ID4D Country Diagnostic: Morocco © 2016 International Bank for Reconstitution and Development/The World Bank 1818 H Street, NW, Washington, D.C., 20433 Telephone: 202-473-1000; Internet: www.worldbank.org Some Rights Reserved This work is a product of the staff of The World Bank with external contributions. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors, or the governments they represent. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Nothing herein shall constitute or be considered to be a limitation upon or waiver of the privileges and immunities of The World Bank, or of any participating organization to which such privileges and immunities may apply, all of which are specifically reserved. Rights and Permissions This work is available under the Creative Commons Attribution 3.0 IGO license (CC BY 3.0 IGO) http:// creativecommons.org/licenses/by/3.0/igo. Under the Creative Commons Attribution license, you are free to copy, distribute, transmit, and adapt this work, including for commercial purposes, under the following conditions: Attribution—Please cite the work as follows: World Bank. 2016. ID4D Country Diagnostic: Morocco, Washington, DC: World Bank License: Creative Commons Attribution 3.0 IGO (CC BY 3.0 IGO) Translations—If you create a translation of this work, please add the following disclaimer along with the attribution: This translation was not created by The World Bank and should not be considered an official World Bank translation. The World Bank shall not be liable for any content or error in this translation. Adaptations—If you create an adaptation of this work, please add the following disclaimer along with the attribution: This is an adaptation of an original work by The World Bank. Views and opinions expressed in the adaptation are the sole responsibility of the author or authors of the adaptation and are not endorsed by The World Bank. Third Party Content—The World Bank does not necessarily own each component of the content contained within the work. The World Bank therefore does not warrant that the use of any third-party-owned individual component or part contained in the work will not infringe on the rights of those third parties. The risk of claims resulting from such infringement rests solely with you. If you wish to re-use a component of the work, it is your responsibility to determine whether permission is needed for that re-use and to obtain permission from the copyright owner. Examples of components can include, but are not limited to, tables, figures, or images. All queries on rights and licenses should be addressed to World Bank Publications, The World Bank, 1818 H Street, NW, Washington, DC, 20433; USA; email: pubrights@worldbank.org. Cover photos: Top left by Daniel Silva; top right and bottom by Arne Hoel/World Bank. Contents Contents...................................................................................................................................................................... i About ID4D..............................................................................................................................................................iii Acknowledgments................................................................................................................................................... iv Abbreviations............................................................................................................................................................ v 1. Background ........................................................................................................................................................1 2. The identity ecosystem in Morocco ...............................................................................................................4 The national electronic identity (the CNIE System) ...........................................................................................................................5 The civil register ...............................................................................................................................................................................................8 A national register of children (MASSAR) ............................................................................................................................................. 11 RAMED (Régime d’Assistance Medicale) .............................................................................................................................................. 13 Social Security (Caisse Nationale de Sécurité Sociale—CNSS) .................................................................................................... 15 3. Analysis ............................................................................................................................................................ 17 Strengths............................................................................................................................................................................................................ 17 A number of highly developed and extensible registers ................................................................................................................ 17 A number of important points of contact with the population ................................................................................................... 18 A well developed privacy and data protection legal framework.................................................................................................. 19 Weaknesses......................................................................................................................................................................................................20 Lack of digitization and complete decentralization of identity information: The civil register ......................................20 Proliferation of identity numbers ............................................................................................................................................................20 Strong online presence but non-transactional ..................................................................................................................................20 No authentication infrastructure .............................................................................................................................................................. 21 Vendor lock-in: Use of proprietary biometric template .................................................................................................................. 21 Biometric enrollment is not done according to best practice ..................................................................................................... 22 Absence of a national identity strategy ............................................................................................................................................... 22 Cost of main credential is relatively high ............................................................................................................................................. 22 4. Options for consideration .............................................................................................................................24 Establishing a national organization for identity management .................................................................................................. 24 Establishing a unique identity number (UIN) for individuals ....................................................................................................... 24 Securing the UIN with a PIN ..................................................................................................................................................................... 27 Conducting a legal and a privacy impact assessment ................................................................................................................... 28 Modernizing the civil register ................................................................................................................................................................... 28 Anchoring household registers on unified individual registers ...................................................................................................30 Creating a unique digital identity ............................................................................................................................................................ 31 Upgrading the CNIE enrollment process ............................................................................................................................................. 33  i Improving openness and interoperability of the CNIE ................................................................................................................... 33 Conducting a technical review of the identity assets ..................................................................................................................... 33 Annex 1: Color-coded matrix of practices........................................................................................................ 34 Annex 2: Methodology and raw data collected ...............................................................................................36 Annex 3: Population data by age group and gender ...................................................................................... 71 Tables and figures Table 1. Assessing Robustness of the CNIE Registered Identity.....................................................................................................7 Table 2. Performance of the Major Identity Programs...................................................................................................................... 17 Table 3. Comparing Coverage of Different Digital Identity Registers......................................................................................... 18 Table 4. Points of Contact with the Population................................................................................................................................... 18 Table 5. Examples of Identification Numbers Associated with Various Programs in Morocco......................................... 