The unmasking of the rot at the National Transport and Safety Authority (NTSA) reveals new, shocking crimes that were hitherto unknown to many Kenyans.
The heightened security situation in Kenya provides opportunity for criminals to harvest data from unsuspecting citizens to use for these emerging crimes.
We must change strategy on security to defeat the menace.
Personal data has more value today than ever before. Hence the insatiable need for the resource in virtually every online transaction, conferences and in several establishments for security purposes.
Demand for personal data makes the entire security systems vulnerable to manipulation.
In many establishments, you are asked to leave such data as your identity number or the physical card, phone number, e-mail address, place of work and all manner of other data without knowing the purpose. Sometimes, you are asked to provide your picture.
Often, you may not be aware that someone has stolen your identity and used it to commit fraud, typically by falsifying your credentials to open new accounts in your name or using your existing accounts.
With many of the security agents grossly underpaid, they are often tempted to sell information to organised criminals.
Through a technique called ''phishing'' (impersonation to get institutions such as telecommunications or banks to reveal personal information, such as passwords and credit card numbers), criminals do eventually hack into people’s accounts and steal money.
Telecommunication companies have been experiencing this form of identity theft for a while now. Criminals have sometimes managed to swap a client’s SIM card by getting the organisations to cancel and reactivate it, thus enabling the criminals to effectively own it and use as their own.
As soon as they take control of the client’s SIM, they can potentially obtain bank passwords to transfer funds.
Many people are not aware that their data could be of value to criminals. In the NTSA scam, criminals used identities from deceased people to import and sell vehicles without the knowledge of family members.
This unfortunate practice should be a wake-up call to effectively seal loopholes in the management of identity.
The consequences are dire if we don’t quickly deal with the menace. In the past, foreigners, even terrorists, have obtained Kenya identities such as national identity cards and passports through false pretence and used them to travel out of the country and commit criminal activities.
Population growth isn’t just through the birth rate. Some foreigners are obtaining Kenyan identities fraudulently and boldly presenting themselves for the census. In the 2009 census, for example, there was an attempt by millions of foreigners to register as Kenyans. If that trend continues and succeeds, it poses serious ramifications for the country.
Dell Cameron, in his article ''Identity Theft Is Exploding in Developing Countries'', published in the Gizimodo, an online futurist magazine says that new data reveals the global circulation of stolen identities is leading to major shifts in cybercrime worldwide, with developing countries cultivating newly-formed internet-based economies responsible for a generous amount of fake and stolen account activity.
As e-commerce markets in developing countries continue to expand, incidents of fraud are beginning to skyrocket. Stolen and forged identities used to create fake accounts is in turn becoming a market unto itself.
Although identity theft is fuelled by technology, there is a lot that we can do to arrest the situation.
On the current identification data requirement, there are existing apps that leverage facial recognition to validate any person getting into a facility through the existing Integrated Population Registration System (IPRS) as well as the daily immigration data of tourists into the country. Such validation will eliminate the need to provide detailed data at every facility one visits.
Eventually what will help the country is the biometric registration of every citizens and effective policing with modern tools. This will require investment in capacity building in areas of data analytics, hardware and processes.
Further, we need to encourage development of local cloud services, high-speed broadband connectivity and sufficient energy resources to facilitate a resilient security system for the country.
In advanced countries, security and even access to financial resources are enhanced through home-addressing systems. Peruvian economist, Hernando de Soto, argued in his book The Mystery of Capital that those living in developing countries lack capital simply because the lenders have no idea as to where they live.
This also applies to security. Not knowing where people reside makes it difficult to deal with modern crimes. Towards this end, we should augment the efforts of Nyumba Kumi by investing in technology to enhance the objectives of the concept to minimise incidences of criminals compromising our security systems.
Most important, parliament should pass the Data Protection Bill. If it is deemed inadequate, we should simply borrow a leaf from the European Union’s General Data Protection Regulation (GDPR) to reduce the current rampant misuse of individual data.
Like drops of rain gather to become floods, our personal data too gathers to become an attractive resource sought by entrepreneurs and thieves in equal measure. Protect it.
The writer is an associate professor at University of Nairobi’s School of Business.@bantigito