Monday, May 20, 2013

Are the statements of Malacanang, in its FAQ regarding RA 10372, accurate?


Are the statements of Malacanang, in its FAQ regarding RA 10372, accurate?

Accuracy is the condition or quality of being true, correct, or exact.[i]  This paper aims to answer the question of whether or not the provided responses in the list of FAQ’s provided by the government is correct in relation to law, and is applicable to prevailing circumstances.

This paper enumerates the frequently asked questions with their corresponding answers followed by discussions on its basis or current applicability.

1) Am I still allowed to import books, DVDs, and CDs from abroad?

Answer: Yes. In fact, the amendments to the Intellectual Property Code have removed the original limitation of three copies when bringing legitimately acquired copies of copyrighted material into the country. Only the importation of pirated or infringed material is illegal. As long as they were legally purchased, you can bring as many copies you want, subject to Customs regulations.

>>Before the amendment by RA10372, the importation of a copy of a work by an individual for his personal purposes is permitted without the authorization of the author of the work only under the following circumstances: 
(a) When copies of the work are not available in the Philippines and:
(i) Not more than one (1) copy at one time is imported for strictly individual use only; or
(ii) The importation is by authority of and for the use of the Philippine Government; or
(iii) The importation, consisting of not more than three (3) such copies or likenesses in any one invoice, is not for sale but for the use only of any religious, charitable, or educational society or institution duly incorporated or registered, or is for the encouragement of the fine arts, or for any state school, college, university, or free public library in the Philippines.

The deletion of Section 190.1 and 190.2 from the Intellectual Property Code results in the allowance of any number of reproduction of “works” for personal use and the importation of any number of legally purchased works subject to customs regulations.

There may be some gray areas on how such new regulation can be effectively applied to modern day importation of works. Unlike in the old times whereby works were taken in as tangible objects such as books, CD’s, DVD’s and the likes, these days, most works are acquired as files stored in phones, tablets, computers, and websites. The importation of works stored as music files, e-books, picture files, and the likes may prove to be the challenge in this Question. How would an officer check for importation intangible works? And, if allowed would there be any violation of any Constitutional rights? Although next to impossible, one may consider these facts since the main goal of the law is to protect intellectual property.

SEC. 190. Of the Intellectual Property Code States that subject to the approval of the Secretary of Finance, the Commissioner of Customs is hereby empowered to make rules and regulations for preventing the importation of infringing articles prohibited under Part IV of this Act and under relevant treaties and conventions to which the Philippines may be a party and for seizing and condemning and disposing of the same in case they are discovered after they have been imported or before they are exported.

2) Is the reproduction of copyrighted material for personal purposes punishable by this law?

Answer: No. Infringement in this context refers to the economic rights of the copyright owner. So, if you transfer music from a lawfully acquired CD into a computer, then download it to a portable device for personal use, then you didn’t commit infringement. But if, for example, you make multiple copies of the CD to sell, then infringement occurs.

>>A property for personal use is defined as a type of property that an individual does not use for business purposes or hold as an investment. In other words, property that an individual owns for personal enjoyment. [ii]

 
In relation to infringement, “personal use” may have various meanings especially now that an individual may have several devices loaded with hundreds of “works”, which may be reproduced at the click of a button. Because of this fact, enforceability of the law comes into question. The allowance of reproduction for personal use was not properly defined or limited by law and by Malacanang’s FAQ. This oversight may cause unimaginable losses to our authors and artists.

  The implementing rules and regulation must take into account that “works” may not only come in the form of tangible objects such as books and dvd’s, but also in the form of files, websites, and the likes.

3) Is the possession of, for example, a music file procured through an infringing activity a violation of this law?

Answer: Only if it can be proven that the person benefitting from the music file has knowledge of the infringement, and the power and ability to control the person committing the infringement.

>>The law states that a person infringes a right when one, directly commits an infringement, benefits from the infringing activity of another person who commits an infringement if the person benefiting has been given notice of the infringing activity and has the right and ability to control the activities of the other person, and when one, with knowledge of infringing activity, induces, causes or materially contributes to the infringing conduct of another.

The abovementioned provision is badly needed especially in today’s internet age, where the world becomes smaller and smaller by the day, where thousands of “works” are transferred in a single transaction through the worldwide web. The provision works for the benefit of those who, in good faith, acquired protected works. Tons of data, including protected “works” are transferred to the hard drives of unsuspecting web users who in good faith had no knowledge of infringement.

4) Is jailbreaking or rooting[*] my phone or device illegal?

Answer: No. Jailbreaking or rooting by themselves are not illegal. However, downloading pirated material, or committing infringement with a “jailbroken” phone increases the penalty and damages imposed on the person found guilty of infringement.