21 Table 6. Population Totals by Age Group and Gender in Morocco.............................................................................................. 71 Figure 1: Example of a Real CNIE Card, Front (top) and Back (bottom).....................................................................................5 Figure 2: The RAMED ID Card.................................................................................................................................................................... 14 Figure 3: CNSS Issued Identification Card............................................................................................................................................. 15 Figure 4: Identity Data Structure Model Which Integrates an Enrollment Reference Number along with Biographic Data as Attributes for Identity..................................................................................................................... 25 Figure 5: A Possible Mechanism for Generating a National Identity Index.............................................................................. 26 Figure 6: A Possible Structure for an Uncoded UIN Showing Control Digit(s) and PIN..................................................... 27 Figure 7: Creating a Searchable Digital Index for the Civil Register.......................................................................................... 29 Figure 8: Digital Assets Associated with an Identity........................................................................................................................ 32 ii ID4 D C o u nt ry D i ag no s t ic : Mo ro cco About ID4D The World Bank Group’s Identification for Development (ID4D) initiative uses global knowledge and expertise across sectors to help countries realize the transformational potential of digital identification systems to achieve the Sustainable Development Goals. It operates across the World Bank Group with global practices and units working on digital development, social protection, health, financial inclusion, governance, gender, and legal, among others. The mission of ID4D is to enable all people to access services and exercise their rights, by increasing the number of people who have an official form of identification. ID4D makes this happen through its three pillars of work: thought leadership and analytics to generate evidence and fill knowledge gaps; global platforms and convening to amplify good practices, collaborate, and raise awareness; and country and regional engagement to provide financial and technical assistance for the implementation of robust, inclusive, and responsible digital identification systems that are integrated with civil registration. The work of ID4D is made possible with support from World Bank Group, Bill & Melinda Gates Foundation, and Omidyar Network. To find out more about ID4D, visit worldbank.org/id4d. A bou t I D 4 D iii Acknowledgments This paper was prepared in July 2014 by Joseph J. Atick (Identity Counsel International, World Bank Consultant) and Robert Palacios as part of the Identification for Development (ID4D) initiative, the World Bank Group’s cross-departmental effort to support progress towards identification systems using 21st century solutions. This report benefited greatly from inputs by Diego Angel-Urdinola, Dorothée Chen, Ariel Pino, and reviews of World Bank Group staff including Fatima El Kadiri. iv ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Abbreviations AFIS Automatic Fingerprint Identification System AMO Assurance Maladie Obligatoire CEDI Centre d’Enregistrement des Données Identitaires CNDP Commission Nationale de Contrôle de la Protection des Données à Caractère Personnel CIN Carte d’Identité Nationale CNIE Carte Nationale d’Identité Electronique CNSS Caisse Nationale de Securité Sociale DAHIR Moroccan King’s decree Décret An executive order or decree issued by the head of the government in Morocco, the prime minister DGCL Direction Generale des Collectivités Locales DGSN Direction Generale de la Sureté Nationale DSIC Direction des Systèmes Informatiques et de la Communication au ministère de l’intérieur HCP Haut-Commissariat au Plan ID1 Common ID card size as codified by ISO 7810 (same size as bank cards) MAGG Ministère des Affaires Générales et de la Gouvernance MASSAR Système de gestion scolaire MENFP Ministère de l’Education nationale et de la formation professionnelle NIA National Identity Authority RAMED Régime d’Assistance medicale SPA Social Protection Assessment UIN Unique Identifying Number A bbr e v iat i ons v 1. Background This report presents the context and findings emerging from the application of the identity assessment tool, which was developed as part of the Social Protection Assessment (SPA) multiagency platform, including dedicated reference and technical working groups.1 In particular, the tool was applied to the case of Morocco where there have been major advances over the last decade in the country’s identification landscape. The report examines the key challenges in identification as described in the “What Matters” section of the assessment tool and attempts to highlight areas where further progress could be made (see summary box on What Matters in Identity below). It draws from field visits, interviews with practitioners and secondary material (see Annex 2 for methodology). While the identity ecosystem in the Kingdom of Morocco is highly developed with multiple identity programs operating for many years, recently there has been a recognition on the part of the Moroccan Government that this existing myriad of programs does not fully meet the identification needs of the country. This is partly because there is no single identity program that has 100% coverage of the entire population, or that can cover the population across all age groups. Government agencies continue to operate under different identity programs that are not harmonized. In addition, the information that accumulated over the years in the various identification databases has not been assessed for reliability and quality. As a result all programs that depend on identification of the individual or the household, including social protection programs, suffer from an increased administrative burden arising from the lack of a reliable unified registry. At a more granular level, it was recognized that this fragmentation in the identity landscape was the result of the absence of established mechanisms for linking the same identity across the different repositories. One such mechanism would be the implementation of a Unique Identifying Number (UIN) that would be attributed to each citizen and resident on the Kingdom’s territory. The UIN would be the tool to link the disparate databases and hence unify the interaction of the individual across multiple agencies, thus presenting a unique and coherent view of the individual to the public facing governmental agencies. The objective of having a robust UIN is to improve administrative efficiency and to eliminate leakages and losses due to identity fraud that invariably results when the multitude of identity programs in operation do not dispose of the means to cross-check and link identities. This is particularly true for social protection programs which need to go beyond the individual and establish unique households which can be targeted for social assistance. The UIN was also recognized as an important tool that would ease the Kingdom’s entry into the era of electronic service delivery, as one of the elements of a national electronic government strategy. While the desire for a unified register on the part of government agencies seems to be clear in Morocco, the path how to achieve it is not. That is why the World Bank, as part of a technical assistance mission, proposed the use of the SPA identification module to conduct an assessment of the identity landscape in Morocco. The objective of the assessment is then twofold: (i) to evaluate the strengths and weaknesses of the identity assets of the country, and (ii) identify those assets that could contribute to a national strategy for establishing the unified register and for improving the tools available for household identification for the delivery of social protection and other programs. 1 The Social Protection Assessment (SPA) is an interagency initiative to support countries in building social protection systems. SPA activities help develop common instruments to assessing systems, supporting their application, and fostering knowledge sharing. SPA serves as a platform for collaboration across partners to support a common vision and approach to social protection systems, applies a common set of core tools and metrics, and facilitates dialogue and cross-country learning. SPA was formerly known as SPARCS (Social Protection Assessment for Results and Country Systems). 1.  Bac kg rou nd 1 What matters in identity As discussed in detail in the What Matters section of the SPA identity evaluation tool, there are four elements that are critical for assessing the health of an identification system. These are: Accessibility Evaluates the extent of coverage of the ID of the entire population, how accessible it is to the individual, how costly and what barriers may be encountered by any individuals or groups. In this regard, the best ID system is one that is universally available to every individual at a negligible cost. Robustness Assesses how resilient the system is to fraud (uniqueness of identity), duplication of credentials and security breaches; and whether the ID is a system within a framework of trust to verify or authenticate identity once it is issued. Integration Assesses the interoperability of the identity across multiple applications and the extensiveness of the links between identity registers. Legal framework Evaluates how developed the country’s laws are regarding privacy, data protection and protection of individual rights. It also takes into account capacity of responsible organizations and compliance with pertinent international standards. In the evaluation, each factor is color-coded according to the criteria shown in the reference matrix in Annex 1. Finally, a word on terminology. Identity registers are often integrated into functional programs and as such, the databases of information contained in these programs go beyond just identifying information. The data often is captured over time as the individual continues to interact with the functions of the agency, and may include socioeconomic, scholastic, health and other private data. For our purposes when we use the term identity register, we refer to the portion of the database that contains information solely related to identification. This may be biographic information such as name, date of birth, address, family links, as well as biometric information including, but not limited to fingerprints and facial images. For additional background about best practices for identity systems, we refer the reader to the following two publications, both available at http://www.worldbank.org/en/topic/socialprotectionlabor/brief/ inter-agency-social-protection-assessment-tools: 1. “What Matters” section of the SPA identification module. 