Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers
from the no-scope-for-abuse-there dept
Techdirt has been writing about the apparently unstoppable introduction of the Aadhaar identity card system in India for some time. Judging by this article on Global Voices, it seems that India’s eastern neighbor, Bangladesh, has not noticed the serious problems that are emerging with the idea:
On October 2, the Bangladeshi government inaugurated Smart National ID cards (NID) as part of their Digital Bangladesh initiative, aiming to distribute the cards to 100 million people in Bangladesh.
As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:
Banking, passport details, driving licenses, trade licenses, tax payments, and share trading are among the 22 other services that can be accessed through the cards, with more to follow. The cards will also be associated with an individual’s mobile phone SIM card. Once issued, they will be valid for 10 years.
As that mentions, the NID goes even further than Aadhaar by linking biometrics to an individual’s mobile phone, making it the perfect surveillance system. That’s new, but the main problem with the NID is familiar enough:
The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris. In total, 32 types of unique citizen data will be “embedded within its microchip,” according to Election Commission officials
That means that if details are stolen, there is no way to revoke or change them. Here’s what Bangladesh’s Election Commisson has to say on the issue of security:
Citizens’ data are safe from unauthorised access as the database servers are “fully protected”, but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.
So, pretty much “trust us, it’ll be fine,” even though massive breaches of “fully protected” databases are becoming routine around the world. Users of the system may not be reassured by the following:
On the first day of card distribution, bdnews24.com reported that many citizens had to leave without the smart ID cards after providing their biometric samples, due to a “software malfunction.”
And beyond what may just have been teething troubles, there are deeper issues of exactly the kind being faced by India’s Aadhaar:
Biometric data collection en masse has also generated unexpected problems, specifically fingerprints: a technical staffer of the Election Commission was quoted saying “difficulties are being faced in cases where the fingers are scarred, or the lines on fingers have become unclear owing to heavy manual labour.” This is likely to be a recurring problem given the large percentage of the population in Bangladesh employed in manual labour, or who have been in the past. This brings with it questions of sustainability: If a person gives their fingerprints now, and then engages in manual labour for 10 years, will they still be recognisable by the system?
Sadly, it seems that governments in India and Bangladesh are too excited by the prospect of the “efficiencies” such a digital identity framework could in theory offer — to say nothing of the unmatched surveillance possibilities — to worry much about tiresome practical details like the system not working properly for vast swathes of their people.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: bangladesh, biometrics, national id, nationwide id, privacy
Comments on “Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers”
What this enables is stealing someone else’s identity, while making sure that the card you carry matches your biometrics.
"I believe in the security of the system so much I'm willing to put myself at risk to prove it..."
Citizens’ data are safe from unauthorised access as the database servers are “fully protected”, but there have been no explicit mentions of how the data is stored, and whether or not it is encrypted.
Those implementing the system could demonstrate how confident they are that it’s secure by putting their own data on the line. Make their personal cards available(assuming the nobility even have them anyway) to show that even if someone manages to get ahold of a person’s card that their personal data is secure.
Of course this is merely a pipe dream as you can be damn sure that while those pushing for such a system have no problem risking the public’s safety and security they’d never do the same for their safety and security, and will instead issue empty promises about how totally secure(promise!) the system is, even when(not if) it’s cracked and exploited.
Write this down -- October 13, 2016
This system will be hacked within a year. A massive amount of data will be copied from it. Organized crime will will use it to target its enemies and as a revenue source, that is, they’ll sell it to anyone can afford it.
This isn’t really much of a prediction: these things happen like clockwork, so it’s not a matter of IF this will happen, only WHEN.
Re: Write this down -- October 13, 2016
Organized crime will will use it to target its enemies and as a revenue source, that is, they’ll sell it to anyone can afford it.
… And then once the government’s done pillaging the pile(for the moment) the unofficial criminals will move in and take their turn.
“The cards will also be associated with an individual’s mobile phone SIM card.”
So many questions. What if you don’t own a phone. What if you change network? What if you change provider? What if the existing provider goes out of business? Who is responsible for securing and maintaining the records connecting the two? If the provider, what if they are owned at operated by a foreign corporation and store those records offshore?
I’m sure these have already been considered, but it’s worrying for the citizens affected that so many issues can be raised from a simple description of the scheme, and that’s even without thinking of the horrific privacy and surveillance implications.
“The cards hold biometric details of the cardholder: impressions of all ten fingers, as well as pictures of the iris.”
“Citizens’ data are safe from unauthorised access as the database servers”
Erm, at that point, who cares how secure the servers are? Even if they’re perfectly protected from mass breaches, every single citizen is at risk of having their identity totally and irrevocably stolen the moment they lose their card or have it stolen.
Also, what kind of procedure is there for reissuing and revoking the old card – do we have multiple copies out there that can be abused at a whim by anyone who can access the chip, or is any citizen who doesn’t have one just shit out of luck?
On a lighter note, I learned a new word from the article – crore, denoting 10 million.
Criminals across the globe rejoice in this announcement, as their jobs of ripping you off will become so much easier with the implementation of this system. In addition, political hacks are secretly hailing this new frontier as a watershed of new attack vectors opens. We stand at the threshold of new and exciting ways of fucking over the populace … whooopie !!!
We are cattle
It seems the populace are now being treated like cattle, branded and tagged, while the ruling class act as the farmers. I can only guess that the next step will be that we end up on the farmer’s dinner table.
Re: We are cattle
Now?
Where have you been?
That's a feature, not a bug.
People who perform heavy manual labor are basically disposable anyway, so that’s not a problem. In fact, it could even be seen as a benefit. Remember, India knows all about how caste systems work.
Two words they should have been aware of:
Talk Talk.
Criminal
Bangladesh Brings In Nationwide Digital Identity Cards Linking Biometrics To Mobile Phone Numbers
Nothing says we truly care for your well being then when your government, in this case People’s Republic of Bangladesh (26% of whom live below the national poverty line of US $2 per day.[1] In addition, child malnutrition rates are currently at 48%), takes whatever finite resources are available and squanders them on a dubious surveillance boondoggle.
As with Aadhaar, the plan seems to be to use the new cards for a wide range of everyday activities:
Are the new cards edible?
https://en.wikipedia.org/wiki/Poverty_in_Bangladesh
Nepal starts NID Card system
Nepal has joined in the trend and started the National Identity card in Nepal system, but of course, without any good implementation, they say the registration is open for all online, but after registering, you need to visit the office and wait 3 – 3 hours just for Biometrics.
Only some cities have appointments for Bio other than that everyone will need to visit the District office at least twice to finish the process.
And even after that, you need to wait months just to get your card I applied 4 months ago, and still no information when I’ll receive my card.