,
153 tweets,
76 min read
Read on Twitter
We are back in the court for the afternoon hearing in #NIIMS - follow us @NubianRights and @thekhrc for updates
@NubianRights @thekhrc ICT Ministry PS Jerome Ochieng takes the stand for re-examination. He is being re-examined by Dr Nyaudi, counsel for the 4th respondent
@NubianRights @thekhrc He establishes his background and knowledge of #NIIMS and asks him to describe how the system works
@NubianRights @thekhrc "The idea of having a single source of truth as government, is something that goes back as early as 1989 when a centralized database with distributed access as conceived"
@NubianRights @thekhrc "Beginning of last year, there was really great effort towards the establishment of #NIIMS as a system [...] because the issue of identification of citizens was really important; more so as a security issue"
@NubianRights @thekhrc "We are supposed to come up with a system that provides a single source of truth; where we collate different databases and have a single key - the #HudumaNamba"
@NubianRights @thekhrc JO says that 5 steps take place in system creation: feasibility studies - planning and designing - development/coding - systems testing [expose the system to all sorts of threats internally and externally] - deployment/implementation - then comes systems maintenance
@NubianRights @thekhrc @MarthaKarua is objecting to the fact that the witness is beginning to describe the system architecture on re-examination, when he refused to do so on cross-examination. Respondent says that he is speaking on data protection safeguards. Court allows him to proceed
@NubianRights @thekhrc @MarthaKarua JO speaks to the three-tier protection in #NIIMS. There is encryption at the database level; the application layer has encryption and as does the user application layer
@NubianRights @thekhrc @MarthaKarua JO says that the different databases communicate with each other in an encrypted manner and therefore data cannot be intercepted in transit. Beyond that the system provides an approval-hierarchy
@NubianRights @thekhrc @MarthaKarua Approval hierarchy means that there are various levels of authorization and authentication. He gives the example of a bank and says the teller can only access a certain level of info and a manager could access more on and so on
@NubianRights @thekhrc @MarthaKarua "Mr Waikwa asked whether you developed a prototype before the #NIIMS roll-out. Did you undertake penetration tests on the system?" - "At the testing level, we exposed our system to all sorts of threats internally by using our own team"
@NubianRights @thekhrc @MarthaKarua "There is a whole record of some of the tests that were done. We then did a mock-launch of the enumeration. This piloting happened 18-22 February 2019 before the full roll-out in April"
@NubianRights @thekhrc @MarthaKarua "The piloting was done in 15 counties, which includes 40 sub-counties"
@NubianRights @thekhrc @MarthaKarua "During the testing a lot of vulnerabilities were discovered by the team went out. So they came back and through programming and coding, the vulnerabilities were rectified"
@NubianRights @thekhrc @MarthaKarua "We have heard about fears that the system may compromise the data; the system may lead into private data intrusion; could you explain what you have done to mitigate against these breaches?" - JO speaks to the approval hierarchy
@NubianRights @thekhrc @MarthaKarua "Secondly, the system has a robust audit trail. Within it, you are able to see every activity that every user conducts"
@NubianRights @thekhrc @MarthaKarua JO says that if he gets into the system and changes a field in someone's data, that will be tracked
@NubianRights @thekhrc @MarthaKarua "Is the #NIIMS system centralized or decentalized?" - "NIIMS is a hybrid [...] at tier 1 the database is centralized. The functional users are outside the centralized database and functional access to the system is decentralized"
@NubianRights @thekhrc @MarthaKarua "for example we have KRA accessing the #NIIMS database. The users will have access to data only relating to tax [....] KRA cannot access NHIF data"
@NubianRights @thekhrc @MarthaKarua He says that it's important to have one depository for the data so that they can have a single source of truth
@NubianRights @thekhrc @MarthaKarua "If you access a functional database, are you able through that to laterally access another functional database?" - "No, they can only have direct access to the database with information concerning them"
@NubianRights @thekhrc @MarthaKarua "Was a report generated from the pilot program?" - "Yes" - asked why he didn't share it with the public, JO says they did not do that for security reasons
@NubianRights @thekhrc @MarthaKarua "Some issue was raised with respect to procurement of the devices utilized in the registration and you said it was a restricted tendering; is that so?" - "Yes"
@NubianRights @thekhrc @MarthaKarua JO says that speaking on behalf of the Interior Ministry which did the procurement, restricted tendering was for security reasons
@NubianRights @thekhrc @MarthaKarua JO says that #IDEMIA (formerly #OTMorpho) only provided the hardware and that the software was developed by his local team
@NubianRights @thekhrc @MarthaKarua JO asked to explain a single source of truth: "it is that as we were looking at the #NIIMS, the argument has always been that we have multiple databases that do not talk to each other. Some of the data is also not clean"; wanted to clean the data and come up with an authentic db
