Who do you trust with your biometric data: fingerprints, retinal scans, and most of all, your DNA? Do you trust your own government? What about the government of Kenya? Or do you put more faith into private companies?
Kenyan Government’s Huduma Namba
Recently, the Kenyan government introduced the National Integrated Identity Management System (NIIMS) to develop a unique digital identification number for all citizens above six years of age. This “service number” or Huduma Namba will also apply to foreign residents in Kenya.
The Huduma Namba will upgrade the national ID from biographic to biometric, meaning that Kenyan ID numbers would be linked to unique biological markers, in addition to names. The Huduma Namba biometric information could include the following information:
- Fingerprints
- Photographs
- Retina Scans and Iris patterns
- Voice waves
- Earlobe geometry
- Hand geometry
- DNA samples
The Kenya Human Rights Commission and international privacy advocates are questioning every aspect of Huduma Namba, from the government tender for the technology, to the need for yet another national ID system, to the data the system is collecting, and the way the government wants to make it a prerequisite to receive constitutionally guaranteed services.
Most worrisome of all is that Kenya does not have a data protection law, which means that there are no limits on how this biometric data could be shared nor a way for Kenyans to know what their biometric data is used for.
Voluntary DNA Tests Like 23andMe
While Kenyans are rightly concerned about DNA samples as part of Huduma Namba, over 26 million people (about half the population of Kenya) have taken voluntary DNA tests in North America, mainly with Ancestry.com and 23andMe. If this pace continues, privately held companies could have the genetic makeup of more than 100 million people by 2020.
Privacy experts are very concerned, since these companies are lightly regulated, and their users’ data is only protected by Terms of Service that can change at any time.
For example, FamilyTreeDNA presented itself as a fierce protector of user data, but then admitted to voluntarily opening its DNA database to the F.B.I and 23andMe received $300 million to share users DNA results with drug giant GlaxoSmithKline.
Which is Better: Government or Corporate Control?
I find it fascinating that people seemingly worry more that a government will have their personal DNA information than a private company. To me, this is completely illogical.
I would think that people could trust (mostly) democratic governments, like the ones in Kenya, India, and the USA, UK, and Canada. These governments are elected by the citizens of those countries, and their executive, judicial, and legislative branches (mostly) function within international norms and domestic laws.
These countries also have robust political debates over every aspect of a system like Huduma Namba in Kenya, or Aadhaar in India, with citizens demanding transparency and accountability around the collection and usage of biometric information.
However, private companies have no such public input on their services. One could say that the customer has great power in deciding if a company lives or dies, yet we are relying only on their good faith to tell us how they are using, or will use, our data. Worse, we have no control over how they use data they already have.
This is my opinion. What is yours? Is it better to have your DNA data with a state actor or a private one? Or none at all? Please share your thoughts in the comments now.
I still struggle with the implications of sharing my biometric/dna data. it’s who I am and I’ve nothing to hide. if later I’m found and convicted of a crime through this, then so be it. if a gov withholds services due to my being of a certain gender, race or genetic predilection for a disease its a matter for politics and advocacy, is that naieve? what I know is that 23andme has connected me to long-lost relatives in australia… confirmed that I’m above average neanderthal (as my friends suspected) and a slew of useful (if not entirely bulletproof) predispositions to an amazing array of characteristics and diseases. and if they can monetize it with glaxo, good for them! I’m just not sure that govs are going to have anywhere close to the kind of useful services that companies would… let alone their ability to manage biometric data as gateway services to constitutionally guaranteed services.
I think the outcome of a healthy and robust debate about this excellent question might entail a critical eye towards our current business model framework. Currently, because somebody invests in getting the data (i.e. government, Facebook, 23andMe, etc.) the argument goes that they get to own and monetize that data. Widespread private-sector and govt violations of data privacy and other precepts of appropriate data management practices suggests the data industry is not capable of responsible and self-regulatory behavior. Further, the evidence is lacking of any robust embrace of responsible and regulatory guidance from Kenya and most other governments. Accelerating this issue of whom to trust; Kenya (govt) or 23andMe (private company) – is the upcoming advent of internet of things (IOT) and 5G technology. To my mind both governments and private entities have repeatedly violated the trust of its citizens and customers for many years. Its time for a business model framework that shifts from service providers owning, controlling and monetizing the data to service providers that serve people who own, control and can monetize their own data about themselves.
If you’d like to get some foundational understanding of why we should be concerned by state power, I’d highly recommend reading “Seeing Like a State: How Certain Schemes to Improve the Human Condition Have Failed” by James Scott (https://www.amazon.com/Seeing-like-State-Certain-Condition/dp/0300078153). It’s a fantastic book. Obviously our answer to “which is better: government or corporate control” should be “neither, thanks very much.” But Scott (and for that matter Foucault) affirm for us that we should indeed be concerned about the power of the state (along with, not instead of, capital).
I am made to think with a lot of worry about if these exponential technologies aren’t undressing us before everyone. The higher the technology, the lower the privacy. To trust or not to trust governments and private companies, entrust or not entrust them with your data doesn’t make any sense after all they will collect it under all circumstances.