On Monday last week, Interior Cabinet secretary Alfred Matiang’i announced to the nation that the government will not extend the registration date for Huduma Namba.
Four days later after a massive turnout, President Uhuru Kenyatta came out to announce that the government is extending another one week for all the citizens to register. From the two announcements, many will read a clear game being played by the government on its citizens.
The first announcement was meant to threaten and compel all citizens to register. The objective was met. The second one was made to ensure that all those who were left out are all brought into the system. This one is also working as well.
The reasons for doubt is due to the colossal amount of information security and privacy risk posed to the citizenry’s data.
The security architecture around the complete system must be designed based on the “privacy by design” principle as this is stipulated in the constitution of Kenya Article 31 which states that everyone has a right to privacy.
My worry is in how that data is collected. Who has access to it? How is it transmitted? How is it stored? If stored in 1 centralized database can you imagine the national disaster if it is hacked?
All your identities will be stolen and someone will transact business as you. Worse our data protection laws (still being debated) are totally inadequate to handle such a “complex” situation.
Look at it this way. A law was passed to foster this Huduma number that is being forced down our throats. But we have a constitution that states that everyone has a right to privacy…which holds more weight? Privacy is the protection of personal power but what a national ID system like Huduma no. does is shift this power from you to an institution.
The quest for “control” under the guise of “efficiency” should not rob the citizenry of their constitutional rights. It is outrageous to insist that registration be mandatory especially when other nation’s citizens residing in KE are involved as laws like the GDPR protect their citizens.
Where do we strike the balance between functionality and security? Keeping in mind that there can be no privacy without security and security cannot exist without privacy. Until that time when the government will come clean about the exercise, I will continue to resist the exercise.