law to start listing of Kenyans? DNA
Listers, Would this be a similar system like the India's Aadhaar which is said to be the world's largest biometric ID system? If so what lessons and drawbacks could be learned? Many issues would need to be addressed as a foundamental step, such include privacy, ethics, security of the said system, complementarity with the existing official databases e.t.c Regards GR On Tue, Jan 22, 2019 at 10:01 PM <kictanet-request@lists.kictanet.or.ke> wrote:
Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit https://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke
You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: law to start listing of Kenyans? DNA (Warigia Bowman)
----------------------------------------------------------------------
Message: 1 Date: Tue, 22 Jan 2019 12:58:59 -0600 From: Warigia Bowman <warigia@gmail.com> To: gertrude matata <gertrudematata@yahoo.com>, KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] law to start listing of Kenyans? DNA Message-ID: < CACeY99TvKOX13-RtN1gjCi_sh4AF8jdnEkJTNHD6WMrFR9Pogg@mail.gmail.com> Content-Type: text/plain; charset="utf-8"
This is disturbing. I am quite sure that the US government does not have the right to take DNA samples from citizens.
Biometric data is not the same as DNA, rather it may include fingerprints and eyescans. This is a move towards a surveillance state.
On Tue, Jan 22, 2019 at 6:24 AM gertrude matata via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers, The amendment to the Act seems to have ignored Article 31(c) of the Constitution. This being a constitutional issue, there is probably a need to subject it to constitutional interpretation on; what was the intention of the article in providing that such information should not be unnecessarily required or revealed; Whether such details being availed to persons registry clerks is defeating that intent; and whether the circumstances demand the "unnecessarily" revealed bar to be lifted. It is worthy to ponder the situation in terms of whether giving such information might not create inborn terror,
Regards,
Gertrude
GERTRUDE MATATA HILLSIDE APARTMENTS 4TH FLOOR, Apartments 11 RAGATI ROAD,Opposite N.H.I.F NEAR CAPITOL HILL POLICE STATION P.O. Box 517-00517 Nairobi Mobile:0722-374109/0772327265
Go to; https://themediatorkenya.wordpress.com/author/themediatorkenya/
*DISCLAIMER* This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of GERTRUDE MATATA. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.
Call Send SMS Call from mobile Add to Skype You'll need Skype CreditFree via Skype
On Tuesday, January 22, 2019, 2:14:05 PM GMT+3, Karanja Marigu via kictanet <kictanet@lists.kictanet.or.ke> wrote:
This is a classical move that also was taken by USA after 911. What do we expect next? Marshal law??
Terrorism is not a justification to take away our privacy rights and collect data. What they will do with all that data, only God knows.
Best Regards,
Karanja Marigu,
'Purpose fuels passion'
On Tue, 22 Jan 2019 at 09:10, Magdalene Kariuki via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear fellow listers,
Happy New Year (albeit late).
Thank you Grace for sharing this information.
Just a few concerns about privacy of persons and the protection and use of information.
While I appreciate and understand the need for Government to address issues relating to threats to security (assuming that this is where the need for such kind of information stems from), what kind of guarantees are there that ensure this information is not traded? What kind of data protection mechanisms are in place? or have these concerns already been raised and addressed in the new legislation?
Regards,
Magdalene
On Mon, Jan 21, 2019 at 12:16 PM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Full story here
https://www.businessdailyafrica.com/economy/Uhuru-backs-law-change/3946234-4...
Il giorno lun 21 gen 2019 alle ore 14:51 Grace Bomu <nmutungu@gmail.com> ha scritto:
Listers,
The government is now free to collect data on Kenyans? DNA and physical location of their homes including satellite details during registration
persons.
This follows President Uhuru Kenyatta?s approval of amendments to the Registration of Persons Act that has included the two to the list of requirements needed at the national people?s registry.
Adults applying for documents such as IDs will be required to provide additional information about their location, including land reference number, plot number or house number.
The ministry is also seeking to introduce Global Positioning System (GPS) coordinates in the registration of persons, enabling the tracking of
of their
location via satellite.
More here
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/magdalene.kariuki%40gm...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/karanjaemarigu%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/gertrudematata%40yahoo...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
*"Education is the most powerful weapon which you can use to change the world."* Nelson Mandela
https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-... Kenya Government mandates DNA-linked national ID, without data protection law Alice Munyua February 8, 2019 No responses yet <https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-linked-national-id-without-data-protection-law/#respond> Last month, the Kenya Parliament passed a seriously concerning amendment <http://kenyalaw.org/kl/fileadmin/pdfdownloads/AmendmentActs/2018/StatuteLawMischellaneousNo18of2018.pdf> to the country’s national ID law, making Kenya home to the most privacy-invasive national ID system in the world. The rebranded, National Integrated Identity Management System (NIIMS) now requires all Kenyans, immigrants, and refugees to turn over their DNA, GPS coordinates of their residential address, retina scans, iris pattern, voice waves, and earlobe geometry before being issued critical identification documents. NIIMS will consolidate information contained in other government agency databases and generate a unique identification number known as Huduma Namba. It is hard to see how this system comports with the right to privacy articulated in Article 31 of the Kenyan Constitution. It is deeply troubling that these amendments passed without public debate, and were approved even as a data protection bill which would designate DNA and biometrics as sensitive data is pending. Before these amendments, in order to issue the National ID Card (ID), the government only required name, date and place of birth, place of residence, and postal address. The ID card is a critical document thatimpacts everyday life, <https://www.khrc.or.ke/2015-03-04-10-37-01/blog/675-a-call-to-action-to-end-statelessness-in-kenya.html> without it, an individual cannot vote, purchase property, access higher education, obtain employment, access credit, or public health, among other fundamental rights. Mozilla strongly believes that that no digital ID system should be implemented without strong privacy and data protection legislation. The proposed Data Protection Bill of 2018 which Parliament is likely to consider next month, is a strong and thorough framework that contains provisions relating to data minimization as well as collection and purpose limitation. If NIIMS is implemented, it will be in conflict with these provisions, and more importantly in conflict with Article 31 of the Constitution, which specifically protects the right to privacy. Proponents <https://www.businessdailyafrica.com/analysis/ideas/Kenya-needs-unified-identity-registration/4259414-4846478-119h6iqz/index.html> of NIIMS claim that the system provides a number of benefits, such as accurate delivery of government services. These arguments also seem to conflate legal and digital identity. Legal ID used to certify one’s identity through basic data about one’s personhood (such as your name and the date and place of your birth) is a commendable goal. It is one of the United Nations Sustainable DevelopmentGoals 16.9 <https://unstats.un.org/sdgs/metadata/?Text=&Goal=16&Target=16.9> that aims /“to provide legal identity for all, including birth registration by 2030”/. However, it is important to remember this objective can be met in several ways. “Digital ID” systems, and especially those that involve sensitive biometrics or DNA, are not a necessary means of verifying identity, and in practice raise significant privacy and security concerns. The choice of whether to opt for a digital ID let alone a biometric ID therefore should be closely scrutinized by governments in light of these risks, rather than uncritically accepted as beneficial. * *Security Concerns: The centralized nature of NIIMS creates massive security vulnerabilities. It could become a honeypot for malicious actors and identity thieves who can exploit other identifying information linked to stolen biometric data. The amendment is unclear on how the government will establish and institute strong security measures required for the protection of such a sensitive database. If there’s a breach, it’s not as if your DNA or retina can be reset like a password or token.* * *Surveillance Concerns: By centralizing a tremendous amount of sensitive data in a government database, NIIMS creates an opportunity for mass surveillance by the State. Not only is the collection of biometrics incredibly invasive, but gathering this data combined with transaction logs of where ID is used could substantially reduce anonymity. This is all the more worrying considering Kenya’s history of**extralegal surveillance and intelligence sharing* <https://privacyinternational.org/sites/default/files/2017-10/track_capture_final.pdf>*.* * *Ethnic Discrimination Concerns: The collection of DNA is particularly concerning as this information can be used to identify an individual’s ethnic identity. Given Kenya’s history of **politicization of ethnic identity* <https://www.khrc.or.ke/publications/183-ethnicity-and-politicization-in-kenya/file.html>*, collecting this data in a centralized database like NIIMS could reproduce and exacerbate patterns of discrimination.* *The process was not constitutional* Kenya’s constitution requires public input before any new law can be adopted. No public discussions were conducted for this amendment. It was offered for parliamentary debate under “/Miscellaneous/” amendments, which exempted it from procedures and scrutiny that would have required introduction as a substantive bill and corresponding public debate. The Kenyan government must not implement this system without sufficient public debate and meaningful engagement to determine how such a system should be implemented if at all. The proposed law does not provide people with the opportunity to opt in or out of giving their sensitive and precise data. The Constitution requires that all Kenyans be granted identification. However, if an individual were to refuse to turn over their DNA or other sensitive information to the State, as they should have the right to do, they could risk not being issued their identity or citizenship documents. Such a denial would contravene Articles 12, 13, and 14 of the Constitution. Opting out of this system should not be used to discriminate or exclude any individual from accessing essential public services and exercising their fundamental rights. Individuals must be in full control of their digital identities with the right to object to processing and use and withdraw consent. These aspects of control and choice are essential to empowering individuals in the deployment of their digital identities. Therefore policy and technical decisions must take into account systems that allow individuals to identify themselves rather than the system identifying them. Mozilla urges the government of Kenya to suspend the implementation of NIIMS and we hope Kenyan members of parliament will act swiftly to pass the Data Protection Bill of 2018. On 23/01/2019 00:28, Gideon via kictanet wrote:
Listers,
Would this be a similar system like the India's Aadhaar which is said to be the world's largest biometric ID system? If so what lessons and drawbacks could be learned?
Many issues would need to be addressed as a foundamental step, such include privacy, ethics, security of the said system, complementarity with the existing official databases e.t.c
Regards GR
On Tue, Jan 22, 2019 at 10:01 PM <kictanet-request@lists.kictanet.or.ke <mailto:kictanet-request@lists.kictanet.or.ke>> wrote:
Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>
To subscribe or unsubscribe via the World Wide Web, visit https://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke <mailto:kictanet-request@lists.kictanet.or.ke>
You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke <mailto:kictanet-owner@lists.kictanet.or.ke>
When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: law to start listing of Kenyans? DNA (Warigia Bowman)
----------------------------------------------------------------------
Message: 1 Date: Tue, 22 Jan 2019 12:58:59 -0600 From: Warigia Bowman <warigia@gmail.com <mailto:warigia@gmail.com>> To: gertrude matata <gertrudematata@yahoo.com <mailto:gertrudematata@yahoo.com>>, KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>> Subject: Re: [kictanet] law to start listing of Kenyans? DNA Message-ID: <CACeY99TvKOX13-RtN1gjCi_sh4AF8jdnEkJTNHD6WMrFR9Pogg@mail.gmail.com <mailto:CACeY99TvKOX13-RtN1gjCi_sh4AF8jdnEkJTNHD6WMrFR9Pogg@mail.gmail.com>> Content-Type: text/plain; charset="utf-8"
This is disturbing. I am quite sure that the US government does not have the right to take DNA samples from citizens.
Biometric data is not the same as DNA, rather it may include fingerprints and eyescans. This is a move towards a surveillance state.
