The claim of passport data theft that Foreign Affairs Secretary Teodoro “Teddy Boy” Locsin Jr. revealed on Twitter raised concerns over the government’s lack of security for Filipinos’ personal records.
Last week, Locsin informed the public as response to queries on Twitter that a private contractor of the Department of Foreign Affairs stole all the data of its passport applicants after the contract got terminated.
Because of this incident, DFA Assistant Secretary Elmer Cato said that those seeking renewals of brown or green passports or the “machine-readable” maroon ones will have to submit birth certificates, similar to the process before transitioning to the e-passport system.
“Because previous contractor got pissed when terminated it made off with data. We did nothing about it or couldn’t because we were in the wrong. It won’t happen again. Passports pose national security issues and cannot be kept back by private entities. Data belongs to the state,” Locsin said.
However, Malacañang pointed out that this additional step is “cumbersome” to affected Filipinos.
“The ongoing practice is not only cumbersome to everyone affected but is a form of red tape which this administration frowns upon and will not tolerate,” Spokesperson Salvador Panelo said.
The National Privacy Commission will also start its investigation of the incident that will cover DFA officials and other stakeholders.
NPC Commissioner Raymund Liboro recommends the filing of criminal charges against the responsible individual, who directly violated provisions of Republic Act 10173 or the Data Privacy Act of 2012. This measure created NPC.
“While we’re a quasi-judicial body, it will be the (Department of Justice) that will file possible charges based on the information we will be able to gather in our fact-finding investigation,” Liboro said.
Government: Blame-game
For Locsin, the passport mess is the fault of the previous administrations of former Presidents Gloria Macapagal-Arroyo and Benigno “Ninoy” Aquino III.
“The problem started under GMA’s DFA and got worse under PNoy’s DFA. It will be solved by PRRD’s DFA under Locsin. The Yellow crowd who perpetrated the passport fraud are in a panic because we are gonna autopsy their crooked deal. Period,” the former broadcaster said on Twitter.
Locsin later mentioned contractors Francois-Charles Oberthur Fiduciare or FCOC and APO Production Unit Inc. or APUIC to be involved in the controversy.
Ex-DFA Secretary Perfecto Yasay Jr., who was the top diplomat from 2016 to 2017, bared a timeline on Facebook on the contractors DFA had made deals with for the production of passports.
THE DFA PASSPORT MESS THE PUBLIC MUST KNOWI believe that requiring the already harassed and exasperated applicants to…
Posted by Perfecto Yasay on Friday, January 11, 2019
It started in 2006 when DFA and the Bangko Sentral ng Pilipinas or BSP entered a memorandum of agreement for the procurement and centralized production of machine-readable electronic passports or MREPs. The BSP awarded it to FCOC.
In 2015, while FCOC’s contract still persists, the DFA awarded another contract to APUI for electronic passports. Yasay alleged that this was done without going through the bidding process.
A graft case was filed back then against former DFA Secretary Albert del Rosario and other DFA officials. Del Rosario denied of any anomaly and asserted that the transfer of contracts from the BSP to DFA was official.
During the same year, the APUIC engaged with another unit, the United Graphic Expression Corporation or UGEC. This violated the agreement it made with the government.
“Under the present scheme of things, the DFA cannot hold UGEC accountable for any breach or screw up in the printing of the E-passport,” Yasay said.
President Rodrigo Duterte intervened in February 2017 when he asked Yasay and Finance Secretary Carlos Dominguez III to request BSP to take responsibility of the MREPs printing again. The BSP “refused to budge,” Yasay said.
The central bank, on their part, assured the public that the Philippine banking sector is safe and secure against threats.
“The BSP has already issued appropriate regulations on establishing and sustaining the banks’ IT and information security management. There were also specific advisories issued in the past,” BSP Deputy Governor Diwa Guinigundo said.
Meanwhile, Del Rosario said that he respected Locsin’s judgment.
“I know that, sooner than later, our SFA will be successful in correcting the current passport problems to the total satisfaction of all our people,” the former diplomat said.
Lawmakers were also alarmed with such revelation and likewise demanded an immediate probe on the situation.
People: Concerns on privacy
Filipinos cited the personal information needed to apply for a passport that an unnamed private contractor purportedly got away with from the DFA.
These include a person’s name, photo, contact details, signature, fingerprint and other supporting documents.
What could the DFA data leak contain? Your name, photo, address, mobile number, parents, parent's mobile number, birth certificate details, passport number (which can be used for personal transactions under your name). Basically everything in your passport. AND MORE.
— kæ (@kaeofficial) January 12, 2019
Others related this concern to that of the proposed national ID system provided by the Philippine Identification System or PhilSys.
There was a @comelec data leak before.
This week, news that the private provider who processed the data of those who applied for a passport with @DFAPHL got the data.
Imagine what happens if the data of the National ID falls in the wrong hands??? @DICTgovph
S.C.A.R.Y.
— Gregorio Larrazabal® 🇵🇭 (@GoyYLarrazabal) January 13, 2019
