close
close

Nigeria in the Forefront of Enhancing Consent and Data Privacy in Identity Management – Durodola – Nigerian CommunicationWeek

Question: The name of your company, UrbanID, is unique. What informed the choice of this name?

Answer: For many years, I have had a knack for creating names that spring to mind, Musk Ideas, CommonIdentity, PocketIntelligence or PocketOne. UrbanID was an inspiration that came to mind one day, and it stuck.

You were called ‘Linux Prophet’ by a leading technology magazine back in the early 2000s. What is your story in the Open Source tech sector?

I have always had an interest and passion about taking on big players. Microsoft, Oracle, Novell – having to pay top dollar for licensing for productivity. I made a decision one day “anything one can do in Windows, if it can’t be done in Linux, then it’s not worth doing”. So, since 1999, I have been a passionate Linux advocate. Since August 2001, I have not used any Microsoft, Oracle or other proprietary product; yet my productivity and solutions provisions have only increased – decade to decade.

Your name has been synonymous with the digital identity ecosystem for a long time. What has been your involvement in the ID system industry?

Nigeria has had a lot of issues over the years with Identity. In the early 2000’s I became involved in the overhaul of the Identity systems for a large Estate in Lagos. I cut my chops in Identity Management during that period.

In 2012, I was fortunate to have been headhunted to attend to some issues in Abuja, and that led me to raise my hand and offer to serve as Systems Integrator and Technical Consultant at the National Identity Management Commission (NIMC). A three-month contract eventually turned to 10 years. I have also been consulting for a few companies in Europe, advising and giving keynotes on the state of affairs in the Global South.

As a leading professional in the digital identity ecosystem, considering the recent experiences of reported data breach in Nigeria’s national identity sector, how could Nigeria have averted such breaches?

There needs to be a more serious approach to identity management. Whilst every company is set up to turn a profit and carry out business, relaxing restrictions so that companies can make money is a classic recipe for trouble.

Each and every verification carried out on a person’s identity needs to be known, from the natural person carrying out the transaction to the company for whom that natural person is acting on their behalf, all the way to ensuring that the ID holder is kept in the loop at all times. My identity is mine – not the Government’s. So I reserve the right to know how my identity is utilised, by whom, when and where.

If I wish to transfer money to another person, even if it is in two equal tranches, I need to authorise the transaction TWICE. Where companies are not constrained from doing “store and forward”, whereby they keep illegal copies of a legal request for data, it opens up vulnerabilities for such issues. Plenty can be done, if we have the will to make it happen.

In view of trust and reliability issues that arose when individual data could be accessed with the authorization of the data owner, what is the impact of data breach on a nation’s security as well as such a nation’s status in data privacy globally?

Many past systems had been designed with a concept of licensing verification entities (relying parties) who are issued access rights to personal information. Some of these parties then build their own API infrastructure, without the knowledge of the ID Holder, and data is then transmitted, sometimes with little or no encryption.

In the era of Data Privacy focus designs, it has become IMPERATIVE to seek and obtain the consent of the ID Holder, EACH and EVERY time. The national identification number (NIN) is a static number; which means that if the NIN is what is used to fetch information, then the ID Holder’s input or consent becomes redundant and goes against the positive global trend for enhancing data privacy.

How would you rate Nigeria’s National Identity Database vis-à-vis data security and protection issues given recent events in the country?

Surprisingly, a lot has been done in a short space of time. Nigeria is actually in the forefront of enhancing Consent and Data Privacy. We just need to tidy up a few loose ends. We are currently, believe it or not, the envy of a few “developed” economies, who wonder how Nigeria could have come up with a system that puts the NIN Holder first. We just need to fine-tune some issues, and we will establish great relevance in the world of Identity Management and User Consent.

How secure is the Nigeria digital identity database given the issues of ID authentication, consent management and verification?

That is a question really for the Government to answer. Any response I give may not be a fair one.

