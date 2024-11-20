Press Release

November 20, 2024 Transcript of Interpellation by Senator Risa Hontiveros

Plenary Debates on the 2025 National Budget (DICT)

November 20, 2024 Senator Risa Hontiveros (SRH): Good sponsor, una tungkol sa FinTech regulation. From November 8th to 9th, 2024, a number of GCash users reported what they described as unauthorized transactions or transfers with 1,000 or 2,000 pesos being deducted from their accounts while they were sleeping. Often in quick succession, and transferred to accounts connected to unknown phone numbers. This followed similar incidents in 2023 when multiple GCash accounts were compromised using phishing attacks staged through various online gambling platforms. GXI, the company that operates GCash, denied that the incidents were caused by hackers or other malicious actors and attributed the unauthorized deductions to errors in its ongoing system reconciliation process. Last November 11th, it was reported that the DICT had started its investigation of the incident. Paano po mako-confirm ng DICT kung yung unauthorized deductions ay talagang sanhi ng reconciliation errors o gaya ng sinususpetsya ng ilang mga tao, ng mga hackers o ibang malicious actors, good sponsor? Sen. Gatchalian: Mr. President, the DICT investigated the matter in coordination with the BSP. FinTechs, including GCash, is regulated by the BSP. But in this particular case, the DICT coordinated with the BSP to investigate what really happened. And based on the briefing that I got regarding this matter, the incident with GCash is not caused by external actors, but it is caused by an internal glitch on the software and that has been the result of the investigation. And so from what I understand, GCash is already rectifying the issue, Mr. President. SRH: Salamat, good sponsor. So tapos na po yung investigation ng DICT at final na yung kanilang findings at satisfied na po sila sa findings nila, good sponsor? Sen. Gatchalian: Mr. President, from the briefing that I got, the investigation is final unless the BSP decides to call on the DICT for additional technical investigation. But as far as the investigation goes, it's an internal glitch or internal error that created the issue with GCash. And the good thing here is the ICT did not detect any external hacking that transpired. So it's now incumbent upon GCash to rectify their system. SRH: Salamat, good sponsor. Ano po yung methodology na ginamit para i-determine yung sanhi nung event? At ano yung nature ng glitch na nadiskubre, good sponsor? Sen. Gatchalian: Mr. President, Senator Risa, they used what they call the penetration test as part of their methodology. They also analyzed the logs in that particular system. They also analyzed or did a lot of analysis on the records submitted to the DICT. They also looked at particularly what they call the "ang pao" system. In fact, I read this. SRH: "Ang pao" system? Sen. Gatchalian: Ang Pao. From what I read over the internet, this is a system that gives out small gifts. I think when you use the GCash on a regular basis, you also get small gifts as a reward for using GCash. SRH: So parang ang pao nga po, good sponsor. Yung mga binibigay nating regalo sa mga ina-anak tuwing pasko, naka-red envelope. Sen. Gatchalian: During Chinese New Year, nagbibigay tayo ng ganun. So the system is called the Ang Pao system as well. So they looked at this system particularly and they did not find any traces of external hacking, Mr. President. SRH: Salamat, good sponsor. At the nature of the glitch was? Sen. Gatchalian: It's a software bug, Mr. President. SRH: Software bug? Bug, Mr. President. Software bug? Bug, Mr. President. Sen. Gatchalian: Bug, Mr. President. So it's an internal error that was due to a bug and the software created all of these issues in regards to the subscription of the users. SRH: Salamat, good sponsor. At huling tanong sa pagsang ito, anong mga pondo ang inallocate ng department para siguruhin na yung GCash at iba pang fintech services, Maya at iba pa ay stable, transparent at trustworthy? Good sponsor. Sen. Gatchalian: You mean the budget allocated? SRH: Opo, ng department. Sen. Gatchalian: In this case, there's no... DICT did not spend for the investigation since BSP is the regulator of all fintech companies and fintech products. It was BSP who tapped DICT to investigate this matter. SRH: Sorry, good sponsor. I didn't express myself clearly. What funds in the fiscal year 2025, GAA, would the department be allocating for this? Sen. Gatchalian: It will fall under the cyber security funds of the DICT, Mr. President. SRH: Salamat, good sponsor. Sen. Gatchalian: So, the amounts, let me just get the exact amounts. It's under the ICT and cyber security policies development and management to a tune of a billion pesos, Mr. President. The funds allocated to cybersecurity and to matters like this, Mr. President. SRH: So hindi maliit na halaga. So that's good that there's something that could be meaningful in order to correct this current situation and make sure it doesn't recur. Dako naman po ako, Mr. President, sa China data rerouting. In 2018, according to a report published by the U.S. Naval War College, China Telecom reportedly, quote, misdirected big chunks of internet traffic through a roundabout path that threatened the security and integrity of data passing between various providers' backbones for two and a half years, close quote, including data from Canada to