Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers
from the no-scope-for-abuse-there dept
Techdirt has been writing about the apparently unstoppable introduction of the Aadhaar identity card system in India for some time. Judging by this article on Global Voices, it seems that India's eastern neighbor, Bangladesh, has not noticed the serious problems that are emerging with the idea:
On October 2, the Bangladeshi government inaugurated Smart National ID cards (NID) as part of their Digital Bangladesh initiative, aiming to distribute the cards to 100 million people in Bangladesh.
As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:
Banking, passport details, driving licenses, trade licenses, tax payments, and share trading are among the 22 other services that can be accessed through the cards, with more to follow. The cards will also be associated with an individual's mobile phone SIM card. Once issued, they will be valid for 10 years.
As that mentions, the NID goes even further than Aadhaar by linking biometrics to an individual's mobile phone, making it the perfect surveillance system. That's new, but the main problem with the NID is familiar enough:
The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris. In total, 32 types of unique citizen data will be "embedded within its microchip," according to Election Commission officials
That means that if details are stolen, there is no way to revoke or change them. Here's what Bangladesh's Election Commisson has to say on the issue of security:
Citizens' data are safe from unauthorised access as the database servers are "fully protected", but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.
So, pretty much "trust us, it'll be fine," even though massive breaches of "fully protected" databases are becoming routine around the world. Users of the system may not be reassured by the following:
On the first day of card distribution, bdnews24.com reported that many citizens had to leave without the smart ID cards after providing their biometric samples, due to a "software malfunction."
And beyond what may just have been teething troubles, there are deeper issues of exactly the kind being faced by India's Aadhaar:
Biometric data collection en masse has also generated unexpected problems, specifically fingerprints: a technical staffer of the Election Commission was quoted saying "difficulties are being faced in cases where the fingers are scarred, or the lines on fingers have become unclear owing to heavy manual labour." This is likely to be a recurring problem given the large percentage of the population in Bangladesh employed in manual labour, or who have been in the past. This brings with it questions of sustainability: If a person gives their fingerprints now, and then engages in manual labour for 10 years, will they still be recognisable by the system?
Sadly, it seems that governments in India and Bangladesh are too excited by the prospect of the "efficiencies" such a digital identity framework could in theory offer -- to say nothing of the unmatched surveillance possibilities -- to worry much about tiresome practical details like the system not working properly for vast swathes of their people.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bangladesh, biometrics, national id, nationwide id, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
What this enables is stealing someone else's identity, while making sure that the card you carry matches your biometrics.
[ link to this | view in chronology ]
"I believe in the security of the system so much I'm willing to put myself at risk to prove it..."
Those implementing the system could demonstrate how confident they are that it's secure by putting their own data on the line. Make their personal cards available(assuming the nobility even have them anyway) to show that even if someone manages to get ahold of a person's card that their personal data is secure.
Of course this is merely a pipe dream as you can be damn sure that while those pushing for such a system have no problem risking the public's safety and security they'd never do the same for their safety and security, and will instead issue empty promises about how totally secure(promise!) the system is, even when(not if) it's cracked and exploited.
[ link to this | view in chronology ]
Write this down -- October 13, 2016
This isn't really much of a prediction: these things happen like clockwork, so it's not a matter of IF this will happen, only WHEN.
[ link to this | view in chronology ]
Re: Write this down -- October 13, 2016
... And then once the government's done pillaging the pile(for the moment) the unofficial criminals will move in and take their turn.
[ link to this | view in chronology ]
So many questions. What if you don't own a phone. What if you change network? What if you change provider? What if the existing provider goes out of business? Who is responsible for securing and maintaining the records connecting the two? If the provider, what if they are owned at operated by a foreign corporation and store those records offshore?
I'm sure these have already been considered, but it's worrying for the citizens affected that so many issues can be raised from a simple description of the scheme, and that's even without thinking of the horrific privacy and surveillance implications.
"The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris."
"Citizens' data are safe from unauthorised access as the database servers"
Erm, at that point, who cares how secure the servers are? Even if they're perfectly protected from mass breaches, every single citizen is at risk of having their identity totally and irrevocably stolen the moment they lose their card or have it stolen.
Also, what kind of procedure is there for reissuing and revoking the old card - do we have multiple copies out there that can be abused at a whim by anyone who can access the chip, or is any citizen who doesn't have one just shit out of luck?
On a lighter note, I learned a new word from the article - crore, denoting 10 million.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
We are cattle
[ link to this | view in chronology ]
Re: We are cattle
Where have you been?
[ link to this | view in chronology ]
That's a feature, not a bug.
[ link to this | view in chronology ]
Two words they should have been aware of:
[ link to this | view in chronology ]
Criminal
Nothing says we truly care for your well being then when your government, in this case People's Republic of Bangladesh (26% of whom live below the national poverty line of US $2 per day.[1] In addition, child malnutrition rates are currently at 48%), takes whatever finite resources are available and squanders them on a dubious surveillance boondoggle.
As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:
Are the new cards edible?
https://en.wikipedia.org/wiki/Poverty_in_Bangladesh
[ link to this | view in chronology ]