On Tue, Jan 22, 2019 at 6:24 AM gertrude matata via kictanet < kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>> wrote:
> Dear Listers, > The amendment to the Act seems to have ignored Article 31(c) of the > Constitution. This being a constitutional issue, there is probably a need > to subject it to constitutional interpretation on; > what was the intention of the article in providing that such information > should not be unnecessarily required or revealed; > Whether such details being availed to persons registry clerks is > defeating that intent; > and whether the circumstances demand the "unnecessarily" revealed bar > to be lifted. > It is worthy to ponder the situation in terms of whether giving > such information might not create inborn terror, > > Regards, > > Gertrude > > > GERTRUDE MATATA > HILLSIDE APARTMENTS > 4TH FLOOR, Apartments 11 > RAGATI ROAD,Opposite N.H.I.F > NEAR CAPITOL HILL POLICE STATION > P.O. Box 517-00517 > Nairobi > Mobile:0722-374109/0772327265 > > Go to; https://themediatorkenya.wordpress.com/author/themediatorkenya/ > > *DISCLAIMER* > This email and any attachments to it may be confidential and are intended > solely for the use of the individual to whom it is addressed. Any views or > opinions expressed are solely those of the author and do not necessarily > represent those of GERTRUDE MATATA. > If you are not the intended recipient of this email, you must neither take > any action based upon its contents, nor copy or show it to anyone. > Please contact the sender if you believe you have received this email in > error. > > > Call > Send SMS > Call from mobile > Add to Skype > You'll need Skype CreditFree via Skype > > > On Tuesday, January 22, 2019, 2:14:05 PM GMT+3, Karanja Marigu via > kictanet <kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>> wrote: > > > This is a classical move that also was taken by USA after 911. What do we > expect next? Marshal law?? > > Terrorism is not a justification to take away our privacy rights and > collect data. What they will do with all that data, only God knows. > > Best Regards, > > Karanja Marigu, > > 'Purpose fuels passion' > > > On Tue, 22 Jan 2019 at 09:10, Magdalene Kariuki via kictanet < > kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>> wrote: > > Dear fellow listers, > > Happy New Year (albeit late). > > Thank you Grace for sharing this information. > > Just a few concerns about privacy of persons and the protection and use of > information. > > While I appreciate and understand the need for Government to address > issues relating to threats to security (assuming that this is where the > need for such kind of information stems from), what kind of guarantees are > there that ensure this information is not traded? What kind of data > protection mechanisms are in place? > or have these concerns already been raised and addressed in the new > legislation? > > Regards, > > Magdalene > > On Mon, Jan 21, 2019 at 12:16 PM Grace Bomu via kictanet < > kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke>> wrote: > > Full story here > https://www.businessdailyafrica.com/economy/Uhuru-backs-law-change/3946234-4... > > Il giorno lun 21 gen 2019 alle ore 14:51 Grace Bomu <nmutungu@gmail.com <mailto:nmutungu@gmail.com>> > ha scritto: > > Listers, > > The government is now free to collect data on Kenyans? DNA and physical > location of their homes including satellite details during registration of > persons. > > This follows President Uhuru Kenyatta?s approval of amendments to the > Registration of Persons Act that has included the two to the list of > requirements needed at the national people?s registry. > > Adults applying for documents such as IDs will be required to provide > additional information about their location, including land reference > number, plot number or house number. > > The ministry is also seeking to introduce Global Positioning System (GPS) > coordinates in the registration of persons, enabling the tracking of their > location via satellite. > > > More here > > -- > Grace Mutung'u > Skype: gracebomu > @Bomu > PGP ID : 0x33A3450F > > > > -- > Grace Mutung'u > Skype: gracebomu > @Bomu > PGP ID : 0x33A3450F > > _______________________________________________ > kictanet mailing list > kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> > https://lists.kictanet.or.ke/mailman/listinfo/kictanet > Twitter: http://twitter.com/kictanet > Facebook: https://www.facebook.com/KICTANet/ > > Unsubscribe or change your options at > https://lists.kictanet.or.ke/mailman/options/kictanet/magdalene.kariuki%40gm... > > The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform > for people and institutions interested and involved in ICT policy and > regulation. The network aims to act as a catalyst for reform in the ICT > sector in support of the national aim of ICT enabled growth and development. > > KICTANetiquette : Adhere to the same standards of acceptable behaviors > online that you follow in real life: respect people's times and bandwidth, > share knowledge, don't flame or abuse or personalize, respect privacy, do > not spam, do not market your wares or qualifications. > > _______________________________________________ > kictanet mailing list > kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> > https://lists.kictanet.or.ke/mailman/listinfo/kictanet > Twitter: http://twitter.com/kictanet > Facebook: https://www.facebook.com/KICTANet/ > > Unsubscribe or change your options at > https://lists.kictanet.or.ke/mailman/options/kictanet/karanjaemarigu%40gmail... > > > The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform > for people and institutions interested and involved in ICT policy and > regulation. The network aims to act as a catalyst for reform in the ICT > sector in support of the national aim of ICT enabled growth and development. > > KICTANetiquette : Adhere to the same standards of acceptable behaviors > online that you follow in real life: respect people's times and bandwidth, > share knowledge, don't flame or abuse or personalize, respect privacy, do > not spam, do not market your wares or qualifications. > > _______________________________________________ > kictanet mailing list > kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> > https://lists.kictanet.or.ke/mailman/listinfo/kictanet > Twitter: http://twitter.com/kictanet > Facebook: https://www.facebook.com/KICTANet/ > > Unsubscribe or change your options at > https://lists.kictanet.or.ke/mailman/options/kictanet/gertrudematata%40yahoo... > > The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform > for people and institutions interested and involved in ICT policy and > regulation. The network aims to act as a catalyst for reform in the ICT > sector in support of the national aim of ICT enabled growth and development. > > KICTANetiquette : Adhere to the same standards of acceptable behaviors > online that you follow in real life: respect people's times and bandwidth, > share knowledge, don't flame or abuse or personalize, respect privacy, do > not spam, do not market your wares or qualifications. > _______________________________________________ > kictanet mailing list > kictanet@lists.kictanet.or.ke <mailto:kictanet@lists.kictanet.or.ke> > https://lists.kictanet.or.ke/mailman/listinfo/kictanet > Twitter: http://twitter.com/kictanet > Facebook: https://www.facebook.com/KICTANet/ > > Unsubscribe or change your options at > https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.com > > The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform > for people and institutions interested and involved in ICT policy and > regulation. The network aims to act as a catalyst for reform in the ICT > sector in support of the national aim of ICT enabled growth and development. > > KICTANetiquette : Adhere to the same standards of acceptable behaviors > online that you follow in real life: respect people's times and bandwidth, > share knowledge, don't flame or abuse or personalize, respect privacy, do > not spam, do not market your wares or qualifications. >
--
*"Education is the most powerful weapon which you can use to change the world."* Nelson Mandela
Dear Alice, Many thanks for this update from Mozilla. There is need for wider stakeholder engagement on this issue. While the government has a legitimate concern which i presume is taming acts of terrorism, there is need for wider consultations especially on the areas that contravene or appear to contravene the constitution. Thank you Best Regards On Wed, 13 Feb 2019 18:17 Alice Munyua via kictanet < kictanet@lists.kictanet.or.ke wrote:
https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-...
Kenya Government mandates DNA-linked national ID, without data protection law Alice Munyua February 8, 2019
No responses yet <https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-linked-national-id-without-data-protection-law/#respond>
Last month, the Kenya Parliament passed a seriously concerning amendment <http://kenyalaw.org/kl/fileadmin/pdfdownloads/AmendmentActs/2018/StatuteLawMischellaneousNo18of2018.pdf> to the country’s national ID law, making Kenya home to the most privacy-invasive national ID system in the world. The rebranded, National Integrated Identity Management System (NIIMS) now requires all Kenyans, immigrants, and refugees to turn over their DNA, GPS coordinates of their residential address, retina scans, iris pattern, voice waves, and earlobe geometry before being issued critical identification documents. NIIMS will consolidate information contained in other government agency databases and generate a unique identification number known as Huduma Namba.
It is hard to see how this system comports with the right to privacy articulated in Article 31 of the Kenyan Constitution. It is deeply troubling that these amendments passed without public debate, and were approved even as a data protection bill which would designate DNA and biometrics as sensitive data is pending.
Before these amendments, in order to issue the National ID Card (ID), the government only required name, date and place of birth, place of residence, and postal address. The ID card is a critical document that impacts everyday life, <https://www.khrc.or.ke/2015-03-04-10-37-01/blog/675-a-call-to-action-to-end-statelessness-in-kenya.html> without it, an individual cannot vote, purchase property, access higher education, obtain employment, access credit, or public health, among other fundamental rights.
Mozilla strongly believes that that no digital ID system should be implemented without strong privacy and data protection legislation. The proposed Data Protection Bill of 2018 which Parliament is likely to consider next month, is a strong and thorough framework that contains provisions relating to data minimization as well as collection and purpose limitation. If NIIMS is implemented, it will be in conflict with these provisions, and more importantly in conflict with Article 31 of the Constitution, which specifically protects the right to privacy.
Proponents <https://www.businessdailyafrica.com/analysis/ideas/Kenya-needs-unified-identity-registration/4259414-4846478-119h6iqz/index.html> of NIIMS claim that the system provides a number of benefits, such as accurate delivery of government services. These arguments also seem to conflate legal and digital identity. Legal ID used to certify one’s identity through basic data about one’s personhood (such as your name and the date and place of your birth) is a commendable goal. It is one of the United Nations Sustainable Development Goals 16.9 <https://unstats.un.org/sdgs/metadata/?Text=&Goal=16&Target=16.9> that aims *“to provide legal identity for all, including birth registration by 2030”*. However, it is important to remember this objective can be met in several ways. “Digital ID” systems, and especially those that involve sensitive biometrics or DNA, are not a necessary means of verifying identity, and in practice raise significant privacy and security concerns. The choice of whether to opt for a digital ID let alone a biometric ID therefore should be closely scrutinized by governments in light of these risks, rather than uncritically accepted as beneficial.
- *Security Concerns: The centralized nature of NIIMS creates massive security vulnerabilities. It could become a honeypot for malicious actors and identity thieves who can exploit other identifying information linked to stolen biometric data. The amendment is unclear on how the government will establish and institute strong security measures required for the protection of such a sensitive database. If there’s a breach, it’s not as if your DNA or retina can be reset like a password or token.* - *Surveillance Concerns: By centralizing a tremendous amount of sensitive data in a government database, NIIMS creates an opportunity for mass surveillance by the State. Not only is the collection of biometrics incredibly invasive, but gathering this data combined with transaction logs of where ID is used could substantially reduce anonymity. This is all the more worrying considering Kenya’s history of* *extralegal surveillance and intelligence sharing* <https://privacyinternational.org/sites/default/files/2017-10/track_capture_final.pdf> *.* - *Ethnic Discrimination Concerns: The collection of DNA is particularly concerning as this information can be used to identify an individual’s ethnic identity. Given Kenya’s history of **politicization of ethnic identity* <https://www.khrc.or.ke/publications/183-ethnicity-and-politicization-in-kenya/file.html>*, collecting this data in a centralized database like NIIMS could reproduce and exacerbate patterns of discrimination.*
*The process was not constitutional*
Kenya’s constitution requires public input before any new law can be adopted. No public discussions were conducted for this amendment. It was offered for parliamentary debate under “*Miscellaneous*” amendments, which exempted it from procedures and scrutiny that would have required introduction as a substantive bill and corresponding public debate. The Kenyan government must not implement this system without sufficient public debate and meaningful engagement to determine how such a system should be implemented if at all.
The proposed law does not provide people with the opportunity to opt in or out of giving their sensitive and precise data. The Constitution requires that all Kenyans be granted identification. However, if an individual were to refuse to turn over their DNA or other sensitive information to the State, as they should have the right to do, they could risk not being issued their identity or citizenship documents. Such a denial would contravene Articles 12, 13, and 14 of the Constitution.
Opting out of this system should not be used to discriminate or exclude any individual from accessing essential public services and exercising their fundamental rights.