@NubianRights @thekhrc @MarthaKarua "The fingerprints captured would help us generate the unique identifier after going through the cleaning processes"
@NubianRights @thekhrc @MarthaKarua JO is asked to look at the data protection policy 2019: "Did the data protection policy proceed the development of the #NIIMS system?" - "the development started on the issuing of the cabinet memo in 2018"
@NubianRights @thekhrc @MarthaKarua "Based on the cabinet memo, we actively brought on board all the stakeholders"
@NubianRights @thekhrc @MarthaKarua "By the time you get to the cabinet memo being passed, we normally go through a lot of internal processes [....] really the preparation of the cabinet memo started much earlier"
@NubianRights @thekhrc @MarthaKarua JO is asked to read from the data protection policy; "in the development of the #NIIMS system, are you satisfied [privacy and protection of personal data] was observed?" - JO says he is, as data is only visible to those who are authorized to view the data
@NubianRights @thekhrc @MarthaKarua "Is it proper to analogize personal data to oil and why so?" - "It is proper [...]: the 4th industrial revolution is based on technology. At the heart of this tech is data. Therefore it is becoming more critical that data will be helping us in solving many of our problems"
@NubianRights @thekhrc @MarthaKarua "For example for you to be sure of the kinds of crops you want to plant in an area, it is only good data that can guide you in that direction"; also speaks to the number of schools etc
@NubianRights @thekhrc @MarthaKarua JO says data will help with decision-making and they are talking about the ability to develop other applications that would help create employment
@NubianRights @thekhrc @MarthaKarua "data will only be of value of you, if you have genuine and accurate data"
@NubianRights @thekhrc @MarthaKarua "The most important thing is that you collect that data, analyze that data, and it will help you in decision making"
@NubianRights @thekhrc @MarthaKarua "How was the SWOT analysis conceptualized?" - "There was a lot of research and investigation going on on how to implement a single source of truth. There was need to continue in this line of fact-finding"
@NubianRights @thekhrc @MarthaKarua "One issue that came out as key was 'how do we collect data' especially for children"
@NubianRights @thekhrc @MarthaKarua "So we engaged @UNICEF and requested: now that we intend to look at children's data, please help us with research in this area"
@NubianRights @thekhrc @MarthaKarua @UNICEF "Did the report have any recommendations?" - JO looks to the recommendations and reads the second bullet on the formation of a steering committee to coordinate and design the system
@NubianRights @thekhrc @MarthaKarua @UNICEF One of the long-terms recommendations was design and operationalize unique identification
@NubianRights @thekhrc @MarthaKarua @UNICEF JO says that one would be right to conclude that the #HudumaNamba was really a recommendation from the @UNICEF supported study
@NubianRights @thekhrc @MarthaKarua @UNICEF Counsel says that the registration of persons act amendment provides for the registration, preservation and security of data - JO agrees
@NubianRights @thekhrc @MarthaKarua @UNICEF Counsel directs JO to Kibicho's affidavit where benefits of #NIIMS are listed - JO agrees with the listing of benefits
@NubianRights @thekhrc @MarthaKarua @UNICEF "How wold the institutions listed in para 44 [of Kibicho's affidavit] interact with the #NIIMS system?" - JO explains that this would be based on responsibilities, functions and access rights provided by the administrator
@NubianRights @thekhrc @MarthaKarua @UNICEF "Would the fact that functional institutions are using the info in the #NIIMS system cause any risks to the data?" - JO says no because there are requisite "security controls and measures"
@NubianRights @thekhrc @MarthaKarua @UNICEF "In the development of the #NIIMS system did you consider any alternatives?" - JO says the benchmarking was a fact-finding mission to see what other systems are out there
@NubianRights @thekhrc @MarthaKarua @UNICEF JO says there were other benchmarkings in earlier years in which other countries were also visited
@NubianRights @thekhrc @MarthaKarua @UNICEF On #HudumaNamba being a communication concept, JO explains that this was meant "to make it easier for Kenyans to understand"
@NubianRights @thekhrc @MarthaKarua @UNICEF "We looked for a phrase that would be understood by any other Wanjiku or Otieno or anyone who is out there. But we knew very well that we were talking about #NIIMS"
@NubianRights @thekhrc @MarthaKarua @UNICEF JO says that the thinking of using the term #HudumaNamba was not to coerce people into registering for a service
@NubianRights @thekhrc @MarthaKarua @UNICEF "We have before the house now a data protection bill. Do we have a protection bill because there is a lacuna in the in data protection currently?" - JO says that the bill is not limited to #NIIMS only and goes beyond NIIMS
@NubianRights @thekhrc @MarthaKarua @UNICEF "What legal framework are you relying on currently for the processing of personal data" - "The Access to information Act, the KICA Act and the Computer misuse and cybersecurity act"
@NubianRights @thekhrc @MarthaKarua @UNICEF JO says that in transferring data to outside Kenya they are also relying on those three acts
@NubianRights @thekhrc @MarthaKarua @UNICEF "If someone does not have an ID card, can they register in the #NIIMS system?" - "Yes but there will be an indication of XX, which will mean that at the point of data verification and validation to the systems programmer....."
