* Any views expressed in this opinion piece are those of the author and not of Thomson Reuters Foundation.
Mobile SIM registration linked to digital ID is causing exclusion of marginalised groups, and concerns about privacy in the absence of sufficient legal safeguards, especially in nations with a history of abuse by authorities
Dr Tony Roberts is a research fellow at the Institute of Development Studies, and a member of the African Digital Rights Network. Ridwan Oloyede is a legal practitioner, research fellow and consultant based in Nigeria, and a member of the African Digital Rights Network.
In recent weeks, millions of Nigerians have been barred from making calls after the government instructed telecommunications providers to disconnect their SIM cards because they failed to comply with the government directive to register and link them to their digital ID, known as the National Identity Number (NIN).
Most countries in Africa – 50 nations according to research by Privacy International - and around the world require SIM registration to identify the user. However, Nigeria has gone further by requiring SIM cards to be registered and linked with a citizen’s digital ID, and therefore with the biometric data that it contains. Nigeria is not alone in doing this: some 30 countries globally require SIM registration linked to digital ID including biometric data such as fingerprints or facial images.
Such a registration policy excludes many marginalised groups such as some ethnic minorities or migrant workers without ID proof such as a birth certificates, needed to obtain a digital ID. This locks them out from obtaining a SIM - and therefore from mobile connectivity - and from government services that increasingly require mobile or internet service to access.
Secondly, SIM registration linked to digital ID is causing concerns about privacy rights - not only in Nigeria but also in Uganda, Zambia and Kenya - in the absence of sufficient legal safeguards to protect their data. More so, where there is a historical record of abuse by authorities.
From our research at the African Digital Rights Network, we believe citizens are right to be concerned. Linking digital IDs and mobile SIMs, and linking these with mobile banking apps and other digital services, is the “unholy trinity” of digital surveillance. When combined with further government or corporate data, this surveillance stack enables governments to track an individual’s real-time movements, transactions, email, voice and social media communications, providing a powerful infrastructure for state surveillance.
Digital identification is becoming a central component of repressive digital surveillance. In the six African countries we studied, we found governments making major investments in surveillance technologies, not only in digital IDs and SIM registration, but also in CCTV, encryption breaking and car licence plate and facial recognition systems. They also created laws forcing telecom companies to capture and store citizens’ communications for possible state use.
In Nigeria, that fear was exacerbated in February, when it was reported that President Muhammadu Buhari had allowed security agencies to access the NIN database. The government’s argument for mandatory registration of SIM cards linked to digital IDs hinges on security, and allowing governments to track criminality. However, there is no evidence that mandatory SIM registration lowers crime or makes a difference in crime detection.
Everyone wants governments to track the most serious criminals to prevent mass atrocities. But citizens also want governments to respect and protect everyone’s right to privacy. Due to the covert nature of surveillance, and the large power imbalance between the state and the people being watched, there is a clear opportunity to abuse power: our research on surveillance law in Africa shows that most surveillance is conducted on political opponents, business rivals, journalists, civil society activists and low-level criminals. These are all in violation of privacy rights.
In most African countries including Nigeria, it is also in violation of the constitution, international human rights conventions, and domestic laws which protect privacy of communication. However, branches of the state regularly violate this privacy law, and they do so with impunity, with no accountability for such violations.
To protect citizens against abuses of their data and privacy rights, robust data protection and privacy laws are needed that provide for independent oversight bodies with the independence, resources and power to monitor surveillance practices, and hold governments and corporations accountable for any breaches.
Citizens have a right to legal citizenship and to access government services and entitlements. This should not be contingent on a biometric ID system that locks out the most vulnerable, and enables repressive governments to conduct mass surveillance.