Concerns about the Huduma Namba

The National Integrated Identity Management Systems (Niims), popularly known as the Huduma Namba, is Kenya’s latest lexicon.

The Huduma Namba has become a cadaver for repeated dissection in the media and other forums. The government is betting big on the system but key questions and concerns abound.

The Niims pulls together an individual’s identification information, including National Hospital Insurance Fund (NHIF) number, passport number, Kenya Revenue Authority’s Personal Identification Number (PIN), demographic information, spouse’s identification information and more.

Some of the information being recorded seems unnecessary. For example, marital status, number of wives a man has, place of work and type of work are volatile: These can be one thing today and another tomorrow.

DATA PRIVACY

Yet, after the initial registration, there is no incentive for one to report to Niims when, for example, they have married, divorced or changed their place of residence, job or changed contacts.

Assuming that Niims registration is completed and the database launched, there are technical hurdles that need to be overcome.

The Niims will be a titanic database carrying millions of records in its belly. It will need to stay on 24/7 for it to be accessible by thousands of concurrent government officers.

But can our current technological infrastructure support such a database? Does the infrastructure have the capacity to keep Niims accessible to everyone seeking government services from Mandera to Mombasa, Turkana to Taita-Taveta?

From a data privacy standpoint, there are a myriad issues that the government has only glossed over.

CYBERSECURITY

For example, let’s assume that you go to renew your driver’s licence and the issuing officer logs into Niims.

Will he also be able to see information they should not access such as your PIN and data associated with it such as your income, your property as well as the taxes you pay?

In other words, what privacy provisions have been put in place to control a curious staff from going on a fishing expedition?

Cybersecurity is one of the world’s most troubling headaches. The sheer size of the Niims database makes cybercriminals lick their tongues covetously.

Unsuspecting criminals can take over the system and lock everyone out, until we bow to their will. They can demand ransom. They can mess up or mix up the data, effectively rendering it useless.

LAW

It’s unclear what information protection and recovery measures have been put in place to deter unauthorised access.

Besides, the Data and Content Protection Law is pending in Parliament. One would have expected that the law would precede Niims: You don’t create a padlock and then run around looking for a key to open it.

Besides, Kenyans have not been informed of what legal recourse is available if their information is misused, messed up or stolen.

In sum, to keep the Niims show on the road, the government has its work cut out.

Mr Wambugu is an informatician. Email: [email protected] @samwambugu2