ITU-T Focus Group Digital Financial Services
                                                         Ecosystem



               4.2    Privacy

               Privacy concerns are surfacing as incorporating biometric features in national identification programs has
               rapidly increased. While biometric features have the potential to strengthen national security and surveillance,
               they may also impinge on existing privacy rights of citizens, raising questions on how to safeguard citizens
               from abuse (Malik, 2014). Four countries report privacy challenges (China, India, Philippines, and Sri Lanka),
               though evidence suggests a general concern over the potential for abuse rather than concrete examples of
               privacy violations. In China, for example, we find evidence of concern over the increased ability for police to
               track citizens’ movements and monitor political and religious dissidents, with fears that information linked to
               the ID program can be used to target or arbitrarily detain certain groups (Chen, 2003; Keane, 2006).

               Many countries are adopting accompanying data protection laws along with their ID programs to address
               privacy concerns relating to widespread and easy access to personal information across government agencies
               (Gellman, 2013). Certain programs have implemented targeted security measures concerning information
               access and citizen privacy. For example, strict clearance levels are required to access the UID database in
               India (UIDAI, 2012), and software has been put in place by NADRA in Pakistan that allows citizens to see what
               organizations or individuals have accessed their data (Malik, 2014). While these systems have the potential
               to address some concerns over citizen privacy and information abuse, we do not find supporting evidence
               that these measures have changed public perception on the security of information and privacy within their
               respective countries.

               4.3    Data Management

               Data registries are the foundational element in most national identification programs, and therefore are integral
               in maintaining a functional and effective program. Six programs (Bangladesh, Burkina Faso – Voter Card, Ghana,
               Guatemala, Indonesia, and Mali) report challenges with data maintenance, which we define as to the ability
               to establish, maintain, and secure updated citizen registries within a central database.

               In several cases, programs face challenges with establishing their databases. In Ghana, the central database
               infrastructure was completed five years after data capture began, which led to a discrepancy between the
               number of citizens registered for the program and those with their data recorded. Fifteen million Ghanaian
               citizens registered with the national civil registry, but only nine million were input into the central database
               (Akrofi-Larbi, 2015). In Bangladesh, Burkina Faso – Voter Card, and Guatemala, the initial data gathered were
               of mixed quality and coverage which created complications as countries moved to establish their national
               identification programs (Gelb and Clark, 2013; Eulich 2011). As a result, Guatemala for example had to re-
               print over 2.9 million cards with data corrections (Eulich, 2011). We find evidence that Mali experienced
               widespread problems during the distribution of NINA cards leading up to its 2013 national election. Officials
               failed to properly update citizen information following the initial registration. Without updated information,
               cards were distributed by mail to the localities where citizens enrolled in 2009 or 2010, making collection
               difficult or even impossible for some citizens, especially those that had since been internally displaced by the
               war in Northern Mali (Duval Smith, 2013).
               We find evidence of some form of data protection in 16 programs, but these measures range in their level of
               security in terms of data safety and preventing the creation of fake documents. Indonesia briefly halted its e-ID
               program in late 2015/early 2015 when reports of fake circulating ID cards indicated a possible security breach
               (AntaraNews, 2014b). Nigeria’s NIMC has a security unit to physically guard personnel and assets (NIMC, 2013),
               while the UIDAI in India has data encryption software and is stored in a reportedly highly secure data vault
               (UIDAI, 2012). These data protection measures are also connected to concerns over privacy of enrollment data.


               4.4    Enrollment

               We find evidence that 14 programs experience general challenges enrolling citizens. We define enrollment
               challenges as those that directly affect the ability to carry out a comprehensive and successful registration drive.
               Broadly, these failures tend to result from inadequate access to resources and complex enrollment procedures.





                58