Page 82 - The Digital Financial Services (DFS) Ecosystem
P. 82
ITU-T Focus Group Digital Financial Services
Ecosystem
4.2 Privacy
Privacy concerns are surfacing as incorporating biometric features in national identification programs has
rapidly increased. While biometric features have the potential to strengthen national security and surveillance,
they may also impinge on existing privacy rights of citizens, raising questions on how to safeguard citizens
from abuse (Malik, 2014). Four countries report privacy challenges (China, India, Philippines, and Sri Lanka),
though evidence suggests a general concern over the potential for abuse rather than concrete examples of
privacy violations. In China, for example, we find evidence of concern over the increased ability for police to
track citizens’ movements and monitor political and religious dissidents, with fears that information linked to
the ID program can be used to target or arbitrarily detain certain groups (Chen, 2003; Keane, 2006).
Many countries are adopting accompanying data protection laws along with their ID programs to address
privacy concerns relating to widespread and easy access to personal information across government agencies
(Gellman, 2013). Certain programs have implemented targeted security measures concerning information
access and citizen privacy. For example, strict clearance levels are required to access the UID database in
India (UIDAI, 2012), and software has been put in place by NADRA in Pakistan that allows citizens to see what
organizations or individuals have accessed their data (Malik, 2014). While these systems have the potential
to address some concerns over citizen privacy and information abuse, we do not find supporting evidence
that these measures have changed public perception on the security of information and privacy within their
respective countries.
4.3 Data Management
Data registries are the foundational element in most national identification programs, and therefore are integral
in maintaining a functional and effective program. Six programs (Bangladesh, Burkina Faso – Voter Card, Ghana,
Guatemala, Indonesia, and Mali) report challenges with data maintenance, which we define as to the ability
to establish, maintain, and secure updated citizen registries within a central database.
In several cases, programs face challenges with establishing their databases. In Ghana, the central database
infrastructure was completed five years after data capture began, which led to a discrepancy between the
number of citizens registered for the program and those with their data recorded. Fifteen million Ghanaian
citizens registered with the national civil registry, but only nine million were input into the central database
(Akrofi-Larbi, 2015). In Bangladesh, Burkina Faso – Voter Card, and Guatemala, the initial data gathered were
of mixed quality and coverage which created complications as countries moved to establish their national
identification programs (Gelb and Clark, 2013; Eulich 2011). As a result, Guatemala for example had to re-
print over 2.9 million cards with data corrections (Eulich, 2011). We find evidence that Mali experienced
widespread problems during the distribution of NINA cards leading up to its 2013 national election. Officials
failed to properly update citizen information following the initial registration. Without updated information,
cards were distributed by mail to the localities where citizens enrolled in 2009 or 2010, making collection
difficult or even impossible for some citizens, especially those that had since been internally displaced by the
war in Northern Mali (Duval Smith, 2013).
We find evidence of some form of data protection in 16 programs, but these measures range in their level of
security in terms of data safety and preventing the creation of fake documents. Indonesia briefly halted its e-ID
program in late 2015/early 2015 when reports of fake circulating ID cards indicated a possible security breach
(AntaraNews, 2014b). Nigeria’s NIMC has a security unit to physically guard personnel and assets (NIMC, 2013),
while the UIDAI in India has data encryption software and is stored in a reportedly highly secure data vault
(UIDAI, 2012). These data protection measures are also connected to concerns over privacy of enrollment data.
4.4 Enrollment
We find evidence that 14 programs experience general challenges enrolling citizens. We define enrollment
challenges as those that directly affect the ability to carry out a comprehensive and successful registration drive.
Broadly, these failures tend to result from inadequate access to resources and complex enrollment procedures.
58