Digital Identity: The Appropriate Use Of Digital Identity

Period: 2019-2020

Partner: OMIDYAR NETWORK DIGITAL IDENTITY PROGRAM

About the project

CIPIT will undertake research on when private and public sector service providers should ask individuals to produce an identity document.

Read more about this project here.

Report on Kenya’s Identification Ecosystem

The report on Kenya’s Identity Ecosystem provides an overview of the main identification systems used to manage development, and an in-depth exploration of three that are vital to Kenyans’ participation in political and economic life. The report was researched and written by Emrys Schoemaker (Caribou Digital), Tom Kirk (London School of Economics) and Isaac Rutenberg (CIPIT).

The research for the report was funded by Australia’s Department for Foreign Affairs and Trade as part of their support to the Commonwealth Heads of Government Meeting to strengthen access to digital ID for women and girls.

The full report is available here, and an interactive ecosystem map is here.

Determining true risks and their impact to the user experience of Digital ID

Increasingly, with the introduction of DID programs in a number of African countries, citizens and residents have taken to social media to elaborate on some of their experiences of ID and interacting with ID systems. Albeit limited in scope and magnitude, these online reports of lived experiences provide a useful tool for assessing the impact of DID and identifying likely harms to which users may be exposed. Analysing social media narratives from 11 African countries, this report identifies, in descending order of gravity, three major categories of harms affecting users, as well as instances when the harms are most likely to manifest. These categorisations are proposed as a tool to assess the feasibility and proportionality of DID programs. Category One Harms are primarily associated with an inability to access foundational forms of ID. Category Two Harms on the other hand relate to users having the ID; its impact on constitutional rights, namely, the right to equality, privacy, and other human rights such as healthcare. The last category, Category Three Harms, deals with the harms occasioned by logistical/operational shortcomings such as clerical errors, long lines, etc. This report is guided by two main frameworks discussed below, the Principles for Evaluation set out by the Centre for Internet & Society (CIS) and the Omidyar Network’s Good ID principles.

Below are our full analysis of three use cases for Digital ID.

Report Summary This report examines the complex legal landscape governing cross-border data transfers in Africa. It highlights how data is
Introduction Various legal regimes that address privacy and data protection to some extent have marked the journey towards enacting the
Gender Inclusivity in AI Governance Introduction The rapid advancement of artificial intelligence has significant implications for how societies are shaped
Report Summary This report critically examines how Automated Decision-Making (ADM) technologies are reshaping various sectors across the African continent. As
Introduction The Office of the Data Protection (ODPC) was constituted by the Data Protection Act, under the auspices of Section
The report titled Data Deserts in Kenya: The Search for an Oasis addresses the digital divide in Kenya, which disproportionately impacts vulnerable

The reports below are our analysis of Digital ID in the context of a global pandemic.

Report Summary This report examines the complex legal landscape governing cross-border data transfers in Africa. It highlights how data is
Introduction Various legal regimes that address privacy and data protection to some extent have marked the journey towards enacting the
Gender Inclusivity in AI Governance Introduction The rapid advancement of artificial intelligence has significant implications for how societies are shaped
Report Summary This report critically examines how Automated Decision-Making (ADM) technologies are reshaping various sectors across the African continent. As
Introduction The Office of the Data Protection (ODPC) was constituted by the Data Protection Act, under the auspices of Section
The report titled Data Deserts in Kenya: The Search for an Oasis addresses the digital divide in Kenya, which disproportionately impacts vulnerable

Kipande, Kitambulisho, Huduma Namba: The Violent Ontologies and Epistemologies of National Identity Systems in Kenya. 

In 2019, the Government of Kenya through the Ministry of the Interior announced a new initiative called the Huduma Namba; a centralised, ‘single source of truth’ database that would determine the extent to which citizens would be able to access key government services.

However, the Huduma Number is the latest incarnation of the idea that a centralised register of persons is necessary to effective governance. It is designed to take precedence over the existing ID (kitambulisho) system, which has its origins in the pre-independence registration of African males in Kenya. But despite its stated confidence in its own system, the government launched the Huduma Number under a cloud of threats and coercion. Citizens were given 30 days to register for the new system and informed that failure to register would deprive them of access to banking, passports, mobile money, and even while, for instance, provision was not made for those in the diaspora. Eventually, this move raised suspicion as to the legality of this mandatory enrolment.

This paper will retraces the politics and history such centralised databases in Kenya beginning with the introduction of the kipande in colonial Kenya in 1921, through to the creation of the kitambulisho system at independence, including enrolment of women in 1978 and the modern digital database, through to the Huduma Namba itself. This critical genealogy will emphasise the reasons why the various systems were created, the ways they were expected to operate, and the political challenges they raised, as well as the extent to which these challenges were addressed. In this way, the paper argues that the fundamental flaws in Kenya’s identity systems are political and not technological and that the introduction of a digital database without addressing the political context may compound more problems than it solves.

This paper is currently under peer review.

The executive summary for the report:

The purpose of this project is to review the use of IDs in three (3) West African countries in order to determine where the IDs have been used to include and or exclude individuals in getting access to social services. In doing so, we reviewed relevant literature, laws and policies, grey literature, primary and secondary accounts, and other materials on inclusive/exclusive uses of IDs in the respective countries. The Consultant identified Cote D’Ivoire, Ghana and Nigeria for purposes of the study. The countries have been selected to represent the diversity of legal systems and governance structures within West Africa.

For each country, we have discussed two critical identity credentials/documents: the national identification card (or the national identification number in some cases) and the national health insurance card. The two cards are chosen to represent the foundational and functional identification systems in the three countries, and also reflect the peculiar dimensions and implications for inclusivity.