Korean government sites by using points of presence, or POPS, which are data centers that mostly reroute data traffic - which China Telecom had quietly established in North America and exploiting a distinct lack of security in the internet's border gateway protocol or BGP. After being misrouted, this data can be analyzed or mined for various purposes, some malicious. Now I don't need to remind the DICT that China Telecom has a massive point of presence in this country. May katulad ba na BGP hijacking attempts na nasubukan dito sa Pilipinas? At paano sinisiguro ng DICT na yung data traffic natin, lalo na yung sensitive data traffic na vital sa national security,ay hindi rin nirereroute sa ganoong paraan, good sponsor? Sen. Gatchalian: Mr. President, I was informed by the DICT that there's no known record of BGP hacking in our country and as a proactive measure they're discussing with the local telcos to come up with a secure BGP. So that's the initiative that DICT is undertaking proactively in order to prevent hacking from happening. SRH: Salamat, good sponsor. At satisfied naman po yung department na kapag nakabuo sila nitong BGP sa mga local telcos, ma-eensure na hindi maririroute yung data traffic natin, good sponsor. Sen. Gatchalian: Yes, Mr. President. They're very confident in that, Mr. President. SRH: Salamat, good sponsor. Tungkol naman po sa National Government Data Center. Recently, members of my staff visited the South Korean government's National Data Center - what can be described as a national cloud server. It was probably one of the most highly secured facilities in South Korea with very strict access protocols. I know we're pursuing a similar initiative here. Ano po yung relative merits at disadvantages ng pag-centralize ng ating data center requirements kumpara sa yung bawat individual agency, bawat LGU, mag-maintain ang sarili niyang facilities, good sponsor? Sen. Gatchalian: Mr. President, the question is what are the advantages and disadvantages of centralizing it or decentralizing it? SRH: Yes. Sen. Gatchalian: I was informed that the DICT is employing a hybrid approach to the data center. So meaning, they will also use commercial data centers, Mr. President, like for example, data centers of Amazon, Google, because these are well-established, commercially available data centers that are cost-efficient, Mr. President. But at the same time, the government is also putting up its own data center to service various government agencies, Mr. President. The advantage of having one data center compared to a decentralized is, number one, is the technical knowledge, Mr. President. Management of data centers is quite complicated. And not all, not every LGU or different government agencies can manage a technical entity. It's also very expensive to put up data centers. The Secretary told me that a good practice of data centers is to have a backup system. So just imagine if you decentralize it, different agencies will have a data center and a backup system, Mr. President, as opposed to just one central database, data center and one backup system, Mr. President. So, the cost advantage of having a centralized data center is, the advantages is, number one, it's cost-effective, number two, it's the technical expertise is there, and number three, Mr. President, economies of scale, Mr. President. SRH: Salamat, good sponsor. It almost seems like a work in progress. Dahil sa simula, nag-i-employ yung gobyerno ng hybrid approach, I guess the department especially will be testing this as we go along, harvesting lessons and then finalizing in a way the Philippine design for a government or government-cum-private data center. Eventually, posibleng po ba good sponsor maging parang PPP siya? Although, of course, headed by government, para ma-optimize itong tatlong advantages so far na natukoy ng good sponsor. Sen. Gatchalian: Mr. President, from what I observed with technology, technology moves very fast. In fact, changes in technology come in almost yearly, Mr. President. So, for government to buy technology, manage it, seems like it's the most inefficient way of approaching or using technology. Another approach will be paid-for- service type of approach, Mr. President, in which you use their technology but you pay in the form of service, Mr. President. So, when I was being briefed by DICT in the past, they've used this paid for service type of approach in various technologies that DICT is employing, one of which is data centers, Mr. President. But to preserve security and also confidence, the DICT is a part of the capacity, but on a hybrid basis, Mr. President, meaning the government owns part of the capacity, but at the same time, it also pays other services or other entities for the use of their data centers, Mr. President. And it's not remote that one of these big companies will set up here in the Philippines, their own data center and government can actually lease capacity from them. SRH: And I guess finally on this topic, good sponsor, iba rin siguro yung, well definitely, iba yung context sa South Korea, kaya ang nabuo po nila at inooperate na modelo ay isang national government data center, and we, with our own national context, ganito po yung approach natin, at least sa ngayon, tapos yung na-foforesee nating possible scenarios that will materialize in the near future. Salamat, good sponsor. Tungkol naman po sa public broadband. In theory, internet access can drive economic development. Access to internet-based technologies can help workers be more