Yvonne McCalla Sobers | NIDS: Discuss rather than defend
The Jamaican State may be passing up on chances to build trust. For example, National Identification System (NIDS) spokespersons have seemed more inclined to defend the system than to discuss it. As a result, they seem to be missing out on opportunities to reassure citizens that the State can and will protect their data.
The 2017 exchange between Prime Minister Holness and Dr Daniel Thomas is noteworthy. The occasion was a NIDS town-hall meeting held shortly after the NIDS Act was passed.
A UTech student who stood in line behind Thomas described the exchange after Thomas posed his question:
"The gentleman (Thomas) that asked the question on NIDS, Mr Prime Minister, I was taken aback by the way you responded to the question. I felt that you came across too strong, and while I was listening to you, I was saying, 'Should I go and ask this gentleman a question? Will he answer me in the same tone that he answered the young man?'"
A video of the exchange went viral. It shows Prime Minister Holness chiding Thomas after this young man expressed concern about the penalties attached to not enrolling for NIDS. Thomas also asked for the Government to allow time for more consultation about NIDS.
The prime minister's response was to describe the discussion on NIDS as "disingenuous, unfair, and untruthful". He said that he rejected Thomas' view that "somehow you have a higher moral authority on this matter than I do". The prime minister said in that town-hall meeting: "I am not hiding from consultations. I am here facing the questions." However, full footage of the video did not show the prime minister answering Thomas' question.
The Opposition has challenged NIDS in court. A ruling is, therefore, awaited on whether NIDS breaches eight of 25 fundamental rights and freedoms, including privacy rights. Nonetheless, at a November 2018 political meeting, Prime Minister Holness said, "I don't know what the big argument is about privacy." He insisted that there were no reasonable grounds to fear a central registry. Citizens were encouraged to resist "backward thinking".
However, citizens have a right to question a system such as NIDS that shifts the balance of power away from the citizen to the State. In the wrong hands, NIDS can become an instrument of repression. This is a matter of principle that is unrelated to the character of whomever happens to hold power today.
The prime minister has pointed to the law that was designed to protect people's data. However, the joint select committee reviewing this law currently has no chairman and has not met since March 2018. Further, it could be argued that this law should have been passed before NIDS was introduced.
NIDS representatives were absent from a recent cybersecurity conference hosted by The UWI. One session, in particular, centred on NIDS. However, the organisers said that NIDS representatives declined the offer to attend and could not be persuaded to change their minds.
The Data Protection Act is meant to enable citizens to trust NIDS with their private data. Any compromise of the NIDS database will be irreversible for a human lifetime. For example, fingerprints cannot be changed when a leak occurs. Hackers have exposed weaknesses in big business as well as US federal agencies.
An outstanding breach of cybersecurity took place in India. In January 2018, a reporter was able to pay about $10 to access the personal data of one billion citizens of India. As with managing a hurricane disaster, the goal of NIDs policies must be managing the risk rather than trying to prevent or avoid the disaster.
Those attending the UWI conference may have benefited from a discussion on data storage, for example. Storage spaces can include e-government, banks, schools, hospitals, insurance companies, tax offices, social-sector agencies, and mobile phone companies. An important part of data protection is that citizens' data is stored in unconnected spaces. If there is a privacy breach, a password can be changed and only one set of data is compromised. However, a hacker into NIDS could gain access to comprehensive data, some of which (the biometric) is unchangeable.
The State could seek to build trust in NIDS by:
- Awaiting the ruling of the court before making further pronouncements in NIDS that may have constitutional implications.
- Immediately publishing the NIDS regulations to enlighten the public on obligations and penalties under the NIDS Act.
- Immediately reconvening the joint select committee on the Data Protection Bill.
- Listening and responding appropriately to those with divergent views.
- Treating the upholding of citizens' rights as the State's highest priority.