Features
Explainers
4 MIN READ
Once the biometrics are stolen, it’s not possible to re-secure it like resetting your password
In Laal Purja, the popular television series of the 1990s, Hari Bansha Acharya plays Ghanshyam, a simpleton and the sole heir to property coveted by outside investors. Dhurbe, played by Madan Krishna Shrestha, is a local agent trying to usurp Ghanshyam’s land. As the story unfolds, Dhurbe cunningly places Ghanshyam’s fingerprints on the manjuri nama (agreement document) while he is asleep, leaving Ghanshyam penniless.
The authachhap, or thumbprint, has been a ubiquitous part of Nepali life. For a population with high levels of illiteracy, it is the primary form of identification. It has also been mythologized in popular culture as a tool frequently abused by feudal landlords and predatory agents to dupe people out of their property and possessions. To this day, the thumbprint is used in official documents in Nepal alongside a signature because of its unique character and reliability.
Taking advantage of technological advances, many countries and private companies across the world are gathering not only fingerprints, but also other biometric data that can instantly identify and verify the identity of an individual. Biometric refers to metrics related to your human characteristics that can be identified through finger and palm prints, iris and face scans, and DNA testing.
In keeping with the United Nations Sustainable Development Goals for 2030, the World Bank and Asian Development Bank are supporting the government of Nepal in collecting new biometric data and digitizing existing records of its citizens. The government considers this to be a vital step towards better provision of services. The Election Commission currently hosts the largest biometric database in Nepal, with data on 12.9 million voters. The smart license and machine-readable passport are other examples. The national identity card project currently being piloted will surpass them all in scope and size. It hopes to cover all citizens, with multipurpose database hosting data for driver’s licenses, voter credentials, property registrations, and banking.
Proponents of biometrics affirm that the unique character of biometric data can prevent fraud and identity theft, as each person’s biometric character is unique. Using biometric as an authentication factor to prove your identity, however, is a bad idea from an information system perspective as it is easy to steal biometrics. The digitization of such databases increases the points of vulnerability, as they can be remotely stolen during the phases of storage and transmission. The hacking of various government website last week, of which responsible officials were unaware, demonstrates the permeability of the government’s information system. Once the biometrics are stolen, it’s not possible to re-secure it like resetting your password.
Then, there is the issue of what is called ‘function creep’: expanding the use of a technology or system beyond its intended scope. The databases themselves are less the problem than the potential for misuse that is built into them. For instance, the national identity project is not a surveillance program, but the capability to track people and their activities is engineered into it. This leaves much room for the abuse of such a system.
The risk for privacy would intensify if a law such as the 2002 Terrorist and Disruptive Activities Act was introduced again. The Act gave the security forces special powers to place people under surveillance even if they weren’t suspected of involvement in terrorist acts. Combine that with facial recognition technology, a fully-fledged biometric database, and the CCTV cameras that are planted around the country (again without legal safeguards), and what you have is a recipe for an Orwellian state.
While Laal Purja illustrates that problems around biometric data are not new, they are more complex and dangerous than ever. Besides the Constitution, the Right to Information Act is the only piece of legislation we have right now to address privacy. But it too does not specify what information the government can – and cannot – collect from its citizens.
The urgency of an informed debate about whether the collection, sharing and retention of biometric data violates individual privacy cannot be overstated. We need a robust privacy law with provisions for safeguarding individual data, so that government agencies and private companies are required to legally justify their reason for collecting and sharing it.
We must not fall asleep like Ghanshyam. In the digital world, Ghanshyam’s thumbprint is now permanently stored on Dhurbe’s thumbdrive.
Photo credit: AMISOM Public Information / Flickr
Indu Nepal Indu Nepal is a journalist and media producer. She is based in Kathmandu and previously worked in Afghanistan and Timor-Leste.
COVID19
News
3 min read
The disruption in the tourism industry has hit hardest those working irregularly, like porters and guides.
COVID19
News
3 min read
A daily summary of Covid19-related developments that matter
COVID19
Features
4 min read
A steady rise in new Covid-19 cases in the past weeks proves community-level spread is here, warn public health experts, but the government remains in denial still
COVID19
Features
3 min read
A three week long prohibitory order has been eased in the capital, allowing regulated mobility of people
Features
Explainers
4 min read
Once the biometrics are stolen, it’s not possible to re-secure it like resetting your password
COVID19
Features
5 min read
Recruitment of volunteers to enforce the lockdown has had mixed results
COVID19
Perspectives
5 min read
The world’s largest missionary movement cannot be blamed exclusively for its role in the Covid19 pandemic
Explainers
7 min read
Four Nepalis were recently arrested in possession of uranium. The Record explains what they were planning to do with it and how much it’s worth.