Overall, we find that in terms of laws and policies related to IDs, governments in the three (3) countries generally have a pro-inclusivity disposition. Yet, there are also policies and laws in the countries that undermine ID inclusivity and intend promote exclusivity. These exclusionary factors of the six (6) IDs studied here are often heightened by administrative impediments to access. Below are some of the major observations from the three (3) country’s case studies.

A Downloadable version of the policy recommendations below is here.

Beyond Technical Soundness: Making Room for Human Rights in Kenya’s Digital Identity Projects.

Policy Brief.

Developing countries around the world are turning to digital identity systems to address development challenges. But some development challenges cannot be resolved purely on technical terms. Where they are implemented without adequate consideration of the local social and historical context, the systems can cause significant harm that undermine any putative benefits. This policy brief focuses on Kenya’s digital identity project which has been plagued with dissent and confusion in part because it has not been sensitive to key human rights concerns. It provides a preliminary human rights framework to analyse Kenya’s Huduma Number.

The report is based on a 12-month desk study conducted at the Centre for Intellectual Property and Technology (CIPIT) at Strathmore University.1 In brief, the study found that the logic of ID systems in Kenya has always been premised in discrimination and structural violence which has neither been challenged nor addressed over the years. The Huduma Number is therefore being grafted on to a problematic basis and must be subjected to a thorough human rights assessment before it proceeds. Examples of this contextual basis include vetting for specific ethnic communities, politicisation of identity and coercion perpetrated by the Executive.

Aside from these conceptual flaws, the roll out of the Huduma Number has as well been problematic. A court held that the process was not mandatory due the absence of a Data Protection Act.2 This was not the first setback. Earlier, in 2007, a unique PIN generated at the direction of an Inter-Ministerial Task Force was to be integrated into the National ID – this did not occur. In 2009, a tender was awarded to OT Morpho to print the cards but this also did not come to pass due to a court challenge. The process was restarted in 2011 through the Kenya Citizens and Foreign Nationals Management Service Act and stalled in 2014. The process has also seen insufficient public participation. The Executive began the Huduma Number registration exercise in June 2018 on the basis of an Executive Order as opposed to an Act of Parliament, precluding public participation. The enabling Act was subsequently passed via the Statute Law (Miscellaneous Amendments) Act in December 2018, but there wasn’t much public participation in that process either. Throughout all this, the government policy was inconsistent. State officers and public officials gave conflicting accounts of the mandatory nature of the Huduma Number.3 The legal validity for the Huduma Number was also questioned by the Senate due to the failure of the National Assembly to consult it during parliamentary debate.

The Huduma Number also faced a number of human rights challenges. Notably, on 22nd March 2019, the Kenya Commission on Human Rights (KCHR) and the Nubian Rights Forum filed a petition to stop the Huduma Namba registration exercise citing that it violated the constitution. Despite a concluded court case, the broader human rights concerns of civil society remain unaddressed. These include: discrimination and exclusion; data protection; state surveillance; and a lack of transparency and public participation.

Conclusions: Technical soundness cannot compensate for human rights failures embedded in the logic of a digital identity system. The Huduma Namba project is not only technically unsound but contains significant human rights issues that must be addressed. A human rights analysis of a digital ID system must address questions of harm, privacy, balance of power, democratic participation, and suitability for local context.

Summarized Policy Recommendations

Recommendations for the Executive: Conduct meaningful nationwide, public engagement on the Huduma Namba, including translations into local languages to enable full participation; and address issues of discrimination and exclusion embedded in the logic of identity systems in Kenya, particularly on the unfair use of vetting against marginalised communities.

Recommendations for the Legislature: Suspend the provisions of the data protection law until an effective human rights review can be conducted with the oversight of the Senate and in partnership with human rights actors in the country. Review, revise, or eliminate “carve-outs” such as blanket exemptions from data protection provisions for public sector activities.

Recommendations for the Judiciary: Strengthen the capacity of the judiciary to understand and effectively litigate digital rights issues.

Recommendations for Human Rights Organisations: Strengthen the capacity of Kenya’s human rights community to respond to the changes in the digital rights landscape; Conduct meaningful research into alternative methods of improving service delivery that do not divert key government resources, perpetuate discrimination and exclusion, enhance the coercive reach of the state, and engender mass surveillance and criminalisation of the society; Lobby parliament for a human rights review of the Data Protection Act (2019) and demand amendments of clauses that do not conform to international standards on data protection; Increase public awareness on the importance of digital rights as human rights, and understanding the implications of building the state’s coercive and surveillance capacity; and Support public forums and debates on the impact of digital identities on daily life.

1 See generally, Nanjala Nyabola and Isaac Rutenberg (forthcoming) Kipande, Kitambulisho, Huduma Number: A Critical History of Identity Systems in Kenya (unpublished).
2 Annette Wambulwa (2019) “Huduma Namba Registration to Continue After Court Ruling” in the Star, 1 April 2019 (accessed 26 March 2020) available at https://www.the-star.co.ke/news/2019-04-01-huduma-namba-registration-to-proceed-after-court-ruling/
3 Pius Mandu (2019) ‘Kenyans to Continue Using ID Despite Having Huduma Namba’ in the Daily Nation, 24 April 2019 (accessed 27 March 2020). See also, James Omoro (2019) ‘Homa Bay County to fire Employees with No Huduma Number” in the Standard Digital, 24 April 2019 (accessed 22 February 2020) available at https://www.standardmedia.co.ke/elections2017/article/2001322672/county-to-fire-employees-with-no-huduma-namba

#GoodID Twitter Chat – Appropriate Uses of Digital ID

CIPIT researcher runner up in Good ID Awards

CIPIT researcher Grace Mutung’u was announced as the runner up in the Accountability category for the Good ID Awards. See the announcement here