Search
Content type: Examples
12th August 2019
In February 2019, the World Food Programme, a United Nations aid agency, announced a five-year, $45 million partnership with the data analytics company Palantir. WFP, the world's largest humanitarian organisation focusing on hunger and food security, hoped that Palantir, better known for partnering with police and surveillance agencies, could help analyse large amounts of data to create new insights from the data WFP collects from the 90 million people in 80 countries to whom it distributes 3…
Content type: Examples
12th August 2019
As early as 2008, the Chinese telecommunications giant ZTE began helping Venezuela develop a system similar to the identity system used in China to track social, political, and economic behaviour. By 2018, Venezuela was rolling out its "carnet de la patria", a smart-card "fatherland" ID card that was being increasingly linked to the government-subsidised health, food, and other social programmes most Venezuelans relied on for survival. In 2017, Venezuela hired ZTE to build a comprehensive…
Content type: Examples
3rd May 2019
Research from the Brennan Center shows minorities are primarily affected by new laws that restrict citizens access to voting through ID requirement, increased distance to polling station, inconvenient opening hours and hidden costs.
https://www.theguardian.com/world/2012/jul/18/voter-id-poor-black-americans
Writer: Ed Pilkington
Publication: The Guardian
Content type: Explainer
31st January 2019
This is the third part of Understanding Identity Systems. Read Part 1: Why ID?, and Part 2: Discrimination and Identity.
Biometrics
Biometrics are the physiological and behavioural characteristics of individuals. This could be fingerprints, voice, face, retina and iris patterns, hand geometry, gait or DNA profiles. However, the legal definition of ‘biometrics’ may differ – in some contexts, it may be defined by law, whereas in others it may not have, or only have a vague, legal definition…
Content type: Explainer
31st January 2019
This is the second part of Understanding Identity Systems. Read Part 1: Why ID?, and Part 3: The Risks of ID.
The existing identity landscape
Every country has an existing landscape of ways in which people can identify themselves. This can include an existing ID card system, but also a range from birth registration, to passports, to driver licenses. The effectiveness of these systems may be unevenly distributed, or otherwise problematic.
The nature of the existing ID landscape varies…
Content type: Explainer
31st January 2019
Introduction
Of all the data-intensive initiatives that a government can introduce, some of the largest are ID systems. They have implications across a broad range of human and civil rights. How do we begin to critique an ID system, to begin to understand its strengths and weaknesses? There are a series of issues that we believe should be addressed in the development of any ID system.
This could be of particular relevance to civil society organisations (CSOs): this is because civil society…
Content type: Examples
5th May 2018
In February 2018 the Home Office gave the Yorkshire Police 250 scanners that use a smartphone app to run mobile fingerprint checks against the UK's criminal fingerprint and biometrics database (IDENT1) and the Immigration and Asylum Biometrics System (IABS). The app was simultaneously made available to all 5,500 frontline Yorkshire Police officers, with a plan to roll the service out to another 20 forces by the end of 2018. Police are able to use the scanners when people they stop on the street…
Content type: Examples
13th August 2019
In February 2019 Gemalto announced it would supply the Uganda Police Force with its Cogent Automated Biometric Identification System and LiveScan technology in order to improve crime-solving. LiveScan enables police to capture biometric data alongside mugshots and biographical data. CABIS speeds up the biometric matching process by mapping distinctive characteristics in fingerprints, palm prints, and facial images. The Ugandan police will also pilot Gemalto's Mobile Biometric Identification…
Content type: Examples
2nd May 2018
In 2012, London Royal Free, Barnet, and Chase Farm hospitals agreed to provide Google's DeepMind subsidiary with access to an estimated 1.6 million NHS patient records, including full names and medical histories. The company claimed the information, which would remain encrypted so that employees could not identify individual patients, would be used to develop a system for flagging patients at risk of acute kidney injuries, a major reason why people need emergency care. Privacy campaigners…
Content type: Examples
7th May 2019
