Lawmakers raise data security concerns after PNP-NBI breach | Inquirer News

Lawmakers raise data security concerns after PNP-NBI breach

/ 11:00 AM April 20, 2023

FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Top U.S. fuel pipeline operator Colonial Pipeline has shut its entire network after a cyber attack, the company said on Friday. REUTERS/Kacper Pempel/Illustration/

(REUTERS/Kacper Pempel/Illustration)

MANILA, Philippines — Two lawmakers have raised concerns about the safety of Filipinos’ personal and confidential information with government agencies after over 817 gigabytes of data handled by the police and other law enforcement offices were compromised.

In a statement on Thursday, Alliance of Concerned Teachers party-list Rep. France Castro said that the latest data breach puts into question how safe personal data under the National Identification Card System and the subscriber identity module (SIM) card registration are.

Article continues after this advertisement

According to a report by cybersecurity research company vpnMentor, 1.279 million records with the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and PNP’s Special Action Force (SAF) were exposed.

FEATURED STORIES

“Ano ba naman ito? Di ba dapat ang mga law enforcement agencies ang pinakasecure dapat ang data tapos na hack lang ng ganito dahil exposed daw ang data at ni wala man lang password ayon sa VPNMentor,” Castro said.

(What is this?  Isn’t it that law enforcement agencies should have the most secure data, but instead, it was easily hacked because it was exposed and there are no passwords, according to VPNMentor.)

Article continues after this advertisement

“It also begs the question of how safe the data under the national ID system, the SIM registration, and even the proposed E-governance bill. If government law enforcement agencies were hacked, how can we be sure that the PSA or the telecom data from Filipinos are safe,” she added.

Article continues after this advertisement

READ: IT experts’ group urges government to strengthen data protection after PNP breach

House Committee on Ways and Means chair and Albay 2nd District Rep. Joey Salceda called on the National Telecommunications Commission and the National Privacy Commission to ensure that data collected under the SIM Card Registration Law is “well-guarded and secure.”

Article continues after this advertisement

This is to prevent a similar incident with data from the SIM card registration activities, which would go on until April 26.

“SIM Card registries will be the largest source of personal data in the country. So, they will be targets. I call on the NTC and the NPC to make the necessary reviews and proactive measures to ensure that a similar data breach will not take place in SIM registries,” Salceda said in a separate statement.

Article continues after this advertisement

“That probably means a periodic audit of privacy protocols of telecommunications companies by the NPC. And that has to be sooner rather than later,” he added.  “LGUs are holding their own SIM Card registration activities. That’s great, but we need a baseline of rules and protections.”

Congressional probe

Castro meanwhile suggested that a Congressional probe should be done to determine if public information is indeed safe in the government’s hands.

In essence, these agencies built a database of personal information, where people are obligated to register, but such data are the target of hackers and can be easily obtained if unsecured,.” she said in Filipino.

“This has to be investigated by Congress because the very privacy and safety of our people are at stake here,” she added.

Abolishing clearances

Aside from asking authorities to safeguard public data, Salceda also asked why there is a need for both NBI and the PNP to issue clearances.

According to Salceda, the government should consider doing away with the process of asking for a police or NBI clearance as a requirement for employment and other engagements.

“Frankly, the PNP and other law enforcement agencies should not be in the business of storing the personal data of law-abiding citizens. And besides, that distracts from their law enforcement functions,” Salceda said.

“If you are involved in some crime, we can probably get your data easily anyway. Rather than putting ordinary law-abiding citizens through the hassle and expense of clearances, as well as the risk of data breach, why don’t we normalize due diligence among employers?” he asked. 

“Otherwise, you have a system where no good deed goes unpunished. For following the law, you are hassled with having to prove it. That’s insane.”

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Salceda said that these law enforcement agencies should focus instead on crime prevention.

 gsg
TAGS: data, hacker, NBI, PNP‎

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.