Digital identity schemes containing biometric data – fingerprints, iris scans and facial images – have become a standard means of establishing ‘legal identity for all’, a target of the 2015 Sustainable Development Goals. They have also been regarded as a key tool for anti-corruption. Payroll databases or beneficiary registries are created to exclude ghost-workers from employment lists or to reduce corruption related to international aid or social security programmes. However, when such databases are enriched with personal data such as residence, occupation, religion, or relatives and family, they could become a powerful source for surveillance, persecution, extortion, or even a weapon of war. It is worth remembering that the right to privacy pre-dates the SDGs by almost 70 years, as a part of the Universal Declaration of Human Rights in 1948. 

Digital ID’s good intentions

Many digital identity schemes are driven by laudable aims such as financial inclusion or access to government services like health care or benefit programmes. More efficient administrative systems, reduction of fraud and ‘leakage related to transfers and benefits payments’ are good arguments listed in the World Bank Technical Standards for Digital Identification Systems. For these reasons, the World Bank’s ID4D project supports and finances developing countries to create these systems.

The way in which ID systems are created and used really matters. The World Bank guidance encourages the use of open standards, to help ensure that the ‘ID system is robust, interoperable and technology neutral’. ‘Interoperable’ means using standardised semantics – common formats for demographic data such as names and dates. When ID systems are designed to be able to communicate with other systems in this way, their usability dramatically increases – as does the potential for misuse. 

Digital ID’s risks and misuse 

Afghanistan: biometric registries in the wrong hands

A March 2022 Human Rights Watch(HRW) report documents how tracking and identification of previous-regime employees in Afghanistan after the 2021 Taliban takeover has been supported by person-registers introduced by international organisations. Separate from the Afghan Tazkira – the official national identity register – biometric registries to manage payrolls for the police, security staff, army and judges were created. It is believed that the Taliban now have access to some of these. 

For example, the HRW report includes the case of a former judge who was arrested when trying to renew his passport to leave the country. His fingerprints were scanned and tracked in a payroll database, which helped the Taliban to identify his previous role.

Such biometric data helps the Taliban to decide who goes free and who is punished. There is particular concern for former civil servants or activists, and for women who used to work in roles that are now considered ‘unsuitable’.

Tools intended for development, and to help reduce fraud and corruption, have become tools for persecution.

Afghanistan: fingerprint-tracking of a population

The US Department of Defense created their own surveillance and tracking tools, aiming to collect biometric and demographic data covering most of the Afghan population to identify possible insurgents. Portable biometric scanners were used during searches or at checkpoints. Special units also gathered fingerprints lifted from ‘home-made’ bombs (‘improvised explosive devices’, or IEDs) or house searches. If the fingerprint of any citizen was found to match a print from an IED, the match was considered sufficient proof to classify the individual as a legitimate target, to be detained or killed. 

An important part of managing and using these vast databases is ‘Gotham’ – a decision-making platform from US software firm Palantir. This tool can be integrated with artificial intelligence to make sense of, and uncover connections within, large amounts of unstructured data. Biometric information, handled by the Palantir software, has been used to ‘tag, track, and in many cases kill individual people it had identified as the insurgents who were building and planting IEDs’, in the words of journalist and author, Annie Jacobsen.

India: ID risks under democratic control

The Taliban examples highlight the risks of identity registers after hostile regime shifts. But identity systems can be misused for surveillance and exclusion, even in stable democratic systems.

The world’s largest biometric ID system, India’s Aadhaar identity scheme, has 1.3 billion entries. The database contains fingerprints, iris scans and a facial image, as well as demographic data of Indian citizens. The unique identity number delivered by Aadhaar gives access to many different services such as social benefits, banking, education or health services. 

The Aadhaar biometric system has undoubtedly enabled the government to reduce identity fraud and corruption in the welfare system, and improved service delivery. The tracking capability has also proved useful: it has been used successfully in tuberculosis programmes in areas of ‘slum’ housing, for example. However, the data are open to misuse by civil servants.

Mushtaq Khan and Pallavi Roy discuss the asymmetry of power and information in biometric digital identity systems and the risk of ‘function creep’ (the addition of new, unintended, sometimes exclusionary applications). They point out that linking services and welfare to the Aadhaar has enabled powerful bureaucrats to exploit the system and pressure vulnerable groups for their own profit. Access to information allows them to identify possible targets for extortion.

The government of Andhra Pradesh needs to acquire land from local farmers for a new state capital. Currently land rights are registered to a blockchain database, linked to the Aadhaar identity of the owner. But farmers who are not willing to give up their land are exposed to threats by bureaucrats with access to the database, according to Ananya Bhattacharya, a tech reporter at Quartz, India. The data may be safe from manipulation after they are entered, but the civil servant entering the data may have the power to create a false entry or to threaten the farmer to accept takeover of her land.

Aside from corruption, the Aadhaar system has technical flaws. The fingerprint and iris scans are over 99% accurate – but that ‘missing’ 1% means that up to 13 million people are unable to access benefits and services. Either their fingerprint does not produce a match in the system, or the system says that they are already registered.

Aadhaar was promoted as a ‘driver for economic growth’, but has developed ‘into a mechanism for surveilling the people’ as Nicolas Belorgey and Christophe Jaffrelot put it. They also note that biometric identification is promoted by the non-profit branches of technology giants, such as the Bill & Melinda Gates Foundation (Microsoft) or the Omidyar Network (eBay). These organisations have partnered with the World Bank in the Identification for Development (ID4D) project.

Kenya: data collection without data protection

Kenya has also faced challenges with their national biometric ID platform, Huduma Namba. In 2021, the Kenyan High Court declared the rollout to be illegal, conflicting with the 2019 Data Protection Act. The government will now have to create safeguards against the misuse of personal data while the rollout continues.

Yemen: No iris scan? No bread!

Biometric identification is being used extensively by the World Food Programme (WFP) and UNHCR – to prevent fraud and ensure that cash-based support reaches the right person. Cash transfers now go directly from donor to recipient with no intermediaries, and through the combination of digital transfers and eye-scans at the recipient’s end, biometry can prevent corruption and embezzlement.

However, a policy brief by the Peace Research Institute Oslo discusses a pilot project in Yemen, where the WFP has registered 1.6 million beneficiaries in the government-controlled south. But in the north, where the need is just as desperate, the Houthi authorities refuse to allow the WFP to collect and store biometric information, resulting in a scale-back of assistance to this region.

Precaution and power in data collection

Gathering biometric data is now an accepted, and effective, way for governments and aid organisations to create proof of identity, guaranteeing accountability, inclusion, and access to services.

However, as we have seen, digital registries containing information on vulnerable populations can be highly problematic; there needs to be greater debate around these. The Taliban takeover in Afghanistan and their possible persecution of employees of the former regime, is a recent, alarming situation. Possible misuse of vast amounts of personal data, collected with good intentions, should trigger caution. It should also prompt an increased focus on data protection – and careful considerations over the need to collect biometric data in the first place.

We are inseparable from our fingerprints, retinas and irises. Storing the scans in a data registry should therefore be handled with the utmost care, and only be done for very good reasons. 

Or perhaps we should go further still and turn the whole structure of identity and tracking on its head. In his 2021 book Corruptible: Who gets power and how it changes us, Brian Klaas argues that the surveillance systems we use today should be ‘inverted’, monitoring people in powerful positions rather than ordinary citizens. ‘The world would be a better place if people in power worried more that their every corrupt move was being watched by someone…’.