In August this year, Nigeria started issuing National ID Cards. This is not the first time that Nigeria will be undergoing a National Identity Card Scheme. The last time a National Identity Card Project was done, only a fraction of the citizens had access to it. Some are still unable to get their card despite having their personal data captured.
SAGEM of France was the company that handled the technology arm of the project. The project was not well handled and it had to be discontinued and SAGEM was further fined for being involved in bribery relating to the awarding of the contract.
The new Nigerian National Identity Card (NNIC) has was launched in May 2013. The first 13 million cards will be MasterCard Branded. When the card starts being used, it is going to have 13 different functions.
This scheme is brigning together different bodies which include:
The NIMC, project lead (National Identity Management Commission),
MasterCard (payments technology provider),
Unified Payment Services Limited (payments processor),
Cryptovision (Public Key Infrastructure and Trust Services Provider),
Pilot issuing banks including Access Bank Plc.
Is This a Good Idea?
According to Gossy Ukanwoke, Founder of Beni American University, not many Nigerians have any kind of identification.
"I feel this centralised form of identification is going to be great as it will be useful for security, finacial services, educational purposes, health and a host of other things. I believe that if the identification system are properly done, every other thing can then be implelemnted." -- Gossy Ukanwoke
As part of measures to combat identity theft and fraud, the identity card's will contain an individual's biometric data. As Gbenga Sesan, Executive Director of Paradigm Initiative of Nigeria, explains "Biometric data of an individual is unique and can not be possessed by two people. Another component of the card is it’ll act as a prepaid charge and debit card powered by MasterCard. This has some form of implication that we should note,"
Sesan elaborated that the project is going to prevent data from being collected by different bodies at the same time.
"At every point in time we have our data collected by the telcos, for drivers license, by INEC—for election, by the bank and a host of other institutions. But when this National Identity Card starts working well, data won’t reside in silos anymore, but will be stored centrally."
Sesan also raised some concerns "While we have seen the laudable benefits that will come out of this project, there are reasons for concern. There’s no Data Protection Law in place in Nigeria that will protect the citizens. The data being collected now will include fingerprints, name, address and other unique sets of data that identifies only one individual. Without the Data Protection Law, the citizens are not duly protected when there’s data breach or mishandling of data on the part of the people that in charge of these data.
"Like in the case of the registration of mobile numbers by telcos in Nigeria. It was not properly supervised and managed. Many contractors were used and it was discovered that a laptop was missing with about 1,000 users biometric data gone with it."
The fear Gbenga spoke about here is founded. In the Information Age where many organisations are collecting data and storing them electronically online, it has been common to hear of cyber breaches, illegal collection of data or data being sold illegaly. He mentioned that the black market of data is huge and there are hackers whose business is selling peronsonal data.
Whithout a functional and well structured Data Protection Law in Nigeria, the National Identity Card is a good project that could cause some harm.
Sanusi Ismaila, CEO of PrecogMedia, added to the discussion saying "I think in theory, it's a great idea, there is so much good that you can extract from such a unified biometric database. As with all things, in trying to get it to work practically, there'll be challenges.
"The benefits are numerous and far reaching. For instance: quick access to blood type details in case of emergency, shorter times to open businesses and bank accounts (verification and KYC--Know Your Customer--right now takes way too long), crime investigations too can get a boost by using biometrics (eg finger prints) to identify culprits, prevention of election fraud by referencing the database, There are many."
Why Data Protection Law is Important
Nigeria's Data Protection bill when passed into law, should provide some form of protection to the citizens whose personal data is being collected.
What is personal data?
“Data that relates to a living individual who can be identified from such data, or and other information which is in the possession of, or is likely to come into the possession of, the data controller and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual." - Source
When the Data Protection Law is effective in Nigeria, it should protect against loss / theft on personal data, whether stored with private organisations or the government. Organisations who collect personal data illegally and sell it will be prosecuted.
"Data protection is a huge deal because you are your data," Says Sanusi.
"Imagine someone could go to the bank and impersonate you and empty all your accounts, or pose as you to commit some crime and you get punished for or even just invade your privacy and personal space because they know more about you than they should, e.g someone could sell your emails and phone numbers to individuals or companies that drown you in spam messsages.
"The UK and US have pretty good citizen registration schemes, but if you want to use a fellow "developing country" as an example, Brazil is a good one to use. They have something called CPF (Cadastro de Pessoas Físicas). In English it means Natural Persons Register--you can't do anything there without at least a temporary one."
As it is now, even with the NNIC Scheme, there is no protection for citizens whose personal data (biometric) is collected and stored besides the one stated in the National Identity Management Commission Act. Under section 23, it states that
it shall be the duty of the card holder to secure the the safety of the card.
If someone or an organisation is found to gain access to personal data collected by the NIMC without authorisation, there's a penalty stated in the Act. The Act however did not state what will happen if the loss/mis-use of data is from the NIMC or agencies that they authorise to have access. A Data Privacy Law would have suffice here, thereby protecting the holder of the card.
There is an ongoing debate as to the level of access that the Nigerian governement is giving to MasterCard. MasterCard will have their logo on the card and they will be in charge of the payment aspect of the card. It has been revealed that MasterCard has only been granted access to enable payments on the card; they are not the one banking the biometric data of the card holder.
Should you Register?
That is an individual decision. The law of the land where you live definitely will affect you. Under the National Identity Management Commision Act, it is an offence if eligiible, but one chooses not to register for a NIN (National Identification Number) and obtain the Nigeria National Identity Card (NNIC).
It is also important to note that having the NNIC with no effective Data Protection Law poses some risks; it could result to identity theft and illegal peddling of personal data with no law to refer to for seeking proper redress ina court of law.
It is in your own best interest to be enlightened as to these risks and what you can do to protect yourself. You can read the Nigerian National Identity Management Commision Act online.
Cover Image Credit: Jeff Attaway