Individuals must be in full control of their digital identities with the right to object to processing and use and withdraw consent. These aspects of control and choice are essential to empowering individuals in the deployment of their digital identities. Therefore policy and technical decisions must take into account systems that allow individuals to identify themselves rather than the system identifying them.
Mozilla urges the government of Kenya to suspend the implementation of NIIMS and we hope Kenyan members of parliament will act swiftly to pass the Data Protection Bill of 2018.
On 23/01/2019 00:28, Gideon via kictanet wrote:
Listers,
Would this be a similar system like the India's Aadhaar which is said to be the world's largest biometric ID system? If so what lessons and drawbacks could be learned?
Many issues would need to be addressed as a foundamental step, such include privacy, ethics, security of the said system, complementarity with the existing official databases e.t.c
Regards GR
On Tue, Jan 22, 2019 at 10:01 PM <kictanet-request@lists.kictanet.or.ke> wrote:
Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit https://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke
You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: law to start listing of Kenyans? DNA (Warigia Bowman)
----------------------------------------------------------------------
Message: 1 Date: Tue, 22 Jan 2019 12:58:59 -0600 From: Warigia Bowman <warigia@gmail.com> To: gertrude matata <gertrudematata@yahoo.com>, KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] law to start listing of Kenyans? DNA Message-ID: < CACeY99TvKOX13-RtN1gjCi_sh4AF8jdnEkJTNHD6WMrFR9Pogg@mail.gmail.com> Content-Type: text/plain; charset="utf-8"
This is disturbing. I am quite sure that the US government does not have the right to take DNA samples from citizens.
Biometric data is not the same as DNA, rather it may include fingerprints and eyescans. This is a move towards a surveillance state.
On Tue, Jan 22, 2019 at 6:24 AM gertrude matata via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers, The amendment to the Act seems to have ignored Article 31(c) of the Constitution. This being a constitutional issue, there is probably a need to subject it to constitutional interpretation on; what was the intention of the article in providing that such information should not be unnecessarily required or revealed; Whether such details being availed to persons registry clerks is defeating that intent; and whether the circumstances demand the "unnecessarily" revealed bar to be lifted. It is worthy to ponder the situation in terms of whether giving such information might not create inborn terror,
Regards,
Gertrude
GERTRUDE MATATA HILLSIDE APARTMENTS 4TH FLOOR, Apartments 11 RAGATI ROAD,Opposite N.H.I.F NEAR CAPITOL HILL POLICE STATION P.O. Box 517-00517 Nairobi Mobile:0722-374109/0772327265
Go to; https://themediatorkenya.wordpress.com/author/themediatorkenya/
*DISCLAIMER* This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of GERTRUDE MATATA. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.
Call Send SMS Call from mobile Add to Skype You'll need Skype CreditFree via Skype
On Tuesday, January 22, 2019, 2:14:05 PM GMT+3, Karanja Marigu via kictanet <kictanet@lists.kictanet.or.ke> wrote:
This is a classical move that also was taken by USA after 911. What do we expect next? Marshal law??
Terrorism is not a justification to take away our privacy rights and collect data. What they will do with all that data, only God knows.
Best Regards,
Karanja Marigu,
'Purpose fuels passion'
On Tue, 22 Jan 2019 at 09:10, Magdalene Kariuki via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear fellow listers,
Happy New Year (albeit late).
Thank you Grace for sharing this information.
Just a few concerns about privacy of persons and the protection and use of information.
While I appreciate and understand the need for Government to address issues relating to threats to security (assuming that this is where the need for such kind of information stems from), what kind of guarantees are there that ensure this information is not traded? What kind of data protection mechanisms are in place? or have these concerns already been raised and addressed in the new legislation?
Regards,
Magdalene
On Mon, Jan 21, 2019 at 12:16 PM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Full story here
https://www.businessdailyafrica.com/economy/Uhuru-backs-law-change/3946234-4...
Il giorno lun 21 gen 2019 alle ore 14:51 Grace Bomu <nmutungu@gmail.com
ha scritto:
Listers,
The government is now free to collect data on Kenyans? DNA and physical location of their homes including satellite details during registration
persons.
This follows President Uhuru Kenyatta?s approval of amendments to the Registration of Persons Act that has included the two to the list of requirements needed at the national people?s registry.
Adults applying for documents such as IDs will be required to provide additional information about their location, including land reference number, plot number or house number.
The ministry is also seeking to introduce Global Positioning System (GPS) coordinates in the registration of persons, enabling the tracking of
of their
location via satellite.
More here
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/magdalene.kariuki%40gm...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/karanjaemarigu%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/gertrudematata%40yahoo...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
--
*"Education is the most powerful weapon which you can use to change the world."* Nelson Mandela
My thoughts on the NIIMS is we have to give the new move greater thought . I think we need to look to the case in India and the benefits of the Aadhaar system which is similar to the NIIMs and the general direction India took to open data in building the Indian Stack. Several cases were brought to challenge the Aadhaar on privacy issues and risk of government surveillance but courts in India have continued to hold that the public interest benefits of the Aadhaar far much outweigh the privacy concerns and have allowed the Aadhaar to continue. In retrospect since Aadhaar was launched in 2009, they have managed to register majority of Indians and used it to build the Indian Stack. Perhaps what we need is to recommend more structure and administrative safeguards for the NIIMS. In the long-term the NIIMS may be of greater benefit to us especially the potential that kid of data could play in innovation. We need to protect privacy but at the same time we need to thing strategically how better data can assist resolve issues and layer innovation for the general good. I do agree the data protection bill must be past but beyond this, what is our overall goal if we were to have better data in a government platform that can be open, accessible like the Aadhaar and several API's can be built on that architecture to drive innovation? Is it time to push more for Open Data in line with the Data Protection Bill? Thanks, Phyllis On 2019-02-14 08:19, Barrack Otieno via kictanet wrote:
Dear Alice,
Many thanks for this update from Mozilla. There is need for wider stakeholder engagement on this issue. While the government has a legitimate concern which i presume is taming acts of terrorism, there is need for wider consultations especially on the areas that contravene or appear to contravene the constitution.
Thank you
Best Regards
On Wed, 13 Feb 2019 18:17 Alice Munyua via kictanet <kictanet@lists.kictanet.or.ke wrote:
https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-...
KENYA GOVERNMENT MANDATES DNA-LINKED NATIONAL ID, WITHOUT DATA PROTECTION LAW
Alice Munyua February 8, 2019
No responses yet [1]
Last month, the Kenya Parliament passed a seriously concerning amendment [2] to the country’s national ID law, making Kenya home to the most privacy-invasive national ID system in the world. The rebranded, National Integrated Identity Management System (NIIMS) now requires all Kenyans, immigrants, and refugees to turn over their DNA, GPS coordinates of their residential address, retina scans, iris pattern, voice waves, and earlobe geometry before being issued critical identification documents. NIIMS will consolidate information contained in other government agency databases and generate a unique identification number known as Huduma Namba.
It is hard to see how this system comports with the right to privacy articulated in Article 31 of the Kenyan Constitution. It is deeply troubling that these amendments passed without public debate, and were approved even as a data protection bill which would designate DNA and biometrics as sensitive data is pending.
Before these amendments, in order to issue the National ID Card (ID), the government only required name, date and place of birth, place of residence, and postal address. The ID card is a critical document that impacts everyday life, [3] without it, an individual cannot vote, purchase property, access higher education, obtain employment, access credit, or public health, among other fundamental rights.
Mozilla strongly believes that that no digital ID system should be implemented without strong privacy and data protection legislation. The proposed Data Protection Bill of 2018 which Parliament is likely to consider next month, is a strong and thorough framework that contains provisions relating to data minimization as well as collection and purpose limitation. If NIIMS is implemented, it will be in conflict with these provisions, and more importantly in conflict with Article 31 of the Constitution, which specifically protects the right to privacy.
Proponents [4] of NIIMS claim that the system provides a number of benefits, such as accurate delivery of government services. These arguments also seem to conflate legal and digital identity. Legal ID used to certify one’s identity through basic data about one’s personhood (such as your name and the date and place of your birth) is a commendable goal. It is one of the United Nations Sustainable Development Goals 16.9 [5] that aims _“to provide legal identity for all, including birth registration by 2030”_. However, it is important to remember this objective can be met in several ways. “Digital ID” systems, and especially those that involve sensitive biometrics or DNA, are not a necessary means of verifying identity, and in practice raise significant privacy and security concerns. The choice of whether to opt for a digital ID let alone a biometric ID therefore should be closely scrutinized by governments in light of these risks, rather than uncritically accepted as beneficial.
* SECURITY CONCERNS: THE CENTRALIZED NATURE OF NIIMS CREATES MASSIVE SECURITY VULNERABILITIES. IT COULD BECOME A HONEYPOT FOR MALICIOUS ACTORS AND IDENTITY THIEVES WHO CAN EXPLOIT OTHER IDENTIFYING INFORMATION LINKED TO STOLEN BIOMETRIC DATA. THE AMENDMENT IS UNCLEAR ON HOW THE GOVERNMENT WILL ESTABLISH AND INSTITUTE STRONG SECURITY MEASURES REQUIRED FOR THE PROTECTION OF SUCH A SENSITIVE DATABASE. IF THERE’S A BREACH, IT’S NOT AS IF YOUR DNA OR RETINA CAN BE RESET LIKE A PASSWORD OR TOKEN. * SURVEILLANCE CONCERNS: BY CENTRALIZING A TREMENDOUS AMOUNT OF SENSITIVE DATA IN A GOVERNMENT DATABASE, NIIMS CREATES AN OPPORTUNITY FOR MASS SURVEILLANCE BY THE STATE. NOT ONLY IS THE COLLECTION OF BIOMETRICS INCREDIBLY INVASIVE, BUT GATHERING THIS DATA COMBINED WITH TRANSACTION LOGS OF WHERE ID IS USED COULD SUBSTANTIALLY REDUCE ANONYMITY. THIS IS ALL THE MORE WORRYING CONSIDERING KENYA’S HISTORY OF EXTRALEGAL SURVEILLANCE AND INTELLIGENCE SHARING [6]. * ETHNIC DISCRIMINATION CONCERNS: THE COLLECTION OF DNA IS PARTICULARLY CONCERNING AS THIS INFORMATION CAN BE USED TO IDENTIFY AN INDIVIDUAL’S ETHNIC IDENTITY. GIVEN KENYA’S HISTORY OF POLITICIZATION OF ETHNIC IDENTITY [7], COLLECTING THIS DATA IN A CENTRALIZED DATABASE LIKE NIIMS COULD REPRODUCE AND EXACERBATE PATTERNS OF DISCRIMINATION.
THE PROCESS WAS NOT CONSTITUTIONAL
Kenya’s constitution requires public input before any new law can be adopted. No public discussions were conducted for this amendment. It was offered for parliamentary debate under “_Miscellaneous_” amendments, which exempted it from procedures and scrutiny that would have required introduction as a substantive bill and corresponding public debate. The Kenyan government must not implement this system without sufficient public debate and meaningful engagement to determine how such a system should be implemented if at all.
The proposed law does not provide people with the opportunity to opt in or out of giving their sensitive and precise data. The Constitution requires that all Kenyans be granted identification. However, if an individual were to refuse to turn over their DNA or other sensitive information to the State, as they should have the right to do, they could risk not being issued their identity or citizenship documents. Such a denial would contravene Articles 12, 13, and 14 of the Constitution.
Opting out of this system should not be used to discriminate or exclude any individual from accessing essential public services and exercising their fundamental rights.
