Since we citizens are being ransomed (this is how a number of us feel about being threatened with a Rs 100 000 fine and/or a 5 year imprisonment sentence in case we refuse to surrender ourselves to a centralised data centre through our fingerprints and other – undefined – personal data), replies to a few queries are called for.
First, how does the cost of a project jump from Rs 300 millions to Rs 1 400 millions in a couple of years? How does the Rs 1 400 million bill break down? How much does the hardware, the software, etc. cost?
Second, has the cost of identity fraud benefits the new ID card is supposed to cut been established? In how many years will the country recoup the expense though not having to pay social benefits to those who are not entitled to them?
Third, when will the “enhanced infrastructure” referredto under “benefits” onthe Mauritius National IdentityCard website come to life?This website also promisesunder “Quality service”: “…this electronic ID card will create the future for electronic governmentservices. In future, you willbe able to enjoy various kinds ofpublic services simply by goingon-line at home or making useof identity card readers withouthaving to attend government officesin person.” When will thatfuture be? In two years, five,ten? Has a cost-benefit analysisbeen conducted? Whenwill we be getting return onthe Rs 1 400 million investment?Has the “enhancedinfrastructure” been designedand its implementation planned? When will the data needed for it to function be ready? Will we need to buy a personal card reader and/or a personal fingerprint scanner to authenticate our identity online? If yes, will we be given precise specifications as to which type/model of reader or/and scanner to buy?
Fourth, what will happen if we move house and our address is no longer the one on the ID Card? Will we need to get a new card? Will we be made to pay for it?
Fifth, according to the website, the encoded data on chip will carry “Encoded finger - 4 minutiae templates will be stored (2 Thumb and 2 Index Fingerprints by default)”. Why then scan all 10 fingers? Where do the scans of the 6 other fingerprints go?
Sixth, are the chip in the card and the central database100% hacker-proof? What guarantee do citizens have that they will be hacker- proof in two years, or even six months? That our personal data will never be stolen or read by third parties? Who will have access to what data? Will the personnel having access to our data need to authenticate their identity to access our data so that “who-and-when-access” is recorded?
Seventh, the website says “Your fingerprints are unique toyou. Fingerprinting is one of the most accurate and easiest ways to identify and authenticate the cardholder. Having your fingerprints stored in the chip of your card will make it virtually impossible for someone to steal your identity.” Explanations areneeded. The non-duplicationof a fingerprint has not beenproved. Because we cannot compare the fingerprints of the entire world’s population, past and present – we can never know or say for sure if fingerprints are unique. How will identity theft be prevented? Will all offices (public or private) where the card is required be equipped with card readers and/or fingerprint scanners to authenticate identity?
Eighth, in an article in l’express Weekly 10th October, it is reported that Mr Ramah, the Mauritius National Identity Scheme (MNIS) director, has said that Mauritius may “from a business perspective” suffer from its citizens not having a biometric ID Card because foreign investors may feel insecure about online financial transactions. Could Mr Ramah please explain this causality?
Nineth, the authorities say the opponents to the biometric ID card and central database are “spreading fear amongst the population” and ask citizens to trust the authorities’ word that every measure has been taken to safeguard the security of their personal data and that only a given set of data will be in the chip and the central database. But what are we to believe when the minister responsible for MNIS, Mr Pillay- Chedumbrum, contradicts a press release from the Prime Minister’s Office (PMO)?
In the PMO communiqué of 7th October, it is stated that “Contrairement à ce qui a étépublié, ni le groupe sanguin, ni lesdétails au sujet du paiement de lapension ou concernant le permisde conduire ne sont inclus sur la nouvelle carte d’identité. (…) Le Central Population Database ne comprendra pas non plus les détails au sujet du groupe sanguin et des empreintes digitales”. Whereasin an interview to l’express on 12th October, ICT MinisterPillay-Chedumbrum, states :“On voulait insérer des informations médicales telles que le groupe sanguin et les allergies de l’individu (…) passer à l’autre étape. Cette dernière consistera à ajouterd’autres informations sur la carted’identité comme celles de la cartede pension, du bus pass, du permisde conduire et même plus tard,de la carte de santé (…) Ce n’estpas logique que la santé, l’état civilou autre service du gouvernementa des informations différentes sur une même personne.” The Ministerhas, to date, not issueda denial to his statement, norhas the PMO issued a freshcommuniqué.
The trouble the authorities seem to be having getting their act together brings to the forefront one fundamental question. The biometric ID card is being presented as a magic wand that will erase problems that are institutional, and not technical, in nature. How will the biometric ID card solve institutional dysfunctions and deficiencies in design, and lack of linkages among state agencies? How will it solve linkage deficits among agencies within one ministry? When will egovernment services function effectively?
Technology does not hold solutions to human and institutional issues like shared vision, effectiveness, fraud of all kinds, scheming, corruption, security, governance etc. Only humans hold the key to those. So, civil rights and liberties concerns aside, when do weget return on investment?
On biometrics, this report is useful reading: “Biometric Recognition : Challenges and Opportunities”, and is available at http://www.nap. edu/openbook.php?record_ id=12720&page=R1