Many may not have noticed it, but the Philippine Overseas Employment Administration (POEA), an attached agency of the Department of Labor and Employment (DOLE), may be in violation of the government’s Internet domain names policy by registering not one, but two, critical programs that impinges on the privacy of OFWs.
This was the observation of the Lilac Center for Public Interest, Inc. (Lilac Center) which recently called on the DOLE to be transparent by making public the individual/s under whose name/s the bmonline.ph and idole.ph are registered.
The bmonline.ph is the Internet site of the Balik-Manggagawa Online Processing Center which facilitates the issuance of overseas employment certificates (OECs) to returning OFWs, while the https.idole.ph is the Internet portal of the controversial OFW ID Card. Both Internet portals collect, access, use, disclose, or process private OFW data or information.
In a media release, Nicon F. Fameronag, president of the Lilac Center, warned OFWs that their privacy might be compromised when using the two portals.
“By their domain names, .ph shows it is for commercial use and its registrar is a private businessman, hence, for profit, while the .gov.ph domain is solely for registration of Philippine government agencies.
“The government’s Internet domain names policy requires subsidiaries, attached agencies, and non-autonomous components of top-level entities to register their domain names under .gov.ph. They are not eligible to register separately,” Fameronag said.
The .gov.ph domain is delegated from the root authority to the Department of Science and Technology’s Advanced Science and Technology Institute (ASTI). On the other hand, the .ph domain name is administered by dotPH Domains Inc., owned by businessman José Emmanuel "Joel" Disini, chief executive officer. This company also holds and maintains the database of domain names .com.ph, .net.ph, and .org.ph.
This being the case, the Lilac Center official said whoever owns the domain names bmonline.ph and idole.ph—(and surely, it is not the POEA,” said Fameronag)—could have access to valuable private data of five million or more OFWs. He expressed fear that the person or persons who had registered the two domain names and who administer the two portals could have already accessed OFW data and used them improperly.
“Without us knowing who have access to sensitive OFW data and what security guarantees there are for their processing, OFWs face the very real danger of their personal information being stolen or worse, used for sinister purposes,” Fameronag explained.
This is possible, he said, because dotPH Domains, Inc. has developed the so-called Shared Registry System (SRS) which enable domain name registrars and Internet Service Providers (ISPs) to manage domains and accept registrations on their own websites by connecting to the dotPH registry backend.
“There is a module that downloads and installs on servers actual communication with the registry backend, accepts online credit card payments, and hosts websites,” Fameronag said.
Finally, the former DOLE executive said that because the two POEA portals engage in the collection, access, use, disclosure, or other appropriate processing of private data or information, the servers being used by these online sites should be governed by Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and its Implementing Rules and Regulations.
He also said unsuspecting OFWs can be attracted to use the portals bmonline.ph and idole.ph because these display and contain official POEA and DOLE logos.
“Is there an agreement between the DOLE and the POEA for the private owners of bmonline.ph and idole.ph for the use by the latter of official government logos or icons?” Fameronag said, as he urged Secretary Silvestre H. Bello III to investigate the matter. (VGarciaBlogs)