productive. It may also enable access to markets and commercial information, increasing demand for goods and services. For example, research in the United States showed that subsidizing internet access improved outcomes among low-income families. However, it was recently reported that the DICT's budget for public Wi-Fi was good for only five months. Hindi po bang pwedeng iproject yung mga costs na ito, good sponsor, bilang bahagi ng budget process? Sen. Gatchalian: Thank you, Mr. President. Well, Mr. President, the demand for free public Wi-Fi is definitely on the top of the list of many agencies, including the education sector, Mr. President. In fact, because of my engagement with the education sector, it's very difficult for the education sector to go into online learning or distance learning without access to the internet. So definitely, if we can rollout free public wifi and prioritize schools, that would be the best case, Mr. President. So seeing that need, we increased the budget allocation for free public Wi-Fi from P2.5 billion to P7.5 billion, Mr. President, for this coming 2025. And it will also prioritize the education sector, Mr. President. SRH: Salamat good sponsor. Good to hear that, for starters, tinitriple natin yung budget para sa line item na yan. And after all, di ba, inuutusan tayo ng Constitution bigyan ang highest budgetary priority ang edukasyon and as the good sponsor has shown, ito pong pag-provide ng free public Wi-Fi ay masasabi nating bahagi ng pag-improve ng educational outcomes ng ating mga estudyante. The so-called digital divide affects human capital development as it has been found that inadequate access to technology can hinder students from learning the technological skills necessary to succeed in the current economy. Ano pong ginagawa natin para siguruhin na yung mga disadvantaged households natin ay merong at least kaunting access sa data at natutulay yung digital divide? Sen. Gatchalian: Mr. President, from the briefing I got from DICT, there are two major projects that DICT is embarking on. One is the fiber optic backbone that is being rolled out by DICT. And one of the objectives of this fiber optic backbone is to lower cost, Mr. President. Lower cost for our local government units. lower cost also for those what we call national agencies, and also for in the future they might offer this to ISPs, internet service providers, that connects to the last mile areas, Mr. President. So that's one of the projects that DICT is currently doing. And the other one is the free public internet access program or free Wi-Fi for short, as I call it Mr. President. And by increasing the budget from P2.5 billion to P7.5 billion, the aim there is to increase the access points and increase the locations to areas where students and also communities don't have access to the internet, Mr. President. So those are the two major programs or two major projects that the DICT is currently doing to improve internet access of our constituents. SRH: Salamat, good sponsor. At dun sa particular na atensyon din sa pag-connect sa mga last mile areas. Kung saan nga marami sa mga disadvantaged households natin ay nakalocate kasama yung mga young members ng households na yun, yung mga estudyante. Second to the last question, good sponsor, following the welcome declaration of the President banning POGOs, our law enforcement officers have found an alarming trend that instead of using POGOs as regulatory cover, guerrilla scam operations are now emerging, perhaps even harder to detect. Ano pong magagawa ng Cybercrime Investigation and Coordinating Center o CICC para i-address ito, good sponsor? Sen. Gatchalian: Thank you, Mr. President. Well, Mr. President, I'm happy to report that CICC has managed to apprehend 11 scam hubs, both illegal and both legal. And this is in cooperation with various law enforcement agencies such as PNP and NBI, Mr. President. And they have the technology to also detect scam hubs in the country. And they also have a hotline, Mr. President, that people can call and report this type of scamming operation, Mr. President. As to the methodology, Mr. President, the department is requesting for an executive session on what type of technology that they are using in particular, but they have the technology to detect, Mr. President. SRH: Salamat ng marami good sponsor at sa department. Certainly, kung magtatawag ang good sponsor ng executive session, isa na po ako na dadalo with great interest. And it's good to know na meron na pong ganitong ongoing at mabubungang pagkilos ang CICC. Akala natin noon PAOCC lang meron din palang CICC. That's good to know, good sponsor. At huling tanong ko na lang po sa umagang ito, the Cybercrime Prevention Act punishes computer-related forgery, fraud, and identity theft. Tinatag nito ang CICC nga para mamuno sa operasyon ng pamahalaan laban sa cybercrimes. Pero ngayon, naganap ang text scams ng mga nagpapanggap sa bangko o e-wallet. Ang mahirap pa dito, hindi kang mapapaniwala ka dahil ang pinanggalingan ng text, pangalan mismo ng bangko o e-wallet. Ano po nila na-abuso sa ganitong paraan ang ating ICT systems? At ano po ang ginagawa ng CICC laban sa mga manlulokong ito, good sponsor? Sen. Gatchalian: First, Mr. President, the NTC has issued directives to telcos to become very strict in terms of issuing SIM cards, Mr. President. So, if you remember, in one hearing here in the Senate, I think it was NBI who demonstrated, yung mga unggoy pwedeng kumuha ng SIM cards, Mr. President. I don't know if you were there, but