2. Digital Identity Toolkit: A guide for stakeholders in Africa, June 2014. World Bank publication. The report is organized as follows. Section 2 reviews the identity ecosystem in Morocco. The section discusses in detail five identification programs that seem to have complementary strengths and that can be considered as assets. These are the national identity (CNIE), the civil register, the children school register (MASSAR), the register of health assistance (RAMED), and the social security register (CNSS). 2 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Section 3, provides a global analysis of the data collected and highlights the findings within a holistic view. Section 4 presents some options that may be explored to improve the identification systems in the country. In Annex 1, the color coded performance matrix for the What Matters factors is given for reference. The methodology of the research is briefly presented in Annex 2 along with the raw data collected through the SPA ID Questionnaire tool, and in Annex 3 some population data from HCP that is used in this report is provided for convenience. It is important to emphasize that in developing options for consideration we worked within the constraint of leveraging existing assets and avoided strategies that would result in activities that overlap with what has been done in the past. This is particularly true for enrollment of the population, which is a costly process. This approach recognizes the need to leverage the existing enrollment databases and procedures. 1.  Bac kg rou nd 3 2.  The identity ecosystem in Morocco This Section examines the identity ecosystem in Morocco. It provides a rapid assessment of the principal identity programs in operation, which can be classified as foundational (general purpose identity programs) or functional systems (identity modules specific to a given application). Each register or identity system is assessed as a stand-alone system, leaving the discussion of coordination and harmonization for Section 3. Comparing the Two Types of Identity Systems Foundational Functional A general purpose identity platform, designed to A system that addresses the needs of a very support all identity use cases expected in a country specific application of identity (e.g., identification of for the foreseeable future. The system focuses on the vulnerable populations or healthcare recipients or school enrollment of the population under the framework of children). “enroll once and be identified for life.” The expectation Advantages: Easier to launch without major multi- is that, once identity becomes a supplied commodity, an stakeholder coordination, lower initial cost, faster entire ecosystem of applications, not imagined initially adoption. will emerge. Disadvantages: Difficult to evolve to multisector Advantages: True infrastructure for country, avoids foundational identity in the long run; prone to creating multiple registration & redundancy, supports many uses fragmented identity space with multiple overlapping and and provides economy of scale. incompatible systems, inconvenient for the public since Disadvantage: Requires multi-stakeholder coordination, they may be required to enroll multiple times in multiple sustained political will; slower to launch, could be more programs; more costly to add additional applications. costly initially. As mentioned previously, the identity ecosystem in the Kingdom of Morocco is highly developed with multiple identity programs or registers operating already for many years and serving different purposes. These programs were developed independently by different ministries without benefit of a national strategy for coordinated identity systems in the country. In many ways these systems necessarily overlap but more importantly, absent a national coordination strategy, they lead to significant gaps in the coverage of the population and hence are far from being universal, as will be seen in the discussion below. The choice of the registers included in this study was made based on their potential to participate in a national or universal identity register. As such, the study pays more attention to those with higher coverage, reliability and extensibility, as well as those with coverage of a unique segment of the population not covered by other programs (e.g., children). In other words, it privileges registers which could be used strategically, along with other registers, to create a harmonized and unified system for individual identity verification. These considerations are key since the ultimate aim of the study is to propose a roadmap for the development of a unified register for individuals or families covering the entire population. As we discuss in Section 3, while the initial objective of this study was to address the question of household registration, it is our informed opinion that household registers are best built by basing them on identity registers of unique individuals. Within this context, household registration becomes a dynamic association of unique, registered people, which can be easily formed, amended and dissolved over time as necessary given a unique identity at its foundation. Results presented here reflect the analysis of the raw data reproduced in Annex 2. In addition, throughout this report, the population data segmented by age group by HCP (Haut-Commissariat au Plan), the official organization tasked with socioeconomic reporting in the country, as reproduced in Annex 3, is used. This data is useful because many identity programs target specific age groups and hence, for assessing population coverage, it is important to know the a priori size of the targeted segment. 4 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco The national electronic identity (the CNIE System) The national identity program has existed in Morocco since the late 1970s. It was instituted under law 1-73-­560 of 1977, and it relied on an issued identity card called the CIN (Carte d’Identité Nationale) as well as an identity register. This initial system operated for more than 25 years until it was replaced by a more modern electronic identity system which involves enrollment with biometrics to ensure the uniqueness of enrolled individuals (using an Automatic Fingerprint Identification System (AFIS) for de-duplication) and it issues a smart ID card with state-of-the-art security features called the CNIE (Carte Nationale d’Identité Electronique)—see Figure 1 for an example of the current CNIE. The new national identity system with its identity card CNIE was instituted by law no. 35-06 as promulgated by a Dahir (Royal Decree No. 1-07-149 of Nov. 30, 2007) and an executive order (Prime Minister Decree No. 2-06-478 of Dec. 25, 2007). In this report the term CNIE is used interchangeably to refer to the identity program/register and to the smart card, unless the context is ambiguous. Implementation of the CNIE system is the responsibility of the DGSN (Direction Generale de La Sureté Nationale), a direction that enjoys a great level of autonomy within the structure of the Ministry of Interior. Figure 1: Example of a Real CNIE Card, Front (top) and Back (bottom) 2.  T he id e nt i ty ecosyste m i n M oroc c o 5 Implementation of the national electronic identity program including the back-end IT systems necessary to manage the enrolled identities and the issuance of cards began in 2008. Since then, the CNIE steadily replaced the CIN, with acceleration in enrollment and issuance of smart cards seen in recent years partly because the acceptance of the CIN as a valid form of identification expired in 2014. Today, there are 20M CNIE issued according to the information provided by the DGSN at the time of data collection. Given the size of the CNIE program database, the CNIE can be considered a key foundational identity program in the country. Accessibility The program covers the adult population starting from 18 years of age. It also includes a small population of children between the age of 12 to 18 who are required to enroll in order to receive the electronic passport. While the program to date has issued 20 million identity cards, which is impressive in itself, it is not universal, for the following reasons: 1. Children under the age of 18 are generally not covered. 2. Cost of enrollment for an adult is relatively expensive (75 Dirhams), which for poor families could discourage participation. 3. The number of unique identities registered in the database is less than 20 M because some of these cards have been issued as replacements for lost or stolen cards or as a result of change of address and name. The precise number of unique identities was not communicated to us during our inquiry but we estimate it to be between 17–20 million. 4. There are currently about 100 enrollment centers around the country known as the CEDI (Centre d’Enregistrement des Données Identitaires), and another 20 are in the original plan for a total of 120 to cover the entire area of about 446,550 sq. km., or at a density of one center per 4465 sq. km. This means that individuals in certain remote and inaccessible areas would have to travel significant distances to enroll. Mobile enrollment brigades were deployed in the past to alleviate this issue, but this was done on an ad-hoc basis and not as part of a policy for systematic enrollment of individuals in remote areas. As a result the participation of those segments of the population continues to be a challenge. Another way to look at this is to note that each center serves on average 330,000 people, an enormous number.2 Apart from the cost and the lack of sufficient enrollment coverage, which could discourage the poor and those in remote rural areas from seeking a CNIE, there is no evidence that there are barriers to any specific minority groups. The coverage of the CNIE is about 60% of the total population (assuming a population of about 33.3 M in 2014 according to HCP census projections), however the coverage within the intended sector of the population, namely the adult group above the age of 18, could be as high as 75–80% (assuming the number of duplicates is 2–3 million in total, and using 22.8 M as the total potential adult population above 18 years of age according to HCP statistics reproduced in Annex 3.) Robustness To assess the robustness of the CNIE program we examined the enrollment process, the identity validation process, the security of the credential issued and the authentication process, which are the sub-dimensions recognized by the SPA as a prerequisite for a robust identity system. The assessment is shown in Table 1. 