Wednesday, 9 July 2014

South Africa: Biometric Smart ID Cards - Dumb Idea

ANALYSIS
Mauritius is known to South Africans mainly as a holiday destination, brimming with idyllic beaches, luxurious hotels and stunning scenery. However, there are other, less well-known ties that bind the two countries together.
At the moment, both countries are introducing 'smart' ID cards, requiring their citizens to give biometric information to the government in the form of their fingerprints, to establish their legal identities. This information will also be recorded in national population registers.
Biometrics involves the use of unique physical characteristics to verify a person's identity, stored in a digital format and analysed by computers. Biometrics are being used increasingly for an array of public administration purposes, and fingerprints are the most commonly used, but facial or voice recognition may also be used too.
Both governments give similar reasons for these schemes: the cards are secure, they argue as their personal information, including their fingerprints are stored in contactless microchip that is difficult to tamper with. They argue that these security measures will stamp out identity fraud and theft.
These initiatives sound laudable, yet Mauritians are rising up and opposing the ID cards, claiming that they threaten privacy and even democracy itself. Three court cases have been brought against the system on constitutional grounds. Mauritius's plans are much more draconian than South Africa's, as the former requires people to enrol in the new system and carry their identity cards at all times, yet this is not the only reason why Mauritians are objecting.
One organisation involved in the struggle, Lalit de Klas, is arguing that the system, dubbed 'big brother', will allow the government to build up a profile of individuals that could be used against them in future if they are considered to be threats to government interests.
Many other countries are attempting to introduce biometrically-based national population registers, and many citizens have opposed them too. They have opposed what has been called 'dataveillance', where electronic databases enable lifelong surveillance by allowing the government to build up a clear picture of peoples' ongoing movements, habits and preferences. The amassing of this information can allow governments to profile those who could be political threats to ruling interests.
In fact, centralised biometric databases are the perfect police state tool. Since the September attacks on the US, governments are turning themselves increasingly into one-way mirrors, where they can see into more aspects of peoples' lives, while their own actions are becoming more opaque due to excessive secrecy. These databases can act as powerful mechanisms of social control, as citizens may become more subservient because they fear that the state is watching.
What are the issues? Biometrically-based identity verification is susceptible to error, as it offers only a probability of a match based on the likeness of stored physical characteristics; it cannot verify identities with certainty. Some people, such as miners and others who work with their hands, have difficulties enrolling as they may not have well-defined fingerprints; this means that biometric technology is inherently discriminatory.
Biometrics also suffer from controversial margins of error, including false matches ('false positives'), or biometrics not being recognised ('false negatives'). Fingerprints have the highest rate of error. In extreme situations, a person could even become a criminal suspect based on false information; in 2004, US attorney Brandon Mayfield was falsely linked to the train bombings in Madrid on the basis of a false match.
Criminals can also synthesise (or 'spoof') fingerprints and create fictional identities. Electronic databases are also vulnerable to hacking, which can lead to biometric information being stolen, altered or even destroyed.
Yet if this happens, then the consequences could be much more serious than breaches involving databases that are not biometrically-based. Peoples' identities are compromised permanently when their biometrics are compromised, as they cannot replace their fingers, eyes or voices. Such breaches create the risk of someone becoming an 'un-person', unable to prove that they are who they say they are.
Identity theft is more common in single reference systems such as centralised national population registers, as they create a single point of failure, and centralisation increases rather than reduces the potential for fraud.
Doppelganger matches also become more likely in large scale databases. These uncertainties mean that there needs to be a record to refer back to, such as physical fingerprints. Yet too many governments are failing to build these safeguards into these systems, in their overzealous bids to 'modernise' and transform themselves into paperless societies.
The dangers became apparent in Israel in 2006, when the personal information of nearly every Israeli citizen was stolen from the country's national population register, sent to the criminal underworld and then dumped on the open internet.
As Lalit's Rajni Lallah has observed, 'So, one of the most "national security obsessed" states in the world cannot even ensure the security of its citizens' personal data once it has centralised it'.
Biometric information may also be used for purposes for which it was never intended when the person enrolled. This 'function-creep' risks violating a person's right to data sovereignty in the process, which is the right to determine how your personal data is used.
Fingerprinting is also inherently associated with criminality. Sorting individuals according to their physical characteristics is dehumanising, and can become a dangerous tool in the hands of authoritarian governments bent on social sorting according to particular characteristics such as race, gender or age.
Given the dangers, the tide has begun to turn against centralised biometric databases in the North, and an increasing number of countries have lost the political will to establish them.
In the UK, a single-issue campaign against state control of personal identity, called No2ID, successfully opposed the government's attempt to introduce biometric ID cards and database.
