RISKS OF MULTIPLE BIOMETRIC DATA BASES-William Ahadzie writes
Ordinarily, there should be only One National biometric database because of several risks associated with identity theft. When the decision was taken at the National Economic Dialogue in 2001 for Ghana to compile national biometric civil register, only one institution was granted the legal mandate to do so and that was the National Identification Authority (NIA). No other institution was to create institution-based BIOMETRIC REGISTERS
The NIA was mandated to build a National Identification System (NIS) of which card issuance was only a part. The NIS involved creation of the register through biometric enrolment of all registrable persons permitted by law, the issuance of a card and a UNIQUE personal identification number (PIN), and the deployment of technology across the country that would allow for real-time identity authentication at any terminal where a transaction was being carried out. It was meant as a multi-functional system that would facilitate the digitisation of the economy, promote service delivery, fight fraud in the financial system, help crime investigation and reduce examination fraud among others.
The system also involved allowing legally defined user agencies to be hooked to the central database at the NIA to enable them access biometric data they need for their work.
BUT almost Two decades later, we haven’t even completed populatng the National Biometric Register.
Many of the institutions or user agencies have departed from their original mandates and have created siloes of institutional biometric databases.
This has happened because of a number of factors. One major fault is the constitution of the NIA Board. Most of the Board members are the Heads of the Agencies that should ordinarily submit to the Authority of NIA. A second factor is the inability of the NIA to complete the establishment of the NIS in time so the User Agencies could connect their systems to the central database. A third reason is the desire of some institutional heads to harvest the dividends of procurement. These agencies have procured different biometric systems. Ghana is thus lumbered with databases that are not interoperable.
Storage, retrieval and use of biometric data is so critical that for your biometric system to be accepted for international transactions, you need to aquire an International Standards Organization (ISO) Certification. They prescribe very strict guidelines for storage, protection and use of biometric data. Question is. Do all these institutional data bases have adequate ISO Certification with robust layers of data encryption? If not
a) your biometric data can be stolen and used to clean your savings in your bank, commit crimes, or used for terrorist activities.
b) institutions (such as banks) whose biometric data can easily be decrypted, can lose loads of money.
c) individuals can easily be implicated in bad transactions they haven’t committed.
d) elections can be rigged through identity theft.
e) identity theft is a national security risk
For security reasons, it is inappropriate for me to explain how your biometric data can be stolen. For those, who know, a few years ago, someone’s fingerprints were stolen in one Middle East country by an agent and used to gun down a Target in another Middle East Country.
All of this is to say that the EC’s bid to declare biometric data in the current voters register redundant poses a serious risk in future. There are smart guys who write all types of algorithms and who are experts in biometric forensics who can retrieve that data or attack biometric databases with weak firewalls.
By: Dr. William Ahadzie (Former National Identification Authority boss and Member of the NDC)