Kenya’s High Court ruled Thursday that a recent amendment requiring citizens to register for a national biometric digital identification system overreached on some counts, such as allowing for links to DNA or GPS records, and failed to guarantee sufficient inclusion of Kenyan residents.
The ID system, called the National Integrated Identity Management System (NIIMS), was a homegrown answer to India’s pioneering Aadhaar system, which two years ago faced its own Indian Supreme Court ruling that upheld some components while modifying others.
More than half of African countries are developing some form of biometric or digital national ID in response to major international calls to establish legal identification for the almost 1 billion people who now lack it. But this ID boom, also taking place outside Africa, often gets ahead of data protection laws, as occurred in Kenya.
For countries that take the plunge, unscrupulous vendors can lock them into their products. For example, the Kenyan software was accessible only to government agencies and contractors such as Idemia, something Open Society Foundations senior managing legal officer Laura Bingham calls “concerning.” In contrast, an open-source outgrowth of Aadhaar called the Modular Open Source Identity Platform (MOSIP) is showing that there is another way to do it.
“Our major contribution is to develop the identity platform in open source and modular,” says S. Rajagopalan, MOSIP technology chair and an information researcher at the International Institute of Information Technology Bangalore, so “a country can configure its own ID system by picking and choosing modules. For example, a country can have an ID system without biometrics.”
About 146 countries require citizens and residents to have a national ID of some kind, at least 35 of which include biometric information beyond just a photograph, but dozens more are in talks with biometrics providers.
MOSIP has signed agreements with the governments of Morocco and the Philippines so far. Its open, modular approach on its own probably won’t solve all the security issues associated with early national ID ecosystems such as Aadhaar, Mozilla Foundation researchers wrote in a January 2020 white paper on open ID, but it could empower governments to expect more from the vendors that support future national IDs.
The Philippines, for example, is separating its ID device reader, biometrics recognition systems, and platform integration into three separate tenders. The device reader and biometrics system will integrate with MOSIP. But the separate operators and open source code of the underlying platform would make it easier for the government to replace any one vendor if necessary.
The model is attracting biometrics companies hoping to tap into a large international market for identification at a relatively lower cost. Electrical engineer Rahul Parthe, the co-founder and chairman of the first company to adapt an Automated Biometric Identification System (ABIS) to integrate with MOSIP, says that his company, TECH5, wants its identification technology to include as many people as possible.
“We as TECH5 see this as a good opportunity, as our ABIS platform completes the solution and ensures the usage of the technology in the intended way,” Parthe says. When enough governments are on board with open ID platforms, he adds, every tech vendor will be compelled to adapt.
A major incentive for vendors is knowing that their innovations can reach the kinds of scale offered by Aadhaar and the next generation of national IDs across many countries. TECH5, for example, has developed a more information-rich, scannable biometric barcode and smartphone software that would enable people to verify someone’s identity with biometrics even offline. That could empower people in the least connected places.
As it is, a lack of legal ID and restrictive government policies prevent some people from accessing food aid, healthcare, voting, and more. That is why half a dozen civil society groups took the Kenyan government to court over shortcomings they saw in NIIMS and the rushed process by which it was passed. While the court ruled that the passage of the overall law was valid, it accepted some of the petitioner’s criticisms. Among other changes, the court ordered the government to enact new regulations that ensure that NIIMS does not exclude Kenyan residents due to paperwork or biometric irregularities.
However, the court avoided the question of whether NIIMS’ software should have been more open—one of the points raised by the petitioners—to allow for external scrutiny.
“Due process is open public participation about the architecture, design etc. The court fully skipped it. That is disappointing but not unexpected because historically they don’t understand technology," says software engineer Anand Venkatanarayanan, one of the expert witnesses for the petitioners.
It will take engineers to fully ensure inclusiveness, says Open Societies Foundations’ Bingham, and they need to get involved from the start: “Engineers who develop technology don’t necessarily think about it because they’re not necessarily involved that early in the process.”
Editor’s note: Updated 30 January 2020 to add quote from Venkatanarayanan and 11 February 2020 to correct Rajagopalan’s affiliation.
Open/Close is a series of stories by Lucas Laursen for IEEE Spectrum that explores how openness and technology interact. The open source movement emerged from software, but has spread in many directions since, to hardware-focused Fab Labs and even voting booths. Openness offers plenty of tempting benefits: oversight by the crowd, preventing duplication of effort, and the ability to empower vulnerable people. But it also results in innumerable software forks, doesn’t always attract a critical mass of users, and can threaten privacy. This series will address how the tensions between open and closed technology are playing out in the engineering world.