Thursday May 1 2014

How safe is our national ID data?

By Karoli Ssemogerere

The Kenyan general election of 2013 and obviously many others on the globe had an underlying popular theme: yesterday and tomorrow as clear choices for the voting public. Massed on social media, the debate was narrowed down to digital versus analog. Digital is a big word on its own; it summarises the information communications economy - virtual methods of work rather than bricks and mortar.

In Kenya, even though both leading candidates for president: Raila Odinga and Uhuru Kenyatta came from the same shade of elite who have dominated Kenyan politics for as long as Kenya has been in existence, Uhuru, a decade and a half younger than Raila, managed to hoist himself on the digital message in a closely fought election.

The costly exercise to hand over 30 million pieces of encased plastic to Ugandans will be one month old soon and so far, its efforts have registered 50,000 Ugandans. There are valid reasons for capturing the personal details of more than 30 million Ugandans whose numbers will rise to over 80 million by 2050.

Security concerns, service delivery, and planning are all important for a functioning State. Most countries have some form of valid ID accepted everywhere as sufficient identification issued by a government authority.

It is too early to tell whether the national ID will be a success but a number of important concerns may yet hamper its success. The national ID is proceeding without a clear legislative framework to clearly set out the limits on how citizen information can be used.

Second, the exercise is proceeding on an inter-agency basis and may as yet trample on the constitutional and statutory prerogatives of other government bodies. For example, there is a wish by Internal Affairs ministry that the national ID will eventually be used for voting - a clear attack on the “constitutional independence” of the Electoral Commission.
Last week, Kenya - one of the first countries to adopt a national ID - announced plans to do away with the ‘analog’ ID issued on paper to a digital one used in most developed countries. This move is informed by a number of factors. First, for all its sweeping powers, the national ID has never been a reliable predictor of, for example, adult registered voters.

Second, the system was never able to rid itself of duplicates estimated at about 10 per cent of the population. The Independent Electoral Boundaries Commission of Kenya is accused of having missed more than 10 per cent of the registered voters in certain parts of the country while capturing more than 100 per cent per cent of the registered voters in other parts of the country, an accusation laced with a lot of innuendo in Kenya’s notoriously closely contested elections.

It goes without saying that the world is moving digital. Fortunately, there is a statutory body, the National Information Technology Authority (NITA) whose functions, among others, includes writing IT standards and providing technical advice on how government and the public should approach the use of information technology. NITA’s voice, if present, has been so faint if not absent yet it has a deep bench of highly qualified technical people whom the public would tune into to listen rather than the Minister of Internal Affairs, Gen Aronda Nyakairima.

The legal protections on use of the national ID in intelligence gathering and law enforcement are another area where the public would like to hear from experts at the Human Rights Commission and the Attorney General’s Chambers.

The advances in cryptic technology have already shown how misuse of technology can threaten constitutional liberties, including the right to privacy. Many concerned members of the public have been tuning in to the unregulated wiretap stories revolving around another military officer in a law enforcement capacity, Inspector General of Police Kale Kayihura.

For all its speed, digital experiments can fail. Banks using mobile alerts are waking up to sending account information to non-parties - a potential class action lawsuit train wreck that can wipe out profits. In the West, data security breaches have ended up in costly criminal investigations. What happens when a rogue officer goes to the bar with the entire country’s digital map on a flash-disk?

Once an ID is in place, the private sector will invariably start to link up goods and services to presenting this ID. Mulago hospital will want to use the national ID to screen patients and so will NSSF. A private sector employer will want to know more about their potential hire and resort to the national ID. Private investigators’ work will be much easier by punching in the same ID.
Politicians will want access to these databases to prepare for elections. It goes without saying that Muslims were the first to attack the ID project for only reserving one slot for spouses, in total disregard of their religion which, like customary marriages, recognises potentially polygamous marriages.

These and other questions emphasise the need for an open debate with all actors on the scope of the national ID, and government should not be afraid of throwing away an analog technology to move truly into a digital world.

Mr Ssemogerere is an Attorney-at-Law and an Advocate.