>>The primary purpose of jailbreaking in the context of smartphones is to allow the phone to install and run third-party applications that haven’t been approved by the phone manufacturer. Phones that are not jailbroken can only run applications obtained through the manufacturer’s App Store.[iii]

Law law gives an exclusive right to patent owners to to restrain, prohibit and prevent any unauthorized person or entity from making, using, offering for sale, selling or importing that product.

However this exclusive right is also subject to limitations provided by sec 72 of RA 10372.
The said amendment to the Intellectual Property Code by allowing certain acts to be performed even without the authorization of the patent owner such as using a patented product which has been put on the market in the Philippines by the owner of the product, or with his express consent, insofar as such use is performed after that product has been so put on the said market.


As a device owner, one may use a purchased device in any way that he or she desires. Such use is not covered by the restrictions provided by the Intellectual Property Code. The word use may simply include jailbreaking or to install and run third-party applications that haven’t been approved by the phone manufacturer. This may not be evident but the allowance of this process in one way or another affects the economic entitlement of the patent owner. Currently however, it seems that the only consequence of this act is that the warranty of the device is voided.


5) Are mall owners liable for infringement activities of their tenants?

Answer: Mall owners are not automatically penalized for the infringing acts of their tenants. When a mall owner or lessor finds out about an infringement activity, he or she must give notice to the tenant, then he or she will be afforded time to act upon this knowledge. As stated above, the law requires that one must have both proven knowledge of the infringement, and the ability to control the activities of the infringing person, to be held liable. The mall owner must also have benefitted from the infringement.

>>The law states that a person infringes a right when one, directly commits an infringement, benefits from the infringing activity of another person who commits an infringement if the person benefiting has been given notice of the infringing activity and has the right and ability to control the activities of the other person, and when one, with knowledge of infringing activity, induces, causes or materially contributes to the infringing conduct of another.


The requirement of having knowledge of an infringement activity before an establishment owners are held liable presents a challenge for the enforcers of the law. The only effect of this provision is that it gives the advantage of deniability of knowledge to mall owners thereby releasing them of any liability from the committed offense. 

All throughout the Philippines, countless stalls filled with infringed materials are lined inside malls, especially in the provinces, in plain view of everyone, even the people who are supposed to enforce the law and of course, the owners of these estalishments. It is clear that even with good intentions from our lawmakers, our government is plagued with corruption which makes it almost impossible to enforce the abovementioned provision.  

6) Is it legal for the Intellectual Property Office (IPO) to visit businesses to conduct searches based on reports, information, and complaints?

Answer: The IPO may visit establishments based on reports and complaints; this in itself is constitutional. However, if the IPO intends to perform a search and seizure, it must comply with constitutional requirements, such as having a search warrant. A warrant wouldn’t be required, however, if the IPO is accompanied by the Bureau of Customs or the Optical Media Board—two agencies that can perform a search and seizure on their own right without a warrant (per Republic Act No. 1937 and 9239, respectively).
The procedure and safeguards for this are to be spelled out in the Implementing Rules and Regulations.

>> The provided answer in Question 6 properly addresses the query. 
The Intellectual Property Code created the Intellectual Property Office has the following functions:
*  Administratively adjudicate contested proceedings affecting intellectual property rights; and
*  Coordinate with other government agencies and the private sector efforts to formulate and implement plans and policies to strengthen the protection of intellectual property rights in the country.
There is nothing in the law that prohibits visits from the Intellectual Property Office from visiting establishments for the protection of intellectual property rights. It is also proper that in cases of searches and seizure based on complaints and reports, the Intellectual Property Office and the law itself must give way to the rights guaranteed by the Constitution such as the Right against unreasonable searches and seizures and due process.

The Constitution requires that no search warrant or warrant of arrest shall issue except upon probable cause to be determined personally by the judge after examination under oath or affirmation of the complainant and the witnesses he may produce, and particularly describing the place to be searched and the persons or things to be seized.[iv]  


Although all the answers given had legal basis, and are accurate, this material provided by the government may provide more questions than answers. Due to modern day advancements, the enforceability of some of the provisions of the Intellectual Property Code is almost next to impossible without violation of Privacy rights.

However the Intellectual Property Office may compliment the law with an ironclad Implementing Rules and Regulations taking considering the effect of modern day technology on how works are created, acquired, transferred and infringed, to effectively enforce the provisions of the code.








DISCLAIMER: This blog is not made by a lawyer. It is not intended to give advice nor establish any attorney-client relationship with any person. This publication is made solely to comply with the requirements for the subject Technology and the law.




[i] http://www.thefreedictionary.com/accuracy

[ii] Definition of 'Personal Use Property': http://www.investopedia.com/terms/p/personaluseproperty.asp

[iii] Pros and cons of jailbreaking or rooting your smartphone By Debra Littlejohn Shinder, website: http://www.techrepublic.com/blog/smartphones/pros-and-cons-of-jailbreaking-or-rooting-your-smartphone/1460

[iv]Article III Sec2 of  THE 1987 CONSTITUTION OF THE REPUBLIC OF THE PHILIPPINES

Sunday, May 5, 2013

  Topic:  Will RA10173 provide sufficient mechanism for the introduction of the national ID system in the Philippines without constitutional issues as provided for in the case of Ople vs. Torres?
 

