Nubian Rights Forum Profile picture
We advocate for the rights of minority communities at risk of Statelessness; i.e. Nubians Our programs; Citizenship, GBV & Land Rights

Sep 24, 2019, 59 tweets

Back to court for day 2 of the hearings in the #HudumaNamba case

Today's proceedings are starting

Follow us @NubianRights and @Haki_na_Sheria for updates all week

Cross-examination of @iam_anandv, the second witness for the petitioners, will continue now

The witness reiterates that there is almost no publicly available technical information about #NIIMS or #HudumaNamba, but by looking at the technological purpose that govt has repeatedly stated, the architecture can be understood

The court room is packed for the #HudumaNamba hearings - standing room only!

Should we credit govt for benchmarking international best practices? asks counsel for GoK

"Yes, but they still got it wrong" says expert witness @iam_anandv

#HudumaNamba

Technology design, software used should be shared says witness @iam_anandv - existing industry standard is to put most algorithms out in open source so everyone can look at it deeply, find faults, and fix it

(Not personal info, but the algorithms & standards) #HudumaNamba

Data minimization & purpose limitation are important principles, but witness says he does not agree #NIIMS follows these principles

Interlinking of data in #HudumaNamba fundamentally changes what govt has been doing with data

Witness @iam_anandv not satisfied with GoK encryption in #NIIMS & #HudumaNamba

Data is always *used* in these systems - breaches don't happen during storage but use, and at that time data is unencrypted

There is a lot of technical information in GoK affidavits on #NIIMS and it is nearly exactly the same as #Aadhaar says expert witness

Counsel for GoK asks second witness if he sees any benefit in the #HudumaNamba initiative

"There is a benefit in doing ICT projects, but based on architecture of the #NIIMS project, the costs will greatly outweigh any benefits"

Is "single source" a benefit? asks GoK counsel

"Single source is used for *identification* - by linking other databases that are *functional* the risks outweigh any benefits from the single source" replies witness

#HudumaNamba #NIIMS

Re: national security

"It is a stretch to believe that a single identification system could isolate a terrorist" states the second witness for the petitioners in #HudumaNamba case

A biometric system is NOT fool proof - even when combined with other biometrics & demographic information, it will give false positives and false negatives - such as failing to recognize a person as already registered and gives them another number says @iam_anandv

#HudumaNamba

Data from India shows aging and time do affect fingerprints - meaning "biometrics" age too (thus creating problems with matching) states expert witness in response to questions from GoK counsel

#HudumaNamba

Witness @iam_anandv is not satisfied with how GoK has sought to deal with these biometric challenges, as explained in the respondents' affidavits and witness statements on #HudumaNamba & #NIIMS

No system is perfect - but what is the *implication* of failure in biometrics?

What if it means a failure to match fingerprints means a person doesn't get his/her food rations? asks @iam_anandv, expert witness in #HudumaNamba case

"The law cannot fix what technology has broken" -@iam_anandv

#HudumaNamba #NIIMS

"For a project that affects everyone, one would expect a lot of information to be available about it"

Lack of information creates distrust says @iam_anandv

#HudumaNamba #NIIMS

GoK counsel discounts a reference in the witness statement because it refers to fingerprints and skin of "Indian women" and is not applicable here 😳

Kenya is a diverse society and a system like #NIIMS & #HudumaNamba must be able to work for ALL

GoK counsel asks the witness why his statement didn't cover more potential benefits of #NIIMS alongside the downsides he points out

"Costs are routinely put down and benefits routinely overestimated" in these kinds of identification systems replies @iam_anandv

#HudumaNamba

You should never stop using technology - but you should use the *right kind* of architecture in order to minimize the threats says expert witness @iam_anandv

#HudumaNamba #NIIMS

Cross-examination is moving to the next counsel for GoK respondents - counsel indicates he has 6 questions for Mr. Anand

#HudumaNamba

GoK counsel: "Can you have data protection without a #dataprotection law?"

@iam_anandv: "Functionally no"

#HudumaNamba #NIIMS #dataprotectionke

Cross-examination of @iam_anandv, the second witness for the petitioners, has now concluded

Re-examination will start after the lunch break - at 2:30pm

#HudumaNamba

Re-examination of @iam_anandv is now beginning, led by counsel for the petitioners @waikwawanyoike

#HudumaNamba #NIIMS

Objectives of technology projects may lead to design of a system that is not aligned with rights - so if a system will impact citizens, it's easier to work with law that can guide the design

The reverse - tech before law - is not true says @iam_anandv

#HudumaNamba #NIIMS

Witness @iam_anandv is explaining what he means by “centralized and federated”

The #NIIMS aims to create a link between the central #NIIMS database and various functional databases (which are silos now) - like a hub and spokes, working as a single wheel

#HudumaNamba

“De-duplication is an outcome - saying in the database no two entries belong to the same person”

“Multimodal is the process of de-duplicating via collecting info like fingerprints, iris, demographics and comparing to each entry in the database”

#HudumaNamba

If I enroll in #NIIMS then they de-duplicate it would say you match x person’s fingerprints 75% and y person’s fingerprints 40%, etc - same for iris & bio data

How do you make a decision? Apply a threshold: X% is considered a “match”

It’s based on probabilities

#HudumaNamba

This means, if the threshold is set too low, people could be denied enrollment because the system believes it has matching entries

If too high, people could enroll more than once because system can’t recognize they have enrolled already

#HudumaNamba #NIIMS

Identity means “I exist, I have a body”

Identification means “there is a process defined by a third party that says now I know who you are”

