FB pixel

‘Prone to hacking’: expert witness in Kenya’s Huduma Namba hearings first round


Kenya national ID project Huduma Namba

“[The National Integrated Identity Management System] thus is an archaic design compared to modern-day systems architecture and can be rightly thought of as a horse-buggy drawn by a lame horse on a digital highway. That it would fail and fall behind is a foregone conclusion,” expert witness Anand Venkatanarayanan told judges in Kenya’s High Court.

The Huduma Namba project

Kenya’s national ID scheme is back in the dock as civil rights group bring a case against a new draft bill, questioning whether the scheme is constitutional. The ‘single source of truth’ project has been up and running for several months, with millions of Kenyans (at least 37 million) already having had their biometrics captured to get a unique huduma namba or ‘service number’.

A new bill has been drafted to open up a new registration period and circumnavigate the High Court’s previous findings.

Previous court proceedings

Civil society has been outspoken and has already achieved certain interventions upheld by the High Court in advance of registration back in April. These included the stipulation that having a huduma namba is not a mandatory requirement or pre-condition for accessing government services, that data captured cannot be shared between agencies and third parties and that DNA and GPS data could not be collected as part of registration. With the Court’s permission, registration began.

Despite the High Court’s previous intervention, the government has since stated that a huduma namba will be needed for all public services. This has been added to a new draft bill, as have prison terms for failing to register.

The High Court’s three judges are now hearing from expert witnesses brought by groups that oppose aspects of the scheme and its procedures.

Privacy and the constitution

Kenya has no privacy or data protection laws to control how data collected is stored or used or who has access. Opponents argue that the scheme collects new data and links this to service provision, and tramples over rights to privacy.

Kenya Ministry of Information, Communication & Technology State Department of ICT Director of Shared Services Robert Mugo previously told Biometric Update of the great successes of the scheme once registration had begun.

A report by Open Justice summarizes the constitutional element of the legal proceedings: “The cases raise issues including the non-transparent and non-competitive manner in which the NIIMS contract was awarded, the use of a miscellaneous amendments bill to pass substantive amendments, the lack of public participation in the process, concerns over data privacy and protection, the right to information, and the risk the system could further entrench discrimination of marginalized groups in Kenya.

“The case affects the rights of all people in Kenya, while also addressing how NIIMS will disproportionately affect marginalized communities.”

Expert witnesses against

In an extremely technical series of witness cross-examinations, brought again by the Kenyan National Commission on Human Rights, the opposition have put down their case over four days.

Anand Venkatanarayanan, Indian cyber security expert and computer fraud forensic analyst and critic of India’s Aadhaar ID system, gave a damning account of the Kenyan scheme.

“In computer security, nothing is truly secure and there are only costs and benefits of hoarding data. Centralized databases such as India’s Aadhaar and NIIMS, however, hoard so much data that the cost-benefit ratio tilts definitely in favor of attackers,” said Venkatanarayanan, reported by The Star.

“NIIMS is archaic compared to the modern-day system architectures. While other countries strive to decentralize information, Kenya seems to be in a rush to do the opposite,” said Venkatanarayanan.

Beyond the courtroom

Meanwhile, Kenyans are still being urged to take advantage of mobile registration units to have their details taken while fraudsters are already sending messages to people offering to reveal the details held by NIIMs for a fee. Officials are warning not to take the bait.

Following this four-day hearing, government witnesses will come before the Court in the next round on October 2 and 3.

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News


What to do if certificates for passive authentication fail

By Ihar Kliashchou, Chief Technology Officer at Regula Electronic documents are praised for their top-notch security, mainly due to RFID chip…


Biometric passports get refresh in Indonesia, face hurdles in Lebanon and Kenya

Nations across the global south are looking to biometric passports as the next generation of travel documents. Indonesia will mark…


Biometrics, electronic devices and identity credentials converging

Biometrics in electronic devices and ID documents to support digital identity are a major theme of the week’s top stories…


SITA wraps up acquisition of Materna IPS

SITA reports it has completed all necessary regulatory and legal procedures and finalized its acquisition of Materna IPS, a provider…


Payface lands new retail biometric payments deal in Brazil

Brazilian face biometrics payments startup Payface has clinched a deal with supermarket chain Ítalo. Ítalo Supermercados, based in the southern…


EU to fund digital programs with €108m, including digital identity

The European Union has issued a new call for funding within the Digital Europe Programme (DIGITAL), allocating over 108 million…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Featured Company