twitterfacebookyoutubemail

IMANI ALERT – Would the Biometric Register be Worth the Money?

IMANI ALERT – Would the Biometric Register be Worth the Money?

July 19th 2011

“Calculating the cost burden of the present, frankly chaotic, multiple ID systems is straightforward. Even ignoring the inconveniences and inefficiencies, the monetary costs of deploying parallel infrastructure is no small matter.”

IMANI has already commended Government of Ghana for following through its commitment to support the Electoral Commission (EC) in deploying a biometric voters’ register for the 2012 elections. In a recent announcement, government pledged funds to satisfy approximately 63% of the EC’s funding request.

That is not to say though that there are no outstanding difficulties with identity management in this country, and as everyone knows “voter identification” is but a subset of national identity management generally.

We must re-emphasise our longstanding position that the creation of another biometric register is a sad multiplication of effort.

We have already collected biometric details of citizens for the following purposes: national passports, the eZwich payments platform, and a National Identification System. It has been proposed that we do the same for: voters’ ID cards, drivers’ licenses and NHIS cards.

Presently, we have a dilapidated manual fingerprints system at the Police Criminal Investigations Department Headquarters that is due for automation anytime soon – eventually a computerised biometric register would naturally be proposed.

Given that all the above systems –existing and proposed – were developed to meet official national needs, they are or must be governed by the same strict regulations regarding security, privacy and integrity, and would or must respond to similar statutory requirements.

What therefore baffles the mind of most objective-minded observers is why we shouldn’t immediately embark on a program to harmonise these registers and systems.

We were very concerned when a Deputy Minister of Information dismissed this suggestion outright on the TV Africa evening talkshow, Matters Arising, on Monday the 18th of July 2011. His point that no country has a harmonised national identity system is not sufficient to dismiss the clear benefits of harmonisation. For indeed, in many countries around the globe harmonisation is the order of the day.

In Nigeria, the mess created by the presence of multiple ID cards have long been recognised, to the extent that President Obasanjo was compelled during his tenure, half a decade ago, to set up a committee to look for solutions to what was verging on a national crisis (see the final report here: www.nimc.gov.ng/downloads/Final%20Report.pdf). In the end the country had to establish a super-agency by name: the National Identity Management Commission to help address the chaos of national identity management.

In the European Union, this matter has even gone beyond the national level. There is now a call to harmonise the identity infrastructure across the Schengen and affiliated areas forthwith (google: EU doc no: 5299/1/10 and [2] EU doc no: 9949/10).

The other argument usually made is that harmonisation is impossible because of the different objectives of the existing systems; but this is not fully sound.

Harmonisation can simply mean one authority managing the collection of the requisite biometric data and being responsible for the integrity and maintenance of the database infrastructure. A plethora of official national identity cards and documents can then be issued against that database infrastructure if need be.

Bear in mind that issuing the cards themselves is simply a matter of security printing. A biometric-enabled card, on its own, may cost less than $1 at high volume assuming proficient procurement (there are Chinese vendors selling such smartcards at 25 cents and below – $0.25 – on the internet by the way).

In truth, such a card is really no different from a standard chip-based smartcard since the biometric data is converted into unique random values and stored digitally. For costing purposes, sample components are: a colour-printed PVC card; an integrated circuit chip with protected secure memory; and a microprocessor. Basic fare.

In that sense if there was no need to develop the full associated infrastructure, the proposed EC system would have cost less than one-fourth of what has now been earmarked for it.

Clearly it is the IT system and the labour-intensive work of collecting the data that is expensive, and that is the part we are arguing should be harmonised.

A harmonised IT system means you may even be able to use one card for multiple systems. At the hospital, when the nurse types in your ID code into the NHIS front-end system, the right sets and indices of pages related to your NHIS data are loaded up and displayed on the screen. If the same is done at the police station, your criminal records pops up if indeed the person pulling up the data is authorised to access such data, and if, and only if, the computer system they are using has been credentialed to access the central system and can pass the authentication challenge.

