Kenya’s identity ecosystem is messy. There is very little linkage between foundational identities and functional identities. This has led to duplication of registrations and proliferation of cards, to a huge cost. The country is planning to issue a single unique identifier (NIIMS), a Kenyan version of Aadhaar.  It would have been preferable if the country had adopted the foundational ID system. Nevertheless,  for NIIMS to succeed, some things must be done properly. One is privacy and data protection, second is technology and cybersecurity, and third is to avoid exclusions and discrimination.

By gatuyu

A national identity is a key product of modern nationalism. The ability to prove your identity is critical for access of public services and exercise of legal rights. Kenya has a well-established national identification (ID) system, where a national ID is a mainstay of daily life. However, the greatest weakness with Kenya’s identity ecosystem is the two identity modes, the foundational systems and functional systems have very little interoperability.

Foundational systems are civil registrations meant to provide general identification and for official purposes, such as a national ID, alien and refugee registrations. Functional systems are registrations for a particular service or transaction such as health cards, passports, driving licenses, each relating to a particular agency.

A wallet of a Kenyan is full of multiple functional cards. The problem has always been with the foundational systems registrations. The National ID card, despite having all the personal data details including biometrics, has very little utility in functional systems. Failure to have linkage between foundational and functional systems has led to duplications in registrations and wastage of resources.

It is therefore refreshing to learn the government has prioritised reforming the identity ecosystem by adopting foundational ID system through the proposed National Integrated Identity Management System (NIIMS). Recent pronouncements by government officials reveal certain decisions have been made to this effect.

These include issuing a single unique ID number form birth, a single national population register that includes citizens, aliens and refugees, and a smartcard for citizens. NIIMS will provide a foundational ID system, where other databases, such as registries of voters, will be built on top.

A World Bank research reveals many countries have realised considerable benefits by adopting efficient ID systems. In Argentina, integration between the tax databases, occupational and other registers through a unique ID improved tax audits, generating over USD 44M in additional revenue from a reduction in tax fraud.

The India’s Aadhaar has significantly facilitated access to and delivery of services.  Visibly, rolling out an efficient identity system will present opportunities terms of fiscal savings, development of the digital economy and enhanced public and private sector service delivery.

A well-designed NIIMS is capable of acting as basis of vote registry and the government could save significant costs from need to carry out periodic voter registration drives. It would facilitate digital authentication that would open doors for e-government and new e-commerce markets.

While NIIMS opportunities abound, so are challenges and risks. There are some things that have to be got right in order to promote trust and confidence in the system. There is need to examine the regulatory enabling environment to on privacy and personal data protection, technology risks, and unintended risks of exclusions.

With electronic ID systems, need to secure data, prevent inappropriate sharing or use of data, including discriminatory use against certain individual or groups is paramount. Data collected for one purpose may be used for other purposes such as profiling and surveillance, including by government agencies, which may compromise trust and integrity of the system.

Equally, cyber security risks such as data theft, fraud, manipulation or hacking, or even destruction needs to be considered. Vulnerable infrastructure, systems and data will erode user confidence making use of the systems less attractive.

The roll out of the program should be inclusive. The Commission of Administrative Justice (Ombudsman), in a report titled ‘stateless in Kenya’, has documented the agony of acquiring identification documents in some regions. A further ill-designed registration approach, which is not facilitative in terms of cost, distance and time to register, or discriminatory, can lead to exclusion. Insights can be drawn from rush and hurdles that resulted from a recent policy requiring students to provide birth certificates in order to sit exams.

Lastly, technology risks, including being proactive in contract negotiations in procuring IT systems to prevent any vendor lock-in practices. The processing of the data needs to be localised through a data centre in the country. The vendors should be deprived controls to prevent hurdles that face the KRA i-Tax system or those purportedly faced by IEBC during presidential election petitions. Inappropriate design of IT system will result into substantial costs increases, reduced flexibility and sustainability.

To mitigate these risks, NIIMS program ought to be founded on clear rules, specifying the rights and obligations of issuers and users, and to avoid unintended consequences such as inadvertent exclusions. It would be appropriate to have a comprehensive legal framework to ensure a NIIMS that promotes trust in the design, implementation and use of ID.

Currently, the only legislative proposal is contained in Statute law (Miscellaneous) Amendment Bill. It is not fair that such a landmark project is initiated in through an omnibus bill, whose sole purpose is to make minor changes in statute book. There is need to adopt a consultative legislative approach that inspires confidence.

There is need to enact an inclusive legislation, focusing on inclusion, non-discrimination, individual privacy, data protection and IT systems. These are important to ensure public trust which is a critical factor for the success of the program, especially to promote the ‘demand side’ case for people registering.

Where individual privacy is not safeguarded, or the new ID system is seen as discriminatory or exclusionary, people may withhold information, supply inaccurate information, or simply avoid participating, reducing the economic and development impact of the program.

Equally, before investing in smartcards and centralising data from different sources into a single database, there is need to consider alternative options including latest technology trends such as distributed ledgers and mobile phone based IDs and experience from other countries. These could be leveraged and ensure the country adopts the best methods.

The author is the Managing Editor, Gatuyuriana