@NubianRights @thekhrc @MarthaKarua @UNICEF "We noted that there would be a number of reasons why someone would not have an ID card. So at the point of data cleansing and #HudumaNamba issuance, these are records that would cross-reference and request if that info has been made available"
@NubianRights @thekhrc @MarthaKarua @UNICEF JO says that this is not exclusion by design but just information meant to indicate that there is missing information
@NubianRights @thekhrc @MarthaKarua @UNICEF "When stopped by a policeman and he keys in your #HudumaNamba, does the system indicate why you were stopped?" - "No, the policeman would only be getting information of age and license as to ascertain whether you should be on the road"
@NubianRights @thekhrc @MarthaKarua @UNICEF "As an IT person, is there an electronic system that can be said to be 100% foolproof?" - "none"
"With your knowledge of the #NIIMS system, can you tell us for sure that the #NIIMS system guarantees the privacy and integrity of the data?" - "Yes"
"With your knowledge of the #NIIMS system, can you tell us for sure that the #NIIMS system guarantees the privacy and integrity of the data?" - "Yes"
@NubianRights @thekhrc @MarthaKarua @UNICEF JO says that they "have endeavored to ensure the privacy and protection of all citizens data"
@NubianRights @thekhrc @MarthaKarua @UNICEF JO says that "there were numerous attempts to infiltrate #NIIMS and these were all thwarted"
@NubianRights @thekhrc @MarthaKarua @UNICEF JO is asked what they have done to guard against manipulation of biometrics - "in our #NIIMS system, we have gone ahead and tied together biometric data with other identification data"
@NubianRights @thekhrc @MarthaKarua @UNICEF He cites the IDs as a unique identifier but says that they have been abused and so two issues were combined and he says that this combination makes it deterministic
@NubianRights @thekhrc @MarthaKarua @UNICEF On sequencing JO says that the formation of the technical team established #NIIMS and that afterwards the discussion started of bringing on board all the agencies that started to implement and deploy #NIIMS
@NubianRights @thekhrc @MarthaKarua @UNICEF On the question of Estonia having shared it's architecture, JO says that algorithms are not seen in the document "this is a representation of the general architecture but this is not the design of the system"
@NubianRights @thekhrc @MarthaKarua @UNICEF "At this point, when you were explaining, you spoke about source codes. Could you explain to the Court the difference between source codes and what Estonia provided?" - "The source code is the heart of any application of any system being developed"
@NubianRights @thekhrc @MarthaKarua @UNICEF JO is speaking on open-source and closed-source and says that the #NIIMS code is their own code they have developed and it is not open-source
@NubianRights @thekhrc @MarthaKarua @UNICEF JO says that some of Brian Omwenga's recommendations were adopted and some could not be implemented. He says that those on data protection were implemented
@NubianRights @thekhrc @MarthaKarua @UNICEF "Would you say that #NIIMS has been designed taking into account all the recommendations in the McKinsey report?" - "Yes I would"
@NubianRights @thekhrc @MarthaKarua @UNICEF JO is asked whether #NIIMS is equivalent to what was done in Estonia in that no new law was developed but instead existing laws were amended to allow for technology and he says it is
@NubianRights @thekhrc @MarthaKarua @UNICEF "Would you say that sharing of information between different agencies of government is a legitimate exercise?" - "Yes it is"
@NubianRights @thekhrc @MarthaKarua @UNICEF "Were there regulations that guided collection of data for #NIIMS" - JO says there were under the regulations of persons act
On whether they would abide a court order changing the system design, JO says that they would comply but he wants to caution the court that this would be very difficult
“If the court said reduce the amount of data you hold, could that be done?” - “yes, you would simply delete the data”
Respondents are done re-examining the witness. The Court has a question: “you have said the functional databases cannot speak to other agencies like the judiciary. So do they still have to go to the functional dbs or will they access the central db?
