Digital ID case studies suggest solvable technical issues, but raise fundamental questions
Digital platforms that government systems are being built on, like digital ID, promise greater inclusion and protection for citizens, but are frequently failing to live up to that promise, according to a panel meeting at The Center for Human Rights & Global Justice.
Digital ID systems may be “the most foundational,” of DPIs, says Victoria Adelmant, who moderated the panel on “Contesting the Foundations of Digital Public Infrastructure: What Digital ID Litigation Can Tell Us About the Future of Digital Government and Society.”
Evidence is mounting that the digital platforms making up DPI are harming communities at the margins of society, despite the push coming from institutions like the IMF and World Bank.
Legal challenges have been successfully mounted in several countries, including India, Mexico and Kenya, lending support to arguments about the severity of their drawbacks, and to challenges still before the courts in the same and other countries.
The panel was made up of Brian Kiira of Uganda’s Initiative for Social and Economic Rights, Grecia Macías of Mexico’s Red en Defensa de los Derechos Digitales, Danilo Ćurčić of Serbia’s A11 Initiative and Yasah Musa of Kenya’s Nubian Rights Forum. Each presented their country as a case study in the potential harms of digital identity and other elements of digital infrastructure.
Macías recounted the successful efforts of civil society groups to convince Mexico’s Supreme Court of the risks that accompany the mandatory registration of SIM-holders in a centralized biometric database, particularly for marginalized communities. The Court sided with the groups on privacy, but left out considerations of the other harms alleged by civil society.
The win means that privacy impact assessments have a much more defined place in Mexican law, and that the court has upheld the need for consent in such collections of sensitive personal data. Macías contrasted these gains with the status quo in the EU after the passage of GDPR, arguing that the recognition of potential harms from centralized biometric databases comes at a crucial time for the country.
“The Mexican government is really in love with biometrics,” she says, referring to proposals for biometric national ID system.
Exclusion is the problem in Uganda, where social protection and services have been linked to a national ID program that has not reached all people, according to Kiira. The registration process has left some groups of people in the country largely uncovered.
Civil society groups are fighting the system and its expansion in court, even as the first batch of digital IDs approaches its expiry.
Registration attempts often run up against extensive delays, or a lack of documentation to support individual’s claims. Students staffed many registration points, and were forced to estimate the birth date of many people, leading to errors and failed attempts.
Rectifying errors is a time-consuming, rigorous process that many people are unable to complete, according to Kiira.
Biometric failures, such as failures to enroll the fingerprints of people with fingertips worn down by age or labor, were also widely experienced, he says.
Further, some of the errors the digital ID system is intended to prevent, such as illegitimate beneficiaries of government programs, over the past several years.
Civil society in Uganda says the ID should not be mandatory, and the digital service delivery system should be rearchitected to prevent exclusion.
Serbia’s digital ID system was ostensibly intended to reduce exclusion from social services in the country, but Ćurčić says it was not well explained, and resulted in many people who had legitimately qualified for benefits being thrown off of the rolls.
The country introduced the law on social protection cards last year, and A11 responded by requesting a judicial review of its constitutionality. As the government moved to implement the law, a collection of 135 datasets from various government ministries was brought together to inform an automated decision-making process for social benefits. This is more data than any other individual government system in Serbia collects.
Ćurčić says the use of Serbia’s digital ID, the citizen’s unique personal number, with this automated system has resulted in losses of benefits, but he has not heard of people becoming eligible for benefits through it. Those who lose benefits are not informed of a specific reason why, hindering the possibility of appeals.
The government has resisted attempts to uncover information about how the system works, Ćurčić says.
The 15 percent decrease in beneficiaries of national benefits is drawn from Serbia’s most vulnerable people, he says, arguing that the situation provides an example of misplaced techno-solutionism. At one point, the team working on implementing the system consisted of 15 computer engineers and 1 social protection official.
The government is pressing ahead with the system’s implementation, even as the court decision looms.
The role of international biometrics providers in Kenya’s system was raised in Musa’s presentation. A lawsuit was filed against Idemia in France by a group of NGOs led by Data Rights, alleging it failed to consider human rights while helping to architect the Huduma Namba system.
The judge ordered mediation talks, which are confidential.
Nubian Rights Forum also took Kenya’s government to court to object to Huduma Namba on data protection grounds, but Musa alleges that there was practically no public engagement prior to the system’s rollout.
Musa’s suggestions, such as protection for traditionally excluded communities, broad public engagement, and legal protections for data privacy, are all generally accepted, at least in public communications, by the private companies helping to build digital ID systems.
Nanjala Nyabola followed with a keynote framing the problems with digital ID systems raised by the previous speakers in the context of state surveillance.
The technical issues are likely the easier ones to resolve, she argues. Normative issues may present a higher hurdle.
The recognition of identity as a right in the UN’s Sustainable Development Goals also implies that people should not have to pay to establish it, Nyabola points out. Different technologies can allow people currently excluded from ID schemes by virtue of degraded fingerprints to be enrolled.
The controversy dogging the Huduma Namba system have not bled over to Kenya’s passports, she notes. That is due to the narrower function of the document, and the much lower volume of personal data collected for it.
For credentials with wider scope and higher stakes, she asks, what does informed consent even mean?