We can match the retention period with the statute of limitations for
filing fraud cases so that we can still make use of the information that we find in our record
history.

9. Budget
Q: Do we have money to make this effective? Will you providing training to all government
agencies and upgrade their technologies to ensure that they will be able to keep up with the
law?
A: We recognize that there will be many labor pains in bringing this initiative to fruition. Budget
will be coming from the General Appropriations Act. We are bound to promulgate an IRR within
60 days from the enactment of the law, but that doesn’t mean that the IRR is set in stone. We
can always update the IRR as necessary.
 10. Breach management
A: The PhilSys has been working with the NPC for breach response and penetration testing, but
of course we cannot guarantee that it will be completely hacker-proof. We can learn from the
experience in other jurisdictions where the digital ID system is now more mature. We’re also
trying to insulate the PhilSys from all other databases precisely to discourage hacking.
Tokenization is also one of the things we’re looking at to ensure that the databases will not be
linked together to create a deep profile of any person.

11. Industry standards and best practices

Q: What standards are being used to ensure that this system will do as it is meant to do?
A: There is an e-government masterplan that has been a work in progress for decades, and this
is constantly updated to reflect technology changes (Philippine government inter-operability
framework). For the PSA we are using the PGIF as of 2014 but we welcome changes and
suggestions that you may have.

12. Privacy Impact Assessment

Q: When will the PIA be implemented?
A: PIA for the pilot implementation of 1m registered households, then another PIA for the main
project rollout. But we are not yet sure if we will allow stakeholders to join the PIA because it
might show a lot of vulnerabilities in the system.

13. Sex reassignment

Q: Will a person who has had medically-assisted sexual reassignment be allowed to change the
pertinent entries in his records?
A: No because Philippine law does not yet recognize elective, medically-assisted sexual
reassignment. So we cannot change the entry if a person opts for such a procedure.

14. PhilSys pilot of 1M participants by December

Q: How will you collect and store the information, and will you be issuing the actual ID cards?
Are there are already specifications on the equipment that will be used?
A: We have not yet started discussions on the pilot project because we are focused on the IRR
formulation. We expect that other cards such as the UMID will slowly be phased out and only
the PhilID will be the primary identity card, but of course we can’t prevent other agencies from
issuing their own cards and putting other functionalities into those (such as ATM capabilities for
the GSIS). These other IDs will also not be invalidated. For us, we want to make sure that the
PhilID is just a proof of identity for everyone. We need to strike a balance between privacy and
functionality, because the more functionalities you put in, the more vulnerable it is.

15. Registration is mandatory – contrary to news reports that is optional.