Nepal government’s roll-out plan for national biometric ID cards criticized

The decision by the Nepal government to expand the distribution of biometric national identity cards throughout the country is drawing criticism from advocacy groups, privacy experts, and legislators, The Kathmandu Post reports.

Last month Nepal’s Ministry of Home Affairs quietly scrapped the original plan to gradually roll out distribution of the digital identity cards, supplied by IDEMIA and supported by the Asian Development Bank, and decided to expand distribution country wide at once.

Bipin Adhikari, a dean at the Kathmandu University School of Law and constitutional law expert, said that despite constitutional protections, privacy is an alien concept in the country, and that it is likely the state will handle sensitive data recklessly. The government reportedly did not conduct security tests or provide guidelines to employees prior to the trial, and security researcher Ashim Mahara of Nepali company Vairav Technology says the government has a history of inadequate information security.

Regular reports of data breaches from India’s Aadhaar system have only increased concerns.

“Moving to digital ID cards is inevitable, but what we need to be concerned about is where these biometric data are being stored, who has access to these private data and how long is the state going to retain them?” Nepali digital gender advocacy group Body & Data Co-founder Shubha Kayastha told the Post.

“I strongly feel we need to have more discussion on what measures, especially given our lack of expertise and experience in data security, will be used to ensure the confidentiality of our citizens’ data,” says Rekha Sharma, a lawmaker and former minister for the ruling Nepal Communist Party (NCP).

The National Identity Card and Civil Registration bill which changes the proposed roll-out was brought before parliament in January, and also requires extensive personal information including residence and marriage history and grandparents’ names. The process is to be carried out by the newly created Department of National ID and Civil Registration, which experts say creates two parallel bodies and concerns about oversight and potential for wasted resources.

The country’s Election Commission began collecting biometric information in 2008 to curb voting fraud, but that data has not been stored as planned, leading to problems.

“We had to compress several of the biometric data because of limited storage infrastructure and this might have compromised the quality of the fingerprints which aren’t available in the original high-resolution format anymore,” said Election Commision Under-Secretary Surya Prasad Aryal.