Individuals must be in full control of their digital identities with the right to object to processing and use and withdraw consent. These aspects of control and choice are essential to empowering individuals in the deployment of their digital identities. Therefore policy and technical decisions must take into account systems that allow individuals to identify themselves rather than the system identifying them.
Mozilla urges the government of Kenya to suspend the implementation of NIIMS and we hope Kenyan members of parliament will act swiftly to pass the Data Protection Bill of 2018.
On 23/01/2019 00:28, Gideon via kictanet wrote:
Listers,
Would this be a similar system like the India's Aadhaar which is said to be the world's largest biometric ID system? If so what lessons and drawbacks could be learned?
Many issues would need to be addressed as a foundamental step, such include privacy, ethics, security of the said system, complementarity with the existing official databases e.t.c
Regards
GR
On Tue, Jan 22, 2019 at 10:01 PM <kictanet-request@lists.kictanet.or.ke> wrote: Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit https://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke
You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: law to start listing of Kenyans? DNA (Warigia Bowman)
----------------------------------------------------------------------
Message: 1 Date: Tue, 22 Jan 2019 12:58:59 -0600 From: Warigia Bowman <warigia@gmail.com> To: gertrude matata <gertrudematata@yahoo.com>, KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] law to start listing of Kenyans? DNA Message-ID:
<CACeY99TvKOX13-RtN1gjCi_sh4AF8jdnEkJTNHD6WMrFR9Pogg@mail.gmail.com> Content-Type: text/plain; charset="utf-8"
This is disturbing. I am quite sure that the US government does not have the right to take DNA samples from citizens.
Biometric data is not the same as DNA, rather it may include fingerprints and eyescans. This is a move towards a surveillance state.
On Tue, Jan 22, 2019 at 6:24 AM gertrude matata via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers, The amendment to the Act seems to have ignored Article 31(c) of the Constitution. This being a constitutional issue, there is probably a need to subject it to constitutional interpretation on; what was the intention of the article in providing that such information should not be unnecessarily required or revealed; Whether such details being availed to persons registry clerks is defeating that intent; and whether the circumstances demand the "unnecessarily" revealed bar to be lifted. It is worthy to ponder the situation in terms of whether giving such information might not create inborn terror,
Regards,
Gertrude
GERTRUDE MATATA HILLSIDE APARTMENTS 4TH FLOOR, Apartments 11 RAGATI ROAD,Opposite N.H.I.F NEAR CAPITOL HILL POLICE STATION P.O. Box 517-00517 Nairobi Mobile:0722-374109/0772327265
Go to; https://themediatorkenya.wordpress.com/author/themediatorkenya/
*DISCLAIMER* This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of GERTRUDE MATATA. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.
Call Send SMS Call from mobile Add to Skype You'll need Skype CreditFree via Skype
On Tuesday, January 22, 2019, 2:14:05 PM GMT+3, Karanja Marigu via kictanet <kictanet@lists.kictanet.or.ke> wrote:
This is a classical move that also was taken by USA after 911. What do we expect next? Marshal law??
Terrorism is not a justification to take away our privacy rights and collect data. What they will do with all that data, only God knows.
Best Regards,
Karanja Marigu,
'Purpose fuels passion'
On Tue, 22 Jan 2019 at 09:10, Magdalene Kariuki via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear fellow listers,
Happy New Year (albeit late).
Thank you Grace for sharing this information.
Just a few concerns about privacy of persons and the protection and use of information.
While I appreciate and understand the need for Government to address issues relating to threats to security (assuming that this is where the need for such kind of information stems from), what kind of guarantees are there that ensure this information is not traded? What kind of data protection mechanisms are in place? or have these concerns already been raised and addressed in the new legislation?
Regards,
Magdalene
On Mon, Jan 21, 2019 at 12:16 PM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Full story here
https://www.businessdailyafrica.com/economy/Uhuru-backs-law-change/3946234-4...
Il giorno lun 21 gen 2019 alle ore 14:51 Grace Bomu
ha scritto:
Listers,
The government is now free to collect data on Kenyans? DNA and
location of their homes including satellite details during registration of persons.
This follows President Uhuru Kenyatta?s approval of amendments to
Registration of Persons Act that has included the two to the list of requirements needed at the national people?s registry.
Adults applying for documents such as IDs will be required to
<nmutungu@gmail.com> physical the provide
additional information about their location, including land reference number, plot number or house number.
The ministry is also seeking to introduce Global Positioning System (GPS) coordinates in the registration of persons, enabling the tracking of their location via satellite.
More here
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/magdalene.kariuki%40gm...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect
platform the ICT privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/karanjaemarigu%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect
platform the ICT privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/gertrudematata%40yahoo...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect
platform the ICT privacy, do
not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect
platform the ICT privacy, do
not spam, do not market your wares or qualifications.
--
*"Education is the most powerful weapon which you can use to change the world."* Nelson Mandela
1. Aadhaar is currently the subject of potentially scandalous news coverage on data breach Aadhaar: Has UIDAI lied in its counter filed before the Delhi High Court? | | | | | | | | | | | Aadhaar: Has UIDAI lied in its counter filed before the Delhi High Court? UIDAI might just have provided false information in its counter filed before the Delhi High Court in Shamnad Bas... | | | 2. Aadhaar has not reduced terrorism (not immune to insider corruption). In fact terrorists now POSSESS AADHAAR CARDS. Jaish-e-Mohammed terrorist from PoK caught, Aadhaar card recovered from him | | | | | | | | | | | Jaish-e-Mohammed terrorist from PoK caught, Aadhaar card recovered from him The official said the operation spanned two months, with security forces keeping a track of Rehman's movement in... | | | US condemns Pulwama terror attack, asks Pakistan to deny support to terrorists | | | | | | | | | | | US condemns Pulwama terror attack, asks Pakistan to deny support to terr... In a press release, the US Department of State said it condemns the terrorist attack on the Indian CRPF convoy a... | | | 3. Banking fraud in India rises by 72% in 2018 under Aadhar regime. This includes Aadhar linked crime (Bankers worried) https://www.businesstoday.in/sectors/banks/bank-frauds-rise-over-72pc-to-rs-... https://www.business-standard.com/article/finance/alarming-rise-in-banking-f... How fraud Aadhaar calls are targeting bank accounts - Times of India | | | | | | | | | | | How fraud Aadhaar calls are targeting bank accounts - Times of India GURUGRAM: Nidhi Sharma, a resident of Sector 10A, recently received a call from a person who claimed to be an ex... | | | 4. Aadhaar's biometric source code belongs to foreign entities - this is a major sovereignty risk (noted by a dissenting Indian Supreme Court Judge). "Neither the Central Government nor the Unique Identification Authority of India(UIDAI) have the source code for the de-duplication technology which is at the heart of the programme. The source code belongs to a foreign corporation." This creates massive risk of elections interference by foreign entities. "Dignity and the rights of individuals cannot be made to depend on algorithms or probabilities. Constitutional guarantees cannot be subject to the vicissitudes of technology." "The leakage of sensitive personal information of 1.2 billion citizens, cannot be remedied by a mere contractual indemnity. The loss of data is irretrievable." https://www.livelaw.in/foreign-company-has-source-code-of-aadhaar-project-it... 5. Indian Supreme Court okayed Aadhaar primarily for use by marginalized groups to access welfare - but placed severe limitations on other uses: For example, Aadhaar is voluntary (save for welfare beneficiaries), the data cannot be (legally) used for national security purposes, and the biometric data cannot be (legally) used by the private sector. Perhaps our good lawyers can advise - from an expert perspective - whether/how this judgment might influence Kenyan courts? https://thewire.in/law/supreme-court-upholds-validity-of-aadhaar-but-cant-li... 6. An analysis of Aadhaar Fraud incidences / types. Aadhaar Fraud is Not Only Real, But is Worth More Closely Examining | | | | | | | | | | | Aadhaar Fraud is Not Only Real, But is Worth More Closely Examining An online examination of publicly reported incidents shows that contrary to its proponents’ claims, Aadhaar has ... | | | What lessons can Kenya draw from this, in order to implement NIIMS better? Good day,Patrick. On Thursday, February 14, 2019, 1:00:16 PM GMT+3, pkamau--- via kictanet <kictanet@lists.kictanet.or.ke> wrote: My thoughts on the NIIMS is we have to give the new move greater thought . I think we need to look to the case in India and the benefits of the Aadhaar system which is similar to the NIIMs and the general direction India took to open data in building the Indian Stack. Several cases were brought to challenge the Aadhaar on privacy issues and risk of government surveillance but courts in India have continued to hold that the public interest benefits of the Aadhaar far much outweigh the privacy concerns and have allowed the Aadhaar to continue. In retrospect since Aadhaar was launched in 2009, they have managed to register majority of Indians and used it to build the Indian Stack. Perhaps what we need is to recommend more structure and administrative safeguards for the NIIMS. In the long-term the NIIMS may be of greater benefit to us especially the potential that kid of data could play in innovation. We need to protect privacy but at the same time we need to thing strategically how better data can assist resolve issues and layer innovation for the general good. I do agree the data protection bill must be past but beyond this, what is our overall goal if we were to have better data in a government platform that can be open, accessible like the Aadhaar and several API's can be built on that architecture to drive innovation? Is it time to push more for Open Data in line with the Data Protection Bill? Thanks, Phyllis On 2019-02-14 08:19, Barrack Otieno via kictanet wrote:
Dear Alice,
Many thanks for this update from Mozilla. There is need for wider stakeholder engagement on this issue. While the government has a legitimate concern which i presume is taming acts of terrorism, there is need for wider consultations especially on the areas that contravene or appear to contravene the constitution.
Thank you
Best Regards
On Wed, 13 Feb 2019 18:17 Alice Munyua via kictanet <kictanet@lists.kictanet.or.ke wrote:
https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-...
KENYA GOVERNMENT MANDATES DNA-LINKED NATIONAL ID, WITHOUT DATA PROTECTION LAW
Alice Munyua February 8, 2019
No responses yet [1]
Last month, the Kenya Parliament passed a seriously concerning amendment [2] to the country’s national ID law, making Kenya home to the most privacy-invasive national ID system in the world. The rebranded, National Integrated Identity Management System (NIIMS) now requires all Kenyans, immigrants, and refugees to turn over their DNA, GPS coordinates of their residential address, retina scans, iris pattern, voice waves, and earlobe geometry before being issued critical identification documents. NIIMS will consolidate information contained in other government agency databases and generate a unique identification number known as Huduma Namba.
It is hard to see how this system comports with the right to privacy articulated in Article 31 of the Kenyan Constitution. It is deeply troubling that these amendments passed without public debate, and were approved even as a data protection bill which would designate DNA and biometrics as sensitive data is pending.
Before these amendments, in order to issue the National ID Card (ID), the government only required name, date and place of birth, place of residence, and postal address. The ID card is a critical document that impacts everyday life, [3] without it, an individual cannot vote, purchase property, access higher education, obtain employment, access credit, or public health, among other fundamental rights.
Mozilla strongly believes that that no digital ID system should be implemented without strong privacy and data protection legislation. The proposed Data Protection Bill of 2018 which Parliament is likely to consider next month, is a strong and thorough framework that contains provisions relating to data minimization as well as collection and purpose limitation. If NIIMS is implemented, it will be in conflict with these provisions, and more importantly in conflict with Article 31 of the Constitution, which specifically protects the right to privacy.
