Kenya’s National Integrated Identity Management System – NIIMS
Information website for NIIMS, Huduma Number, Huduma Card. nims portal at niims.co.ke . Get all information about NIIMS service and A PDF download of the same.
- 1 What is NIIMS?
- 2 What is the purpose of NIIMS?
- 3 Doesn’t Kenya already have a national ID system?
- 4 How was NIIMS created?
- 5 When and where is registration taking place?
- 6 What data will be collected during registration for NIIMS/HudumaNamba?
- 7 How is litigation being used to respond to these developments?
- 8 What are the main constitutional issues raised in the petitions?
- 9 How has the Court responded to the litigation?
- 10 What were the alleged flaws in the process that established NIIMS?
- 10.1 Why is it a concern that meaningful data protection and privacy laws are not yet in place?
- 10.2 How could NIIMS and the Huduma Namba exacerbate existing marginalization and discrimination?
- 10.3 How does NIIMS relate to the new 2019 Huduma Bill?
- 10.4 What potential solutions are there?
- 10.5 What risks can we expect based on the experience of other countries?
- 10.6 Aadhaar: India’s Aadhaar system is consistently cited as a model for centralized identification systems that provide a “unique number from cradle to grave.” But Aadhaar was also passed without consultation or popular education. Recently the Supreme Court of India heard dozens of legal actions challenging the process by which it was adopted, privacy concerns, and the onus it creates to surrender private information for access to public services, among others.
- 11 Kenya’s National Integrated Identity Management System PDF Download – CLICK HERE.
What is NIIMS?
The National Integrated Identity Management System (NIIMS) is a system intended to create and operate a national population register as a single source of information about Kenyan citizens and foreigners resident in the country.
What is the purpose of NIIMS?
NIIMS is not only a population register. Government agencies and private companies collect and store personal information for many different reasons, including improvement of service delivery, establishment of social networks, or as part of a business model (i.e. Facebook). Many countries are transitioning to digital registries that – just like their analog equivalents – serve a variety of different functions. Countries also administer civil registration (birth and death registration) and collect other vital statistics (e.g. marriage and divorce) on their populations throughout an individual life cycle. Whether or not they are digital, civil registries can be distinguished from population registries because they are continuously updated and their purpose is to document a specific, limited set of life events. NIIMS will collect a “snapshot” of the population, including biometrics, and link that information with other functional databases. Therefore, the Government of Kenya is proposing to collect new personal information on all citizens and resident foreigners, and to link those records with existing data held by separate government agencies for a particular purpose (e.g. land records, social welfare and school enrolment records). However:
- The Kenyan public has no way to assess the quality or security of the information in the government registries that will be linked to NIIMS. The Government of Kenya has not made public any information concerning its own assessment of the accuracy of the information contained in databases/registries that will be linked to NIIMS, what will be done in the case of duplicate/conflicting records, or how to rectify incorrect information.
- Access to public services under NIIMS. The Government of Kenya has announced that registration in NIIMS will be required in order to access all public services, effectively leaving no option to opt out of the system.
Doesn’t Kenya already have a national ID system?
Yes. Kenya has a National ID system, administered by the National Registration Bureau, a component of the Ministry of Interior and Coordination of National Government, State Department for Immigration, Border Patrol and Registration of Persons. Kenya has also experimented with the establishment of systems like NIIMS in the past: NDRS (National Digital Registry System), announced in 2014 and abandoned, and IPRS (Integrated Population Registry Service). The relationship between NIIMS and IPRS is unclear as they serve parallel purposes – both claiming, like the NDRS, to serve as the “single source of truth” on Kenya’s population. In order to enroll in NIIMS the Government of Kenya requires extensive information on registration in other government systems, including national ID card numbers of the enrollee and family members.