2 Compare this to the corresponding number for the civil registration bureaus, where on average one bureau serves about 15,000. 6 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Table 1. Assessing Robustness of the CNIE Registered Identity Process Performance Enrollment process Robust. In person application at the CEDI centers. Applicants provide fingerprints and bring documentary evidence, which is examined by the enrollment agent. Validation process Robust. Uses state-of-the-art AFIS technology to de-duplicate enrollment and ensure that a person cannot enroll under multiple identities. Requires birth evidence as documented by a copy of the birth registration act, or an extract thereof or a family booklet. The AFIS will be upgraded in the near future to include face recognition matching, which will enhance the robustness and add more flexibility by allowing de-duplication of enrollees who today cannot provide good quality fingerprints (amputees, manual laborers, etc.). Credential and data security Robust. State of the art identity card which contains a myriad of physical security features but more importantly (when activated down the line) it is based on an electronic credential carried in the contactless smart chip. This credential is cryptographically signed by the issuing agency, hence the authenticity of the card could be established with a very high degree of confidence. Repositories of identity data are stored and protected subject to internationally recognized best practices for IT security. Authentication Non-robust. Authentication that the card belongs to its holder is done manually, hence a person who resembles the photo on the card could in principle pass as the legitimate holder of the card, since no strong authentication mechanism is in place and no cross-checking of the CNIE identity database is done (except for the ePassport, see below). Thus the CNIE is currently used as a flash badge and does not participate in identity verification of any transaction, online or at points of service. Integration The CNIE enjoys a unique position in the country. It essentially replaces four documents: 1. Birth certificate 2. Certificate of residence 3. Proof of life 4. Certification of nationality The CNIE is used and requested in almost every aspect of transactional life in Morocco, from opening a bank account to obtaining a passport to getting a driver’s license. The list includes every application process that requires identification. As such the CNIE has achieved significant integration. Unfortunately, with the exception of the integration with the passport issuance process, the link to other programs is not electronic. It is made simply by requesting that the individual present a copy of their CNIE card, which is kept in the enrollment files for the functional identity programs that rely on the CNIE. These include the identity programs associated with RAMED, MASSAR, the CNSS, and just about all other programs governmental and private (banking and enterprise ID). Manual verification of identity without access to the identity register database through electronic means has significant limitations. First of all it diminishes robustness since it is susceptible to fraud, as discussed above. Second it continues to perpetrate the development of independent databases where each identity is not linked and which could promote the emergence of variability in the way an individual may appear in entries across different databases (slight variations in name, spellings, address, etc.). In the long run lack of electronic integration contributes to loss of coherence of identity in the identity ecosystem of the country. 2.  T he id e nt i ty ecosyste m i n M oroc c o 7 Legal framework The Kingdom of Morocco has an overarching legal framework related to privacy and data protection (see Section 3 for a more detailed discussion). This is commendable and puts all identity related activities of the country in a point of distinction. However, we have been unable to ascertain from our interviews with officials if the DGSN is bound by this legal framework, since there is an ambiguous provision in the law which provides a national security exemption (recall that DGSN is the body in charge of National Security in the country). Since the legal framework covers all programs, we will not repeat the discussion for each of the other identity programs that follow, instead we defer the reader to Section 3, where a more detailed analysis of the legal framework that governs privacy and data protection in Morocco is presented. The ePassport in Morocco The electronic passport represents a case study of a successful integration between a functional program (passports) and a foundational program (CNIE). Applicants for the electronic passport are required to supply their CNIE number along with their full name and date of birth. That information is electronically checked against the database of the CNIE (see schematic below). If the match is exact, then the CNIE provides the passport office with the fingerprints which are subsequently securely uploaded onto the smart chip of the electronic passport. If there is a discrepancy, the application is rejected. And if it happens that the discrepancy is due to an honest mistake, the applicant is requested to petition the CNIE in order to correct the information present in their database first. But in all cases, it is the information present in the latter that is used. As a consequence, the database for the ePassports is 100% harmonized with the CNIE identity database. This is an example of an electronic identity service that is offered by a foundational program. Relying on this identity verification service, the bureau issuing ePassports has issued more than 4 million passports since 2009. Validation ? BD CNIE Passport Name Bureau DOB No CNIE The civil register Civil registration in Morocco is managed by the DGCL (Direction Generale des Collectivités Locales), a directorate within the Ministry of Interior. The office of civil registration lies within the DGCL hierarchy. It consists of a small team of central staff charged with the coordination of the activities of a large and distributed number of local community offices of the DGCL to affect and validate birth and death registration. The system is highly decentralized with approximately 2200 offices distributed throughout the country.3 3 Collectivités Locales en Chiffres, 2011 and 2009 both available online from http://www.pncl.gov.ma/fr/Publication/Statistique/ Documents. 8 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco The civil registry bureaus break down into three categories: 1. Principal offices attached to the local government offices of the commune (there are 1503, of which 1282 are considered rural and 221 urban); 2. Subsidiary offices or annexes in areas where the principal offices are insufficient to cover the demand (there are approximately 700); and 3. Overseas, the civil registration office is attached to each Moroccan consular mission or diplomatic post (there are 69 around the world). The responsibility to equip these centers lies in the hands of the municipal councils of the communities that use their budgets with discretion to decide on their priorities. Some registry offices are modern and have infrastructure, others continue to be somewhat basic in terms of technology and infrastructure and capacity. While no official statistics are available, it is believed that the majority of the 2200 civil registry offices do not possess connected computer systems. They do however each possess paper registers, one for births and one for deaths. The register itself is a ledger (or a bound book) with serially numbered pages, unique to the office and to the year of entry. The pages are numbered, controlled and verified by a public prosecutor (so called Royal Prosecutor or Procureur du Roi) operating in the local first instance court (divisional court) with jurisdiction over the administrative district. Empty certified ledgers are received at the end of each year for use in the upcoming year. Two identical copies of the birth and death registers are produced. Registration in both cases is made by hand and the entries are considered a permanent record from then on, and they cannot be modified or corrected without a court order. Each registration has a separate number which codes for the office, the register volume and a sequential number tied to the page. Each civil registration is an act. At the end of the year, both copies of the register are closed with a seal and signature of the civil registration officer4 on the first unused page—preventing the use of the remaining pages past the end signed page. One copy is kept in the local office for operational use (to respond to citizen demands for copies of their act) and the other is sent to the local competent public prosecutor for procedural audit, control and verification of the entries. No central repository exists which would contain the birth records for the whole country in one location. As for marriage and divorce, those are documented as handwritten notes in the margins of the act pertaining to the husband and wife upon receipt of marriage or divorce certificates (which is court issued). The current law which applies to birth registration is referred to as law no. 37.99 (effective as of 2003 and applies only to a paper-based register) which mandates birth and death registration for everyone on the Moroccan territory (including foreigners) and defines the processes that have to be followed to perform them including the chain of responsibility for declaration of these events. The law requires that births and deaths be registered within 30  days of