Digital ID project raises storm

What you need to know:

  • Lack of a reliable and verifiable identity for citizens causes a huge loss of confidence in various economic, social and governance domains.
  • In a manual system, you have no clue that someone is profiling you and so you are worse off than if you were on a digital system.

‘On the Internet, nobody knows you are a dog’, so proclaimed one Peter Steiner’s in his 1993 cartoon published in the New Yorker. Many decades later, this is still very true.

In Kenya, we could rephrase that in many ways. We could say nobody knows who tried to grab the Indian Ocean in Mombasa. We can also say nobody knows who grabbed large chunks of the Mau forest and sold it to squatters.

Additionally, we can say nobody really knows if the billions we annually pay our senior citizens aged over seventy as social security really gets to them.

Finally, we even did not know if some of the candidates who ran for governor in the last election were Kenyans or Canadians, leave alone how many of our voters were ‘ghosts’.

Lack of a reliable and verifiable identity for citizens causes a huge loss of confidence in various economic, social and governance domains. It increases the cost of transacting business, while presenting easy avenues for swindlers to thrive.

IDENTITY MANAGEMENT

Globally, this problem is known as an Identity Management problem and in Kenya, it has reached an acute stage and requires an urgent but carefully thought through approach to resolve.

The government response has been to create a single digital identity that would provide a reliable and verifiable single source of truth about the citizen. This has caused civil society groups to raise alarms from both the human rights and governance perspectives.

From the human right perspective, the idea that one entity will have access to all your financial, medical, educational, tax, ownership amongst other data at the touch of the button is a nightmare come true.

This is particularly true, given the fact that the Data Protection policy and legislative framework to minimise intentional and un-intentional abuse of citizen data is not yet in place.

From a governance perspective, questions abound as to why the tender was restricted and has little or no public stakeholder input.

Both points are valid and perhaps government would have done much better on both fronts by shedding some light on how the system would work.

NEW TECHNOLOGIES

For the human rights concerns, government should have explained that there are new technologies that allow citizen data that is captured to be encrypted such that it is only available to authorized personnel.
Indeed in Estonia, the government has perfected its digital identity systems such that it is the citizens who decide on whom and when to share their personal details.

In other words, if the citizen goes to hospital, they can authorize access straight from their mobile phone to allow the medical practitioner to view only the medical aspects of their records that sit within the hospital.

If they are looking for a job, they can similarly and selectively authorise only that prospective employer to view and verify their educational transcripts and records that reside within the university systems.

In other words, the citizen data is available but distributed across independent agencies with the citizen being at the heart of decisions surrounding their personal information.

MANUAL SYSTEM

Of course government agencies may also access some of your data without express authority from you, but when that happens, the system automatically alerts you and you stay informed on who accessed your data, when and why.

In a manual system, you have no clue that someone is profiling you and so you are worse off than if you were on a digital system.

As for the governance and public participation issues, there is often this misplaced thinking in government circles that secrecy is the best the security.

However, in the private sector, transparency is considered to be the best security approach and that is why they have many events dubbed 'Hackathon' where the public is invited to try and hack simulated enterprise systems.

HACKERS

The successful hackers are then employed or rewarded for exposing vulnerabilities that would otherwise remained secret and perhaps to be exploited by the selected few.

It is time we embraced reliable and verifiable digital identities in order to avoid the anonymity that makes people claim to be what they are not. But government must be more open and transparent in some of its good initiatives since after all, the constitution expects it that way.

In any case, being transparent is the only way to avoid court cases stalling such projects.

Mr Walubengo is a lecturer at Multimedia University of Kenya, Faculty of Computing and IT. Email: [email protected], Twitter: @Jwalu