Kenya also has a civil registration system. But registration rates remain low. The World Bank’s 2016 diagnostic assessment of Kenya’s registration and identification systems found that “[b]irth and death registration rates are not high enough to provide a solid foundation for the national registration system.” Birth registration is essential for ensuring that everyone is able to establish their legal identity from birth, including the provision of official evidence of nationality by birth. Registration in NIIMS under the Miscellaneous Amendments Bill is not intended to serve this purpose.
How was NIIMS created?
NIIMS was established through changes made to the Registration of Persons Act via a Miscellaneous Amendments Bill, which came into force on January 18, 2019 as Statute Law (Miscellaneous Amendments) Act No. 18 of 2018 after the President gave his assent on December 31, 2018. The Act is 86 pages long and contains provisions modifying more than fifty laws.
When and where is registration taking place?
In January 2019 the Government of Kenya announced a nationwide biometric registration exercise to collect the information for the NIIMS system. Upon registration, each person will receive a unique number called a Huduma Number or Huduma Namba in Swahili, which the government has said will be necessary in order to access any services in the future (including acquiring an ID card, passport, driving license, NSSF and NHIF numbers). The Government of Kenya conducted a round of Huduma Namba registration from April to May 2019. It claims 36 Million Kenyans had registered in that period. The government is hoping to open up another registration period in light of the new draft Huduma Bill (see below).
What data will be collected during registration for NIIMS/HudumaNamba?
The government collected information on each person’s nationality, place of birth, parentage, marital status, education background, employment status, disability, agricultural activities, and biometrics – including fingerprints and a photograph. The register is meant to link with other existing government databases, such as NSSF, NHIF, NTSA, and others.
How is litigation being used to respond to these developments?
In an attempt to protect the rights enshrined in the Constitution of Kenya, the Nubian Rights Forum (NRF) is the petitioner in a case filed with the High Court of Kenya, Constitutional and Human Rights Division on February 14, 2019.Kenya Human Rights Commission and Kenya National Commission on Human Rights each filed petitions on February 18, 2019. These petitions were consolidated and a number of interested parties and NGOs have joined the action.
What are the main constitutional issues raised in the petitions?
The cases raise issues including the non-transparent and noncompetitive manner in which the NIIMS contract was awarded, the use of a miscellaneous amendments bill to pass substantive amendments, the lack of public participation in the process, concerns over data privacy and protection, the right to information, and the risk the system could further entrench discrimination of marginalized groups in Kenya. The case affects the rights of all people in Kenya, while also addressing how NIIMS will disproportionately affect marginalized communities.
How has the Court responded to the litigation?
A three-judge bench in Kenya’s Nairobi High Court ruled in April that the Government could proceed with a mass data collection initiative to collect data for the NIIMS system, including biometric data. However, it prevented the authorities from;
making registration mandatory,
· tying access to services to enrolment,
· collecting DNA and GPS data,
· setting a deadline for enrolment, and
· sharing data between agencies or to third parties.
What were the alleged flaws in the process that established NIIMS?
1. The introduction of substantive amendments in a Miscellaneous Amendments Bill, which should only contain minor, non-controversial amendments. The substantive amendments include the creation of the NIIMS system, a new definition of biometrics (that includes DNA), the collection of GPS coordinates from each person during registration.
2. Lack of adequate public participation as provided for under the Constitution.
Why is it a concern that meaningful data protection and privacy laws are not yet in place?
· Article 31 of the Constitution protects the right to privacy, including the right of individuals not to have information relating to their family or private affairs unnecessarily required or revealed.
· Kenya does not yet have a law to regulate how data (in general and in an integrated population register) will be collected, secured, and stored – including who can access which information and for what purpose. Any digital population register or new identity system must be carefully designed to comply with these data protection requirements.
· The amendments that created NIIMS are also unclear how the data will be secured and the privacy rights of the citizens protected. There is no opportunity for remedy if data is breached.
· Private companies that may operate or manage various aspects of the digital register must also be subject to strict and clear laws regarding access to personal data.
· While the NIIMS system will compile sensitive personal data on all persons in Kenya, the country has a well-documented history of using these kinds of powers disproportionately against ethnic and religious minorities and other marginalized groups.
