During the months leading up to the Huduma Namba registration exercise early this year, State officials led by Cabinet secretaries Joe Mucheru and Fred Matiang’i were vocal on the importance of the exercise.
They said the system was good for national planning and the integrity of Kenyans’ personal data collected. “For anyone below 18, all they have is their birth certificates,” said Mr Mucheru during a television interview in the days leading up to the launch of the registration programme.
“If we are going to provide the National Hospital Insurance Fund (NHIF) and universal healthcare for every Kenyan, then we need to be able to identify them so that wherever they are, and wherever they go get services from the Government, they use a unique identifier.”
The CS said centralising the collection of Kenyan’s personal data was necessary to safeguard the same.
“At the moment, everyone is beginning to register people, private companies, mobile money shops and governments,” he said. “The cost of all this registration is unnecessary for Kenyans and as government, we are responsible and therefore want to make sure all this information is stored and secured by the Government.”
However, proceedings from an ongoing case challenging the constitutionality of the National Integrated Identity Management System (NIIMS) indicate the Government already had the data it sought to collect. Last week, Bryan Omwenga, an information technology expert testifying on behalf of the Government confirmed that the data the State sought to collect on Kenyans during the exercise was already in existence.
Previously, former immigration boss Gordon Kihalangwa had integrated the data of over 20 million Kenyans. Mr Omwenga said personal information including personal emails, mobile numbers, profession and asset ownership was already recorded and existed in manual form and that the State would not acquire fresh citizens’ details through the exercise.
The State has so far failed to prove the necessity of spending Sh6 billion on a fresh registration process without enacting the data protection law as had been advised by experts in the public and private sector.
Anand Venkatanatayanan, another expert witness, said centralisation of Kenyans’ personal data was instead a threat, inviting cybercriminals and hackers to attempt to access valuable datasets on citizens.
“It is axiomatic in computer security that nothing is truly secure and there are only costs and benefits of hoarding data,” he claimed. “Centralised databases such as Aadhaar and NIIMS, however, hoard so much data that the cost-benefit ratio tilts definitely in favour of attackers.”
Venkatanatayanan gave the example of a similar project in India where the collected data was corrupted, sometimes returning different profiles of people on one number and also led to leakages when disgruntled state officers sold off the data to brokers.