“The system should be able to respond giving a code on compliance and that particular information the individual can carry”
The Court asks “you have told us you put in place measures to ensure that there is no breach of the system. So where would the risk come from in re-designing the system?”
JO says that he feels that the system is collecting the appropriate amount of data and that DNA is probabilistic but coupled with other data, it increases the level of confirmation so if in the process of re-design we are requested to remove the ID, that is the risk that we begin
“So the risk is not to the architecture of the system, it’s to the authenticity of the data?” - “yes”
Examination of Mr Ochieng has concluded and he is released
The court is waiting for Loyford Mureithi to appear as a witness. Petitioners are requesting the opportunity to give final written submissions. Respondent agrees that this would be useful.
The directions on supp submissions have not yet been given but the witness is here and is now being sworn in
Respondent is introducing Loyford Mureithi
LM confirms that he has been involved in the establishment of the #NIIMS process
@MarthaKarua starts her cross examination of LM
“Were you part of the benchmarking team?” - “no” - “and you still maintain that you were involved in every stage?” - “yes”
LM says he was part of the development of the #NIIMS architecture
Martha is asking whether there is anything prejudicial in showing system architecture - LM says that it would be fine to share this kind of high level architecture
LM says that to the best of his knowledge it exists. Asked whether it was provided to the court he says “to the best of my knowledge, I have not seen it”
LM is asked which desirable attributed were picked from Estonia
“Data sharing with the private sector?” - “our #NIIMS system is designed to share info with the private sector only for authentication”
“Did you adhere to specific security standards set by information system authority and EU standards?” - “yes we did” - “Do those standards demand a data protection regulatory framework?” - “we did the best practices of developing the tech aspects of the system”
“Did you put sufficient legal safeguards?” - “as a Ministry we handle technical issue. Legal and policy should be handled by the business owner; the Ministry of Interior”
On who produced the data protection policy, LM says that it was his ministry that produced it
LM says that safeguards are there through other acts of parliament. MK asks why then something like a Huduma Bill would be introduced. LM says the bill is specific but data protection is broader and cuts across different sectors
“You have brought into effect the #HudumaNamba registration before finishing the technical and legal safeguards” - “from my knowledge the Huduma project was based on other existing Acts”
On the technical safeguards for children, LM says that data is only collected from age 6. He is asked about any safeguards designed especially for children - “basically I think it is about that and then we will see when children are born to ensure they are registered”
Martha says that the Ministry is just asking the public to trust them - “I think govt is a custodian of so much data and so #HudumaNamba is not new”
“The architecture of the data exists somewhere and can be provided” - MK points out that his seniors said they can not. LM says that what Estonia provided is a guide of how the data sits but that there is another level that can be provided
“The high level architecture is something I can even put a cross in the Court” - “did you share with the public that high level?” - “The architecture has been shared with the technical officers”
“The issue of sharing has never arisen”
“The data capture kits were provided by Idemia/OTMorpho - are you aware that they were recently blacklisted by our government?” - he is aware
Martha Karua concludes her cross as our own @yussufugas takes over cross
Yussuf asks LM about the disclaimer in the data capture form saying that Information may be shared with other agencies. LM agrees with Kibicho that Huduma Namba is being created for that purpose
On data minimisation and purpose limitation, Yussuf highlights that the Estonian recommendations said data collection should be limited to the very basic info needed for personal identification - LM says that this was abided by but confirms that data capture form has extra info
Yussuf says that others have testified that there is need for more data to make the system accurate; “you are saying we need minimal data, so whom do we go with?” - “my view is the data is sufficient”
“Do you know what DNA is?” - “it’s part of biometrics” he is not aware if its in the registration of persons act and is not an expert in DNA
“Are you aware that according to the Estonia model, they collect less data in the central database and have no biometrics?” - “yes I am aware”
LM says #NIIMS is different. He adds that the unique identifier is only in the master database and not in the functional databases
LM says that the master database is not interlinked with the functional databases
Yussuf asks whether he agrees with the position in the affidavit that this is a centralised system with linked functional databases. He does and stands by his statement that there will be no function creep