It doesn’t mean that all data relating to these discrepant and discrete services are stored on one computer. Rather it is the identity authentication that is stored on the central mainframe. Official service providers and agencies will retain the right to develop and manage their own specific applications on top of this NATIONAL BACKBONE.

For example, the DVLA will retain the liberty to develop an application that sends a message to motorists when their road-worthy certificate is due for a renewal, without being subject to any technical restrictions. However, when an MTTU officer stops a motorist and input their driver’s license number into the system, the central authentication feature sets in to validate the biodata prior to allowing access to the traffic offenders’ or general motorists’ register.

It should be obvious to the reader that such a mechanism would also have the additional benefit of preventing the rampant abuse caused by individuals using multiple identities to evade law enforcement, legitimate creditors and their civil responsibilities (i.e. using multiple and different particulars for different identity documents to gain undue advantage over the system).

This is straightforward logic.

Calculating the cost burden of the present, frankly chaotic, multiple ID systems is straightforward. Even ignoring the inconveniences and inefficiencies, the monetary costs of deploying parallel infrastructure is no small matter.

Let’s assume the cost of the EC system is the benchmark. A crude estimate of the total cost is a whopping $400 million. We believe we can cut $250 million off this figure through harmonisation. That shall be sufficient in clearing as many as 24,000 schools under trees in less than 16 months. Think about it, friends.

In the specific case of the eZwich platform, it is not just the database infrastructure that is ready-made for harnessing but also the end-user authentication device. Those terminals, designed for use by merchants as point-of-sale readers, or cheaper versions, can easily be harnessed for the biometric card owner verification exercise at the point of voting.

Imagine how straightforward therefore a platform like this can be adapted to the needs of voters.

Not only is the IT system for collecting, storing, analysing and retrieving biometric data available, but so also are the devices for verifying at the polling station that the person holding the biometric card is indeed the genuine and only user of the facility and not the third or fourth member of a cheating gang.

You slot in your card before the polling station officer, with the party agents looking on, you are invited to confirm with your thumbprint if indeed you are who you say you are and if confirmed the system duly records that you, Mr/Mrs Asomasi, has just been cleared for voting. For the next 24 hours any attempt to re-vote shall be flagged up and perhaps even an audible alarm sounded. At the end of the vote, a tally is issued to reconcile the total number of authenticated individuals with the total number of votes (valid and invalid) cast. Simple as that.

Indeed without such a system in place, it would be worthless to deploy a biometric register since there would be limited means to check polling day abuses. With only 15 months to go do we have the time and wherewithal to develop a complete system that can do this from scratch?

Do we really believe that we will have the time to design a specification document, draft terms of reference, and a procurement plan, before putting this job to bid? Would there be sufficient time thereafter to evaluate the technical and financial saliency of bids, open up the process to specialist and mass consultations, settle on a contractor or consortium, develop and execute a legal agreement, and then put together a project management plan?

And once the prototype is ready, how much time would be left for stress-testing, laboratory and field trials, security auditing/vetting, and user feedback collection? And if at the eleventh hour bugs show up, what do we do? Risk it without debugging and re-piloting, or postpone the use of the system for the 2012 elections?

We would be very impressed if the Electoral Commission is able to develop and implement from scratch a hitch-free biometric register with associated point-of-voting verification systems in time for the 2012 elections.

But the BIG, SCREAMING, question is why are we so eager to deploy parallel systems and spend more money on a completely novel implementation when we know that in 3 years or so it shall become obvious to powers-that-be that these systems need to be integrated for law enforcement and citizen convenience purposes anyway?

Sometimes one can only wonder.

This alert is by courtesy of IMANI Center for Policy & Education, and has been syndicated through its publishing arm, www.africanliberty.org

Written by iselorm

Leave a Reply