Proponents [4] of NIIMS claim that the system provides a number of benefits, such as accurate delivery of government services. These arguments also seem to conflate legal and digital identity. Legal ID used to certify one’s identity through basic data about one’s personhood (such as your name and the date and place of your birth) is a commendable goal. It is one of the United Nations Sustainable Development Goals 16.9 [5] that aims _“to provide legal identity for all, including birth registration by 2030”_. However, it is important to remember this objective can be met in several ways. “Digital ID” systems, and especially those that involve sensitive biometrics or DNA, are not a necessary means of verifying identity, and in practice raise significant privacy and security concerns. The choice of whether to opt for a digital ID let alone a biometric ID therefore should be closely scrutinized by governments in light of these risks, rather than uncritically accepted as beneficial.
* SECURITY CONCERNS: THE CENTRALIZED NATURE OF NIIMS CREATES MASSIVE SECURITY VULNERABILITIES. IT COULD BECOME A HONEYPOT FOR MALICIOUS ACTORS AND IDENTITY THIEVES WHO CAN EXPLOIT OTHER IDENTIFYING INFORMATION LINKED TO STOLEN BIOMETRIC DATA. THE AMENDMENT IS UNCLEAR ON HOW THE GOVERNMENT WILL ESTABLISH AND INSTITUTE STRONG SECURITY MEASURES REQUIRED FOR THE PROTECTION OF SUCH A SENSITIVE DATABASE. IF THERE’S A BREACH, IT’S NOT AS IF YOUR DNA OR RETINA CAN BE RESET LIKE A PASSWORD OR TOKEN. * SURVEILLANCE CONCERNS: BY CENTRALIZING A TREMENDOUS AMOUNT OF SENSITIVE DATA IN A GOVERNMENT DATABASE, NIIMS CREATES AN OPPORTUNITY FOR MASS SURVEILLANCE BY THE STATE. NOT ONLY IS THE COLLECTION OF BIOMETRICS INCREDIBLY INVASIVE, BUT GATHERING THIS DATA COMBINED WITH TRANSACTION LOGS OF WHERE ID IS USED COULD SUBSTANTIALLY REDUCE ANONYMITY. THIS IS ALL THE MORE WORRYING CONSIDERING KENYA’S HISTORY OF EXTRALEGAL SURVEILLANCE AND INTELLIGENCE SHARING [6]. * ETHNIC DISCRIMINATION CONCERNS: THE COLLECTION OF DNA IS PARTICULARLY CONCERNING AS THIS INFORMATION CAN BE USED TO IDENTIFY AN INDIVIDUAL’S ETHNIC IDENTITY. GIVEN KENYA’S HISTORY OF POLITICIZATION OF ETHNIC IDENTITY [7], COLLECTING THIS DATA IN A CENTRALIZED DATABASE LIKE NIIMS COULD REPRODUCE AND EXACERBATE PATTERNS OF DISCRIMINATION.
THE PROCESS WAS NOT CONSTITUTIONAL
Kenya’s constitution requires public input before any new law can be adopted. No public discussions were conducted for this amendment. It was offered for parliamentary debate under “_Miscellaneous_” amendments, which exempted it from procedures and scrutiny that would have required introduction as a substantive bill and corresponding public debate. The Kenyan government must not implement this system without sufficient public debate and meaningful engagement to determine how such a system should be implemented if at all.
The proposed law does not provide people with the opportunity to opt in or out of giving their sensitive and precise data. The Constitution requires that all Kenyans be granted identification. However, if an individual were to refuse to turn over their DNA or other sensitive information to the State, as they should have the right to do, they could risk not being issued their identity or citizenship documents. Such a denial would contravene Articles 12, 13, and 14 of the Constitution.
Opting out of this system should not be used to discriminate or exclude any individual from accessing essential public services and exercising their fundamental rights.
Individuals must be in full control of their digital identities with the right to object to processing and use and withdraw consent. These aspects of control and choice are essential to empowering individuals in the deployment of their digital identities. Therefore policy and technical decisions must take into account systems that allow individuals to identify themselves rather than the system identifying them.
Mozilla urges the government of Kenya to suspend the implementation of NIIMS and we hope Kenyan members of parliament will act swiftly to pass the Data Protection Bill of 2018.
On 23/01/2019 00:28, Gideon via kictanet wrote:
Listers,
Would this be a similar system like the India's Aadhaar which is said to be the world's largest biometric ID system? If so what lessons and drawbacks could be learned?
Many issues would need to be addressed as a foundamental step, such include privacy, ethics, security of the said system, complementarity with the existing official databases e.t.c
Regards
GR
On Tue, Jan 22, 2019 at 10:01 PM <kictanet-request@lists.kictanet.or.ke> wrote: Send kictanet mailing list submissions to kictanet@lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit https://lists.kictanet.or.ke/mailman/listinfo/kictanet or, via email, send a message with subject or body 'help' to kictanet-request@lists.kictanet.or.ke
You can reach the person managing the list at kictanet-owner@lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: law to start listing of Kenyans? DNA (Warigia Bowman)
----------------------------------------------------------------------
Message: 1 Date: Tue, 22 Jan 2019 12:58:59 -0600 From: Warigia Bowman <warigia@gmail.com> To: gertrude matata <gertrudematata@yahoo.com>, KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] law to start listing of Kenyans? DNA Message-ID:
<CACeY99TvKOX13-RtN1gjCi_sh4AF8jdnEkJTNHD6WMrFR9Pogg@mail.gmail.com> Content-Type: text/plain; charset="utf-8"
This is disturbing. I am quite sure that the US government does not have the right to take DNA samples from citizens.
Biometric data is not the same as DNA, rather it may include fingerprints and eyescans. This is a move towards a surveillance state.
On Tue, Jan 22, 2019 at 6:24 AM gertrude matata via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers, The amendment to the Act seems to have ignored Article 31(c) of the Constitution. This being a constitutional issue, there is probably a need to subject it to constitutional interpretation on; what was the intention of the article in providing that such information should not be unnecessarily required or revealed; Whether such details being availed to persons registry clerks is defeating that intent; and whether the circumstances demand the "unnecessarily" revealed bar to be lifted. It is worthy to ponder the situation in terms of whether giving such information might not create inborn terror,
Regards,
Gertrude
GERTRUDE MATATA HILLSIDE APARTMENTS 4TH FLOOR, Apartments 11 RAGATI ROAD,Opposite N.H.I.F NEAR CAPITOL HILL POLICE STATION P.O. Box 517-00517 Nairobi Mobile:0722-374109/0772327265
Go to; https://themediatorkenya.wordpress.com/author/themediatorkenya/
*DISCLAIMER* This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of GERTRUDE MATATA. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error.
Call Send SMS Call from mobile Add to Skype You'll need Skype CreditFree via Skype
On Tuesday, January 22, 2019, 2:14:05 PM GMT+3, Karanja Marigu via kictanet <kictanet@lists.kictanet.or.ke> wrote:
This is a classical move that also was taken by USA after 911. What do we expect next? Marshal law??
Terrorism is not a justification to take away our privacy rights and collect data. What they will do with all that data, only God knows.
Best Regards,
Karanja Marigu,
'Purpose fuels passion'
On Tue, 22 Jan 2019 at 09:10, Magdalene Kariuki via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Dear fellow listers,
Happy New Year (albeit late).
Thank you Grace for sharing this information.
Just a few concerns about privacy of persons and the protection and use of information.
While I appreciate and understand the need for Government to address issues relating to threats to security (assuming that this is where the need for such kind of information stems from), what kind of guarantees are there that ensure this information is not traded? What kind of data protection mechanisms are in place? or have these concerns already been raised and addressed in the new legislation?
Regards,
Magdalene
On Mon, Jan 21, 2019 at 12:16 PM Grace Bomu via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Full story here
https://www.businessdailyafrica.com/economy/Uhuru-backs-law-change/3946234-4...
Il giorno lun 21 gen 2019 alle ore 14:51 Grace Bomu
ha scritto:
Listers,
The government is now free to collect data on Kenyans? DNA and
location of their homes including satellite details during registration of persons.
This follows President Uhuru Kenyatta?s approval of amendments to
Registration of Persons Act that has included the two to the list of requirements needed at the national people?s registry.
Adults applying for documents such as IDs will be required to
<nmutungu@gmail.com> physical the provide
additional information about their location, including land reference number, plot number or house number.
The ministry is also seeking to introduce Global Positioning System (GPS) coordinates in the registration of persons, enabling the tracking of their location via satellite.
More here
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
-- Grace Mutung'u Skype: gracebomu @Bomu PGP ID : 0x33A3450F
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/magdalene.kariuki%40gm...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect
platform the ICT privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/karanjaemarigu%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect
platform the ICT privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/gertrudematata%40yahoo...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect
platform the ICT privacy, do
not spam, do not market your wares or qualifications. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Twitter: http://twitter.com/kictanet Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in
sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect
platform the ICT privacy, do
not spam, do not market your wares or qualifications.
--
*"Education is the most powerful weapon which you can use to change the world."* Nelson Mandela
Patrick, You have mapped out only articles talking about the downsides of Aaadhar, let us balance it with the articles that talk about the positive use or how Aadhar has assisted India in financial inclusion, innovation etc and why the courts have continued to weight in and infact rule in favour of it on public interest grounds. Only then can we develop a better system for our NIIMS. I believe there are benefits in consolidating our bio-metrics and having a uniform identifier if only we safeguard the system and learn from other jurisdiction. On 2019-02-15 14:10, Patrick A. M. Maina wrote:
1. Aadhaar is currently the subject of POTENTIALLY SCANDALOUS NEWS COVERAGE ON DATA BREACH
Aadhaar: Has UIDAI lied in its counter filed before the Delhi High Court? [1]
AADHAAR: HAS UIDAI LIED IN ITS COUNTER FILED BEFORE THE DELHI HIGH COURT?
UIDAI might just have provided false information in its counter filed before the Delhi High Court in Shamnad Bas...
2. AADHAAR HAS NOT REDUCED TERRORISM (not immune to insider corruption). In fact terrorists now POSSESS AADHAAR CARDS.
Jaish-e-Mohammed terrorist from PoK caught, Aadhaar card recovered from him [2]
JAISH-E-MOHAMMED TERRORIST FROM POK CAUGHT, AADHAAR CARD RECOVERED FROM HIM
The official said the operation spanned two months, with security forces keeping a track of Rehman's movement in...
US condemns Pulwama terror attack, asks Pakistan to deny support to terrorists [3]
US CONDEMNS PULWAMA TERROR ATTACK, ASKS PAKISTAN TO DENY SUPPORT TO TERR...
In a press release, the US Department of State said it condemns the terrorist attack on the Indian CRPF convoy a...
3. BANKING FRAUD IN INDIA RISES BY 72% IN 2018 under Aadhar regime. This includes Aadhar linked crime (BANKERS WORRIED)
https://www.businesstoday.in/sectors/banks/bank-frauds-rise-over-72pc-to-rs-...
https://www.business-standard.com/article/finance/alarming-rise-in-banking-f...
How fraud Aadhaar calls are targeting bank accounts - Times of India [4]
HOW FRAUD AADHAAR CALLS ARE TARGETING BANK ACCOUNTS - TIMES OF INDIA
GURUGRAM: Nidhi Sharma, a resident of Sector 10A, recently received a call from a person who claimed to be an ex...
4. Aadhaar's biometric SOURCE CODE BELONGS TO FOREIGN ENTITIES - this is a major sovereignty risk (noted by a dissenting INDIAN SUPREME COURT JUDGE).
"Neither the Central Government nor the Unique Identification Authority of India(UIDAI) have the source code for the de-duplication technology which is at the heart of the programme. THE SOURCE CODE BELONGS TO A FOREIGN CORPORATION." THIS CREATES MASSIVE RISK OF ELECTIONS INTERFERENCE BY FOREIGN ENTITIES.
