Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers

from the no-scope-for-abuse-there dept

Techdirt has been writing about the apparently unstoppable introduction of the Aadhaar identity card system in India for some time. Judging by this article on Global Voices, it seems that India’s eastern neighbor, Bangladesh, has not noticed the serious problems that are emerging with the idea:

On October 2, the Bangladeshi government inaugurated Smart National ID cards (NID) as part of their Digital Bangladesh initiative, aiming to distribute the cards to 100 million people in Bangladesh.


As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:

Banking, passport details, driving licenses, trade licenses, tax payments, and share trading are among the 22 other services that can be accessed through the cards, with more to follow. The cards will also be associated with an individual’s mobile phone SIM card. Once issued, they will be valid for 10 years.


As that mentions, the NID goes even further than Aadhaar by linking biometrics to an individual’s mobile phone, making it the perfect surveillance system. That’s new, but the main problem with the NID is familiar enough:

The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris. In total, 32 types of unique citizen data will be “embedded within its microchip,” according to Election Commission officials


That means that if details are stolen, there is no way to revoke or change them. Here’s what Bangladesh’s Election Commisson has to say on the issue of security:

Citizens’ data are safe from unauthorised access as the database servers are “fully protected”, but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.


So, pretty much “trust us, it’ll be fine,” even though massive breaches of “fully protected” databases are becoming routine around the world. Users of the system may not be reassured by the following:

On the first day of card distribution, bdnews24.com reported that many citizens had to leave without the smart ID cards after providing their biometric samples, due to a “software malfunction.”


And beyond what may just have been teething troubles, there are deeper issues of exactly the kind being faced by India’s Aadhaar:

Biometric data collection en masse has also generated unexpected problems, specifically fingerprints: a technical staffer of the Election Commission was quoted saying “difficulties are being faced in cases where the fingers are scarred, or the lines on fingers have become unclear owing to heavy manual labour.” This is likely to be a recurring problem given the large percentage of the population in Bangladesh employed in manual labour, or who have been in the past. This brings with it questions of sustainability: If a person gives their fingerprints now, and then engages in manual labour for 10 years, will they still be recognisable by the system?


Sadly, it seems that governments in India and Bangladesh are too excited by the prospect of the “efficiencies” such a digital identity framework could in theory offer — to say nothing of the unmatched surveillance possibilities — to worry much about tiresome practical details like the system not working properly for vast swathes of their people.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers”

Subscribe: RSS Leave a comment
11 Comments
That One Guysays:

"I believe in the security of the system so much I'm willing to put myself at risk to prove it..."

Citizens’ data are safe from unauthorised access as the database servers are “fully protected”, but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.

Those implementing the system could demonstrate how confident they are that it’s secure by putting their own data on the line. Make their personal cards available(assuming the nobility even have them anyway) to show that even if someone manages to get ahold of a person’s card that their personal data is secure.

Of course this is merely a pipe dream as you can be damn sure that while those pushing for such a system have no problem risking the public’s safety and security they’d never do the same for their safety and security, and will instead issue empty promises about how totally secure(promise!) the system is, even when(not if) it’s cracked and exploited.

Anonymoussays:

Write this down -- October 13, 2016

This system will be hacked within a year. A massive amount of data will be copied from it. Organized crime will will use it to target its enemies and as a revenue source, that is, they’ll sell it to anyone can afford it.

This isn’t really much of a prediction: these things happen like clockwork, so it’s not a matter of IF this will happen, only WHEN.

PaulTsays:

“The cards will also be associated with an individual’s mobile phone SIM card.”

So many questions. What if you don’t own a phone. What if you change network? What if you change provider? What if the existing provider goes out of business? Who is responsible for securing and maintaining the records connecting the two? If the provider, what if they are owned at operated by a foreign corporation and store those records offshore?

I’m sure these have already been considered, but it’s worrying for the citizens affected that so many issues can be raised from a simple description of the scheme, and that’s even without thinking of the horrific privacy and surveillance implications.

“The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris.”

“Citizens’ data are safe from unauthorised access as the database servers”

Erm, at that point, who cares how secure the servers are? Even if they’re perfectly protected from mass breaches, every single citizen is at risk of having their identity totally and irrevocably stolen the moment they lose their card or have it stolen.

Also, what kind of procedure is there for reissuing and revoking the old card – do we have multiple copies out there that can be abused at a whim by anyone who can access the chip, or is any citizen who doesn’t have one just shit out of luck?

On a lighter note, I learned a new word from the article – crore, denoting 10 million.

Anonymoussays:

Criminals across the globe rejoice in this announcement, as their jobs of ripping you off will become so much easier with the implementation of this system. In addition, political hacks are secretly hailing this new frontier as a watershed of new attack vectors opens. We stand at the threshold of new and exciting ways of fucking over the populace … whooopie !!!

Personanongratasays:

Criminal

Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers

Nothing says we truly care for your well being then when your government, in this case People’s Republic of Bangladesh (26% of whom live below the national poverty line of US $2 per day.[1] In addition, child malnutrition rates are currently at 48%), takes whatever finite resources are available and squanders them on a dubious surveillance boondoggle.

As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:

Are the new cards edible?

https://en.wikipedia.org/wiki/Poverty_in_Bangladesh

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it