DFA scraps birth certificate requirement for passports
Birth certificates will no longer be among the requirements for renewing passports, the Department of Foreign Affairs (DFA) said yesterday as it downplayed the impact of the passport data controversy on national security.
Foreign Affairs Secretary Teodoro Locsin. Jr. signed yesterday an order removing birth certificate requirements for passport renewals.
“Signing order removing birth certificate requirement for passport renewals. Old passport is more than sufficient,” he said on Twitter.
After stating that former French contractor Francois-Charles Oberthur Fiduciare took off with sensitive passport applicants’ data, Locsin clarified it was not possible to run off with passport data and that contents were only “made inaccessible.”
“Data is not run-away-able but made inaccessible. Access denied,” Locsin said.
He said APO, the current passport contractor, assured him they were able to access the data from Oberthur but “not much use and parts corrupted.”
While the data was made inaccessible, the secretary said Oberthur would not compromise the country’s security.
“Although APO assured me yesterday they were able to access it though the data is of not much use now. The French never compromise another country’s security because they don’t want to occupy us. No worry about national ID,” he said.
He said he is leaving it up to the Senate to investigate the matter and assure the public that there was no breach or loss of data.
“The Department of Foreign Affairs is taking the word of APO Production Unit that there is no breach in passport data and as sufficient justification in removing the birth certificate requirement in the renewal of passports,” Locsin said in a statement.
“Until then, the department can give no assurances on the safety and security of some data,” he pointed out.
Former DFA chief Perfecto Yasay Jr. reiterated that Oberthur never ran off with the data, which remained entered and kept in the personalization system owned and supervised by the government.
“Furthermore, there does not appear to be any breach of the data entered and kept in that system,” Yasay said.
The likely problem, he said, is that United Graphic Expression Corp. (UGEC) could not access the data as it has a new and different format in the personalization system it created that is not compatible with the format of Oberthur’s system.
Exaggerated
Speaking to The Chiefs Monday night on One News-Cignal TV, Yasay called concerns about data leak completely “exaggerated.”
“That’s not only an exaggeration. It’s completely wrong because there has been no running away,” Yasay said. “I’m only reacting to what’s now being said in an alarming way that there’s a data breach because of Oberthur. That’s completely wrong.”
Oberthur continued to assist the DFA and the Bangko Sentral ng Pilipinas (BSP) in the operation and management of the personalization system with respect to the produc- tion of machine readable electronic passports (MREPs) for free until 2014 when the DFA issued a Purchase Order contract in favor of APO Production Unit Inc., a government credited and recognized printer – and with the assistance of UGEC, a private firm. APO subcontracted the production of e-passports to UGEC.
Yasay called for investigation on cases of “authentically issued” passports and those issued to foreigners.
“What if there are inside people conniving for the breaching of that data and this is precisely why you’ll never be able to address it if you’re not going to correct the mistake of why UGEC is the one doing that contract and cannot be held accountable,” he said.
UGEC, Yasay said, is managing and operating the facility in Batangas where passports are printed.
The former foreign affairs chief also said he wants the questionable provisions in a memorandum of agreement (MOA) that do not hold UGEC accountable amended.
On Sunday, Locsin pointed to the Arroyo and Aquino administrations as the ones “guilty” in the passport mess as he vowed to “autopsy” their alleged crooked deal.
Reminder from DICT
Amid the controversy, the Department of Information and Communications Technology (DICT) is reminding the DFA to be always mindful of its cybersecurity responsibilities.
“If your organization is identified as one of the Philippines’ 12 CIIs (Critical Information Infrastructures), make sure you are fully aware of your cybersecurity responsibilities,” DICT Assistant Secretary Allan Cabanlong said in a statement.
The DFA has been classified as one of the Philippines’ 12 CIIs that the DICT, under RA 10844, is mandated to oversee with regard to information assets and related matters.
“This is to ensure that the welfare of the consumers, as well as the privacy and security of the data collected and used for their specific purpose, adheres to the policies and practices of DICT.
“In line with this, DFA is mandated to adhere to the guidelines set out in the National CyberSecurity Plan 2022 and maintain compliance with DICT memorandum circular (MC) 005, s2017,” DICT stressed.
“In the same fashion, all government agencies are encouraged to abide by the recommendations outlined in the DICT MC 006, s2017. These are guidelines that outline how each agency can better identify threats to their data assets and reduce their risk of exposure significantly,” it added.
Migrante International meanwhile expressed “utmost alarm” over the passport controversy, saying it has put personal information of passport applicants under “serious threats.”
The development is “distressing, considering that it occurred while we are fast approaching the midterm national elections,” Migrante said in a statement.