[kictanet] Kenya Government mandates DNA-linked national ID, without data protection law

Eshuchi Richard eshuchi.richard at gmail.com
Wed Feb 13 19:10:26 EAT 2019 

Misinformation galore.

To each his/her own though.

On Wed, 13 Feb 2019 at 15:11, Alice Munyua via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

>
>
>
> https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-linked-national-id-without-data-protection-law/
>
>
> Last month, the Kenya Parliament passed a seriously concerning amendment
> to the country’s national ID law, making Kenya home to the most
> privacy-invasive national ID system in the world. The rebranded, National
> Integrated Identity Management System (NIIMS) now requires all Kenyans,
> immigrants, and refugees to turn over their DNA, GPS coordinates of their
> residential address, retina scans, iris pattern, voice waves, and earlobe
> geometry before being issued critical identification documents. NIIMS will
> consolidate information contained in other government agency databases and
> generate a unique identification number known as Huduma Namba.
>
> It is hard to see how this system comports with the right to privacy
> articulated in Article 31 of the Kenyan Constitution. It is deeply
> troubling that these amendments passed without public debate, and were
> approved even as a data protection bill which would designate DNA and
> biometrics as sensitive data is pending.
>
> Before these amendments, in order to issue the National ID Card (ID), the
> government only required name, date and place of birth, place of
> residence, and postal address. The ID card is a critical document that
> impacts everyday life, without it, an individual cannot vote, purchase
> property, access higher education, obtain employment, access credit, or
> public health, among other fundamental rights.
>
> Mozilla strongly believes that that no digital ID system should be
> implemented without strong privacy and data protection legislation. The
> proposed Data Protection Bill of 2018 which Parliament is likely to
> consider next month, is a strong and thorough framework that contains
> provisions relating to data minimization as well as collection and purpose
> limitation. If NIIMS  is implemented, it will be in conflict with these
> provisions, and more importantly in conflict with Article 31 of the
> Constitution, which specifically protects the right to privacy.
>
> Proponents of NIIMS claim that the system provides a number of benefits,
> such as accurate delivery of government services. These arguments also
> seem to conflate legal and digital identity. Legal ID used to certify
> one’s identity through basic data about one’s personhood (such as your
> name and the date and place of your birth) is a commendable goal. It is
> one of the United Nations Sustainable Development Goals 16.9 that aims “to
> provide legal identity for all, including birth registration by 2030”.
> However, it is important to remember this objective can be met in several
> ways. “Digital ID” systems, and especially those that involve sensitive
> biometrics or DNA, are not a necessary means of verifying identity, and in
> practice raise significant privacy and security concerns. The choice of
> whether to opt for a digital ID let alone a biometric ID therefore should
> be closely scrutinized by governments in light of these risks, rather than
> uncritically accepted as beneficial.
>
>     Security Concerns: The centralized nature of NIIMS creates massive
> security vulnerabilities. It could become a honeypot for malicious
> actors and identity thieves who can exploit other identifying
> information linked to stolen biometric data. The amendment is unclear
> on how the government will establish and institute strong security
> measures required for the protection of such a sensitive database. If
> there’s a breach, it’s not as if your DNA or retina can be reset like
> a password or token.
>     Surveillance Concerns:  By centralizing a tremendous amount of
> sensitive data in a government database, NIIMS creates an opportunity
> for mass surveillance by the State. Not only is the collection of
> biometrics incredibly invasive, but gathering this data combined with
> transaction logs of where ID is used could substantially reduce
> anonymity. This is all the more worrying considering Kenya’s history
> of extralegal  surveillance and intelligence sharing.
>     Ethnic Discrimination  Concerns: The collection of DNA is particularly
> concerning as this information can be used to identify an individual’s
> ethnic identity. Given Kenya’s history of  politicization of ethnic
> identity, collecting this data in a centralized database like NIIMS
> could reproduce and exacerbate patterns of discrimination.
>
> The process was not constitutional
>
> Kenya’s constitution requires public input before any new law can be
> adopted. No public discussions were conducted for this amendment. It was
> offered for parliamentary debate under “Miscellaneous” amendments, which
> exempted it from procedures and scrutiny that would have required
> introduction as a substantive bill and corresponding public debate. The
> Kenyan government must not implement this system without sufficient public
> debate and meaningful engagement to determine how such a system should be
> implemented if at all.
>
> The proposed law does not provide people with the opportunity to opt in or
> out of giving their sensitive and precise data. The Constitution requires
> that all Kenyans be granted identification. However, if an individual were
> to refuse to turn over their DNA or other sensitive information to the
> State, as they should have the right to do, they could risk not being
> issued their identity or citizenship documents. Such a denial would
> contravene Articles 12, 13, and 14 of the Constitution.
>
> Opting out of this system should not be used to discriminate or exclude
> any individual from accessing essential public services and exercising
> their fundamental rights.
>
> Individuals must be in full control of their digital identities with the
> right to object to processing and use and withdraw consent. These aspects
> of control and choice are essential to empowering individuals in the
> deployment of their digital identities. Therefore policy and technical
> decisions must take into account systems that allow individuals to
> identify themselves rather than the system identifying them.
>
> Mozilla urges the government of Kenya to suspend the implementation of
> NIIMS and we hope Kenyan members of parliament will act swiftly to pass
> the Data Protection Bill of 2018.
>
>
>
>
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> Twitter: http://twitter.com/kictanet
> Facebook: https://www.facebook.com/KICTANet/
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/eshuchi.richard%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>


-- 
Regards,
*Eshuchi Richard*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20190213/51887db4/attachment.htm>

More information about the KICTANet mailing list