As the pre-registration phase of the P4-billion national ID system begins on Monday, Oct. 12, Sen. Imee Marcos has echoed the call of an IT professionals group for the government to explain how a local consortium won the bid to put the national ID system in place after a change in rules midway in the bidding process.
In a statement, Marcos called on the National Economic Development Authority (NEDA) and the Philippine Statistics Authority (PSA) to explain why Indian firm Madras Security Printers (MSP) and its Philippine partner Mega Data Corporation remained the only qualified bidder after the bidding rules were changed.
“This could be another Smartmatic situation,” Marcos said, adding that MSP has been “hounded by controversies” in the past.
“Unless NEDA and the PSA clarify this at once, public skepticism towards the national ID could scuttle the pre-registration phase that begins on Monday (October 12),” Marcos said, adding that it could also delay targets to register 40 million Filipinos by next year and the rest of the population by mid-2022.
The original bidding requirement specified an on-premises system wherein a data center is physically set up at a selected site, but this was later modified to include remote hosting of data in a cloud-based system, according to the Philippine Computer Society Foundation.
After the rules were changed, all other bidders except MSP-Mega Data dropped out of the selection process, short of time to modify the logistics and financials of their bid proposals and meet the submission deadline reset by the PSA.
Marcos cited that MSP continues to be hounded by controversy in its international contracts, citing news in the Bangladeshi media just last July that the Indian firm had failed to deliver 500,000 cards for the Bangladesh Road Transport Authority’s driving license project, leading the government to take up the cost of completion.
African media have also reported that MSP provided the Kenya Bureau of Standards mark-of-quality stamps that were easy to tamper with since they were made only of ordinary adhesive paper, according to Marcos.
“The integrity of our elections, banking access, healthcare insurance, contact tracing, and the delivery of government aid will be put at risk by a flawed national ID system,” Marcos warned, stressing the long-term use of the anticipated national ID cards.
The PSA, in a statement issued on Sept. 30, said that the sudden change of rules was due to its strategy towards incorporating cloud computing as part of a hybrid approach.
This decision, it said, was aligned with the functional requirements of the Philippine Identification System (PhilSys) and the June 2020 update by the Department of Information and Communications Technology (DICT) on the Government Cloud First Policy.
“In pursuing a hybrid architecture solution, PSA adheres to and pioneers the Cloud First Policy of the DICT wherein government agencies are required to adopt cloud computing as the preferred ICT deployment strategy. DICT, as a member of the PhilSys Policy and Coordination Council (PSPCC), signified its support, and assured that cloud subscriptions can be easily activated by PSA,” the agency said.
Dennis S. Mapa, civil registrar general of the PSA, stated: “The hybrid architecture chosen for PhilSys provides PSA with physical control and responsibility over the data center and servers that will hold PhilSys data, while benefiting from the performance advantages of cloud computing for resource-intensive processes such as authentication, back-office functions, and use cases processes.”
The PSA said it intends to house PhilSys applications on the Philippine government cloud while the PhilSys data remains within on-premise data centers.
“Moreover, the core platform of PhilSys called the Modular Open Source Identity Platform (MOSIP) can work effectively with the hybrid solution, as described in the official MOSIP documentation,” it added.
On data privacy and security concerns, the agency said the hybrid cloud architecture will allow the PSA to manage and secure records of registrants in the PhilSys Registry within the Philippines while providing client-facing PhilSys services and applications on cloud technology.
“We believe that the hybrid solution ensures seamless and reliable data transmission while maintaining data privacy and security safeguards for on-premise data centers. We want to deliver the best and secured PhilSys to Filipinos and proceeding with the hybrid solution is a major step towards this goal,” Mapa added.