_"Dignity and the rights of individuals cannot be made to depend on algorithms or probabilities. Constitutional guarantees cannot be subject to the vicissitudes of technology."_
_"The leakage of sensitive personal information of 1.2 billion citizens, CANNOT BE REMEDIED BY A MERE CONTRACTUAL INDEMNITY. THE LOSS OF DATA IS IRRETRIEVABLE."_
https://www.livelaw.in/foreign-company-has-source-code-of-aadhaar-project-it...
5. INDIAN SUPREME COURT okayed Aadhaar primarily for use by MARGINALIZED GROUPS to access WELFARE - but PLACED SEVERE LIMITATIONS ON OTHER USES: For example, Aadhaar is voluntary (save for welfare beneficiaries), the data CANNOT BE (LEGALLY) USED FOR NATIONAL SECURITY purposes, and the biometric data CANNOT BE (LEGALLY) USED BY THE PRIVATE SECTOR.
Perhaps our good lawyers can advise - from an expert perspective - whether/how this judgment might influence Kenyan courts?
https://thewire.in/law/supreme-court-upholds-validity-of-aadhaar-but-cant-li...
6. An analysis of AADHAAR FRAUD incidences / types.
Aadhaar Fraud is Not Only Real, But is Worth More Closely Examining [5]
AADHAAR FRAUD IS NOT ONLY REAL, BUT IS WORTH MORE CLOSELY EXAMINING
An online examination of publicly reported incidents shows that contrary to its proponents’ claims, Aadhaar has ...
What lessons can Kenya draw from this, in order to implement NIIMS better?
Good day, Patrick.
On Thursday, February 14, 2019, 1:00:16 PM GMT+3, pkamau--- via kictanet <kictanet@lists.kictanet.or.ke> wrote:
My thoughts on the NIIMS is we have to give the new move greater thought
. I think we need to look to the case in India and the benefits of the
Aadhaar system which is similar to the NIIMs and the general direction
India took to open data in building the Indian Stack. Several cases were
brought to challenge the Aadhaar on privacy issues and risk of
government surveillance but courts in India have continued to hold that
the public interest benefits of the Aadhaar far much outweigh the
privacy concerns and have allowed the Aadhaar to continue. In retrospect
since Aadhaar was launched in 2009, they have managed to register
majority of Indians and used it to build the Indian Stack.
Perhaps what we need is to recommend more structure and administrative
safeguards for the NIIMS. In the long-term the NIIMS may be of greater
benefit to us especially the potential that kid of data could play in
innovation. We need to protect privacy but at the same time we need to
thing strategically how better data can assist resolve issues and layer
innovation for the general good.
I do agree the data protection bill must be past but beyond this, what
is our overall goal if we were to have better data in a government
platform that can be open, accessible like the Aadhaar and several API's
can be built on that architecture to drive innovation?
Is it time to push more for Open Data in line with the Data Protection
Bill?
Thanks,
Phyllis
On 2019-02-14 08:19, Barrack Otieno via kictanet wrote:
Dear Alice,
Many thanks for this update from Mozilla. There is need for wider
stakeholder engagement on this issue. While the government has a
legitimate concern which i presume is taming acts of terrorism, there
is need for wider consultations especially on the areas that
contravene or appear to contravene the constitution.
Thank you
Best Regards
On Wed, 13 Feb 2019 18:17 Alice Munyua via kictanet
<kictanet@lists.kictanet.or.ke wrote:
https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-...
KENYA GOVERNMENT MANDATES DNA-LINKED NATIONAL ID, WITHOUT DATA
PROTECTION LAW
Alice Munyua February 8, 2019
No responses yet [1]
Last month, the Kenya Parliament passed a seriously concerning
amendment [2] to the country’s national ID law, making Kenya home
to the most privacy-invasive national ID system in the world. The
rebranded, National Integrated Identity Management System (NIIMS)
now requires all Kenyans, immigrants, and refugees to turn over
their DNA, GPS coordinates of their residential address, retina
scans, iris pattern, voice waves, and earlobe geometry before being
issued critical identification documents. NIIMS will consolidate
information contained in other government agency databases and
generate a unique identification number known as Huduma Namba.
It is hard to see how this system comports with the right to privacy
articulated in Article 31 of the Kenyan Constitution. It is deeply
troubling that these amendments passed without public debate, and
were approved even as a data protection bill which would designate
DNA and biometrics as sensitive data is pending.
Before these amendments, in order to issue the National ID Card
(ID), the government only required name, date and place of birth,
place of residence, and postal address. The ID card is a critical
document that impacts everyday life, [3] without it, an individual
cannot vote, purchase property, access higher education, obtain
employment, access credit, or public health, among other fundamental
rights.
Mozilla strongly believes that that no digital ID system should be
implemented without strong privacy and data protection legislation.
The proposed Data Protection Bill of 2018 which Parliament is likely
to consider next month, is a strong and thorough framework that
contains provisions relating to data minimization as well as
collection and purpose limitation. If NIIMS is implemented, it will
be in conflict with these provisions, and more importantly in
conflict with Article 31 of the Constitution, which specifically
protects the right to privacy.
Proponents [4] of NIIMS claim that the system provides a number of
benefits, such as accurate delivery of government services. These
arguments also seem to conflate legal and digital identity. Legal ID
used to certify one’s identity through basic data about one’s
personhood (such as your name and the date and place of your birth)
is a commendable goal. It is one of the United Nations Sustainable
Development Goals 16.9 [5] that aims _“to provide legal identity
for all, including birth registration by 2030”_. However, it is
important to remember this objective can be met in several ways.
“Digital ID” systems, and especially those that involve
sensitive biometrics or DNA, are not a necessary means of verifying
identity, and in practice raise significant privacy and security
concerns. The choice of whether to opt for a digital ID let alone a
biometric ID therefore should be closely scrutinized by governments
in light of these risks, rather than uncritically accepted as
beneficial.
* SECURITY CONCERNS: THE CENTRALIZED NATURE OF NIIMS CREATES
MASSIVE SECURITY VULNERABILITIES. IT COULD BECOME A HONEYPOT FOR
MALICIOUS ACTORS AND IDENTITY THIEVES WHO CAN EXPLOIT OTHER
IDENTIFYING INFORMATION LINKED TO STOLEN BIOMETRIC DATA. THE
AMENDMENT IS UNCLEAR ON HOW THE GOVERNMENT WILL ESTABLISH AND
INSTITUTE STRONG SECURITY MEASURES REQUIRED FOR THE PROTECTION OF
SUCH A SENSITIVE DATABASE. IF THERE’S A BREACH, IT’S NOT AS IF
YOUR DNA OR RETINA CAN BE RESET LIKE A PASSWORD OR TOKEN.
* SURVEILLANCE CONCERNS: BY CENTRALIZING A TREMENDOUS AMOUNT OF
SENSITIVE DATA IN A GOVERNMENT DATABASE, NIIMS CREATES AN
OPPORTUNITY FOR MASS SURVEILLANCE BY THE STATE. NOT ONLY IS THE
COLLECTION OF BIOMETRICS INCREDIBLY INVASIVE, BUT GATHERING THIS
DATA COMBINED WITH TRANSACTION LOGS OF WHERE ID IS USED COULD
SUBSTANTIALLY REDUCE ANONYMITY. THIS IS ALL THE MORE WORRYING
CONSIDERING KENYA’S HISTORY OF EXTRALEGAL SURVEILLANCE AND
INTELLIGENCE SHARING [6].
* ETHNIC DISCRIMINATION CONCERNS: THE COLLECTION OF DNA IS
PARTICULARLY CONCERNING AS THIS INFORMATION CAN BE USED TO IDENTIFY
AN INDIVIDUAL’S ETHNIC IDENTITY. GIVEN KENYA’S HISTORY OF
POLITICIZATION OF ETHNIC IDENTITY [7], COLLECTING THIS DATA IN A
CENTRALIZED DATABASE LIKE NIIMS COULD REPRODUCE AND EXACERBATE
PATTERNS OF DISCRIMINATION.
THE PROCESS WAS NOT CONSTITUTIONAL
Kenya’s constitution requires public input before any new law can
be adopted. No public discussions were conducted for this amendment.
It was offered for parliamentary debate under “_Miscellaneous_”
amendments, which exempted it from procedures and scrutiny that
would have required introduction as a substantive bill and
corresponding public debate. The Kenyan government must not
implement this system without sufficient public debate and
meaningful engagement to determine how such a system should be
implemented if at all.
The proposed law does not provide people with the opportunity to opt
in or out of giving their sensitive and precise data. The
Constitution requires that all Kenyans be granted identification.
However, if an individual were to refuse to turn over their DNA or
other sensitive information to the State, as they should have the
right to do, they could risk not being issued their identity or
citizenship documents. Such a denial would contravene Articles 12,
13, and 14 of the Constitution.
Opting out of this system should not be used to discriminate or
exclude any individual from accessing essential public services and
exercising their fundamental rights.
Individuals must be in full control of their digital identities with
the right to object to processing and use and withdraw consent.
These aspects of control and choice are essential to empowering
individuals in the deployment of their digital identities. Therefore
policy and technical decisions must take into account systems that
allow individuals to identify themselves rather than the system
identifying them.
Mozilla urges the government of Kenya to suspend the implementation
of NIIMS and we hope Kenyan members of parliament will act swiftly
to pass the Data Protection Bill of 2018.
On 23/01/2019 00:28, Gideon via kictanet wrote:
Listers,
Would this be a similar system like the India's Aadhaar which is
said to be the world's largest biometric ID system? If so what
lessons and drawbacks could be learned?
Many issues would need to be addressed as a foundamental step, such
include privacy, ethics, security of the said system,
complementarity with the existing official databases e.t.c
Regards
GR
On Tue, Jan 22, 2019 at 10:01 PM
<kictanet-request@lists.kictanet.or.ke> wrote:
Send kictanet mailing list submissions to
kictanet@lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
kictanet-request@lists.kictanet.or.ke
You can reach the person managing the list at
kictanet-owner@lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific
than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: law to start listing of Kenyans? DNA (Warigia Bowman)
----------------------------------------------------------------------
Message: 1
Date: Tue, 22 Jan 2019 12:58:59 -0600
From: Warigia Bowman <warigia@gmail.com>
To: gertrude matata <gertrudematata@yahoo.com>, KICTAnet ICT Policy
Discussions <kictanet@lists.kictanet.or.ke>
Subject: Re: [kictanet] law to start listing of Kenyans? DNA
Message-ID:
<CACeY99TvKOX13-RtN1gjCi_sh4AF8jdnEkJTNHD6WMrFR9Pogg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
This is disturbing. I am quite sure that the US government does not
have
the right to take DNA samples from citizens.
Biometric data is not the same as DNA, rather it may include
fingerprints
and eyescans. This is a move towards a surveillance state.
On Tue, Jan 22, 2019 at 6:24 AM gertrude matata via kictanet <
kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,
The amendment to the Act seems to have ignored Article 31(c) of
the
Constitution. This being a constitutional issue, there is probably
a need
to subject it to constitutional interpretation on;
what was the intention of the article in providing that such
information
should not be unnecessarily required or revealed;
Whether such details being availed to persons registry clerks is
defeating that intent;
and whether the circumstances demand the "unnecessarily"
revealed bar
to be lifted.
It is worthy to ponder the situation in terms of whether
giving
such information might not create inborn terror,
Regards,
Gertrude
GERTRUDE MATATA
HILLSIDE APARTMENTS
4TH FLOOR, Apartments 11
RAGATI ROAD,Opposite N.H.I.F
NEAR CAPITOL HILL POLICE STATION
P.O. Box 517-00517
Nairobi
Mobile:0722-374109/0772327265
Go to;
https://themediatorkenya.wordpress.com/author/themediatorkenya/
*DISCLAIMER*
This email and any attachments to it may be confidential and are
intended
solely for the use of the individual to whom it is addressed. Any
views or
opinions expressed are solely those of the author and do not
necessarily
represent those of GERTRUDE MATATA.