the event. Beyond 30 days it provides for a penalty and requires a court attestation or judgment before the event can be registered officially. For example, adults that have not been registered at birth can do so following a procedure which includes going to court, declaring under oath their date and location of birth and a judge issues a declaratory judgment that can then be used by the civil register officer to insert the adult into the civil register records. This act will be inserted into the current volume and not in the volume for the year of birth (since that volume is sealed for additions at the end of each year). It is important to note that there is no secure birth certificate document in Morocco as may be found in many other countries (although there is a family booklet with the head of household). When a citizen is required to prove their birth, the easiest thing is for them to go to the district office of their birth to obtain a copy of their registration act of birth.5 The document is certified as a true copy and can either be a full 4 The president of the local council or his/her depute or designee is recognized by law as the officer of the civil registration authority in the commune. Overseas, it is the consul or his designee that plays that role. 5 There are other alternative procedures that rely on the use of the family booklet or expired copies of birth registration which can allow someone to get an official testament of birth from any office of the civil registration and not necessarily where they were originally registered, but the process is a little more complex and takes longer. 2.  T he id e nt i ty ecosyste m i n M oroc c o 9 copy of the two pages in the register or an extract, which summarizes the basic information pertaining to that birth. The certified copy is valid for up to 3 months only. This paper is typically retained by the agency requiring the proof of birth and is not returned to the citizen. Thus each time a proof of birth is required, a recent certified copy needs to be obtained. Typically, the copy takes one day to obtain and costs 2 Dirhams in stamps (about 25 cents).6 Since 2012, the government has begun operating an electronic service (https://www.watiqa.ma/) for enabling the citizens to order copies of their birth registrations online. This is a great facilitator but unfortunately not for individuals asking for the first time since it requires that the individual supply the registration act number and the year of the registration in addition to the office where the registration was affected. Assuming those are known the individual can order any number of copies. The service costs 20 Dirhams and the document is delivered via courier post to the title holder who is required to show some proof of identification upon receipt. Accessibility The civil registry in Morocco has been effective in ensuring a high level of registration of births. This may be due to a high degree of awareness about the need for registration, which is considered a first step in the admission to a structured society and hence a prerequisite for any interaction between the citizen and the state. Last official published statistics on birth and death are from 2001,7 where birth registration coverage was stated at 86.5% while death registration at 56.5%. In the intervening years, it is believed that considerable progress has been made and that percentages today are higher. In the course of our inquiry, officials from the civil registry stated they believed that today 95% of those born in Morocco exist in some local volume and that furthermore the registration of new births is above 95%. According to official statistics this represents about 660,000 birth registrations annually. As for death registration it was stated that it stands at 60% and represents more than 200,000 deaths per year. It is important to emphasize that only aggregate statistics about registrations are communicated by each office to the central civil registry bureau. The detailed information remains in a collection of a large and growing number of physical volumes in the 2200 offices.8 As such civil registry in Morocco remains as a collection of stand-alone registers and does not easily provide holistic coverage. Regardless what the precise percentage of coverage for births is (which we believe to be in the 90s percentile today) the fact that the civil registration has such a high number of offices, which translate to one office in the service of 15,000 people on average, means that the system provides excellent access to the population. Registrations that are done within the 30 day period permitted by law are free. Furthermore, there is no evidence that there are barriers to civil registration for any specific minority groups. Finally the civil registration law provides for mechanisms of inclusion of the adult population that was not registered before through the declarative judgment mechanisms. All of these factors taken into account contribute to giving the civil registration a high inclusion or accessibility score, making it almost universal for birth registration even though in its current form it is unable to provide a centralized holistic view of the registrations contained within. As for death registration the process still has room for improvement primarily because the rate of death declarations continues to be low. 6 We were unable to ascertain if fraud in issuance of this copy or the extract of the birth registration act is an issue. We were led to believe however that the issuance of a copy of the act itself is robust to fraud since it involves copying a historical act and not the issuance of a new document. 7 See Collectivités Locales en Chiffres, 2009 both available online from http://www.pncl.gov.ma/fr/Publication/Statistique/ Documents. 8  In 1995 a study by the United Nations Economic and Social Council showed that the DGCL was distributing about 25,000 volumes each year for use by the local bureaus of civil registration for both birth and death. This means that today there may be hundreds of thousands of volumes of civil registration covering the historical records for the last 30 years or so. This report can be retrieved from http://unstats.un.org/unsd/vitalstatkb/Attachment245.aspx 10 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Robustness As for robustness, the analysis is multidimensional. On the positive side we found that the register relies on mature administrative procedures and controls that make it difficult to fabricate a new fraudulent entry into the record. These include controlling the sequentially numbered pages in each register delivered to the civil registration offices by the local public prosecutor, and performing the registration in permanent ink on heavy stock paper that are bound in an integral volume. No alternations are allowed without a documented court order. On the negative side we note that the administrative processes for enrollment into identity programs that rely on the birth register require the citizen to procure a certified copy of his or her birth registration act or an extract thereof, without allowing the requesting agency direct electronic access for verification. This creates opportunities for fraud at that level, where a copy could be faked or duplicated. This puts the robustness of the register into question. This issue could be even more significant with the introduction of the online service for requesting copies of the birth registration via https://www.watiqa.ma. While this service is great for facilitation, it raises some security concerns. Simply said, the authentication standard is not strong enough to ensure the copies are delivered to the rightful owner. The process ultimately entrusts postal employees with affecting identity verification before delivery of the document, a function they are not necessarily qualified to do and which could be susceptible to corruption. Integration The birth registration act or its summary has been a prerequisite for enrollment in many other identity programs. The most important among those is the CNIE, which considers birth registration as an absolute prerequisite. The dependency of other programs on the birth register has diminished somewhat with the introduction of CNIE since it is supposed to act in lieu of a birth registration copy as discussed above. Nevertheless, there are still many programs which rely on the birth registration along with the CNIE. Lack of a consolidated data base of the civil register and electronic access to verify identity not only diminishes the robustness of the civil register but diminishes its integration potential as well. A national register of children (MASSAR) MASSAR is an example of a recent development in information systems related to identity in Morocco. It is a completely electronic system for management of all aspects of the scholastic life of children and includes one important module related to the register of student identities, which takes place in a centralized and cumulative identity database. The significance of MASSAR identity module derives from the following facts: 1. It is the only identification database in the country that systematically covers a segment unserved by any other program, namely the segment between the ages of 6–18 years; 2. It is supported by modern information systems with a central database and distributed secure access from 10,000 locations around the country; 3. The administrative enrollment procedures, with emphasis on first-hand knowledge of the student, ensure the uniqueness of each entry into the student register; 4. Currently contains 6,512,192 registered and unique students; and 5. Database growing at the rate of 10% per year. The system was developed by the Ministry of National Education and Training (Ministère d’Education nationale et de la formation professionelle—MENFP) and was under development for two and half years 2.  