Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers

from the no-scope-for-abuse-there dept

Techdirt has been writing about the apparently unstoppable introduction of the Aadhaar identity card system in India for some time. Judging by this article on Global Voices, it seems that India's eastern neighbor, Bangladesh, has not noticed the serious problems that are emerging with the idea:

On October 2, the Bangladeshi government inaugurated Smart National ID cards (NID) as part of their Digital Bangladesh initiative, aiming to distribute the cards to 100 million people in Bangladesh.
As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:
Banking, passport details, driving licenses, trade licenses, tax payments, and share trading are among the 22 other services that can be accessed through the cards, with more to follow. The cards will also be associated with an individual's mobile phone SIM card. Once issued, they will be valid for 10 years.
As that mentions, the NID goes even further than Aadhaar by linking biometrics to an individual's mobile phone, making it the perfect surveillance system. That's new, but the main problem with the NID is familiar enough:
The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris. In total, 32 types of unique citizen data will be "embedded within its microchip," according to Election Commission officials
That means that if details are stolen, there is no way to revoke or change them. Here's what Bangladesh's Election Commisson has to say on the issue of security:
Citizens' data are safe from unauthorised access as the database servers are "fully protected", but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.
So, pretty much "trust us, it'll be fine," even though massive breaches of "fully protected" databases are becoming routine around the world. Users of the system may not be reassured by the following:
On the first day of card distribution, bdnews24.com reported that many citizens had to leave without the smart ID cards after providing their biometric samples, due to a "software malfunction."
And beyond what may just have been teething troubles, there are deeper issues of exactly the kind being faced by India's Aadhaar:
Biometric data collection en masse has also generated unexpected problems, specifically fingerprints: a technical staffer of the Election Commission was quoted saying "difficulties are being faced in cases where the fingers are scarred, or the lines on fingers have become unclear owing to heavy manual labour." This is likely to be a recurring problem given the large percentage of the population in Bangladesh employed in manual labour, or who have been in the past. This brings with it questions of sustainability: If a person gives their fingerprints now, and then engages in manual labour for 10 years, will they still be recognisable by the system?
Sadly, it seems that governments in India and Bangladesh are too excited by the prospect of the "efficiencies" such a digital identity framework could in theory offer -- to say nothing of the unmatched surveillance possibilities -- to worry much about tiresome practical details like the system not working properly for vast swathes of their people.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bangladesh, biometrics, national id, nationwide id, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 13 Oct 2016 @ 12:09am

    The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris. In total, 32 types of unique citizen data will be "embedded within its microchip,

    What this enables is stealing someone else's identity, while making sure that the card you carry matches your biometrics.

    link to this | view in chronology ]

  • icon
    That One Guy (profile), 13 Oct 2016 @ 12:42am

    "I believe in the security of the system so much I'm willing to put myself at risk to prove it..."

    Citizens' data are safe from unauthorised access as the database servers are "fully protected", but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.

    Those implementing the system could demonstrate how confident they are that it's secure by putting their own data on the line. Make their personal cards available(assuming the nobility even have them anyway) to show that even if someone manages to get ahold of a person's card that their personal data is secure.

    Of course this is merely a pipe dream as you can be damn sure that while those pushing for such a system have no problem risking the public's safety and security they'd never do the same for their safety and security, and will instead issue empty promises about how totally secure(promise!) the system is, even when(not if) it's cracked and exploited.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2016 @ 3:51am

    Write this down -- October 13, 2016

    This system will be hacked within a year. A massive amount of data will be copied from it. Organized crime will will use it to target its enemies and as a revenue source, that is, they'll sell it to anyone can afford it.

    This isn't really much of a prediction: these things happen like clockwork, so it's not a matter of IF this will happen, only WHEN.

    link to this | view in chronology ]

    • icon
      That One Guy (profile), 13 Oct 2016 @ 4:00am

      Re: Write this down -- October 13, 2016

      Organized crime will will use it to target its enemies and as a revenue source, that is, they'll sell it to anyone can afford it.

      ... And then once the government's done pillaging the pile(for the moment) the unofficial criminals will move in and take their turn.

      link to this | view in chronology ]

  • icon
    PaulT (profile), 13 Oct 2016 @ 3:53am

    "The cards will also be associated with an individual's mobile phone SIM card."

    So many questions. What if you don't own a phone. What if you change network? What if you change provider? What if the existing provider goes out of business? Who is responsible for securing and maintaining the records connecting the two? If the provider, what if they are owned at operated by a foreign corporation and store those records offshore?

    I'm sure these have already been considered, but it's worrying for the citizens affected that so many issues can be raised from a simple description of the scheme, and that's even without thinking of the horrific privacy and surveillance implications.

    "The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris."

    "Citizens' data are safe from unauthorised access as the database servers"

    Erm, at that point, who cares how secure the servers are? Even if they're perfectly protected from mass breaches, every single citizen is at risk of having their identity totally and irrevocably stolen the moment they lose their card or have it stolen.

    Also, what kind of procedure is there for reissuing and revoking the old card - do we have multiple copies out there that can be abused at a whim by anyone who can access the chip, or is any citizen who doesn't have one just shit out of luck?

    On a lighter note, I learned a new word from the article - crore, denoting 10 million.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2016 @ 5:01am

    Criminals across the globe rejoice in this announcement, as their jobs of ripping you off will become so much easier with the implementation of this system. In addition, political hacks are secretly hailing this new frontier as a watershed of new attack vectors opens. We stand at the threshold of new and exciting ways of fucking over the populace ... whooopie !!!

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2016 @ 6:26am

    We are cattle

    It seems the populace are now being treated like cattle, branded and tagged, while the ruling class act as the farmers. I can only guess that the next step will be that we end up on the farmer's dinner table.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2016 @ 6:51am

    That's a feature, not a bug.

    People who perform heavy manual labor are basically disposable anyway, so that's not a problem. In fact, it could even be seen as a benefit. Remember, India knows all about how caste systems work.

    link to this | view in chronology ]

  • icon
    Richard (profile), 13 Oct 2016 @ 7:26am

    Two words they should have been aware of:

    link to this | view in chronology ]

  • identicon
    Personanongrata, 13 Oct 2016 @ 4:39pm

    Criminal

    Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers

    Nothing says we truly care for your well being then when your government, in this case People's Republic of Bangladesh (26% of whom live below the national poverty line of US $2 per day.[1] In addition, child malnutrition rates are currently at 48%), takes whatever finite resources are available and squanders them on a dubious surveillance boondoggle.

    As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:

    Are the new cards edible?

    https://en.wikipedia.org/wiki/Poverty_in_Bangladesh

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.