If you are not the intended recipient of this email, you must
neither take
any action based upon its contents, nor copy or show it to anyone.
Please contact the sender if you believe you have received this
email in
error.
Call
Send SMS
Call from mobile
Add to Skype
You'll need Skype CreditFree via Skype
On Tuesday, January 22, 2019, 2:14:05 PM GMT+3, Karanja Marigu via
kictanet <kictanet@lists.kictanet.or.ke> wrote:
This is a classical move that also was taken by USA after 911.
What do we
expect next? Marshal law??
Terrorism is not a justification to take away our privacy rights
and
collect data. What they will do with all that data, only God
knows.
Best Regards,
Karanja Marigu,
'Purpose fuels passion'
On Tue, 22 Jan 2019 at 09:10, Magdalene Kariuki via kictanet <
kictanet@lists.kictanet.or.ke> wrote:
Dear fellow listers,
Happy New Year (albeit late).
Thank you Grace for sharing this information.
Just a few concerns about privacy of persons and the protection
and use of
information.
While I appreciate and understand the need for Government to
address
issues relating to threats to security (assuming that this is
where the
need for such kind of information stems from), what kind of
guarantees are
there that ensure this information is not traded? What kind of
data
protection mechanisms are in place?
or have these concerns already been raised and addressed in the
new
legislation?
Regards,
Magdalene
On Mon, Jan 21, 2019 at 12:16 PM Grace Bomu via kictanet <
kictanet@lists.kictanet.or.ke> wrote:
Full story here
https://www.businessdailyafrica.com/economy/Uhuru-backs-law-change/3946234-4...
Il giorno lun 21 gen 2019 alle ore 14:51 Grace Bomu
<nmutungu@gmail.com>
ha scritto:
Listers,
The government is now free to collect data on Kenyans? DNA and
physical
location of their homes including satellite details during
registration of
persons.
This follows President Uhuru Kenyatta?s approval of amendments to
the
Registration of Persons Act that has included the two to the list
of
requirements needed at the national people?s registry.
Adults applying for documents such as IDs will be required to
provide
additional information about their location, including land
reference
number, plot number or house number.
The ministry is also seeking to introduce Global Positioning
System (GPS)
coordinates in the registration of persons, enabling the tracking
of their
location via satellite.
More here
--
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F
--
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/magdalene.kariuki%40gm...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform
for people and institutions interested and involved in ICT policy
and
regulation. The network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect
privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/karanjaemarigu%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform
for people and institutions interested and involved in ICT policy
and
regulation. The network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect
privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/gertrudematata%40yahoo...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform
for people and institutions interested and involved in ICT policy
and
regulation. The network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect
privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform
for people and institutions interested and involved in ICT policy
and
regulation. The network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect
privacy, do
not spam, do not market your wares or qualifications.
--
*"Education is the most powerful weapon which you can use to change
the
world."* Nelson Mandela
On the contrary Phyllis. The downsides that I listed were fact-based rebuttals to the most commonly purported upsides of UID systems, which are: 1. counter-terrorism; 2. reducing financial/banking fraud; 3. solving illegal immigration; 4. better access to government services; 5. improving public data integrity; 6. countering identity theft. The key questions to ponder, if we truly want to learn from India's experiences, are: 1. Without the above benefits, is the business case for a Ksh. 3-6 Billion price tag still sound and reasonable? If the idea is to promote innovation, can the 6 Billion do better if used as seed capital for 500 local startups - each getting a 10M seed funding + incubation services? 2. What unequivocal value does the Aadhaar system add for the Indian people, that cannot be obtained or surpassed via less intrusive / risky / costly ways? 3. India is far more advanced than Kenya technologically, yet they are facing all these problems and failures with UID tech. Kindly share your concrete and specific thoughts on how Kenya can safeguard NIIMS better than India (if that is in any way possible)? 4. Indian Supreme Court has been examining the legal/constitutional issues and setting some groundbreaking precedents. Can/will these precedents influence constitutional challenges to NIIMS? If yes/maybe, it might be an interesting topic of discussion within the legal fraternity. Would be great if you (or any lister with the info) can help by addressing the above questions in fairly precise / specific terms so as to build a more balanced and fact-based understanding of the risk/benefit scenario. I'm open to learning and ready to adjust my views accordingly. Brgds,Patrick. On Friday, February 15, 2019, 2:55:29 PM GMT+3, <pkamau@pwkamauadvocates.co.ke> wrote: Patrick, You have mapped out only articles talking about the downsides of Aaadhar, let us balance it with the articles that talk about the positive use or how Aadhar has assisted India in financial inclusion, innovation etc and why the courts have continued to weight in and infact rule in favour of it on public interest grounds. Only then can we develop a better system for our NIIMS. I believe there are benefits in consolidating our bio-metrics and having a uniform identifier if only we safeguard the system and learn from other jurisdiction. On 2019-02-15 14:10, Patrick A. M. Maina wrote:
1. Aadhaar is currently the subject of POTENTIALLY SCANDALOUS NEWS COVERAGE ON DATA BREACH
Aadhaar: Has UIDAI lied in its counter filed before the Delhi High Court? [1]
AADHAAR: HAS UIDAI LIED IN ITS COUNTER FILED BEFORE THE DELHI HIGH COURT?
UIDAI might just have provided false information in its counter filed before the Delhi High Court in Shamnad Bas...
2. AADHAAR HAS NOT REDUCED TERRORISM (not immune to insider corruption). In fact terrorists now POSSESS AADHAAR CARDS.
Jaish-e-Mohammed terrorist from PoK caught, Aadhaar card recovered from him [2]
JAISH-E-MOHAMMED TERRORIST FROM POK CAUGHT, AADHAAR CARD RECOVERED FROM HIM
The official said the operation spanned two months, with security forces keeping a track of Rehman's movement in...
US condemns Pulwama terror attack, asks Pakistan to deny support to terrorists [3]
US CONDEMNS PULWAMA TERROR ATTACK, ASKS PAKISTAN TO DENY SUPPORT TO TERR...
In a press release, the US Department of State said it condemns the terrorist attack on the Indian CRPF convoy a...
3. BANKING FRAUD IN INDIA RISES BY 72% IN 2018 under Aadhar regime. This includes Aadhar linked crime (BANKERS WORRIED)
https://www.businesstoday.in/sectors/banks/bank-frauds-rise-over-72pc-to-rs-...
https://www.business-standard.com/article/finance/alarming-rise-in-banking-f...
How fraud Aadhaar calls are targeting bank accounts - Times of India [4]
HOW FRAUD AADHAAR CALLS ARE TARGETING BANK ACCOUNTS - TIMES OF INDIA
GURUGRAM: Nidhi Sharma, a resident of Sector 10A, recently received a call from a person who claimed to be an ex...
4. Aadhaar's biometric SOURCE CODE BELONGS TO FOREIGN ENTITIES - this is a major sovereignty risk (noted by a dissenting INDIAN SUPREME COURT JUDGE).
"Neither the Central Government nor the Unique Identification Authority of India(UIDAI) have the source code for the de-duplication technology which is at the heart of the programme. THE SOURCE CODE BELONGS TO A FOREIGN CORPORATION." THIS CREATES MASSIVE RISK OF ELECTIONS INTERFERENCE BY FOREIGN ENTITIES.
_"Dignity and the rights of individuals cannot be made to depend on algorithms or probabilities. Constitutional guarantees cannot be subject to the vicissitudes of technology."_
_"The leakage of sensitive personal information of 1.2 billion citizens, CANNOT BE REMEDIED BY A MERE CONTRACTUAL INDEMNITY. THE LOSS OF DATA IS IRRETRIEVABLE."_
https://www.livelaw.in/foreign-company-has-source-code-of-aadhaar-project-it...
5. INDIAN SUPREME COURT okayed Aadhaar primarily for use by MARGINALIZED GROUPS to access WELFARE - but PLACED SEVERE LIMITATIONS ON OTHER USES: For example, Aadhaar is voluntary (save for welfare beneficiaries), the data CANNOT BE (LEGALLY) USED FOR NATIONAL SECURITY purposes, and the biometric data CANNOT BE (LEGALLY) USED BY THE PRIVATE SECTOR.
Perhaps our good lawyers can advise - from an expert perspective - whether/how this judgment might influence Kenyan courts?
https://thewire.in/law/supreme-court-upholds-validity-of-aadhaar-but-cant-li...
6. An analysis of AADHAAR FRAUD incidences / types.
Aadhaar Fraud is Not Only Real, But is Worth More Closely Examining [5]
AADHAAR FRAUD IS NOT ONLY REAL, BUT IS WORTH MORE CLOSELY EXAMINING
An online examination of publicly reported incidents shows that contrary to its proponents’ claims, Aadhaar has ...
What lessons can Kenya draw from this, in order to implement NIIMS better?
Good day, Patrick.
On Thursday, February 14, 2019, 1:00:16 PM GMT+3, pkamau--- via kictanet <kictanet@lists.kictanet.or.ke> wrote:
My thoughts on the NIIMS is we have to give the new move greater thought
. I think we need to look to the case in India and the benefits of the
Aadhaar system which is similar to the NIIMs and the general direction
India took to open data in building the Indian Stack. Several cases were
brought to challenge the Aadhaar on privacy issues and risk of
government surveillance but courts in India have continued to hold that
the public interest benefits of the Aadhaar far much outweigh the
privacy concerns and have allowed the Aadhaar to continue. In retrospect
since Aadhaar was launched in 2009, they have managed to register
majority of Indians and used it to build the Indian Stack.
Perhaps what we need is to recommend more structure and administrative
safeguards for the NIIMS. In the long-term the NIIMS may be of greater
benefit to us especially the potential that kid of data could play in
innovation. We need to protect privacy but at the same time we need to
thing strategically how better data can assist resolve issues and layer
innovation for the general good.
I do agree the data protection bill must be past but beyond this, what
is our overall goal if we were to have better data in a government
platform that can be open, accessible like the Aadhaar and several API's
can be built on that architecture to drive innovation?
Is it time to push more for Open Data in line with the Data Protection
Bill?
Thanks,
Phyllis
On 2019-02-14 08:19, Barrack Otieno via kictanet wrote:
Dear Alice,
Many thanks for this update from Mozilla. There is need for wider
stakeholder engagement on this issue. While the government has a
legitimate concern which i presume is taming acts of terrorism, there
is need for wider consultations especially on the areas that
contravene or appear to contravene the constitution.
Thank you
Best Regards
On Wed, 13 Feb 2019 18:17 Alice Munyua via kictanet
<kictanet@lists.kictanet.or.ke wrote:
https://blog.mozilla.org/netpolicy/2019/02/08/kenya-government-mandates-dna-...
KENYA GOVERNMENT MANDATES DNA-LINKED NATIONAL ID, WITHOUT DATA
PROTECTION LAW
Alice Munyua February 8, 2019
No responses yet [1]
Last month, the Kenya Parliament passed a seriously concerning
amendment [2] to the country’s national ID law, making Kenya home
to the most privacy-invasive national ID system in the world. The
rebranded, National Integrated Identity Management System (NIIMS)
now requires all Kenyans, immigrants, and refugees to turn over
their DNA, GPS coordinates of their residential address, retina
scans, iris pattern, voice waves, and earlobe geometry before being
issued critical identification documents. NIIMS will consolidate
information contained in other government agency databases and
generate a unique identification number known as Huduma Namba.