T he id e nt i ty ecosyste m i n M oroc c o 11 before it was officially launched at the end of 2013. While an identity card is not issued, a unique number is generated and issued for each student which remains the same for the entire duration of their scholastic life. In addition to the state of the art identity system within MASSAR, there is another older identity register that has been used within the conditional cash transfer program, Tayssir. This program was put in place to incentivize disadvantaged families to send their children (between ages of 6–15) to school by giving them a monthly cash transfer (via the post) for every child that attends school up to a maximum of three children per family. It is based on geographic targeting and relies on building the register of eligible families and hence a register of identities. Today the register contains 475,000 families and benefits about 825,000 students, 37% of which have been classified as reinsertions (reintroducing a child who had dropped out back into the school). The Tayssir identity register constitutes only about 6% of households in Morocco and the information that it contains in its database does not necessarily have the quality and accuracy needed for a reliable identity system. In fact, the MENFP has plans to evolve the program under what they call Tayssir II, which will make the identification module of MASSAR available to support the register required for Tayssir. For our purposes we see MASSAR as providing a more fundamental identity register and hence we focused on assessing it instead of Tayssir, consistent with the strategic direction of the MENFP. Accessibility MASSAR’s identification module has 100% coverage of school children that are registered in any of the more than 10,000 national educational establishments in the country. Today the register contains more than 6.5 M unique identities within the age group of 6–18. This translates to about 94% of the population of that age segment, using 6.9 M as the total number of children in Morocco between 6–18 years of age (see Annex 2). In fact the coverage may be even better than that for children in primary schools. According to World Bank analysis the Net Enrollment Ratio (NER) for Morocco is 98% for primary schools which means the MASSAR register, which covers 100% of registered school children, has a 98% coverage for children in the primary school age range (6–10). The significance of MASSAR derives not just from its nearly universal coverage but also from the fact that it covers a population segment unserved by any other program. It is also a system that continues to register new entrants at the rate of 600 K per year while retaining its cumulative database including those that have graduated and are older than 18. Thus each year MASSAR’s age coverage will extend by one additional year. This means in 10 years the MASSAR database will be more than 12 Million and will cover individuals between the ages of 6–28 years. Robustness While the identity module was initially developed as a functional identity program to serve the needs of the MENFP, it seems to have the necessary ingredients of a potential foundational identity program that could serve other needs. In addition, the administrative processes of vetting the students at each of the 10,000 learning establishments in the country, give the system a certain robustness that assures the uniqueness of each record in the database without recourse to biometrics. These administrative processes rely on the intimate knowledge of the children that is derived from their contact with their teachers and principals and that is documented in their scholastic histories which provide some sort of identity profiles. This is a form of Know Your Customer (KYC) or Know Your Student, which is relied upon as an input for entity resolution (or identity resolution) text matching engines to ensure that the child is unique and is not mixed with another, intentionally or unintentionally. Integration Today the identity module of MASSAR is completely online and can be accessed by other services that need it for verification of identity. That has not happened thus far. Access to this system continues to be 12 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco limited to the organizations belonging to MENFP. However, in principle, the system is ready to be integrated into any other national program that needs to rely on its identity data. As for the legal framework, the same comments that we have made about the civil register apply here. The overarching privacy protection framework discussed in detail in the next section is applicable here. RAMED (Régime d’Assistance Medicale) Medical coverage has been recognized as one of the pillars of socioeconomic development by the Government of Morocco. For this purpose, two regimes of basic medical coverage were created in the last ten years. These are the Basic Mandatory Health Insurance (Assurance Maladie Obligatoire) or AMO for formal employees created in 2005 and the non-contributive Medical Assistance Program (RAMED) created in 2011. Both are managed by a governmental agency called ANAM (Agence nationale de l’assurance maladie). The first is a standard medical insurance program for the benefit of individuals gainfully employed in the formal sector, pensioners, members of the armed forces and students. RAMED is a non-contributive health insurance scheme that targets the poor and vulnerable population. It is designed to enable economically disadvantaged groups to benefit from basic medical coverage including free health care and medical services in public hospitals, health centers, clinics—including emergency services and hospitalization. The introduction of RAMED required the development of mechanisms for identifying and selecting eligible beneficiaries in order to ensure that the system reaches most-needy households. This has resulted in the RAMED database which contains identification information as well as data on socioeconomic conditions of the households. Data are collected via a form completed by the head of each household, which provides declarative information about the household composition, number of dependents, assets, and household income. This information is used by a dedicated commission in each local administrative district that is in charge to determining the eligibility of applicants according to a calculated socioeconomic score that takes into account urban versus rural contexts and categorizes eligible applicants into poor and vulnerable according to a predefined formula. Eligible households benefit for a period of three years, after which a new application needs to be submitted for reconsideration. While the medical benefits are free of charge, there is an annual contribution for active participation in the program. The annual subscription amounts to 120 MAD (Moroccan Dirham) per individual per year (with a cap of 600 MAD per household) for those categorized as vulnerable and 40 MAD per year per individual for those categorized poor. The annual contribution for the poor is paid for by the local municipality on their behalf. Eligible beneficiaries are issued a RAMED identification card. The card is valid for three years for the households categorized as poor. Households categorized as vulnerable get the card for one year (and can renew it for 2 additional years after it expires) upon payment of their annual contribution. The card is a low- end ID1 card with a mag stripe and has the photos of the head of household and the spouse along with basic identification information including their personal RAMED numbers and the numbers of their CNIE (see Figure 2). The card also lists on its back the dependents that are covered under the head of the household. As of Feb. 2014, 2.7 million RAMED cards have been issued covering a total of more than 7.1 million individuals. The program has been enrolling at the rate of 260,000 individuals and has a budgetary limit of 8 million active participants, which will be reached within the coming year. At the administrative and technical levels, the RAMED is managed through a collaboration between the ANAM and the Ministry of Interior. The latter manages the identity module of RAMED at the level of enrollment, data scoring and retention and sends ANAM the list of vetted beneficiaries for production and issuance of the RAMED card. While the RAMED relies on the CNIE, in the sense that possession of the CNIE is a requirement for participating in RAMED, and the CNIE number of the head of household and his spouse is printed on the RAMED card, the identity register for RAMED is separate from that of the CNIE. Furthermore, the group that manages the RAMED identity register at the Ministry of Interior is not related to the DGSN. 2.  T he id e nt i ty ecosyste m i n M oroc c o 13 Figure 2: The RAMED ID Card Source: www.ramed.ma Accessibility The RAMED is of great interest since it has a functional identity module which builds an identification system for households out of individual identity. This is unlike all the other registers discussed earlier, which focus on individual identity instead of household. The RAMED identity module relies during the enrollment on the CNIE as a prerequisite foundational identity before admitting someone into the program. Without a copy of the CNIE the application for eligibility for RAMED would not be even considered. This means the inclusiveness within the targeted population for RAMED is encumbered by the same inclusiveness limitations of the CNIE. This may be a concern since the CNIE does not provide total coverage of the population at the moment and is likely to exclude the poorest segments of the population, those that RAMED aims to reach. Of course the RAMED uses other targeting criteria which could limit its inclusiveness but those are not related to the intrinsic properties of the identity module. So as a baseline, RAMED ID has the same inclusiveness challenges as the CNIE. Robustness As for robustness, no cross-checking of identify information with other foundational registries is conducted. At the time of enrollment, only a copy of the CNIE needs to be attached to the application for the head of household and the spouse. In addition at the time of service there is no infrastructure for authentication to ensure that the individual receiving medical benefits is the one eligible per the RAMED identity card. 14 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco This vulnerability to abuse is particularly clear for dependents listed on the card, since there is no way to verify their identity at the time of receipt of medical service. Furthermore the RAMED card does not have significant physical or logical security features, hence it could be easily faked and counterfeited. It is not clear how much fraud actually exists in this program but in principle there are no significant mechanisms for protection against it. Integration As for integration the RAMED is a stand-alone system. While it relies on the CNIE it does that through using a copy of the identity card and not through a secure electronic link between the databases. At the moment there is no cross-checking with the databases of social security at the CNSS, or the database of the identity databases for the AMO as operated by the CNOPS (although studies on the effectiveness of such a link are planned for 2015). Social Security (Caisse Nationale de Sécurité Sociale—CNSS) The CNSS has yet another register of identities of individuals as well as their families, built upon employers that declare their employees and submit them for registration in the social security scheme. In 2013 there were 165,500 employers participating in the scheme, with 2.9 million declared and active employees, Figure 3: CNSS Issued Identification Card 2.  