@iam_anandv explains the difference during re-examination in the #HudumaNamba hearings

Concerns of @iam_anandv about #NIIMS & #HudumaNamba:

1. Purpose-free architecture: you can use the data for any purpose, it’s not limited, and once the system architecture is built that way you can’t go back

2. System design: enrollment does not follow data minimization (form asks for info not needed to give a identity number - #Aadhaar in comparison only asked for a few data points)

If purpose is to issue a #HudumaNamba, most of info asked on form is not necessary

2. System design (continued): design is not modern and there could be better alternatives for the purpose;

De-duplication (above) also an issue with design of #HudumaNamba #NIIMS

3. Exclusion by design: hurdles to enrollment in #NIIMS

Data capture form refers to existing IDs - some people may not an ID & would be left out

Good quality biometrics needed from each person (for de-duplication) - reject those without quality system wants

#HudumaNamba

This is a “biometric tradeoff” - lower quality biometrics accepted for enrollment brings inclusion but more risk of fraud/duplicates

High quality biometrics means less fraud but you reject genuine people who can’t provide that quality (e.g., fingerprint issues)

#HudumaNamba

3. Exclusion by design (continued): also applies to authentication after you enroll

Give your fingerprint to say “this is me” to access a service or benefit - but if system says your biometrics don’t match, you don’t get that service

#HudumaNamba

4. Mass surveillance: when you connect functional databases together, a hack to one means access to all data without a warrant or due process & it allows profiling

Govt already has decryption key and so encryption is not a protection against surveillance

#HudumaNamba

Profiling can be used in criminal law or even to craft targeted messages to voters before elections, for example says @iam_anandv

#HudumaNamba

Authentication data itself creates logs (where you are, what you do, what you access, etc when you use the number for any transactions) and can be used for profiling itself

#HudumaNamba #NIIMS

Counsel for respondents claims witness is speaking to new issues outside of his statement

@MarthaKarua says same counsel told witness to wait for re-examination

@waikwawanyoike: witness was asked about concerns yesterday, began to list these 5, & is clarifying

#HudumaNamba

Court says a few new issues have arisen, ask petitioners to keep questions to issues in the statement or in cross-examination

Respondents shall be given opportunity to examine any new issues but must clearly link their questions to those new issues

#HudumaNamba #NIIMS

5. Breaches & frauds: frauds happen when I use info I have about you to manipulate you (to give me your credit card number, etc)

More info = manipulation easier

Centralization (all info w/one #) means cost of committing fraud less, benefits for fraudster more

#HudumaNamba

#Digitalidentity projects are becoming more common around the world - which means there is a growing community of experts that can examine and improve system design says @iam_anandv

#HudumaNamba

On terrorism -

Can you find and fix the bugs or loopholes that exist in the system faster than someone can find and exploit them?

If you want to improve, put out public information about system design so many people can help find & fix

#NIIMS #HudumaNamba

Witness @iam_anandv continues:

Other public info beyond system design on #HudumaNamba #NIIMS should have included how exactly government is dealing with exclusion, decisions on trade offs, & process to safely report any bug or issue to GoK

There are technology choices you can make to achieve the same goal with less exclusion, with more ability for people to choose how to identify themselves

Build systems that work with the law says witness @iam_anandv

#HudumaNamba #NIIMS #GoodID

Witness is asked whether #NIIMS is similar to the ID system in Estonia, one of the places GoK did benchmarking

@iam_anandv replies there is no similarity - Estonia’s central population register has no links to functional databases

#HudumaNamba

Anand: When you don’t see structured thought, data, cost/benefit analysis for the economy & country going into decisions around ID systems - you are relying on hope and prayer

#HudumaNamba #NIIMS #GoodID #legalidentity #digitalID

Counsel @waikwawanyoike has finished his questions and turned re-examination over to counsel @Awelejack

#HudumaNamba

Witness is asked what it would take to make a system deterministic (to know for sure person in front of you is person x)?

He replies you would really need a LOT of data - biometrics, body image, psychological profile - and still can’t be sure 100%

#HudumaNamba #NIIMS

Based on respondents documents, witness @iam_anandv says GoK will use some open source software in their system architecture but prefer the system to be closed source

#HudumaNamba #NIIMS

Witness asked to explain how the government could make information available

One example: name algorithm used

“Government can open certain aspects of the system for scrutiny - balancing the public’s need to know with govt need to keep secrets”

#HudumaNamba #NIIMS #GoodID

Counsels for the petitioners have concluded re-examination of their second witness

The judges have a few questions

#HudumaNamba #NIIMS

“What is the risk of a centralized database with links to functional database?”

Centralized & linked databases hold a lot of info - breach is high-risk

Centralized database w/out link to functional data would reduce risk b/c amount of info you can access is less

#HudumaNamba

What purpose do I want to achieve? How do I achieve it? What data do I really need?

Only collect what you really need (data minimization) to reduce risk says witness @iam_anandv

#HudumaNamba #NIIMS

“These systems affect people’s lives - you can not afford to make failures” says witness @iam_anandv

#HudumaNamba #NIIMS

Build a system that doesn’t allow for mass surveillance but does allow for limited targeted surveillance with judicial oversight process

As currently designed, #NIIMS allows for mass surveillance - because it links everything together, says witness Anand

#HudumaNamba

Questioning of @iam_anandv has come to a close

Proceedings have concluded for day 2 of #HudumaNamba hearings

Tomorrow will focus on cross-examination of three witnesses for the petitioners

#HudumaNamba #NIIMS

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling