Mozilla issued a warning to Kenya’s new national identity card. The Kenyan parliament passed a revision of the National Integrated Identity Management System (NIIMS) last month. The NIIMS now requires all Kenyans, immigrants, and refugees to hand over DNA, residential address GPS coordinates, retinal scans, Iris, speech waveforms and earlobe geometry.
NIIMS will integrate other government database information to generate a unique identifier called Huduma Namba. The amendment was passed without public debate. Mozilla raised concerns about the security, surveillance, and discrimination of centralized identity systems.
However, it is important to remember this objective can be met in several ways. “Digital ID” systems, and especially those that involve sensitive biometrics or DNA, are not a necessary means of verifying identity, and in practice raise significant privacy and security concerns. The choice of whether to opt for a digital ID let alone a biometric ID therefore should be closely scrutinized by governments in light of these risks, rather than uncritically accepted as beneficial.
- Security Concerns: The centralized nature of NIIMS creates massive security vulnerabilities. It could become a honeypot for malicious actors and identity thieves who can exploit other identifying information linked to stolen biometric data. The amendment is unclear on how the government will establish and institute strong security measures required for the protection of such a sensitive database. If there’s a breach, it’s not as if your DNA or retina can be reset like a password or token.
- Surveillance Concerns: By centralizing a tremendous amount of sensitive data in a government database, NIIMS creates an opportunity for mass surveillance by the State. Not only is the collection of biometrics incredibly invasive, but gathering this data combined with transaction logs of where ID is used could substantially reduce anonymity. This is all the more worrying considering Kenya’s history of extralegal surveillance and intelligence sharing.
- Ethnic Discrimination Concerns: The collection of DNA is particularly concerning as this information can be used to identify an individual’s ethnic identity. Given Kenya’s history of politicization of ethnic identity, collecting this data in a centralized database like NIIMS could reproduce and exacerbate patterns of discrimination.