SUFFICIENT SAFEGUARDS

Huduma Namba system secure and blocks data breach, says state witness

Assistant ICT director in the ICT ministry, says the system is aboveboard and collection, processing, access and sharing of information is protected

In Summary

• ICT expert say the databases of the institutions linked to the system will only access the NIIMS database to establish respective identities of individuals.

• Kenya heavily relied on Estonia’s model after considering international best practices on identity systems.

Kisumu County Commissioner Pauline Dola during the Huduma Number Registration
Huduma number registration Kisumu Kisumu County Commissioner Pauline Dola during the Huduma Number Registration
Image: Faith Matete

The government has defended the ongoing Huduma Namba registration and sought to assure Kenyans that their data is secure.

There have been fears over the safety of the information captured into the National Integrated Identity Management System.  However, an expert witness in the case filed by three lobbies against the drive says the integrity of the system is beyond reproach. The case will be mentioned on June 4.

In an affidavit filed in court, Loyford Murithi, the assistant director of ICT in the ICT ministry, says the system is aboveboard. Murithi has been involved in the development of the NIIMS.

 

He says the moment biometric and biographical information is captured, the information is encrypted whether the data capture device is online or offline.

“A data breach on NIIMS database would only reveal encrypted templates of personal identity information, which cannot be unmasked without the requisite decryption key,” Murithi says.

Sufficient technical safeguards regulate the collection, processing, access and sharing of identity data, he adds.

The ICT expert says the databases of the institutions linked to the system will only access the NIIMS database to establish respective identities of individuals.

“Children’s identity data have also been safeguarded and special additional technical safeguards were incorporated in the architectural design of the database.”

Murithi says Kenya heavily relied on Estonia’s model after considering international best practices on identity systems and conducted benchmarking in a number of other jurisdictions.

“The government chose the model from Estonia because both countries keep a digitally centralised master population register of all their respective citizens and registered foreign nationals resident within the boundaries,” the affidavit reads.

 

It says Estonia uses identity cards, which are valid for both physical and digital identification.

Murithi dismisses claims that NIIMS uses capture kits manufactured by OT-MORPHO, saying they don’t even use their software. He says most of the software was locally done.

“All the registration and encryption programs that run on the said hardware components of NIIMS were developed and installed locally by the state.”

Another witness has also endorsed the system. Edward Muchemi says the NIIMS database is a unique identifier number repository, which matches a citizen to all government touch-points.

“To the best of my knowledge, NIIMS will not prejudice anyone, save for those whose intent is to harm Kenyans,” he says.

(Edited by F'Orieny)