Lawmakers raise data security concerns after PNP-NBI breach
MANILA, Philippines — Two lawmakers have raised concerns about the safety of Filipinos’ personal and confidential information with government agencies after over 817 gigabytes of data handled by the police and other law enforcement offices were compromised.
In a statement on Thursday, Alliance of Concerned Teachers party-list Rep. France Castro said that the latest data breach puts into question how safe personal data under the National Identification Card System and the subscriber identity module (SIM) card registration are.
According to a report by cybersecurity research company vpnMentor, 1.279 million records with the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and PNP’s Special Action Force (SAF) were exposed.
“Ano ba naman ito? Di ba dapat ang mga law enforcement agencies ang pinakasecure dapat ang data tapos na hack lang ng ganito dahil exposed daw ang data at ni wala man lang password ayon sa VPNMentor,” Castro said.
(What is this? Isn’t it that law enforcement agencies should have the most secure data, but instead, it was easily hacked because it was exposed and there are no passwords, according to VPNMentor.)
“It also begs the question of how safe the data under the national ID system, the SIM registration, and even the proposed E-governance bill. If government law enforcement agencies were hacked, how can we be sure that the PSA or the telecom data from Filipinos are safe,” she added.
House Committee on Ways and Means chair and Albay 2nd District Rep. Joey Salceda called on the National Telecommunications Commission and the National Privacy Commission to ensure that data collected under the SIM Card Registration Law is “well-guarded and secure.”
This is to prevent a similar incident with data from the SIM card registration activities, which would go on until April 26.
“SIM Card registries will be the largest source of personal data in the country. So, they will be targets. I call on the NTC and the NPC to make the necessary reviews and proactive measures to ensure that a similar data breach will not take place in SIM registries,” Salceda said in a separate statement.
“That probably means a periodic audit of privacy protocols of telecommunications companies by the NPC. And that has to be sooner rather than later,” he added. “LGUs are holding their own SIM Card registration activities. That’s great, but we need a baseline of rules and protections.”
Castro meanwhile suggested that a Congressional probe should be done to determine if public information is indeed safe in the government’s hands.
“In essence, these agencies built a database of personal information, where people are obligated to register, but such data are the target of hackers and can be easily obtained if unsecured,.” she said in Filipino.
“This has to be investigated by Congress because the very privacy and safety of our people are at stake here,” she added.
Aside from asking authorities to safeguard public data, Salceda also asked why there is a need for both NBI and the PNP to issue clearances.
According to Salceda, the government should consider doing away with the process of asking for a police or NBI clearance as a requirement for employment and other engagements.
“Frankly, the PNP and other law enforcement agencies should not be in the business of storing the personal data of law-abiding citizens. And besides, that distracts from their law enforcement functions,” Salceda said.
“If you are involved in some crime, we can probably get your data easily anyway. Rather than putting ordinary law-abiding citizens through the hassle and expense of clearances, as well as the risk of data breach, why don’t we normalize due diligence among employers?” he asked.
“Otherwise, you have a system where no good deed goes unpunished. For following the law, you are hassled with having to prove it. That’s insane.”
Salceda said that these law enforcement agencies should focus instead on crime prevention.