Speeding to E-NIC surveillance, Setting up an Accessible Information Data Base

Sri Lanka has presented regulations in parliament to create a database of data about citizens which can be accessed by the defence secretary and other officials without a court order, which critics warn is taking the country speedily towards a surveillance state.

On Wednesday regulations which will eventually make it possible for authorities to create an electronic ID a data base of personal and family information including biometric data, was presented to parliament.

The e-NIC project was initiated by the ousted Rajapaksa administration.

The law to make E-NIC possible was passed earlier by the so-called ‘Good Governance’ administration which came to power promising to increase freedoms of citizens.

Sri Lanka is rushing into the E-Nic without a privacy law in place, or safeguards against abuse by authorities, despite mounting evidence from other countries of the negative effects of such systems on civil liberties.

Unlike India, Sri Lanka already had a nation-wide unique numbered identity card. The identity card was under the control of citizens, and its presentation is initiated by the citizen.

Some proponents have misled the public that Sri Lanka’s planned system is similar to that of India, critics say. Though electronic cards are claimed to be less easy to forge, the experience with credit and debit cards show that it is simply a different level of sophistication, those in the IT industry say. In India a dog and a Hindu god has reportedly been issued Aardhar cards.

India’s Aardhar system, which was touted as a system to prevent frauds in subsidy distribution, has led to widespread abuse and leaks, despite safeguards being put in place and promises that it will only answer yes/no queries, and not be used to mine information.

It means in theory, the database cannot be asked to reveal an address, only whether a queried address (or name) is correct or not.

However in practice, entire details or people including cricket star Dhoni have leaked.

India’s Supreme Court Thursday ruled that privacy was a fundamental right throwing the entire program of collecting biometric data into doubt.

“The right of privacy is a fundamental right,” the nine judges deciding the case said in a unanimous ruling.

“It is a right which protects the inner sphere of the individual from interference from both State and non-State actors and allows the individuals to make autonomous life choices.”

Freedom advocates say the ruling may make it more difficult for the Modi administration to create a surveillance state and throw a so-called “digital leash” around the necks of Indians.

“The world’s largest democracy has spoken,” said Mishi Choudhary, legal director at the Software Freedom Law Center in New York was quoted as saying by AFP, a news agency.

“People who said that this (Aadhaar) is the creation of a surveillance state, they are not engaging in hyperbole.

“I personally think the mission creep of Aadhaar is very worrying. It started with one particular thing, to give an ID card to people below the poverty line, and slowly it becomes this hydra for everything… now I have a digital leash around my neck.”

Though Aadhaar began as a voluntary program, the state tightened the noose by demanding it as a compulsory requirement to access services, making it ever more difficult for citizens to resist.

In Sri Lanka the administration has not even made a pretence that inclusion in the database will be voluntary.

In addition to personal and family data, the law also provides for unspecified ‘other information’ to be collected and stored, making it an open-ended Pandora’s box, critics say.

A part of the problem lies in a terrifying ignorance of members of society about of the dangers or capabilities of information technology, an information technology insider who has knowledge of several systems used in some countries said.

The use that the data may be put to including tracking citizens that have done no crime, would be based on the architecture of the system and who has access.

In Sri Lanka, the law provides the data to be disclosed to the defence secretary, or to any officer to ‘prevent a crime’ with no court order according to section 39c of the act passed by the set of legislators now in parliament.

The release of data “for the purpose of complying with any order or direction issued by a competent Court,” is the third and last trigger.

In Sri Lanka there is no information on the architecture of the system that the authorities are developing.

An E-NIC data base is an irresistible target for hackers, both domestic and foreign, which in industry parlance is referred to as a ‘honeypot’.

Pakistan’s NADRA system is already reported to have been hacked by more than one foreign power.

Britain, which started an E-NIC was forced by citizens to backtrack and scrapped the program, after police state aspects became clearer.

“Scrapping identity cards is an important sign that the new government is committed to safeguarding civil liberties,” Trades Union Congress leader Brendan Barber said at the time.

“With public spending under close scrutiny, identity cards were a costly folly that would have done nothing in reality to assist the fight against terrorism and would have been an unwelcome intrusion into people’s personal liberty, with a likely disproportionate impact on black and ethnic minority citizens.”

In Sri Lanka during the last regime, it is an open secret that security officials were sitting inside telco’s listening to people’s conversations without any court order. (Economy Next)