LAW, ICT, AND HUMAN RIGHTS

Makatizen, smart cities, and good governance

Numerous local “smart city” initiatives have cropped up in recent years. One of the most notable was made possible by this partnership between IBM Philippines and the Davao City government in 2012. It involved the establishment of an Intelligent Operation Centre (IOC) meant to address public safety and security concerns. The local government unit, along with Cebu and Manila, was also identified as one of the pilot cities of the ASEAN Smart Cities Network.

Meanwhile, Chinese telecoms company Huawei has implemented its Safe City project at the Bonifacio Global City in Taguig. It may be a sneak peek into the future envisioned by the Safe Philippines Project, which is another China-financed endeavor and involves the installation of a 12,000-camera surveillance system in selected metropolitan areas around the country.

Unfortunately, when one looks at all these programs, it becomes clear that very few of them actually fall within the generally accepted definitions for what constitutes a “smart city” initiative. A smart city, according to UK-based privacy advocacy group Privacy International, is a “a marketing term used to define the use of technology – and in particular data collection – to improve the functioning of cities.” For the World Bank, it may assume one of two possible definitions. First, as “a technology-intensive city, with sensors everywhere and highlight efficient public services, thanks to information that is gathered in real time by thousands of interconnected devices;” second, as “a city that cultivates a better relationship between citizens and governments – leveraged by available technology”.

All the local programs are nowhere near any of the those definitions. So far, they are nothing more than crude community surveillance measures focused on connecting CCTV systems into a unified monitoring platform.

All except one, it seems.

One rare example of a truly comprehensive smart city program is that of Makati City. The city government’s digital governance initiatives include a command center for emergency response and disaster risk mitigation, a free internet program through the installation of a citywide fiber optic loop, and a comprehensive city app. At the heart of all these different elements is Makatizen, an identification card available only to Makati residents. Through the city government’s partnership with GCash, the card has a digital payment feature that allows cardholders to use it for transactions such as paying taxes, as well as receiving cash allowances and other government benefits.

For all its efforts that make use of technological innovation—including the Makatizen Card—for governance, Makati City has received several national and international awards and recognitions. A couple of years after its launch in 2017, the Makatizen Card project was hailed as the overall winner in the Best in eGov Customer Empowerment category of the 2019 Digital Governance Awards. That same year, some of the city’s smart city initiatives were also recognized in the World Smart City Awards. And then, just last year, amidst the COVID-19 pandemic, the city garnered praise from the World Smart Sustainable Cities Organization for its technology-driven pandemic response. It included the use of the Makatizen card and mobile application to facilitate the distribution of financial aid among its residents.

With the rest of the country now slowly coming to terms with a unified identification system in the form of the Philippine Identification System (PhilSys), the Philippine Statistics Authority, as primary implementer, together with other concerned agencies could probably benefit if they learned more about the successes of the Makatizen project, including any challenges it may have faced.

But let’s be clear about that. No one is saying Makatizen should already be hailed as a model ID program worth emulating with rose-tinted glasses. There is still much room for improvement, especially when it comes to the privacy and data protection. In this regard, two items immediately come to mind:

• Data minimization. Having virtually all personal information displayed in the face of the physical card makes the user’s data more vulnerable to unlawful or inappropriate use. In front, the data include the cardholder’s name and photo, the Makatizen number, and an EMV chip for payment. At the back, more personal information may be found: address, date of birth, other government ID (such as TIN), and emergency contact. Should a resident misplace his or her card, a significant amount of information will be affected by such a breach, which could then end up being used for identity theft and other types of fraud.

• Lack of transparency. Very little is known about the data processing activities being carried out using the personal data of Makatizen cardholders. There is no publicly available privacy notice, which would normally provide such information. None may be found in the Makatizen Card application form or the city’s official website. There is also no information about the city’s data protection officer or unit, making it difficult for residents to relay their data privacy concerns or questions, including those about the  ID system. Finally, since the card program—as well as most of Makati City’s digital governance projects—is a product of a public-private partnership between the city government and a private corporation (Globe Telecom), there should also be ample information about the collaboration, especially any data sharing arrangements they may have. But that is not the case either.

For now, it may be fair to say that the Makatizen Card appears to be what proponents of the PhilSys (including its PhilID card component) want the latter to become at some point. There is certainly no shortage when it comes to pronouncements by public officials alluding to this. And it’s not just that. Soon, people may see many more similar platforms  given the emergence of other local ID systems such as the QCitizen card.

Because of the present context, it shouldn’t really be that surprising. The COVID-19 pandemic has pushed the digital transformation by local governments to levels no one could have ever predicted—certainly not at this rate, at least. Just this past year and a half, LGUs have had to establish their own online platforms and mobile applications for various purposes like contact tracing, aid distribution, and more recently, vaccine registration.

Confronted with such a future, one would hope that officials and regulatory authorities are keeping their eyes peeled to make sure all these developments are kept in check. They should all be wary of redundancies and must be constantly evaluating the need for more ID systems. After all, keeping existing ones secure and relevant is already proving to be too much in many instances. We also have to remember that when it comes to data collection, more is not always better. Most of the time, quality is actually what’s most needed when solving the bigger puzzle that is good governance. Sometimes it’s the quality of the data; other times, it’s those handling them.

Jessamine Pacis is a program officer at the Foundation for Media Alternatives. While she works mostly in the areas of privacy and data protection, she also takes interest in related fields like digital labor, cybercrime, and freedom of expression.