FB pixel

‘Prone to hacking’: expert witness in Kenya’s Huduma Namba hearings first round

 

Kenya national ID project Huduma Namba

“[The National Integrated Identity Management System] thus is an archaic design compared to modern-day systems architecture and can be rightly thought of as a horse-buggy drawn by a lame horse on a digital highway. That it would fail and fall behind is a foregone conclusion,” expert witness Anand Venkatanarayanan told judges in Kenya’s High Court.

The Huduma Namba project

Kenya’s national ID scheme is back in the dock as civil rights group bring a case against a new draft bill, questioning whether the scheme is constitutional. The ‘single source of truth’ project has been up and running for several months, with millions of Kenyans (at least 37 million) already having had their biometrics captured to get a unique huduma namba or ‘service number’.

A new bill has been drafted to open up a new registration period and circumnavigate the High Court’s previous findings.

Previous court proceedings

Civil society has been outspoken and has already achieved certain interventions upheld by the High Court in advance of registration back in April. These included the stipulation that having a huduma namba is not a mandatory requirement or pre-condition for accessing government services, that data captured cannot be shared between agencies and third parties and that DNA and GPS data could not be collected as part of registration. With the Court’s permission, registration began.

Despite the High Court’s previous intervention, the government has since stated that a huduma namba will be needed for all public services. This has been added to a new draft bill, as have prison terms for failing to register.

The High Court’s three judges are now hearing from expert witnesses brought by groups that oppose aspects of the scheme and its procedures.

Privacy and the constitution

Kenya has no privacy or data protection laws to control how data collected is stored or used or who has access. Opponents argue that the scheme collects new data and links this to service provision, and tramples over rights to privacy.

Kenya Ministry of Information, Communication & Technology State Department of ICT Director of Shared Services Robert Mugo previously told Biometric Update of the great successes of the scheme once registration had begun.

A report by Open Justice summarizes the constitutional element of the legal proceedings: “The cases raise issues including the non-transparent and non-competitive manner in which the NIIMS contract was awarded, the use of a miscellaneous amendments bill to pass substantive amendments, the lack of public participation in the process, concerns over data privacy and protection, the right to information, and the risk the system could further entrench discrimination of marginalized groups in Kenya.

“The case affects the rights of all people in Kenya, while also addressing how NIIMS will disproportionately affect marginalized communities.”

Expert witnesses against

In an extremely technical series of witness cross-examinations, brought again by the Kenyan National Commission on Human Rights, the opposition have put down their case over four days.

Anand Venkatanarayanan, Indian cyber security expert and computer fraud forensic analyst and critic of India’s Aadhaar ID system, gave a damning account of the Kenyan scheme.

“In computer security, nothing is truly secure and there are only costs and benefits of hoarding data. Centralized databases such as India’s Aadhaar and NIIMS, however, hoard so much data that the cost-benefit ratio tilts definitely in favor of attackers,” said Venkatanarayanan, reported by The Star.

“NIIMS is archaic compared to the modern-day system architectures. While other countries strive to decentralize information, Kenya seems to be in a rush to do the opposite,” said Venkatanarayanan.

Beyond the courtroom

Meanwhile, Kenyans are still being urged to take advantage of mobile registration units to have their details taken while fraudsters are already sending messages to people offering to reveal the details held by NIIMs for a fee. Officials are warning not to take the bait.

Following this four-day hearing, government witnesses will come before the Court in the next round on October 2 and 3.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Privacy, free speech, children’s online safety collide in age assurance legal wars

By this point, the amount of collective hand wringing over children’s online safety and related age assurance legislation could surely…

 

St. Kitts and Nevis chooses Cybernetica as strategic adviser for digital ID system

St. Kitts and Nevis has chosen Cybernetica as strategic adviser as it implements a national digital identity system. Cybernetica is…

 

UK needs unified regulation for facial recognition: Biometrics Institute

The UK needs a clearer and consistent framework for governing facial recognition in public spaces as missteps in deploying the…

 

Cambodia: IDPoor Programme alleviates poverty as system continues digitization

The United Nations Development Programme has provided additional ICT equipment for Cambodia’s IDPoor Programme. The equipment includes 546 tablets, software…

 

Growth of digital wallet use shaking up payment regulations and benefits delivery

Digital wallets are transforming online, offline and cross-border payments around the world, prompting calls for regulatory change in Australis and…

 

Sardine nets $70M in Series C funding for automated fraud prevention platform

Sardine, a startup that employs machine learning for fraud prevention, compliance and credit underwriting, has announced a $70 million Series…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

DIGITAL ID for ALL NEWS

Featured Company

ID for ALL FEATURE REPORTS

BIOMETRICS WHITE PAPERS

BIOMETRICS EVENTS

EXPLAINING BIOMETRICS