In Ireland benefits claimants are expected to register for a Public Services Card (PSC) in order to access benefits. PSC users are expected to have their photographs taken in department offices, which is then digitally captured along with their signature. While this card was originally created to prevent benefits fraud – by insuring someone could not register twice to claim benefits – it is increasingly being used as a de facto form of ID and citizens have been apply for PSC even when they do…
Content type: Examples
1st December 2017
In 2015, the Swedish startup hub Epicenter began offering employees microchip implants that unlock doors, operate printers, and pay for food and drink. By 2017, about 150 of the 2,000 workers employed by the hub's more than 100 companies had accepted the implants. Epicenter is just one of a number of companies experimenting with this technology, which relies on Near Field Communication (NFC). The chips are biologically safe, but pose security and privacy issues by making it possible to track…
Content type: Examples
17th May 2019
In February 2019, an anonymous tip-off to Computer Sweden revealed that a database containing recordings of 170,000 hours of calls made to the Vårdguiden 1177 non-emergency healthcare advice line was left without encryption or password protection on an open web server provided by Voice Integrate Nordic AB. After the breach was discovered, MedHelp, which runs the 1177 service, shut the server down and found that 55 call files had been illegally downloaded from seven different IP addresses. Nine…
Content type: Examples
12th August 2019
After an 18-month investigation involving interviews with 160 life insurance companies, in January 2019 New York Financial Services, the state's top financial regulator, announced it would allow life insurers to use data from social media and other non-traditional sources to set premium rates for its customers. Insurers will be required to demonstrate that their use of the information doesn't unfairly discriminate against specific customers. New York is the first state to issue specific…
Content type: Case Study
14th December 2018
Photo credit: Douglas Fernandes
The exclusion caused by ID can have a devastating effect on people, limiting their opportunities and ability to survive. In September 2018, Privacy International interviewed people in Santiago, Chile who had faced problems from the Chilean ID system, known as the RUT. Names have been changed.
It was never going to be easy for Liliana, entering Chile without a visa. But, in Chile, the ID system – known as the RUT – is ubiquitous; without one, as she would…
Content type: Examples
26th September 2018
In December 2017, it was revealed that the large telco Bharti Airtel made use of Aadhaar-linked eKYC (electronic Know Your Customer) to open bank accounts for their customers without their knowledge or consent. eKYC is a way of using data in the UIDAI database as part of the verification process, which Airtel made use of for the issuing of SIM cards, and also secretly opened bank accounts with their Airtel Payments Bank. More than 2 million accounts could have been opened, receiving more than…
Content type: Examples
1st December 2017
In 2017, a website run by the Jharkhand Directorate of Social Security leaked the personal details of over.1 million Aadhaar subscribers, most of them old age pensioners who had enabled automatic benefits payment into their bank accounts. Aadhaar is a 12-digit unique identification number issued to all Indian residents based on their biometric and demographic data. Both cyber security agencies and the Supreme Court have expressed concerns over its security, especially in view of the government'…
Content type: Examples
13th August 2019
In November 2018, Italy's Data Protection Authority advised against a proposal from the country's Interior Minister, Matteo Salvini, to replace "parent 1 and parent 2" on children's national ID cards with "mother and father". Salvini, who campaigned for election earlier in 2018 on a socially conservative platform, also called for gender-specific terms throughout the application and for applications submitted on behalf of under-14s to include permission from both parents. The DPA argued that the…
Content type: Explainer
21st July 2020
Definition
An immunity passport (also known as a 'risk-free certificate' or 'immunity certificate') is a credential given to a person who is assumed to be immune from COVID-19 and so protected against re-infection. This 'passport' would give them rights and privileges that other members of the community do not have such as to work or travel.
For Covid-19 this requires a process through which people are reliably tested for immunity and there is a secure process of issuing a document or other…
Content type: Case Study
14th December 2018
The exclusion caused by ID can have a devastating effect on people, limiting their opportunities and ability to survive.
Names have been changed.
