By PRINCE OSUAGWU & LAJU ARENYEKA
Missing records, whether in the public or private sector are not a new phenomena in Nigeria. Whether in sports or health, transportation or education, in the private or public sector, it is not unusual to hear of important files that simply get missing.
With the advent of Information and Communication Technology, in the last decade especially, experts have called for the need to digitize these records. It is this campaign that led to the recent launch of the National electronic identity card,by the National Identity Management Commission, NIMC.
Even after it was launched last week by President Goodluck Jonathan, news about the eID card has however been met with suspicion; Could this mean that foreign companies and governments can now access one’s personal information at the touch of a button?
Would it not be robbing Peter to pay Paul if the average Nigerian’s right to privacy is sacrificed on the altar of digitization? But Head, Card Management Services, CMS, at NIMC, Mr. Tunji Durodola, has provided some answers to some of these questions. In fact Durodola says that such suspicions are baseless.
Durodola allayed such fears, saying that “the National Identity Database is not open to inspection by any party, home or abroad. For him, “there is absolutely no provision for any foreign Government or body to access the database.”
He however pointed out that this is not the same as verification services, like when an Embassy may request to verify a person’s National Identification Number (NIN) to ascertain that the person requesting a visa is genuine, arguing that it is done all over the world.
However, any embassy wishing to participate in verification services in the near future will need to go through a very stringent and rigorous approval process. NIMC will then offer a 1-to-many service, meaning that a NIN is supplied via a secure channel to NIMC’s verification platform and then a lookup is done against the National Database.
Can Mastercard infringe on privacy?
He also explained that MasterCard, the American based, multinational services financial corporation largely responsible for the payment functionality on the card will never have access to such private information. He said: “MasterCard is simply providing functionality for 1 of the 5 applets, just as you have with ATM Cards.
No one complains that your name is on the ATM card, or that that information may be held in America. The concern here is biometric data and other demographic information such as next of Kin and so on. MasterCard does not have and will never have access to such information. Any suggestion that MasterCard, Visa, or any other foreign body will gain access to the database is pure fiction not backed up with evidence.”
In the first phase, MasterCard is offering payment functionality for the Card. There is a firewall between this applet and all the other applets so not even a POS terminal can access the secure data protected by EAC2 on certain parts of the Card. As stated earlier, the National Database is NOT the business of MasterCard and never will be. Later on, we will have Visa and Verve Cards as alternatives to MasterCard. MasterCard will only be available on the first 13 million Cards.
ID applet, travel document?
The card has thirteen applets, five of which are active as soon as user begins to use the card. The five applets include the Match-on-Card-where a secure terminal matches a specific fingerprint against that locked away on the card; Payment function-which allows secure financial transactions; the Machine Readable Travel Document (MRTD), for local/ regional travel; Nigerian Electronic Identity (‘eID’) application to be used to authenticate an individual’s identity and Electronic Public Key Infrastructure (‘ePKI’) application to be used for identification, authentication and digital signatures.
Durodola said that the electronic ID applet, which is the main applet contains some of the information submitted during enrolment. Other information such as address are also available on the Card but protected by higher levels of access control called EAC2. The NIN is also locked away in EAC2 protection. Most information is NOT available on the Card, such as next of Kin, parentage and so on. These are only available in the National Identity Database (NIDB).
He noted that with the Match-on-Card function, an agency or concerned body can be
sure that the person presenting the Card is the true owner. It is no different than what is currently done with the International Passport. He added that: “National Identity Card is also a travel document and conforms to the same standards as International Passports and National Identity Cards of other nations which have TD1 functionality built in. It is hoped that the document will be used for ECOWAS travel (without the need for another travel Passport), as the applet cannot be forged. NIMC has its own Document Signer (DS), on behalf of the Federal Republic of Nigeria.”
According to him, NIMC has conformed to International Best Practices to provide this applet.
National Identity Database and National Security
This recent development has also given the NIMC the huge responsibility of being the custodian of the National Identity Database. What happens to national security if this information is revealed to unauthorized persons or entities?
In response to this, Durodola noted that the Department of State Security (DSS) has scrutinised NIMC and can attest that the Commission has put processes and security measures in place to avoid such breaches of National Security.
“NIMC has even gone as far as implementing its own PKI Infrastructure, which means that Digital Certificates and Keys issued for each individual are not sent out for signing, but are signed internally as Nigeria now has its own Registration Authority (RA) and Country Signing Certificate of Authority (CSCA) as well as a host of other PKI systems thereby negating the need to depend on a foreign Government to sign our certificates.
Nigeria has its own OID (for those who know what that means) and we had to apply through the Standards Organisation of Nigeria (SON) and the ITU.
Which means that Nigeria’s RA is recognised by ICAO worldwide, making our Card a globally-acceptable Identity Card which conforms to International Standards.”
He added that: “In the unlikely event that Nigeria has problems with the US Government similar to the issue with Russia, the only part of the entire Card that can be shut down is the payment applet. This applet is only 1 of 13 on the Card. It has absolutely nothing to do with the ePKI, eID, MoC, Tax, Voter, Travel, Health or other applets.”