It is hard to see how this system comports with the right to privacy
articulated in Article 31 of the Kenyan Constitution. It is deeply
troubling that these amendments passed without public debate, and
were approved even as a data protection bill which would designate
DNA and biometrics as sensitive data is pending.
Before these amendments, in order to issue the National ID Card
(ID), the government only required name, date and place of birth,
place of residence, and postal address. The ID card is a critical
document that impacts everyday life, [3] without it, an individual
cannot vote, purchase property, access higher education, obtain
employment, access credit, or public health, among other fundamental
rights.
Mozilla strongly believes that that no digital ID system should be
implemented without strong privacy and data protection legislation.
The proposed Data Protection Bill of 2018 which Parliament is likely
to consider next month, is a strong and thorough framework that
contains provisions relating to data minimization as well as
collection and purpose limitation. If NIIMS is implemented, it will
be in conflict with these provisions, and more importantly in
conflict with Article 31 of the Constitution, which specifically
protects the right to privacy.
Proponents [4] of NIIMS claim that the system provides a number of
benefits, such as accurate delivery of government services. These
arguments also seem to conflate legal and digital identity. Legal ID
used to certify one’s identity through basic data about one’s
personhood (such as your name and the date and place of your birth)
is a commendable goal. It is one of the United Nations Sustainable
Development Goals 16.9 [5] that aims _“to provide legal identity
for all, including birth registration by 2030”_. However, it is
important to remember this objective can be met in several ways.
“Digital ID” systems, and especially those that involve
sensitive biometrics or DNA, are not a necessary means of verifying
identity, and in practice raise significant privacy and security
concerns. The choice of whether to opt for a digital ID let alone a
biometric ID therefore should be closely scrutinized by governments
in light of these risks, rather than uncritically accepted as
beneficial.
* SECURITY CONCERNS: THE CENTRALIZED NATURE OF NIIMS CREATES
MASSIVE SECURITY VULNERABILITIES. IT COULD BECOME A HONEYPOT FOR
MALICIOUS ACTORS AND IDENTITY THIEVES WHO CAN EXPLOIT OTHER
IDENTIFYING INFORMATION LINKED TO STOLEN BIOMETRIC DATA. THE
AMENDMENT IS UNCLEAR ON HOW THE GOVERNMENT WILL ESTABLISH AND
INSTITUTE STRONG SECURITY MEASURES REQUIRED FOR THE PROTECTION OF
SUCH A SENSITIVE DATABASE. IF THERE’S A BREACH, IT’S NOT AS IF
YOUR DNA OR RETINA CAN BE RESET LIKE A PASSWORD OR TOKEN.
* SURVEILLANCE CONCERNS: BY CENTRALIZING A TREMENDOUS AMOUNT OF
SENSITIVE DATA IN A GOVERNMENT DATABASE, NIIMS CREATES AN
OPPORTUNITY FOR MASS SURVEILLANCE BY THE STATE. NOT ONLY IS THE
COLLECTION OF BIOMETRICS INCREDIBLY INVASIVE, BUT GATHERING THIS
DATA COMBINED WITH TRANSACTION LOGS OF WHERE ID IS USED COULD
SUBSTANTIALLY REDUCE ANONYMITY. THIS IS ALL THE MORE WORRYING
CONSIDERING KENYA’S HISTORY OF EXTRALEGAL SURVEILLANCE AND
INTELLIGENCE SHARING [6].
* ETHNIC DISCRIMINATION CONCERNS: THE COLLECTION OF DNA IS
PARTICULARLY CONCERNING AS THIS INFORMATION CAN BE USED TO IDENTIFY
AN INDIVIDUAL’S ETHNIC IDENTITY. GIVEN KENYA’S HISTORY OF
POLITICIZATION OF ETHNIC IDENTITY [7], COLLECTING THIS DATA IN A
CENTRALIZED DATABASE LIKE NIIMS COULD REPRODUCE AND EXACERBATE
PATTERNS OF DISCRIMINATION.
THE PROCESS WAS NOT CONSTITUTIONAL
Kenya’s constitution requires public input before any new law can
be adopted. No public discussions were conducted for this amendment.
It was offered for parliamentary debate under “_Miscellaneous_”
amendments, which exempted it from procedures and scrutiny that
would have required introduction as a substantive bill and
corresponding public debate. The Kenyan government must not
implement this system without sufficient public debate and
meaningful engagement to determine how such a system should be
implemented if at all.
The proposed law does not provide people with the opportunity to opt
in or out of giving their sensitive and precise data. The
Constitution requires that all Kenyans be granted identification.
However, if an individual were to refuse to turn over their DNA or
other sensitive information to the State, as they should have the
right to do, they could risk not being issued their identity or
citizenship documents. Such a denial would contravene Articles 12,
13, and 14 of the Constitution.
Opting out of this system should not be used to discriminate or
exclude any individual from accessing essential public services and
exercising their fundamental rights.
Individuals must be in full control of their digital identities with
the right to object to processing and use and withdraw consent.
These aspects of control and choice are essential to empowering
individuals in the deployment of their digital identities. Therefore
policy and technical decisions must take into account systems that
allow individuals to identify themselves rather than the system
identifying them.
Mozilla urges the government of Kenya to suspend the implementation
of NIIMS and we hope Kenyan members of parliament will act swiftly
to pass the Data Protection Bill of 2018.
On 23/01/2019 00:28, Gideon via kictanet wrote:
Listers,
Would this be a similar system like the India's Aadhaar which is
said to be the world's largest biometric ID system? If so what
lessons and drawbacks could be learned?
Many issues would need to be addressed as a foundamental step, such
include privacy, ethics, security of the said system,
complementarity with the existing official databases e.t.c
Regards
GR
On Tue, Jan 22, 2019 at 10:01 PM
<kictanet-request@lists.kictanet.or.ke> wrote:
Send kictanet mailing list submissions to
kictanet@lists.kictanet.or.ke
To subscribe or unsubscribe via the World Wide Web, visit
or, via email, send a message with subject or body 'help' to
kictanet-request@lists.kictanet.or.ke
You can reach the person managing the list at
kictanet-owner@lists.kictanet.or.ke
When replying, please edit your Subject line so it is more specific
than "Re: Contents of kictanet digest..."
Today's Topics:
1. Re: law to start listing of Kenyans? DNA (Warigia Bowman)
----------------------------------------------------------------------
Message: 1
Date: Tue, 22 Jan 2019 12:58:59 -0600
From: Warigia Bowman <warigia@gmail.com>
To: gertrude matata <gertrudematata@yahoo.com>, KICTAnet ICT Policy
Discussions <kictanet@lists.kictanet.or.ke>
Subject: Re: [kictanet] law to start listing of Kenyans? DNA
Message-ID:
<CACeY99TvKOX13-RtN1gjCi_sh4AF8jdnEkJTNHD6WMrFR9Pogg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
This is disturbing. I am quite sure that the US government does not
have
the right to take DNA samples from citizens.
Biometric data is not the same as DNA, rather it may include
fingerprints
and eyescans. This is a move towards a surveillance state.
On Tue, Jan 22, 2019 at 6:24 AM gertrude matata via kictanet <
kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,
The amendment to the Act seems to have ignored Article 31(c) of
the
Constitution. This being a constitutional issue, there is probably
a need
to subject it to constitutional interpretation on;
what was the intention of the article in providing that such
information
should not be unnecessarily required or revealed;
Whether such details being availed to persons registry clerks is
defeating that intent;
and whether the circumstances demand the "unnecessarily"
revealed bar
to be lifted.
It is worthy to ponder the situation in terms of whether
giving
such information might not create inborn terror,
Regards,
Gertrude
GERTRUDE MATATA
HILLSIDE APARTMENTS
4TH FLOOR, Apartments 11
RAGATI ROAD,Opposite N.H.I.F
NEAR CAPITOL HILL POLICE STATION
P.O. Box 517-00517
Nairobi
Mobile:0722-374109/0772327265
Go to;
https://themediatorkenya.wordpress.com/author/themediatorkenya/
*DISCLAIMER*
This email and any attachments to it may be confidential and are
intended
solely for the use of the individual to whom it is addressed. Any
views or
opinions expressed are solely those of the author and do not
necessarily
represent those of GERTRUDE MATATA.
If you are not the intended recipient of this email, you must
neither take
any action based upon its contents, nor copy or show it to anyone.
Please contact the sender if you believe you have received this
email in
error.
Call
Send SMS
Call from mobile
Add to Skype
You'll need Skype CreditFree via Skype
On Tuesday, January 22, 2019, 2:14:05 PM GMT+3, Karanja Marigu via
kictanet <kictanet@lists.kictanet.or.ke> wrote:
This is a classical move that also was taken by USA after 911.
What do we
expect next? Marshal law??
Terrorism is not a justification to take away our privacy rights
and
collect data. What they will do with all that data, only God
knows.
Best Regards,
Karanja Marigu,
'Purpose fuels passion'
On Tue, 22 Jan 2019 at 09:10, Magdalene Kariuki via kictanet <
kictanet@lists.kictanet.or.ke> wrote:
Dear fellow listers,
Happy New Year (albeit late).
Thank you Grace for sharing this information.
Just a few concerns about privacy of persons and the protection
and use of
information.
While I appreciate and understand the need for Government to
address
issues relating to threats to security (assuming that this is
where the
need for such kind of information stems from), what kind of
guarantees are
there that ensure this information is not traded? What kind of
data
protection mechanisms are in place?
or have these concerns already been raised and addressed in the
new
legislation?
Regards,
Magdalene
On Mon, Jan 21, 2019 at 12:16 PM Grace Bomu via kictanet <
kictanet@lists.kictanet.or.ke> wrote:
Full story here
https://www.businessdailyafrica.com/economy/Uhuru-backs-law-change/3946234-4...
Il giorno lun 21 gen 2019 alle ore 14:51 Grace Bomu
<nmutungu@gmail.com>
ha scritto:
Listers,
The government is now free to collect data on Kenyans? DNA and
physical
location of their homes including satellite details during
registration of
persons.
This follows President Uhuru Kenyatta?s approval of amendments to
the
Registration of Persons Act that has included the two to the list
of
requirements needed at the national people?s registry.
Adults applying for documents such as IDs will be required to
provide
additional information about their location, including land
reference
number, plot number or house number.
The ministry is also seeking to introduce Global Positioning
System (GPS)
coordinates in the registration of persons, enabling the tracking
of their
location via satellite.
More here
--
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F
--
Grace Mutung'u
Skype: gracebomu
@Bomu
PGP ID : 0x33A3450F
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/magdalene.kariuki%40gm...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform
for people and institutions interested and involved in ICT policy
and
regulation. The network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect
privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/karanjaemarigu%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform
for people and institutions interested and involved in ICT policy
and
regulation. The network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect
privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/gertrudematata%40yahoo...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform
for people and institutions interested and involved in ICT policy
and
regulation. The network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect
privacy, do
not spam, do not market your wares or qualifications.
_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
Twitter: http://twitter.com/kictanet
Facebook: https://www.facebook.com/KICTANet/
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/warigia%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder
platform
for people and institutions interested and involved in ICT policy
and
regulation. The network aims to act as a catalyst for reform in
the ICT
sector in support of the national aim of ICT enabled growth and
development.
KICTANetiquette : Adhere to the same standards of acceptable
behaviors
online that you follow in real life: respect people's times and
bandwidth,
share knowledge, don't flame or abuse or personalize, respect
privacy, do
not spam, do not market your wares or qualifications.
--
*"Education is the most powerful weapon which you can use to change
the
world."* Nelson Mandela
participants (5)
-
Alice Munyua -
Barrack Otieno -
Gideon -
Patrick A. M. Maina -
pkamau@pwkamauadvocates.co.ke