Read the latest from the Web Foundation

News and Blogs

Image by ar130405 from Pixabay

Image by ar130405 from Pixabay

Digital ID tech must be transparent if it is to work for citizens

Web Foundation · August 28, 2019

This guest post was written by Grace Bomu, an associate at the Kenya ICT Action Network (KICTANet), and originally published on ITWeb Africa. She is a member of the Contract for the Web working group on privacy and data rights.

Digital ID systems are quickly spreading across the world. Estimates suggest that by 2024, governments will have enrolled about 5 billion people for digital ID — and Africa has not missed the trend. At least 20 African countries are currently implementing digital ID technology.

Identification of people is important for government delivery of services. The Sustainable Development Goals (SDGs) call for governments to issue legal identity to all persons by 2030. This provides governments with information on the number and demographics of people in its jurisdiction, which can assist in planning for their needs and delivering services more efficiently.

However, the same information can also be used for surveillance, resulting in the control of people and the stifling of democratic space.

For digital ID to be meaningful for human development, it must — from the word go — be developed as a means of better facilitating government services as opposed to controlling people. 

The digital ID systems in Africa have several common features. Governments are centralising all identity databases, such as birth and death registers, social security, property registration, immigration, marriage registers and drivers licences, into one super register, to establish “a single source of truth” about every individual. By collating and centralising identity information, governments imagine that they will maintain a single relationship with the individual and track every service they’re offered, from birth to death. 

Another common feature is universal registration. Previously, people were issued identity documents on reaching adulthood. With digital ID, governments aspire to have digital records on every person, including children. This has its benefits, particularly in cases where identity documents based on birth and descent information are required to search for employment and other opportunities.

However, the granular level at which some African governments seek to collect information about each and every person is overly invasive. In countries such as Ghana and Kenya governments collect and digitise biometric features including fingerprints, earlobe patterns, iris scans, voice patterns and photographs. Children’s biometrics are collected as soon as they are considered permanently formed. In Kenya, during the last mass registration drive for digital ID, children age six and above were required to present themselves in person for recording of fingerprints and face photos. 

Concerns about the security of biometric information, the implementation of the digital ID programme and data protection in general drove three organisations to take the Kenyan government to court.   

Grounds for the petition, currently before the High Court, include pronouncements by government officials that require people to register for digital ID to access government services. This is particularly problematic because the primary identity documents required to register, such as birth certificates or national identity card, automatically excluded communities that have never been issued with these documents due to historical reasons. Such communities fear that digital ID, if implemented as the exclusive means of identity, would erase them from official existence. 

Similar concerns have been raised in Ghana, although the country is among a handful of African countries with a comprehensive data protection law. People are registering for the programme out of fear of missing out on government services. The registration is mandatory for a wide range of services, from land transactions and operation of bank accounts to passport applications and procurement of  mobile SIM cards. 

In both Ghana and Kenya, which are a mirror of other African countries, there is little public knowledge about the technology. Some petitioners sought the court’s help to also clarify the involvement of several multinational companies in the provision of digital ID technology. While there were assurances from the government that the whole system was “made in Kenya”, the court ordered that data of Kenyans should not be exported. 

The case brings to the fore three important issues around the development of digital ID technology that we should all be concerned about.

First, unlike the development of the web where the public could take part in the design of the technology, the design of digital ID systems in Africa is done behind closed doors, with little public consultation. Countries like Ghana and Kenya attribute this to the fact that their digital ID is connected to national security — activities typically done in high secrecy. However, the functions of ID also extend to provision of social protection as well as economic services. Countries like the United Kingdom have therefore taken the route of seeking wide input on the rationale, use cases and safeguards for digital ID to promote human rights. 

Second and consequently, the opacity of these digital ID systems also extends to their procurement. In almost all the African countries implementing digital ID, there is no information on the technical standards and technologies in use. Africans can only hope that the systems are designed to protect and promote their right to privacy and security online, since they do not know whether these standards were incorporated into the system design. 

Third, this lack of transparency and openness means it is therefore difficult to develop further technology based on digital ID systems. This is contrary to the development of the precursor of these technologies — the internet — which has developed rapidly through its open standards and participatory processes. 

Advocacy for digital ID systems that respect rights have typically targeted governments. But as observed from the digital ID case in Kenya (popularly known as HudumaNamba), there is also need to engage the companies that develop these technologies, as they effectively shape how millions of people access government services. 

The Contract for the Web, a project recently launched by web inventor Tim Berners-Lee, asks governments, companies and citizens to agree on a set of shared responsibilities that seek to preserve the decentralised and open nature of the web. In relation to companies, the contract calls for focus on historically excluded groups to enable them to access and enjoy the internet. Moreover, the role of companies in building trust in the online space is underscored. As Africans increasingly access government services from the internet, companies must develop positive technology. For digital ID in particular, companies should develop technology that improves lives as opposed to putting them at risk. The first draft of the Contract for the Web is currently open for public feedback.

Digital ID technology should be developed in consultation with citizens and as part of other solutions that improve the quality of life. It should not be built elsewhere and imported to Africa as a quick-fix to social or security problems.

The first draft text for the Contract for the Web was published in July 2019. We need to hear your voice to ensure that as large a group as possible is represented in these deliberations. A public survey will be open until September 8. Your feedback will be consolidated and provided to the core group to inform the drafting of the final version.

For updates about our work, sign up to our newsletter and follow us on Twitter at @webfoundation.

To receive a weekly news brief on the most important stories in tech, subscribe to The Web This Week.

Your comment has been sent successfully.