[dropcap letter="R"]ecently, in response to a massive spike in cyber fraud and various other cybercrimes, the DOST has started the initiative to launch an internet infrastructure designed to protect the Filipino netizens.
Dubbed the Philippine National Public Key Infrastructure (PNPKI), it seeks to make it easier to interact with government agencies online and reduce the risk of encountering poseurs by utilizing a digital certification system: essentially, a means of authenticating and validating virtual identities in real time.
While not all of us may be tech savants, here are, in the simplest possible terms, the ways to make sense of why the DOST set this up, and what it means for us.
[buffer by="5px 15px 5px 15px" id="bar"]8. People get fooled online, all the time.[/buffer]
We don’t just mean fooled by fake Facebook headlines: we mean fooled in worse ways. A PNP study shows that 9 out of 10 Filipinos have been, knowingly or unknowingly, victimized by cybercrime, and this alarming statistic needs to be addressed.
[buffer by="5px 15px 5px 15px" id="bar"]7. The PNPKI is like a digital ID.[/buffer]
Key organizations and people are already enrolled under the PNPKI, such as SSS or Pag-Ibig. If you, as an individual, also choose to avail of this, it will likewise assure others of your identity. Long story short: if you were about to send over a good chunk of your savings to the SSS via the internet, you better be sure you’re really sending it to the SSS.
[buffer by="5px 15px 5px 15px" id="bar"]6. The PNPKI certificate lasts for two years.[/buffer]
Machine upgrades, technological advancements, personnel changes, and much more means that you can’t expect the certification to be a permanent thing. A two-year period is a reasonable amount of time.
[buffer by="5px 15px 5px 15px" id="bar"]5. Sending data within the infrastructure is far more secure.[/buffer]
With all users sending data through the infrastructure all validated and identified, the risk of files being intercepted or containing malicious programs is minimized. At worst, if the malicious file sent was deliberately done, the culprit is easily traced because everyone has a digital ID within the infrastructure.
[buffer by="5px 15px 5px 15px" id="bar"]4. The PNPKI certification process is centralized.[/buffer]
What this means is that everyone involved in the PNPKI initiative will have to be certified under only one body, the National Computer Center (NCC), which makes it easy to have a comprehensive database at hand for security purposes.
Obviously, the fear is that if the NCC is compromised, then there goes that infrastructure, but the alternative of having multiple certifying bodies is inefficient and ultimately counterintuitive.
[buffer by="5px 15px 5px 15px" id="bar"]3. The certification process should not exceed five days.[/buffer]
This is the digital age. Red tape should not be as big a deal in a purely digital transaction.
[buffer by="5px 15px 5px 15px" id="bar"]2. This does not change anything for you if you don’t want it to.[/buffer]
No, you are not forced to get a digital ID if you don’t want it to. However, it at least assures you that if you ever have to transact with SSS or Pag-Ibig or the like, you are really doing so. You only need to get a digital certificate if you plan to send files that only specific people can see through the PNPKI. This whole sending files safely through the PNPKI bit is what we call “encryption.”
[buffer by="5px 15px 5px 15px" id="bar"]1. We need this.[/buffer]
I think it can’t get simpler than that. We really need to have a proper system, because if you can just renew your NBI Clearance via the internet, wouldn’t you want to jump on the chance? This opens the door for that.