Last month, the Kenya Parliament passed a seriously concerning amendment
to the country’s national ID law, making Kenya home to the most
privacy-invasive national ID system in the world. The rebranded, National
Integrated Identity Management System (NIIMS) now requires all Kenyans,
immigrants, and refugees to turn over their DNA, GPS coordinates of their
residential address, retina scans, iris pattern, voice waves, and earlobe
geometry before being issued critical identification documents. NIIMS will
consolidate information contained in other government agency databases and
generate a unique identification number known as Huduma Namba.
It is hard to see how this system comports with the right to privacy
articulated in Article 31 of the Kenyan Constitution. It is deeply
troubling that these amendments passed without public debate, and were
approved even as a data protection bill which would designate DNA and
biometrics as sensitive data is pending.
Before these amendments, in order to issue the National ID Card (ID), the
government only required name, date and place of birth, place of
residence, and postal address. The ID card is a critical document that
impacts everyday life, without it, an individual cannot vote, purchase
property, access higher education, obtain employment, access credit, or
public health, among other fundamental rights.
Mozilla strongly believes that that no digital ID system should be
implemented without strong privacy and data protection legislation. The
proposed Data Protection Bill of 2018 which Parliament is likely to
consider next month, is a strong and thorough framework that contains
provisions relating to data minimization as well as collection and purpose
limitation. If NIIMS is implemented, it will be in conflict with these
provisions, and more importantly in conflict with Article 31 of the
Constitution, which specifically protects the right to privacy.
Proponents of NIIMS claim that the system provides a number of benefits,
such as accurate delivery of government services. These arguments also
seem to conflate legal and digital identity. Legal ID used to certify
one’s identity through basic data about one’s personhood (such as your
name and the date and place of your birth) is a commendable goal. It is
one of the United Nations Sustainable Development Goals 16.9 that aims “to
provide legal identity for all, including birth registration by 2030”.
However, it is important to remember this objective can be met in several
ways. “Digital ID” systems, and especially those that involve sensitive
biometrics or DNA, are not a necessary means of verifying identity, and in
practice raise significant privacy and security concerns. The choice of
whether to opt for a digital ID let alone a biometric ID therefore should
be closely scrutinized by governments in light of these risks, rather than
uncritically accepted as beneficial.
Security Concerns: The centralized nature of NIIMS creates massive
security vulnerabilities. It could become a honeypot for malicious
actors and identity thieves who can exploit other identifying
information linked to stolen biometric data. The amendment is unclear
on how the government will establish and institute strong security
measures required for the protection of such a sensitive database. If
there’s a breach, it’s not as if your DNA or retina can be reset like
a password or token.
Surveillance Concerns: By centralizing a tremendous amount of
sensitive data in a government database, NIIMS creates an opportunity
for mass surveillance by the State. Not only is the collection of
biometrics incredibly invasive, but gathering this data combined with
transaction logs of where ID is used could substantially reduce
anonymity. This is all the more worrying considering Kenya’s history
of extralegal surveillance and intelligence sharing.
Ethnic Discrimination Concerns: The collection of DNA is particularly
concerning as this information can be used to identify an individual’s
ethnic identity. Given Kenya’s history of politicization of ethnic
identity, collecting this data in a centralized database like NIIMS
could reproduce and exacerbate patterns of discrimination.
The process was not constitutional
Kenya’s constitution requires public input before any new law can be
adopted. No public discussions were conducted for this amendment. It was
offered for parliamentary debate under “Miscellaneous” amendments, which
exempted it from procedures and scrutiny that would have required
introduction as a substantive bill and corresponding public debate. The
Kenyan government must not implement this system without sufficient public
debate and meaningful engagement to determine how such a system should be
implemented if at all.
The proposed law does not provide people with the opportunity to opt in or
out of giving their sensitive and precise data. The Constitution requires
that all Kenyans be granted identification. However, if an individual were
to refuse to turn over their DNA or other sensitive information to the
State, as they should have the right to do, they could risk not being
issued their identity or citizenship documents. Such a denial would
contravene Articles 12, 13, and 14 of the Constitution.
Opting out of this system should not be used to discriminate or exclude
any individual from accessing essential public services and exercising
their fundamental rights.
Individuals must be in full control of their digital identities with the
right to object to processing and use and withdraw consent. These aspects
of control and choice are essential to empowering individuals in the
deployment of their digital identities. Therefore policy and technical
decisions must take into account systems that allow individuals to
identify themselves rather than the system identifying them.
Mozilla urges the government of Kenya to suspend the implementation of
NIIMS and we hope Kenyan members of parliament will act swiftly to pass
the Data Protection Bill of 2018.
kictanet mailing list