Governments globally are increasingly proposing or implementing national digital identity programmes. Many such programmes entail a push to collect, store, and use the biometrics of individuals as the primary means of establishing and authenticating their identity. In some cases, these programmes either contemplate or create a centralised database of this highly sensitive, yet unchangeable, information. This is incredibly risky.
As an organisation committed to defending and extending the digital rights of users at risk, Access Now has deep concerns about any initiative to legally mandate a centralised national digital identity programme. These programmes can undermine the right to privacy and chill freedom of movement, the freedom of expression, and other protected rights. Further, since they typically entail the creation of a “honeypot” of data — susceptible to breach by malicious actors or abuse by public authorities — they also carry risks for cybersecurity and information disclosure. When they are biometrically linked and made mandatory, they have the potential to turn a digital ID into a pervasive means of identification, tracking, or control.
It is in this context that we publish a working paper to examine these issues and provide guidance for those seeking to protect human rights: National Digital Identity Programmes: What’s Next? We invite your feedback and input.
As we explain in our paper, proponents of biometrics linked-national ID programmes argue that they bring benefits such as more accurate and efficient delivery of government services, anti-poverty regimes, and welfare schemes; that they can reduce corruption or increase inclusion; or can help serve national security interests. However, critics have responded by noting that national digital identity schemes may not in fact ensure more effective distribution of benefits, better service delivery, or improved governance, and at the same time, they raise serious concerns, including concerns about how such programmes are designed or governed; the potential for social exclusion; privacy and data protection; and cybersecurity.
We explore these issues and propose safeguards and policy recommendations for those involved in developing these programmes: public officials, lawmakers, representatives from judicial and human rights institutions, technologists, officers of development institutions, and members of the private sector. We include case studies for Estonia, Tunisia, and India, as well as a section that defines the terms used in the debate. Finally, we discuss special considerations and recommendations related to the use of biometric data in identity systems, whether in government programmes or private sector use.
If you have comments and feedback on the paper, we encourage you to contact us. We look forward to hearing from you.