            In this modern day age, technology has made it possible to simplify communication processes. One such technology is the biometric system which measures and analyzes human body characteristics, such as DNA, fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes.

Many industries are now using the technology to expedite complex transactions and processes. In high-value e-bank transactions, a bank would first require biometric verification before pushing through with the transaction. Some states also use biometrics for border security by requiring the use of biometric passports.[1]

The creation of a National Computerized Identification System

            In Blas F. Ople vs. Torres GR No. 127685, an attempt, through the creation of A.O. 308, had been made by the government to use this technology locally through the establishment of a National Computerized Identification System. In the said scheme, individuals are to be assigned a Population Reference Number (PRN) as a common reference number to establish linkages among concerned agencies through the use of biometrics and computer application designs.

            A.O. 308 was created to address the need to provide the citizens and foreigners with the facility to conveniently transact business with the basic service and social security providers and other government instrumentalities and the need to reduce, if not totally eradicate, fraudulent transactions and misrepresentations by persons seeking basic services.[2] The law, however, was challenged as vague, inaccurate and highly prejudicial to the welfare of the citizens.  The Supreme Court eventually declared the said law as null and void for violating the Constitutional right to privacy.

Threats to the Constitutional Right to Privacy

            Other than the fact that A.O. No. 308 was issued by the executive branch of the government, the following findings were given great weight for they were clearly threats to the Constitutional guarantees of the right to privacy as to communication and correspondence, as to the liberty of abode and travel, and as to the right against unreasonable searches and seizures:

Section 2 and 4 of A.O. 308 authorized an Inter-Agency Coordinating Committee (IACC) to draw-up the implementing guidelines and standards in the use of Biometrics technology. The said provisions however failed to specify the type or class of biometric feature or biometric technology to be used. Failure to do so may result to the excessive grant of authority to collect and use biometric features and will eventually lead to a violation of Constitutional rights.

From the admission made by the Solicitor General that the PRN’s will be used to generate population data for development planning, it was revealed that the biometric characteristics to be collected were not solely to be used for identification purposes.[3] A.O. No. 308 itself failed to specify, in clear terms, the purpose of the collected biometric data. Considering that a PRN is attached to all transactions with government agencies, it would have contained a vast amount of information pertaining to the PRN owner. The use of a biometric database of the population for any other purpose other than for identification as deemed necessary by the government is clearly prejudicial to the Constitutional rights of an individual.

                  As to the manner of handling biometric data, A.O. No. 308 failed to provide any      procedural guidelines. The order did not   provide the system of processing biometrics, the    circumstances under which data is to be collected and/or processed, the persons responsible for disposing the information as well as their respective accountabilities.

                  As to the safeguards against data leakages, neither A.O. No. 308 nor any other law at the      time failed to safeguard and penalize the unauthorized disclosure of collected information in   relation to all government agencies involved in the National Computerized Identification System. Considering that the scheme is a linkage for various government agencies, an effective law for the system must safeguard the collection of biometric data for each and every government agency concerned.

RA 10173 “Data Privacy Act of 2012” 

            After more than a decade, RA 10173 or the Data Privacy Act of 2012 was enacted by congress to protect the fundamental human right of privacy, of communication while ensuring free flow of information to promote innovation and growth.[4]  The Act composed of nine chapters which include the rights of a data subject, the accountabilities and responsibilities for transfer of information and the penalties for its violation.

In answering the question of whether or not the government may now validly pursue of the National Computerized Identification Reference System, notwithstanding the previous Constitutional challenges to it under Ople vs. Torres, the issues herein discussed must be  presented as challenges against RA 10173.

RA 10173 addressing the Constitutional Issues in Ople vs Torres

·         Unspecified manner/procedures in handling sensitive personal information

In the case of Ople vs Torres, the Supreme Court found that in order to safeguard the  privacy and guaranty the integrity of the information, a law must specify the persons involved and authorized in data management or processing and under what circumstances can the process be lawfully done. Sections 11 and 12 of RA 10173   provide these requirements in detail.

            Section 11 of RA 10173 gives us the General Data Privacy Principles which provides the             circumstances under which personal information is to be collected and processed. Under this provision, personal information must be collected and processed fairly and lawfully. Furthermore,  the provision mandates the use of the gathered data pursuant to the purpose for which they are collected, and the retention of the gathered data for as long as necessary for the fulfillment of   such purpose.

            Sec 12 of RA 10173 on the other hand provides the criteria for lawful processing of  personal information. This provision provides us with the enumeration of circumstances under which the processing of personal information is permitted by law.  

