Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers

from the no-scope-for-abuse-there dept

Techdirt has been writing about the apparently unstoppable introduction of the Aadhaar identity card system in India for some time. Judging by this article on Global Voices, it seems that India's eastern neighbor, Bangladesh, has not noticed the serious problems that are emerging with the idea:

On October 2, the Bangladeshi government inaugurated Smart National ID cards (NID) as part of their Digital Bangladesh initiative, aiming to distribute the cards to 100 million people in Bangladesh.
As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:
Banking, passport details, driving licenses, trade licenses, tax payments, and share trading are among the 22 other services that can be accessed through the cards, with more to follow. The cards will also be associated with an individual's mobile phone SIM card. Once issued, they will be valid for 10 years.
As that mentions, the NID goes even further than Aadhaar by linking biometrics to an individual's mobile phone, making it the perfect surveillance system. That's new, but the main problem with the NID is familiar enough:
The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris. In total, 32 types of unique citizen data will be "embedded within its microchip," according to Election Commission officials
That means that if details are stolen, there is no way to revoke or change them. Here's what Bangladesh's Election Commisson has to say on the issue of security:
Citizens' data are safe from unauthorised access as the database servers are "fully protected", but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.
So, pretty much "trust us, it'll be fine," even though massive breaches of "fully protected" databases are becoming routine around the world. Users of the system may not be reassured by the following:
On the first day of card distribution, bdnews24.com reported that many citizens had to leave without the smart ID cards after providing their biometric samples, due to a "software malfunction."
And beyond what may just have been teething troubles, there are deeper issues of exactly the kind being faced by India's Aadhaar:
Biometric data collection en masse has also generated unexpected problems, specifically fingerprints: a technical staffer of the Election Commission was quoted saying "difficulties are being faced in cases where the fingers are scarred, or the lines on fingers have become unclear owing to heavy manual labour." This is likely to be a recurring problem given the large percentage of the population in Bangladesh employed in manual labour, or who have been in the past. This brings with it questions of sustainability: If a person gives their fingerprints now, and then engages in manual labour for 10 years, will they still be recognisable by the system?
Sadly, it seems that governments in India and Bangladesh are too excited by the prospect of the "efficiencies" such a digital identity framework could in theory offer -- to say nothing of the unmatched surveillance possibilities -- to worry much about tiresome practical details like the system not working properly for vast swathes of their people.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 13 Oct 2016 @ 12:09am

    The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris. In total, 32 types of unique citizen data will be "embedded within its microchip,

    What this enables is stealing someone else's identity, while making sure that the card you carry matches your biometrics.

    reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 13 Oct 2016 @ 12:42am

    "I believe in the security of the system so much I'm willing to put myself at risk to prove it..."

    Citizens' data are safe from unauthorised access as the database servers are "fully protected", but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.

    Those implementing the system could demonstrate how confident they are that it's secure by putting their own data on the line. Make their personal cards available(assuming the nobility even have them anyway) to show that even if someone manages to get ahold of a person's card that their personal data is secure.

    Of course this is merely a pipe dream as you can be damn sure that while those pushing for such a system have no problem risking the public's safety and security they'd never do the same for their safety and security, and will instead issue empty promises about how totally secure(promise!) the system is, even when(not if) it's cracked and exploited.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2016 @ 3:51am

    Write this down -- October 13, 2016

    This system will be hacked within a year. A massive amount of data will be copied from it. Organized crime will will use it to target its enemies and as a revenue source, that is, they'll sell it to anyone can afford it.

    This isn't really much of a prediction: these things happen like clockwork, so it's not a matter of IF this will happen, only WHEN.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 13 Oct 2016 @ 4:00am

      Re: Write this down -- October 13, 2016

      Organized crime will will use it to target its enemies and as a revenue source, that is, they'll sell it to anyone can afford it.

      ... And then once the government's done pillaging the pile(for the moment) the unofficial criminals will move in and take their turn.

      reply to this | link to this | view in chronology ]

  • icon
    PaulT (profile), 13 Oct 2016 @ 3:53am

    "The cards will also be associated with an individual's mobile phone SIM card."

    So many questions. What if you don't own a phone. What if you change network? What if you change provider? What if the existing provider goes out of business? Who is responsible for securing and maintaining the records connecting the two? If the provider, what if they are owned at operated by a foreign corporation and store those records offshore?

    I'm sure these have already been considered, but it's worrying for the citizens affected that so many issues can be raised from a simple description of the scheme, and that's even without thinking of the horrific privacy and surveillance implications.

    "The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris."

    "Citizens' data are safe from unauthorised access as the database servers"

    Erm, at that point, who cares how secure the servers are? Even if they're perfectly protected from mass breaches, every single citizen is at risk of having their identity totally and irrevocably stolen the moment they lose their card or have it stolen.

    Also, what kind of procedure is there for reissuing and revoking the old card - do we have multiple copies out there that can be abused at a whim by anyone who can access the chip, or is any citizen who doesn't have one just shit out of luck?

    On a lighter note, I learned a new word from the article - crore, denoting 10 million.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2016 @ 5:01am

    Criminals across the globe rejoice in this announcement, as their jobs of ripping you off will become so much easier with the implementation of this system. In addition, political hacks are secretly hailing this new frontier as a watershed of new attack vectors opens. We stand at the threshold of new and exciting ways of fucking over the populace ... whooopie !!!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2016 @ 6:26am

    We are cattle

    It seems the populace are now being treated like cattle, branded and tagged, while the ruling class act as the farmers. I can only guess that the next step will be that we end up on the farmer's dinner table.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2016 @ 6:51am

    That's a feature, not a bug.

    People who perform heavy manual labor are basically disposable anyway, so that's not a problem. In fact, it could even be seen as a benefit. Remember, India knows all about how caste systems work.

    reply to this | link to this | view in chronology ]

  • icon
    Richard (profile), 13 Oct 2016 @ 7:26am

    Two words they should have been aware of:

    reply to this | link to this | view in chronology ]

  • identicon
    Personanongrata, 13 Oct 2016 @ 4:39pm

    Criminal

    Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers

    Nothing says we truly care for your well being then when your government, in this case People's Republic of Bangladesh (26% of whom live below the national poverty line of US $2 per day.[1] In addition, child malnutrition rates are currently at 48%), takes whatever finite resources are available and squanders them on a dubious surveillance boondoggle.

    As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:

    Are the new cards edible?

    https://en.wikipedia.org/wiki/Poverty_in_Bangladesh

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Home Cooking Is Killing Restaurants
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.