They warned against the dangers of what they called the 'database state', which they claimed operationalised the government's wish to manage society by keeping a constant check on its citizens. The government eventually scrapped the plans. US plans to introduce a similar scheme have all but ground to a halt.
Germany has forbidden centralisation of population information, because of its historical experience with Nazism, which used population records to practice one of the most ghastly cases of discriminatory social sorting the world has ever seen. Some countries have resorted to local storage of biometric data, which is embedded in the chip on the ID card or passport, without being saved in a centralised database.
However, countries in the South have jumped on the biometric bandwagon, including South Africa, in spite of the many red flags about the technology.
The International Criminal Police Organisation (Interpol), the World Bank, and private security multinationals have worked tirelessly to promote biometrics in the South, to manage what they perceive to be problem populations and to keep them out of an increasingly fortified North. Some Northern countries that have refused to subject their own populations to biometrics, have nevertheless implemented the technology in border control.
Yet, opposition is growing in the South, too. Recently, the Indian Supreme Court directed the government to withdraw orders making the card mandatory for providing any service, and disallowing it from sharing any ID information without the prior permission of the card holder.
South Africa has had a centralised national population registry for many years, the Home Affairs National Identification System (HANIS). Unlike Mauritius, South Africa is not compelling its citizens to enrol and carry ID cards; but, there is compulsion by stealth, as people will gradually be unable to undertake basic civil functions without a card.
Why have biometric databases not become as controversial in South Africa as they have elsewhere? According to Wits University academic Keith Breckenridge, opposition usually begins when engineers and scientists, who understand the technical issues, team up with journalists, civil society and grassroots movements to publicise the dangers.
In South Africa, low levels of public awareness of the dangers allowed biometrics to be introduced to the social security system, and then extended to the national population register.
The technology press have tended to publish fawning articles extolling the virtues of biometrics, while the investigative press have focussed on corruption and mismanagement in the Department. The fact that the reportage has been confined to a fairly narrow range of issues, has left the broader issues around privacy and surveillance largely unaired. With one or two notable exceptions, the technical part of society has not spoken out.
The Department is idealising biometric technology, arguing that not only will the system prevent identity theft, but it will also become a gateway to service delivery and a lynchpin of all citizen engagements with government.
In fact, the Department has said that, in future, South Africans may use just one card for all their official documentation requirements, including identities, driving licences, National Health Insurance and social grants. As several other departments had expressed interest in becoming involved in the project, the Department would look into how it could upscale the chip on the cards in order to accommodate them.
The Department's statements suggest that data sharing across departments is envisaged, and that function creep is considered unproblematic. They are also being vague about the future shape of the system, and have, for instance, floated the possibility of extending the system into electronic purses. In response to a Parliamentary question on this very issue, the Department said that the card '... will include, amongst others, demographic information which is in the current green bar-coded ID book, a picture, fingerprint biometric security features and other security information which cannot be disclosed for security reasons'.
This reply implies that the number of registerable facts is likely to increase in time, and the mind boggles at what is meant by 'security information'. The Department needs to be much clearer about the purposes the ID card and database will be put to. To its credit, though, it has instituted an elaborate audit trail to deter officials from mis-using the database to commit fraud, but this is unlikely to deter hackers.
Freedom of expression has been hugely controversy in South Africa, yet the related right to privacy has attracted practically no debate, possibly because the right lacks a dedicated civil society champion.
How much information should the state have about its citizens, who have already been 'RICA'd', 'FICA'd', 'e-Natis'd' and 'e-tolled'? In the absence of this debate, South Africa is well on its way to becoming a database state.
The one ray of hope is the newly-promulgated Protection of Personal Information Act, which promises to stop misuse of personal data. The Act is lauded widely as a very good law, but it remains untested, especially when it comes to national security matters. Also, much depends on the robustness of the soon-to-be-created Information Regulator, meant to investigate breaches of the Act.
The Act applies to criminal justice and national security matters only if they do not offer sufficient privacy safeguards. In cases where these safeguards don't exist sufficiently, then the Act forbids further processing of information by state bodies, unless it is necessary to avoid prejudice to the maintenance of the law by any public body: a rather fluffy formulation.
However, the dangers of centralised biometric databases go beyond the Act; they call into question the very wisdom of biometrics itself, given that the solution that it offers to problem of identity fraud may well be worse that the problem itself.
Biometric technology on a large scale is untested and by no means infallible, and when put in the hands of a state that is increasingly at war with its citizens, it can become a dangerous technology too. In fact, in time, people may come to recognise biometrically-based databases, including those back-ending ID cards, for what they are: a dumb idea.

No comments:

Post a Comment