Carolina is in a more privileged position than many other migrants, she admits that. She has a formal job, for one. She is – and has always been – in Chile legally: her previous visa has expired, and her new one is being processed. Under the law, she is permitted to stay and work in the country while this is happening. But she is finding the visa…
Content type: Examples
12th August 2019
In October 2018, the answers to a FOIA request filed by the Project on Government Oversight revealed that in June 2018 Amazon pitched its Rekognition facial recognition system to US Immigration and Customs Enforcement officials as a way to help them target or identify immigrants. Amazon has also marketed Rekognition to police departments, and it is used by officers in Oregon and Florida even though tests have raised questions about its accuracy. Hundreds of Amazon workers protested by writing a…
Content type: Examples
7th May 2019
In India, one of the reasons the Aadhaar ID system has been increasingly widely used is that it is mandatory for much India’s benefits system. Government subsidies are now processed through under the Direct Benefit Transfer scheme, which requires citizens to have a bank account and to insure that their Aadhaar number is linked to their bank account so they can receive subsidies.
https://www.paisabazaar.com/aadhar-card/want-to-avail-government-subsidies-provide-aadhaar-and-get-it-easily/…
Content type: Report
11th September 2020
A common theme of all major pieces of national jurisprudence analyzing the rights implications of national identity system is an analysis of the systems’ impacts on the right to privacy.
The use of any data by the State including the implementation of an ID system must be done against this backdrop with respect for all fundamental human rights. The collection of data to be used in the system and the storage of data can each independently implicate privacy rights and involve overlapping and…
Content type: Report
11th September 2020
Rather than providing a list of arguments, as is the case in the other sections of this guide, the fifth section provides a general overview describing the absence of consideration of these themes in existing jurisprudence and the reasons why these themes warrant future consideration including identity systems’ implications for the rule of law, the role of international human rights law, and considerations of gender identity.
Democracy, the Rule of Law and Access to Justice: This analysis of…
Content type: Report
11th September 2020
While identity systems pose grave dangers to the right to privacy, based on the particularities of the design and implementation of the ID system, they can also impact upon other fundamental rights and freedoms upheld by other international human rights instruments including the International Covenant on Civil and Political Right and the International Covenant on Economic, Social and Cultural Rights such as the right to be free from unlawful discrimination, the right to liberty, the right to…
Content type: Report
15th September 2020
Privacy International partnered with the International Human Rights Clinic at Harvard Law School to guide the reader through a simple presentation of the legal arguments explored by national courts around the world who have been tasked with national courts that discuss the negative implications of identity systems, particularly on human rights, and to present their judgement.
This argumentation guide seeks to fill that gap by providing a clear, centralised source of the arguments advanced in…
Content type: Report
11th September 2020
National identity systems naturally implicate data protection issues, given the high volume of data necessary for the systems’ functioning.
This wide range and high volume of data implicates raises the following issues:
consent as individuals should be aware and approve of their data’s collection, storage, and use if the system is to function lawfully. Despite this, identity systems often lack necessary safeguards requiring consent and the mandatory nature of systems ignores consent entirely…
Content type: Report
11th September 2020
Identity systems frequently rely on the collection and storage of biometric data during system registration, to be compared with biometric data collected at the point of a given transaction requiring identity system verification.
While courts have arguably overstated the effectiveness and necessity of biometric data for identity verification in the past, the frequency of biometric authentication failure is frequently overlooked. These failures have the potential to have profoundly negative…
Content type: Report
11th September 2020
Many countries in the world have existing ID cards - of varying types and prevalence - there has been a new wave in recent years of state “digital identity” initiatives.
The systems that states put in place to identify citizens and non-citizens bring with them a great deal of risks.
This is particularly the case when they involve biometrics - the physical characteristics of a person, like fingerprints, iris scans, and facial photographs.
Activists and civil society organisations around the…
Content type: Examples
7th May 2019
Cases of people being denied healthcare as they fail to provide an Aadhaar number have already started emerging. A 28-year old domestic worker, for instance, had to be hospitalised for a blood transfusion after she had an abortion with an unqualified local physician. She had been denied an abortion, to which she was legally entitled, from a reputable government hospital, as she did not have an Aadhaar card. Following this case, 52 public health organisations and individuals issued a statement…