It was recently announced that the government of Zimbabwe was requiring all civil servants to be registered biometrically by end of September or risk not receiving their salaries. The stated reason is that the exercise is to weed out ghost workers who have been a drain on state resources. While this intention is noble, it raises the question over the amount of personal data the government now has access to and how that data will be used.
Those who exercised their democratic right to vote will remember that biometric registration of voters was effected. This included fingerprint and facial identification. What this means is that the state is in possession of various data points about a citizen, raising concerns about how safe that data is and the potential for abuse.
I came across a thread on Twitter pertaining to digital identity principles by Alice Munyua, Policy Advisor for Africa at Mozilla. In analysing the trend towards digital identification, it laid out the best practices when it comes to mass data collection and security. One of the key issues is that governments must first have a data security and protection law in place before collecting digital data from citizens. This is meant to provide clear rules and safeguards around handling such massive data sets.
Surprisingly only 15 countries in Africa have such laws in place (we are not one of them) and only 4 countries have ratified the African Union Convention on Cyber Security and Personal Data Protection. These statistics do not instil confidence in the intentions of authorities in Africa when it comes to digitising identification and handling our sensitive information.
We spoke to briefly to Ms. Munyua about the issues around digital IDs and the concerns surrounding it.
Only a handful of countries have ratified The Malabo Convention…
Alice Munyua: There is considerable diversity in approaches to digital identity, making harmonisation, standardisation, federated approaches and interoperability particularly important. But the ratification of Malabo has been slow and lukewarm.
Are African Nations truly equipped to safely keep the vast amounts of data that Digital IDs will involve?
Alice Munyua: It depends on the country, do they have the necessary safeguards in place?
How is Mozilla positioning itself in this ecosystem?
Alice Munyua: At Mozilla, we are deeply invested in how technology can be harnessed for public benefit and to enrich the lives of human beings. Debates around digital identity bring this issue to the fore.
It has forced questions on the appropriate use of biometrics; the amplification of surveillance through the linking of databases; experimentation with tech in low-rights environments (for example, in countries without data protection laws or enforcement); and the lack of consultation in the design of technology projects.
Many of these issues overlap with broader concerns around the internet and emerging technologies like AI. Mozilla is developing a white paper on Digital ID drawing heavily from the experiences of Kenya and India. In the last few years, we’ve seen multiple governments across the world announce and roll-out digital, national level, and general-purpose ID projects.
These have come in various forms, from chip-based smart cards with biometric data to unique number based systems to those that use mobile-based identification and authentication. Government issued digital IDs are often mandatory for residents to get access to welfare and other services, making the real impact palpable for every citizen. For the most marginalized communities, ID systems are often one of their first interactions with digital technologies.