How could NIIMS and the Huduma Namba exacerbate existing marginalization and discrimination?
Millions of Kenyans currently face discriminatory practices in acquiring identity cards as they are subjected to a different process for acquiring an identity card based only on their ethnicity or religion. The process causes administrative burdens, undue delays and even denials of documents to Kenyan citizens. Other Kenyans struggle to access registration and identification facilities due to distance and cost – particularly communities living in rural, remote, or pastoralist areas. Moving forward with a new population register and “smart” ID card without explicitly addressing these problems could further marginalize these communities.
· It is not yet clear what documents must be provided to obtain a Huduma Number and requirements to obtain other identity documents may shift, leaving out those who have not been able to acquire documentation under the current system.
· Under the NIIMS system, all government documents will be centrally printed and distributed, which may create additional difficulties in following up on applications.
· The stakes of not being able to acquire a Huduma Number or ID card will increase, as the government has stated the number is a requirement to access government services.
A new registration system must include reforms to address existing challenges before it is rolled out.
How does NIIMS relate to the new 2019 Huduma Bill?
The draft bill is an attempt by the Kenyan government to circumvent existing court orders relating to the Huduma Namba. In April of this year, a special bench of the Nairobi High Court ordered that registration for a Huduma Namba could not be made mandatory and that government services could not be linked to registration for a Huduma Namba, among other limitations (see above). The new draft bill not only makes access to goods and services dependent on registration, it also imposes criminal penalties, including prison time, for failure to register. The bill has not yet been introduced to parliament.
The draft bill fails to address challenges raised in the NIIMS litigation. The bill pays lip service to data protection, civil registration, and inclusion but the provisions fall short of constitutional standards and are open to abuse. For example, the bill only covers protection of data collected for the purposes of establishing the NIIMS central biometric registry, and does not address the host of problems associated with linking government databases together through the Huduma Namba unique ID number. Additionally, there continues to be a lack of a legal and regulatory framework within which the bill operates. Experts have also criticized the non-inclusive public consultation on the Huduma Bill.
What potential solutions are there?
An integrated, digital population register is an enormous undertaking that would be best served by a new comprehensive piece of legislation. The government should:
· Enact a new Registration of Persons Act that will (1) reform the current system of access to documentation to ensure equal, non-discriminatory treatment of all Kenyans, (2) ensure meaningful data privacy protections, and (3) be intentional about how any new integrated register is created, managed, and secured.
· Enact a strong law on data protection that adheres to international standards must be enacted prior to any new digital identity system.
· Ensure substantial public participation and debate must be a central part of the process of enacting both laws. More public participation in the legislative process can ensure the system will balance national interests and individuals’ right to privacy and other rights under the Constitution.
What risks can we expect based on the experience of other countries?
Aadhaar: India’s Aadhaar system is consistently cited as a model for centralized identification systems that provide a “unique number from cradle to grave.” But Aadhaar was also passed without consultation or popular education. Recently the Supreme Court of India heard dozens of legal actions challenging the process by which it was adopted, privacy concerns, and the onus it creates to surrender private information for access to public services, among others.
Data Security: The main cause of leaks is not external hackers, but intentional or accidental release of information by those with authorization to process personal data. In India, for instance, an estimated 210 government websites with legitimate access to the data have leaked individuals’ personal data, including one leak of an estimated 135 million beneficiaries. Recently, a researcher found 5.8 million records leaked by a legitimate entity – Indane, a state-owned gas company – when Google indexed the company’s website, thus exposing personal data.
Exclusion: In India, the error rate in the collection of basic demographic details is as high as 8.8%. Biometrics, particularly fingerprints are notoriously biased against the poor and manual laborers, who may have no readable fingerprints. In India’s Andhra Pradesh and Telangana regions, 14% of the poor eligible for food rations could not authenticate their identity, because of unreadable fingerprints, or problems with electricity or internet connectivity.