T he id e nt i ty ecosyste m i n M oroc c o 15 which has been growing at the rate of 7% annually. The database is even larger in size since there are spouses and children registered as well. The population of spouses adds another 1.5 million to the roster and the children add about 6  M (although there are significant duplication coming from children who may have graduated and joined the ranks of employees). The situation with the CNSS database illustrates the need for a unified register that can resolve the individual registered and track the identity as it goes through changes in status. Although this issue at the CNSS seems to be one of administrative efficiency and procedural simplicity more than one of fraud. The enrollment procedure for the CNSS does highlight the administrative complexity that results from the lack of unified identity register. The request for registration is done by the employer on behalf of the employees and their family members and consists of the submission of copies of supporting documents including the extract of the birth register, certificate of residence and certificate of life, as well as copies of the CNIE (all of which could have been avoided if the country had a unique identity number for each individual). The CNIE number is used to ensure that the individual is only enrolled once and is issued a single unique number by the CNSS for life. That means as individuals change employers or they leave and reenter the workforce, they are not assigned a new number. Accessibility As an identity system, the inclusiveness or the accessibility of the CNSS register is somewhat limited if measured by coverage of the entire population. The register is focused on formal wage earners, which are estimated to be at 3.5 M in total by HCP’s 2013 analysis. Within that sector of the population the register contains the identity of about 3 M wage earners, which amounts to 85% of the total potential of that segment. Robustness The enrollment procedures lead us to believe that the identity information about the active participants is reliable and robust (the same may not be said about other types of information, such as wages, which may be underreported or inaccurately reported). The robustness of the identity data comes from several factors. First the set of documentation required to enroll is extensive and includes the CNIE. Second the application is done via the employer who has in effect to vouch for knowing the individual, acting as a witness. On the other hand the declarative information about spouses and children may lack the same rigor and reliability. Integration As for integration, the system continues to have no active links with other programs in the country. It does depend on the national identity card and it does reserve updates from time to time on lists of deceased individuals from the civil register, but in neither case does it have live electronic access. In addition, as far as we were able to ascertain the CNSS database is not used by any other program. As for the legal framework, they operate under a data protection charter in addition to the omnibus law 09-08 covering all programs. 16 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco 3. Analysis This section elaborates on the strengths and weaknesses of the identity ecosystem in Morocco that were identified through the data collected in the preceding section. This discussion will set the stage for the options that will be presented in Section 4 on how the strengths and assets uncovered could be leveraged to better meet the current and future identification needs in the country. Strengths A number of highly developed and extensible registers The country has today a number of identity programs that, with proper harmonization, could provide significant coverage of the population. Table 2 displays the performance of each identity system discussed in Section 2 using the color-coded system of the SPA Identification Assessment Tool (see Annex 1). The color-coded scores are the results of a thorough analysis of the data collected for each identity system presented in the previous section. The analysis conducted indicates that systems display good robustness across the board. This positive feature is achieved through the use of biometrics (as is the case in CNIE) or from the use of active administrative procedures (such as those seen in MASSAR) to ensure the uniqueness of each identity registered and to combat against identity fraud in the enrollment process. The CNIE is the only register in the country that uses biometrics, hence providing the highest degree of robustness of all registers assessed. However, robustness could improve further if clear and reliable identity authentication protocols were developed. For the most part identity is verified by manually inspecting ID cards and not through more reliable processes, such as checking the identity register or by matching the biometric information of the individual against what is stored on the card (as is the case for the CNIE). It is interesting to note that the current systems in place are not very inclusive, but could become so if one undertakes their integration since many of the programs are almost entirely nonoverlapping in their coverage. For example there is very little overlap between MASSAR and CNIE. Hypothetically speaking, combining these two registers would result in a database of about 23.5–26.5 M unique identities which translates to 70%–80% coverage of the population, which is a great foundation to build on for a unified register of the population. We see MASSAR (along with a digital civil registry for the newly born) as an important ingredient in that unified strategy (see next sections) since it is the only identity register that exists covering children. Over time it will cover an ever broader age segment as it retains the records of the students past their graduation and hence could be leveraged for young adults as well in due time. Table 2. Performance of the Major Identity Programs Dimension CNIE Civil Reg MASSAR RAMED CNSS Accessibility Robustness Integration Legal framework 3 .   A n alys i s 17 Table 3. Comparing Coverage of Different Digital Identity Registers In Percentage Program No. of Identities Registered Population Covered of Segment CNIE 17–20 M 75–85% Mostly adults over 18 years of age (estimated) MASSAR 6.5 M 98% Children between 6–18 RAMED 7.1 M — Poor and vulnerable CNSS 3.0 M 85% Wage earners (total potential 3.5 M) Source: SPA analysis. The analysis indicates that the area of integration is a major challenge. Broadly speaking, the identity ecosystem is highly fragmented with a large number of programs operating in silos without any mechanism of integration between them (with the exception of existing interinstitutional coordination for issuing the national passport, see below). Table 3 gives a summary of the identity registers that exists in the country in digital format along with the approximate number of records they contain in their databases. A number of important points of contact with the population One of the challenges faced by identity registers is their dynamic nature, whereby they are constantly updated with new and revised information (as new individuals take part of the register and/or as they update their information/status). An identity register is not just about recording the identity at a given moment in time. It has to able to keep up with many changes in the condition and status of individuals. Our analysis indicates that Morocco disposes of significant number of points of contact with the population (see Table 4), which facilitates the interactions between the available register and the population and gives individuals more opportunities to enroll in the systems and to update their information. The availability of these points of contact, however, is not enough. Agencies need to dispose of a coherent mechanism for linking the identity data with different agencies and attributing them to a unique identity. Such mechanism remains lacking in Morocco. Table 4. Points of Contact with the Population Point of Contact Number CEDI 120 Civil register offices 2200 in country; 69 consular posts Schools 10,000 Employers 165,500 registered businesses with CNSS 18 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco A well developed privacy and data protection legal framework Identity programs, in their very nature, accumulate and aggregate data that is considered private and of sensitive nature. As a consequence they raise significant concerns related to data protection and the respect of individual privacy rights. There is a heightened sensitivity about this issue in Morocco, where the legislator has proactively worked to establish the legal framework for privacy protection already. Today this legal framework is derived from three bodies of law: 1. Law 09-08 as promulgated by Dahir No. 1-09-15 of 2009 and the Executive Order (décret) 2-09-165 of 2009; 2. Article 24 of the Moroccan Constitution of 2011; and 3. Preamble to the Constitution. The legislation 09-08 is an omnibus data protection law that covers all data that can be considered personal or private irrespective of what application it is being used for. The law explicitly incorporates the following internationally recognized principles for protection of personally identifying information (PII): ƒƒ National privacy commission: The law establishes a privacy commission reporting to the office of the Prime Minister called the CNDP (Commission National de Contrôle de la Protection des Données à Caractère Personnel). ƒƒ Collection limitation: The PII should be obtained by lawful, fair and transparent means with the knowledge and consent of the individual. ƒƒ Purpose and notification: The purpose for collecting PII should be clear, precise and limited and should be communicated to the individual from whom such data is being collected and to the CNDP when such data is being processed or handled. ƒƒ Proportionality: The collected data should be necessary, proportional and not excessive relative to the purposes for which they are being used. ƒƒ Data quality: The data collected should be accurate, reliable, and complete and kept up to date. ƒƒ Duration limitation: PII must be kept for a limited period not exceeding the time required to fulfill the purpose of the processing for which they were collected. ƒƒ Respect of individual rights: Organizations that handle PII have the responsibility to respect individual rights (including right for access, review, correction, inquiry about source and protest) and the obligation to put in place all measures necessary to enable the individual to assert these rights. ƒƒ Security and confidentiality: PII should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data. The law also explicitly specifies the scope of authority and mission of the CNDP as follows: 1. Awareness: Informing and educating the public about their privacy rights and reminding those who handle PII of their obligations and responsibilities in conformance with the law. 2. Advice and guidance: Providing opinion and advice to the government, to the parliament and to competent authorities relative to any projects or legal propositions that could impact privacy. 