from the no-scope-for-abuse-there dept
Techdirt has been writing about the apparently unstoppable introduction of the Aadhaar identity card system in India for some time. Judging by this article on Global Voices, it seems that India's eastern neighbor, Bangladesh, has not noticed the serious problems that are emerging with the idea:
On October 2, the Bangladeshi government inaugurated Smart National ID cards (NID) as part of their Digital Bangladesh initiative, aiming to distribute the cards to 100 million people in Bangladesh.
As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:
Banking, passport details, driving licenses, trade licenses, tax payments, and share trading are among the 22 other services that can be accessed through the cards, with more to follow. The cards will also be associated with an individual's mobile phone SIM card. Once issued, they will be valid for 10 years.
As that mentions, the NID goes even further than Aadhaar by linking biometrics to an individual's mobile phone, making it the perfect surveillance system. That's new, but the main problem with the NID is familiar enough:
The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris. In total, 32 types of unique citizen data will be "embedded within its microchip," according to Election Commission officials
That means that if details are stolen, there is no way to revoke or change them. Here's what Bangladesh's Election Commisson has to say on the issue of security:
Citizens' data are safe from unauthorised access as the database servers are "fully protected", but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.
So, pretty much "trust us, it'll be fine," even though massive breaches of "fully protected" databases are becoming routine around the world. Users of the system may not be reassured by the following:
On the first day of card distribution, bdnews24.com reported that many citizens had to leave without the smart ID cards after providing their biometric samples, due to a "software malfunction."
And beyond what may just have been teething troubles, there are deeper issues of exactly the kind being faced by India's Aadhaar:
Biometric data collection en masse has also generated unexpected problems, specifically fingerprints: a technical staffer of the Election Commission was quoted saying "difficulties are being faced in cases where the fingers are scarred, or the lines on fingers have become unclear owing to heavy manual labour." This is likely to be a recurring problem given the large percentage of the population in Bangladesh employed in manual labour, or who have been in the past. This brings with it questions of sustainability: If a person gives their fingerprints now, and then engages in manual labour for 10 years, will they still be recognisable by the system?
Sadly, it seems that governments in India and Bangladesh are too excited by the prospect of the "efficiencies" such a digital identity framework could in theory offer -- to say nothing of the unmatched surveillance possibilities -- to worry much about tiresome practical details like the system not working properly for vast swathes of their people.