that was one of the hearings that they demonstrated. Because there is no... The system that the telcos are using is very primitive, Mr. President. So NTC released several memos to the telecom companies to use the most latest technology to detect fraud and fake identities, Mr. President. So they have already issued that. And to date, they have blocked almost 2 billion SMS, Mr. President. They activated 2.3 million SIM cards and blacklisted 10 million numbers, Mr. President. So the NTC is also doing its share to make sure that the type of text blast or spam, as we call it, will be reduced, Mr. President. But admittedly, there's much to be done. I noticed a recent trend. Before, we would get a lot of anonymous texts offering jobs or loans, but now we get a lot of anonymous texts offering properties, Mr. President, for sale. So, I think because of the shutdown of POGOs, all of these loans disappeared. But the selling of properties now replaced all of those, Mr. President. So, despite the strict directives of NTC, there's still a lot of things to be done. And NTC is here listening, Mr. President. And this is a suggestion to them to analyze what's happening currently and if they should issue stricter guidelines to use other technologies, then they should do so, Mr. President. But the good thing is NTC managed to block a lot of SIM cards, Mr. President, and prevents spamming and scamming from happening. SRH: Salamat, good sponsor. I thought it was bad enough na kung bulag tayo, makakakuha tayo ng driver's license. So worse, ang unggoy pala, ma-issuehan ng SIM card. Sen. Gatchalian: Yes, Mr. President, because before, when you register a SIM card, you just put any picture, any name, and they will give you a SIM card, Mr. President. So if you put a picture of a gorilla, the system will accept it, Mr. President. Pag linagyan yung pangalan nyo doon, Juan de la Cruz or any name, tatanggapin ho yun ng system. So the NTC released many directives to the telecom companies to use modern technology. So because of that, they've managed to prevent the propagation of this type of illegal activities. SRH: Sa modern technology, good sponsor, common sense. Although some of us might look like gorillas, pero medyo pag-gorilla mag-apply sa'yo, makama-issue ka ng SIM card. Medyo dapat kahit low-tech ka... Anyway, good sponsor. Sen. Gatchalian: Yeah, but some of the technologies, Mr. President Just to share with the Her honor Selfie capture, Facial liveliness check I think kailangan mo na gumalaw ngayon, Mr. President to demonstrate that you're a live person, Disabled stock upload photo, Facial recognition and matching, OCR and data matching. Ito po, nasa screen, Mr. President. We flashed it on the screen. These technologies are mandated to the telcos to use, Mr. President. SRH: Salamat, good sponsor. And speaking of technology, nakaka-import ba ng mga devices na nag-spo-spoof sa cell sites? At kung nagagawa yun, may import controls ba tayo kaugnay nito? Sen. Gatchalian: Bawal yun, Mr. President. The DICT strictly prohibits importation of those type of devices, especially yung mga text blast or other form of telecommunication devices, Mr. President. So, bawal yun. But admittedly, some people smuggle it to our country. In fact, during the height of POGOs, I remember the PNP or NBI apprehended an individual possessing really sophisticated texting equipment or even hacking equipment, Mr. President. And if you remember, Senator Risa, when we inspected POGO sites, we also saw a lot of text blasting machines, a lot of machines with thousands of sim cards plugged in it. So those are the machines plugged in our country but those illegal, you cannot use that here in the country. SRH: Salamat, good sponsor. Actually, na-anticipate nyo na po yung huling follow-up question ko na how are they able in been able to abuse our ICT systems na nagnecessitate tuloy ng siguro madagdagan pang mga gawain ng CICC laban sa ganitong panloloko. Aside from the use this equipment or technologies, are there other ways that have been identified that these people, these entities have been able to abuse our ICT systems, good sponsor? Sen. Gatchalian: Well, Mr. President, I think we are all aware of the power of artificial intelligence. With that also comes with deep fakes, Mr. President. And we've seen that all over the internet lately. And that's also a cause of concern, especially with our elections coming up just around the corner, Mr. President. So, the DICT is monitoring this very carefully and they are also proactively coming up with some information campaign and also mechanisms to help detect this type of technology being abused. SRH: Maraming salamat, good sponsor. Naalala ko tuloy nung medyo bago pa ang usaping AI, at least dito sa bansa natin. We would hear news from AI practitioners and enthusiasts themselves in other countries na sila mismo nananawagan sa mga big industry players na na-excite sa prospects ng commercialization ng AI na mag-suspend muna ng mga big experiments nila until the safeguards and the protocols could be put in place. So I'm glad na these also seem to be at the back of the minds or top of mind of the ICT. Sa iba't ibang konteksto, yung national security nga natin, yung kagustuhan natin na i-bridge yung digital divide para din sa sustainable development. At yun, yung mga importanteng political processes that regularly come up and we engage in kasama na yung mga eleksyon. So marami salamat po, good sponsor at sa department, sa secretary, sa DICT family. Salamat po, Mr. President.