UrbanID is involved in ID systems globally, but with key concerns for developing economies like Nigeria. What is UrbanID’s focus on getting Nigeria to be topmost in data privacy as a benchmark for other nations?

It’s about time Nigeria takes the lead on a few positive things, especially in technology. What we have been privileged to have helped Nigeria accomplish, including Africa’s first MobileID ecosystem: last count 23 million users as well as one of the most advanced User Consent Systems based on Privacy by Design and Zero-knowledge proof technologies, with a healthy dose of Public Key Cryptography.

There is so much more work to be done, to get our functional IDs to work seamlessly with the foundational one, ensure strict one-person, one-identity compliance, and more. Are we there yet? No. Is Nigeria on the path? Absolutely. Let’s not relent or roll back.

Your company has a passion for digitalisation as a key feature for getting governments to optimise service delivery, accountability and transparency. What is your target for getting Nigeria to key into this goal and implementing full digitalisation of governance?

The first thing Governments need to do, is focus on treating citizens/legal residents as customers whose needs come FIRST.

No environment or country is perfect – there are always flaws and issues. But where we take customer service delivery as paramount, and self last, a Government will be so highly praised, that even where it has flaws, they will be overlooked.

Respect for citizens’ concerns, rights and privileges are so very important, just like fuel for a vehicle is. I also suggest that we adopt a system of rewarding public servants who prioritize resolving customer’s needs. Nigeria is not unique in this regard.

We also advise a number of other Governments, and see to a varying degree interactions between the General Public and Public Servants. It’s very doable. The Nigerian Government at the time of writing, is making great strides and effort to attend to these concerns, and should be given a chance to erase any mistrust of the past.

Based on statistics, transformational projects such as the National Identity Scheme have an average of 30% success rate in meeting their objectives, globally. How will you rate the Nigerian journey so far?

The journey of a thousand kilometres starts with the first step (or turn of the wheel). Let’s keep it up. Successive governments should take up the baton from the past one, and do better, rather than simply discard what was working and replace it. That’s like beginning a race all over again. The next folks will come in and repeat the process.

I wish the Government well. Let the process be led by them, not by the interests of vendors. I would include myself in this. Just speaking as a Nigerian.

Technology used in identity biometrics has evolved significantly over the years from smart card to digital ID Apps that can run on mobiles and block chain systems. In your opinion, how current is Nigeria in this area?

Technology should be an enabler for simplifying use cases. Whilst there is definitely a need for physical identity tokens, the support infrastructure is fragile and very capital intensive. eID Cards and Payment Cards (popularly known as ATM Cards) may look alike, but their implementation, issuance and lifecycle are very different.

Having designed Nigeria’s first eID Card back in 2012-13 and overseen the deployment of the Public Key Infrastructure (PKI) to support it, I am acutely aware of the issues contained therein. The world (for good reason) is trending towards very secure MobileIDs and in increasing cases, mobile Drivers’ licence specifications (mDL), all with a view to using technology to achieve a low total cost of ownership, simplifying ID updates and features without the need to replacing physical documents. I could give a myriad of examples, but I think the point is clear.

For now, if Nigeria opts to go back down the road of physical cards, I wouldn’t say it’s wrong. But simply discarding 23m issued and functional mobileIDs and secure documents in favour of identity smartCards, when both can run in parallel I personally think is not the way to go. I may be wrong, but I doubt it. Time will tell.

Broadly speaking with your experience on global ID systems, what should be the ideal system for an emerging economy like Nigeria?

There are international standards and best practices that it can tap in to. A hybrid of Digital IDs and physical cards with a proper Public Key Infrastructure and Card Lifecycle Management System are necessary technologies. Training and technology transfer are key to customer services.

With Nigeria’s population growth rate at an average 2.40%, how concerning is the country’s identity management system since enrolment of citizens is an ongoing process and huge capital is required?

My short answer: tighten enrolment systems, retrain enrolment staff, enhance identification of enrolees to reduce chances of a person obtaining multiple identities, and spend money where needed. The rest will sort itself out.

