Identity surveillance schemes are thriving in developing countries but could “come back to bite” the West if allowed to continue as they are, a leading privacy group has warned.
Speaking at a London conference held by European security group EEMA on Wednesday, Privacy International executive director Gus Hosein told attendees that identity schemes “from the 1990s and 2000s” are “alive and well” in countries like Kenya and Pakistan.
He argued that such systems are problematic because they contain security holes and introduce dependencies on foreign suppliers, as well as social inequality.
More worryingly, they could be used to shape global standards in time if lawmakers decide “if they’re doing it there let’s do it here”, said Hosein.
He said that Western providers had created dependencies in countries like the Democratic Republic of the Congo (DRC), where data from a $200m biometric voting system was required to be stored only in the supplier’s European HQ.
Pakistan’s ID system suffers the same potential privacy risks and dependency, with data stored in a Canadian data center, he added.
“Can we deploy an identity solution which doesn’t create these dependencies? I haven’t seen a convincing system yet,” Hosein commented. “We have to pay attention to these issues or we’ll be taking lessons from the developing world and bringing them home.”
The ideas behind the UK’s abandoned national ID card scheme travelled to India but its attempt to implement a similar program was foiled by a Supreme Court ruling there, which said the system would introduce discrimination, Hosein explained. It then ended up in Rwanda.
SIM registration is another worrisome policy, spreading from African and Mediterranean countries to south-east Asia, introducing inequality, discrimination and social exclusion, he argued.
Hosein also cautioned that whether privacy breaches of such systems are intentionally caused by hacking attacks or accidental, “security is not easy to do”.
The revelations from NSA whistleblower Edward Snowden, meanwhile, have shown the world that metadata can be a form of intelligence too, and if identity systems do not contain enough checks and balances it could be abused to link information about individuals across contexts, he warned.
All of these concerns should be leading us to debate whether identity management schemes are desirable at all, even if well-intentioned, Hosein concluded.
Gilad Rosner, visiting researcher from the Horizon Digital Economy Research Institute, posited a more optimistic outlook from his detailed work into ID schemes across Europe and North America.
“Despite Snowden and all of these privacy risks … there are still people inside governments who are worried about those risks and are trying to build into policies these counter-currents to surveillance,” he told attendees.