Yussuf is asking LM about the exchange of information between the central and functional databases - “there is no back and forth” but he agrees they are talking to one another
“There is no information going from #NIIMS to the other databases”
The respondent objects to the witness not being given time to answer the question - the court asks him to rephrase as they are interested in the question
“Is there Information flowing from the central database to the functional databases” - “In terms of queries given
“There is info flowing from functional to central databases” - “yes for authentication”
“There is info flowing from functional to central databases” - “yes for authentication”
“Who determines the need-basis of the info flow?” - “it depends on the mandates of the agencies” - “is there a policy that guides the sharing of info?” - “I’m not aware of any policy”
Can you tell us how someone can know whether someone has tried to access the data? - LM says there are logs. Kenyans can get this info through the institutions
LM says that there will not be a 360 degree view of an individual through #NIIMS
On government surveillance, Yussuf asks if LM knows what metadata is and he confirms that metadata is data about data
“A difference between Estonia and Kenya is that we use biometrics, right?” - “yes” he adds that biometrics is for the purpose of authenticating you, not for the other services
Yussuf asks whether there would be a record of where the person has authenticated themselves - “NIIMS is going to get biometrics once. The rest of the work is made by the functional databases”
“The functional databases will authenticate who you are through NIIMS”
“The functional databases solely rely on the MDAs”
“Where is the data from the #NIIMS kits?” - “it’s in one of the government centres and there is a secondary backup”
On why people don’t have a #HudumaNamba, Yussuf says that the court didn’t order a Huduma Namba not to be produced - LM is not very sure on the court order but he is awaiting instructions from Dr a Kibicho who has not yet given instructions on next steps with the data
Yussuf says that a lot of the data minimisation and purpose limitation would still be possible - LM confirms: “anything is possible with system design”
“Do you think when you build #NIIMS, there is an acceptable number of Kenyans we can leave behind?” - “actually the system does not cover tribes”
Yussuf repeats his question - LM says he is not understanding the question
“The intention of NIIMS is to capture all citizens and even foreigners”
“And we should do everything to ensure that all Kenyans are captured in the #NIIMS system?” - LM says “no” and he adds that the intention is to capture “as many Kenyans as possible”
On comparative cost with the Estonian system, LM agrees that he has not provided any calculations to the court
LM says that it would be very expensive to issue cards to everyone
“The aspect of biometrics can be incorporated in a card. This is about safeguarding the technology of the cards”
“The business owner was talking about the cards but that was based on pin-based authentication” LM adds that he considers pin-based authentication less secure
“Are you saying our ATM cards are insecure cause they use pins?” - “The consideration of biometrics is taking care of all segments of society”
“JO said that #NIIMS is a closed software system whereas you say in your affidavit that it’s both open and closed” he continues to highlight discrepancies regarding the card and suggests that the government are like blind men touching the elephant
Cross-examination has concluded and re-examination begins
“When were you contracted to buy the OTMorpho devices?” - “in 2018” - “Do you know when parliament passed the resolution banning OT Morpho?” - “that must have been after April this year”
On the representation of Estonia’s architectural design, LM explains that there are two levels of architecture diagrams: high level and low level. He says the high level is a representation of a system and to a non-tech person has little meaning
“The low level diagram is very detailed” because it shows what everything in the high level diagram is supposed to do
He says the source codes for the algorithm design would not be in high level diagrams
LM says source codes would not be found in high level or low level architecture because they are even further below
On the data capture form, LM is directed to the disclaimer on the sharing of information and confirms that it relates to “government agencies, not third parties”
Waikwa objects to leading questions and the court asks respondent to ask less leading questions
Asked why the data capture form has more info than required to identify a person, LM explains that this was decided to cut on cost since other government agencies also wanted info, such as farming info
On government surveillance, LM is asked to explain the context - “IPRS came around 2005 and this was around the time when many government applications could not talk to one another. So there are duplications that can’t be cross checked”
“In my view that surveillance is to ensure who is who”
Re-examination has concluded and the Court releases the witness
The court is now speaking on the supplemental submissions and timing
Petitioners file supplementary submissions by Tuesday 8th, the Respondent will file by Friday 11th and oral highlighting will be done on 14th Oct
The bench rises and we are done with our live tweets!