Whereas the bank verification number (BVN) appeared to have launched Nigeria into global reckoning with FinTech, will you consider BVN an appropriate tool for National Social Register?

The Bank Verification Number is a functional ID, designed for the fintech industry and has worked pretty well until now. Extending the BVN however, beyond that sector, especially to rival the National Identification Number (NIN), is a recipe for trouble. The NIN is a foundational ID, which in itself needs to be protected. It’s not meant to be shared willy-nilly under the umbrella of “Mandatory Use of the NIN”.

Likewise, for a National Social Register, a functional ID needs to be created, which will be linked directly to the NIN, but should not be the raw NIN and most certainly not the BVN.

Issues in payment and access to finance have been linked to poor national identification system. To what extent will you consider the new E-ID as the ultimate solution?

From the experience of Nigeria and other countries, physical ID Cards ALONE are not a solution. Certainly not where we have limited support infrastructure. I won’t say much on the topic. Time will tell.

What exactly is the difference between the current digital ID System and the E-ID?

Digital ID systems make heavy use of Smartphones and technologies that do not require physical cards to deploy credible tokens for personal identity. A very good case is the US where most states have physical driver’s licences, but are now being integrated into Smartphones, adopting mobile Driver’s licence standards such as ISO 18013-5.

eID are generally Electronic ID Smart cards containing a chip, and may be contact, contactless or dual interface cards. The eID infrastructure is great, if properly deployed, very secure, but very, very capital intensive.

Insecurity still persists in Nigeria despite the enrolment and issuance of over 120m National Identification Numbers (NINs) by NIMC. Why do you think it is so difficult to track criminals in spite of advances in our identity management system?

The answer is a simple one: interagency cooperation and collaboration. Every problem has a solution. If we are ready to solve these challenges, it’s not hard. There are countries that link Healthcare, Banking, Property rental and purchase, and so much more, to the foundational ID. If Nigeria wishes to solve the problem, it’s not theory that will solve it. All hands on deck, collaborate between agencies without one believing they are superior to the other, and the solution will magically appear.

But so long as turf protection exists, individuals within and without the country will continue to exploit our weaknesses.

There are obviously challenges in our system with several silos collecting data of Nigerians; what will be your expert suggestion in eliminating this practice and harmonising the various databases?

As mentioned earlier, turf protection is our biggest challenge. A key outtake of this is the silos you mention. The establishment of an independent Government Cloud, and an enabling environment where stakeholder agencies contribute to its evolution, and we will get there.

You have been long enough in the system to know how well Nigeria is doing. How do you compare Nigeria’s National Identity Management System presently with that of other developing nations?

Over the past 12 years, Nigeria has taken very bold steps. Back in November 2013, it issued one of the most sophisticated eID Cards in the world. Alas, Government support for the infrastructure was missing, and eventually, the ID agency was not able to maintain the issuance bureau or purchase much needed high performance card printing machines.

The issuance of cards for free, was also a challenge for companies who had installed capacity to personalise those cards. The sticky point was how they would be paid. So it eventually died. Between 2020 and 2024, Nigeria led Africa with the issuance of MobileIDs, taking advantage of the very enviable spread of Smartphones in the Country, and creating an enabling environment for their use. Alas, public awareness was lacking. That 23m MobileIDs were even issued is a testament to the power of word of mouth.

All these developments were by 100% local talent – and it worked! Accolades around the world again. Yet, it would seem the trend is now to go back to physical cards.

The World Bank had also advised against the issuance of physical cards, which were to a large extent, also very reliant on foreign expertise. Nigeria does not produce components nor the operating systems they rely on.

Those foreign vendors with specialist skills will provide invoices to the Government in their native currency (USD or Euro). They want our money, but not our currency. In other words, they want our Naira, but not in Naira. So where the value of the Naira since 2012 has dropped from N160: $1 to N1700: $1, the rest speaks for itself.