Kenya Government mandates DNA-linked national ID, without data protection law

Kenya is part of China&#x27;s belt and road initiative. I wonder if this is aided by China to lay the groundwork to push the country to be authoritarian. Just like how ZTE helps Venezuela tighten the control of her citizens. <a href="https:&#x2F;&#x2F;www.reuters.com&#x2F;investigates&#x2F;special-report&#x2F;venezuela-zte&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reuters.com&#x2F;investigates&#x2F;special-report&#x2F;venezuel...</a>

&gt; National Integrated Identity Management System (NIIMS) now requires all Kenyans, immigrants, and refugees to turn over their DNA, GPS coordinates of their residential address, retina scans, iris pattern, voice waves, and earlobe geometry before being issued critical identification documents.<p>Ouch. The full identity theft package. Probably worth comparing this with the controversy over Aadhar, the Indian scheme.

&gt; The ID card is a critical document that impacts everyday life, without it, an individual cannot vote, purchase property, access higher education, obtain employment, access credit, or public health, among other fundamental rights.<p>It&#x27;s the same in Belgium, France and I&#x27;d bet it&#x27;s the same in any other European Union countries.

The importance of DNA data to privacy is often overstated. It&#x27;s not clear from the article, but for very serious cost reasons, this &quot;DNA data&quot; will include a small panel of genetic markers which are suited for identification.<p>It is virtually impossible to derive any health information from that data. It may be possible to estimate a person&#x27;s ethnic background (which sometimes may be a danger in Africa) within reason. The one certain danger to privacy would be around family relationships, which some people may want to keep hidden.<p>So they really need to make sure they evaluate and communicate the benefits of this kind of data collection. To me it sounds a bit like some private vendors sold them the kitchen sink...

Great. A database that might be able to tag your ethnicity in a region with recurring ethnic violence.

&gt; <i>Ethnic Discrimination Concerns: The collection of DNA is particularly concerning as this information can be used to identify an individual’s ethnic identity. Given Kenya’s history of politicization of ethnic identity, collecting this data in a centralized database like NIIMS could reproduce and exacerbate patterns of discrimination.</i><p>Imagine promoting a system so prone to abuse that you&#x27;re really only one election away from an inescapable genocide whose detractors can be silenced perfectly.

Indian government is working for a framework called India Stack which they are pitching to African countries. It is biometric linked identity that helps government track their citizens easily while also owning the data (protection from American companies).

Ouch, China will know everything of all Kenyans soon.

I feel dreadful reading these types of things. The world seems to be running full speed into a dystopian future. Slow down, I say. Think about what you are doing and the consequences of your actions. NSA, POTUS lowering the bar for acceptable behavior, China monitoring, god knows what else, now this in Kenya.

Since my comment is quite long, I&#x27;m putting the most important point right at the beginning. If anyone from Kenya or with interests in Kenya is reading this comment, please immediately take this law to court (since the article says this law is unconstitutional). Start mass campaigns and get people to understand and talk about it. It may probably take time to be heard, and it may probably seem impossible to win. But learn from the grotesque blunders that India has done with Aadhaar, and use that to fuel your fight. It would be terrible to give up so much for hardly any gain (only the companies that take your money to implement the system would gain, and some people in power). India is the shameful poster child here, and there&#x27;s lots to learn. Also follow the money and see who&#x27;s pushing for this (likely to be large multinational companies that are in cahoots with those in power).<p>This is just a bit worse than Aadhaar, the biometric based &quot;unique ID&quot; that&#x27;s been bulldozed on to people in India. The Aadhaar program ran as an executive mandate (with no legislative backing) for several years, then a poorly drafted law was brought in and passed through subterfuge by the current ruling party (BJP). Aadhaar is based on fingerprints and iris scan, but there are provisions in the backing law to include DNA or other information as and when the authority pleases.<p>Like this Kenyan ID, India&#x27;s Aadhaar has no opt-out (the Supreme Court gave a vague ruling last year that children should be able to opt out, but that hasn&#x27;t been implemented).<p>It seems like this Kenyan ID uses biometrics directly, which is how Aadhaar also works. If your biometrics are leaked or compromised (I&#x27;m highly amused to even write these words), then you cannot revoke the ID or get a new ID. The concept of cancelable biometrics was not considered (Nandan Nilekani, one of the founders of the famous&#x2F;infamous Indian company Infosys, headed this ID program, and suffice it to say that it&#x27;s been a disaster in so many ways).<p>Like Kenya, India still does not have a data privacy law (the one drafted by a government commission has many issues, but will become the law in the future), but the government coerced many people to get Aadhaar through lies, deceitful marketing and causing general panic.<p>Hundreds of thousands (or even millions, by now) have lost money because of the way Aadhaar was linked to almost everything (bank accounts, phone numbers and many more), and the government&#x27;s constant coercion and panic creation for people to get it and link it was the opportunity of a lifetime for people to phish, scam and defraud people. The majority of the affected were&#x2F;are not digitally literate (even many educated people aren&#x27;t generally digitally literate) and are poorer and&#x2F;or elderly.<p>Since Aadhaar was, and is continuing to be, used for government subsidies, the failure of the poorly designed, centralized system in a country with poor network infrastructure and a lot of inherent corruption resulted in many deaths, including starvation deaths of small children, and disabled and&#x2F;or elderly people.<p>India is a place where the executive branch of the government can get away with saying that these didn&#x27;t happen (denial) or that it&#x27;s collateral damage (&quot;nothing in this world is flawless, so why bother?&quot; is the mindset). The courts won&#x27;t intervene on their own even for such grave matters.<p>Over the years, people have pointed out several security flaws in the system, but the authority in charge of Aadhaar, UIDAI, has always been in denial mode (and still is). The reaction of UIDAI has always been to file criminal complaints against those who show the weaknesses, instead of encouraging responsible disclosure or acknowledging the efforts of such people.<p>Since the Indian judicial system is also very slow (it took more than three years to even start hearing the cases filed by many people against this ID), the government had it quite easy. That&#x27;s why I keep using the term &quot;bulldozed&quot;.<p>Those who wanted to show the security flaws many a times refrained from doing it themselves because of the repercussions. And that&#x27;s why the biggest opponent examining and talking about the security issues in the Aadhaar system is a French national who goes by the name Elliot Anderson on Twitter. [1]<p>Even Troy Hunt pointed out many basic flaws [2], but UIDAI&#x27;s response was, as usual, denial.<p>Mozilla, EFF and many others have written about, and against, the Aadhaar program.<p>I can go on and on, but this would then become a book (see my profile for a little more).<p>[1]: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;fs0c131y" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;fs0c131y</a><p>[2]: <a href="https:&#x2F;&#x2F;www.troyhunt.com&#x2F;is-indias-aadhaar-system-really-hack-proof-assessing-a-publicly-observable-security-posture&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.troyhunt.com&#x2F;is-indias-aadhaar-system-really-hac...</a>

In a country that has experienced tribal clashes, is one of the most corrupt in the world (law enforcement got to be the most corrupt in the world) and on the brink of debt slavery to China it marks the end of democracy, freedom and human rights. If they carry on, I foresee increase in extrajudicial killings, over taxation and eventually a Rwanda style genocide one day.