On 11/2/23 17:18, Alex Watila via KICTANet wrote:
what harm comes to a person by being published?
https://en.wikipedia.org/wiki/Identity_theft
--- Sent from my Android phone. Please excuse my brevity
On Wed, 1 Nov 2023, 23:45 Mwendwa Kivuva via KICTANet, <kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>> wrote:
In the age of data protection, the Ministry of Interior is publishing at scale the names of all citizens who have successfully applied for passports.
Every week since the CS initiated the rapid results initiative, the Immigration Department has been publishing publicly the names of all passports ready for collection.
Kindiki may have been doing a good thing - expediency, but as they say, the road to hell is paved by good intentions.
The list is available on the immigration department website here http://immigration.go.ke/category/rri-7/ <http://immigration.go.ke/category/rri-7/> for all passports ready for collection for 6th-10th November 2023. More data is available for other weeks. The data has tracking numbers, full passport holder names, and collection dates. Through quick analysis, this week alone has 18,654 names published and distributed as follows; Kisii 1500 Kisumu 1692 Eldoret 1787 Embu 1750 Mombasa 1552 Nakuru 1000 Nairobi 9373
Questions 1. What can go wrong? What can bad actors do with this data? 2. Do data subjects need to give consent for such data to be published in a public portal? 3. Does the government have the capacity to safely handle mass citizen data? 4. How have other government agencies provided verification services without compromising on privacy? IEBC had such a challenge before the 2022 elections and they instituted a verification process for accessing voter registration data. 5. Does the Ministry of Interior have the capacity to roll out the Digital ID dubbed Maisha namba? 6. Is the ODPC under the Data Protection Act 2019 up to the task of regulating and enforcing compliance of government agencies? 7. How can we help the government in handling citizen data?
Hiyo ndio swali!
For demonstration purposes, what are the implications of a data breach at scale? Just this year, there were allegations that Fuliza scammers gained access to the National Registration Bureau Database and added new citizens. The freshly minted ghost citizens went ahead and borrowed close to Ksh500 million through Safaricom’s Fuliza overdraft facilities. https://ntvkenya.co.ke/crime/eight-suspects-arrested-in-kes-500-million-fuli... <https://ntvkenya.co.ke/crime/eight-suspects-arrested-in-kes-500-million-fuliza-fraud-scheme/> _______________________________________________