·         Insufficient safeguard against indiscriminate disclosure

            Ople vs Torres also revealed to us the Court’s concern for the lack of safeguard against  the leakage of gathered information. It was noted that A.O. 308 lacks the teeth to guaranty that the information gathered shall only be used for the purpose for which they were collected. This problem opens the door to widespread misuse of the information attached to the PRN of a data  subject. Under the Data Privacy Act of 2012, this concern is resolved by the establishment of a National Privacy Commission who shall ensure compliance of data handlers with the provisions of the Act. This is further reinforced by sections 14, 15, 16, 20, 21, and Chapter VIII of the same law.

            Section 14 of RA 10173 - Subcontract of personal information- sets conditions on when a   personal information controller may subcontract the processing of personal information to ensure the confidentiality of the data gathered and prevent its unauthorized usage. Section 15 on the   other hand grants personal information controllers the right to invoke the principle of privileged communication over the data that they lawfully control or possess. Section 16 is a repository of    the rights of a data subject which lets the data subject gain a sense of control over the already released personal information. This provision empowers the data subject to receive notice on the status of the released information, to dispute errors in the entries of the personal information, to suspend or withdraw his/her personal information from the filing system, and lastly, to be indemnified of any damages sustained due to an incorrect entry of information or an unauthorized  use of such information.

                        Section 21of R.A. 10173 speaks of levels of accountability. The provision not only details the level of accountability of each information controller but also the accountability of third party information processors. This provision is essential to the constant confidentiality of the personal information as it passes through the different stages of data processing,ensuring that the safeguards provided for by law are observed at all levels of such  information transfer.

 
Chapter VIII of the same law contains penal provisions defining the prohibited acts under the  Data Privacy Act of 2012 together with their corresponding penalties. This chapter is essential in the enforcement of the law for the purpose of giving the law more teeth for compliance.


·         Concerns of the Court regarding the decreasing level of reasonably expected privacy

Although not against technology, the Court also raised its concern over the use of computers in data collection, as they can access almost any type of information with ease thereby decreasing the level of reasonably expected privacy. Furthermore, due to the rapid development   in science and technology, what is considered as a secured system under current standards may  become vulnerable after only a short period of time. The very same technology that may enable us to simplify and eventually escape the struggles of bureaucracy may very well be the same  technology that will lead to the impairment of our right to privacy. In this sense, the Data Privacy Act of 2012 becomes more effective as its wordings on establishing guidelines and safeguards are made in a general manner in which it may be made applicable to future conditions or technologies.

While the Data Privacy Act of 2012 effectively lays the foundation for the creation of a National Computerized Identification Reference System, the law that shall establish a National Identification system must be in itself clear and concise in its terms as to effectively grant a  definite authority to enforce the law. The purpose of data collection, may it be biometrics or otherwise, must be clearly provided as to make it complimentary to the provisions of RA 10173 specifically sections 11 d,e and f which provides that the personal information must be:

(d) Adequate and not excessive in relation to the purposes for which they are collected and processed;
(e) Retained only for as long as necessary for the fulfillment of the purposes for which the data was obtained or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as provided by law; and
(f) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected and processed: Provided, That personal information collected for other purposes may lie processed for historical, statistical or scientific purposes, and in cases laid down in law may be stored for longer periods: Provided, further, That adequate safeguards are guaranteed by said laws authorizing their processing.

      Lastly, the type of data to be used or collected and the type of technology must be specified in order to comply with the standards set by law.  Again, failure to do so may result to the excessive grant of authority to collect and use biometric features and will eventually lead to a violation of the Constitutional right to privacy.


Conclusion:

With the enactment of RA 10173, the government may now pursue the establishment of a National Computerized Identification System. The Data Privacy Act of 2012 lays a stable foundation for the utilization of an information gathering system, may it be biometrics or otherwise, through the setting up of a Privacy Commission, and the formulation of precise definitions as to the scope of personal information covered, information processing, chain of accountabilities and respective penalties for its violation. 

The establishment of a National Computerized Identification System will not only reduce, if not totally eradicate misrepresentations and corruptions through fixers but also, the system will expedite government transactions leading to faster provisions of services and social security.







DISCLAIMER: This blog is not made by a lawyer. It is not intended to give advice nor establish any attorney-client relationship with any person. This publication is made solely to comply with the requirements for the subject Technology and the law.



[1] “Biometric Authentication ATMs, Law enforcement and Airports” website:   http://ntrg.cs.tcd.ie/undergrad/4ba2.02/biometrics/now.html
[2] Blas F. Ople vs Torres GR No. 127685 July 23, 1998

[3] Blas F. Ople vs Torres GR No. 127685 July 23, 1998

[4] Sec 2. RA 10173 (Data Privacy Act of 2012)