3. Protection: Ultimately it is the CNDP that is tasked with protecting the privacy rights collectively, by ensuring that no applications that violate privacy are launched and, individually, by representing individuals in their redress, protest or complaints. 4. Monitoring and investigation: To ensure ongoing compliance with the law. 5. Legal and technological watch: The CNDP monitors, investigates and analyzes the trends and technological, legal and societal changes that may impact privacy and data protection. 3 .   A n alys i s 19 While the body of existing law pertaining to this issue is impressive and more advanced than what is found in many developing countries today, its implementation is still in its early stage and the country lacks experience in detection, enforcement and assessment of penalties. In fact the CNDP is a small body that lacks the resources necessary to bring actions against violators. In addition, the privacy law 09-08 has a broad exception for national security. This exception could be exploited, absent a clear definition of what constitutes an exempt national security matter. Finally, to date there has yet to be a formal privacy impact assessment related to any of the identity programs in the country. Overall we see the current legal framework as a foundational asset which imposes certain constraints but not barriers to a unified identity regime in Morocco. It creates guidelines for responsible handling of citizen data in a way that protects the privacy of the individual. Weaknesses Lack of digitization and complete decentralization of identity information: The civil register The civil register in Morocco is robust and is highly inclusive but lacks integration and hence cannot in its present form play an important foundational role in the identity landscape in the country. The register contains in its totality an estimated 45 M records, all distributed in thousands of ledgers scattered in thousands of locations around the country.9 This is very valuable information that needs to be captured in a consolidated digital form that could be accessed by other applications to vet identity and to connect it to its origin, but it could be very costly if not done right (see next section for options to consider). Proliferation of identity numbers The state of fragmentation of the identity ecosystem in Morocco is reflected in the proliferation of identification numbers that exist in the country. Each program has resorted to creating its own number. None of these numbers are interoperable or even follow the same logic or standards. For the most part there is no link between them. This has a significant administrative impact both from a cost and complexity perspective and puts unnecessary burden on the individual to repeatedly prove his or her identity in order to assert his rights and privileges. In Table 5 we give a summary of some of the more prominent identification numbers utilized in the country and their structure. This state of affairs calls for the creation of a UIN, a unique identifying number that could link all of these disparate numbers and registers. Strong online presence but non-transactional The country seems to have embraced the web as a mechanism of informing the public and providing forms for needed services. This extends to the identity domain, where each agency now operates a web portal to provide the public with what they need to know in order to apply, qualify and enroll in an identity-based 9 To appreciate the challenge we note the following back of envelope calculation. According to a 1995 report by the United Nations (cited earlier), the DGCL was distributing 25,000 bound registers per year for both birth and death which are supposed to be done in duplicates, which implies that the country was consuming 12,500 registers per year. We estimated it breaks down to 75% of these for birth and 25% for death registration (consistent with the coverage); this means the country consumes approximately 10,000 birth registers per year. Thus over the last 50 years we would expect to find about 500,000 birth registers scattered around the 2200 civil register offices. This is a very rough estimate since it does not take into account year to year variations, but as an order of magnitude it is good enough to illustrate the challenge faced by any attempt to modernize the civil register. 20 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Table 5. Examples of Identification Numbers Associated with Various Programs in Morocco Number Structure of Digits Notes CNIE 2 (region) + 6 (sequential) + 2 (control) National Identity Number, more than 20 million issued to date. Stored in a database and bound to identity data. Civil register The year + Regional office code + Not electronic and hence not stored in a database. Page number (digits vary) It is noted in other databases for verification and disambiguation purposes but there is no evidence it is used to retrieve a record. 45 M to date are known to exist. ePassport 2 (issuance location) + 7 (serial number of 4 million numbers issued to date (over the last document) 5 years). MASSAR 2 (region) + 2 (year of creation) + 7 (serial) 6.5 M (May 2014). RAMED 14 digit each for husband and wife Number codes location, gender, year of birth, plus control key. CNSS 9 digits Begins with 1 and has control digit at end. In addition to the above there are the Driver’s License number, Pensioners ID number, etc. program. While the use of the web proliferates, it is limited to non-transactional interactions. Today a limited number of transactions can be conducted by an individual with an enrolled identity electronically via the web. Unless this deficiency is addressed, the country’s attempts to reap the benefits of electronic government will be severely limited and restricted to one-way interaction, whereby agencies provide information and forms to be printed and filled by applicants demanding service for the most part. In order to enable electronic interaction between the citizen and the government, and conduct proper transactions online, a true digital identity platform (for example supporting all requirements of eID) needs to be established in the country which uses security mechanisms to create a trusted platform for transacting for public service. No authentication infrastructure Available identification registers focus notably on individual registration or enrollment which is rather well developed within several programs (e.g., CNIE and MASSAR). However, no strong authentication is used subsequent to enrollment to verify identity using the issued credential. The identity verification is mostly done by visual inspection, which is highly unreliable. For example, while the CNIE contains the biometric templates for two fingers stored in its memory, there has yet to be a single program that reads the template and verifies it against the live fingerprints of the individual to prove they are who they claim to be. The CNIE is used mostly as a flash badge. When needed, a photo copy of the CNIE is made and attached to a form, and this is the extent of identity authentication. Vendor lock-in: Use of proprietary biometric template The CNIE, currently the most important identity program in the country, uses a proprietary template stored on the card. This is a form of dependency that gives the vendor control over the country’s planned use of the card. Today, there are 20 M cards issued with this specific vendor template and hence it would be costly to recall and replace should the vendor decide not to be flexible in supporting applications that 3 .   A n alys i s 21 use the template. Thus far this issue has not been a problem because no program has been launched that reads and verifies the template. However, once the country decides to use the CNIE for ID verification and for actual transactions (such as service delivery or allocation of social programs), the question of allowing third party developers other than the original vendor to read and verify the template becomes important. For example, device and terminal markers need access to this template in order to create authentication terminals that can be used by government agencies and authorized enterprises in order to authenticate and verify identity at points of service. These are similar to point of sale terminals and it is important to have multiple vendors that are able to compete to offer different products and prices to suit different needs. Since the template is proprietary, these product makers would need to be licensed by the owner of the template which often inhibits entry by these third parties into the market. This is a form of vendor lock-in and it has long-term implications and could limit the country’s options as it seeks the latest and greatest technology in this domain. It is counter to the best principles advocated for the creation of a vibrant ecosystem in the country where vendors compete to offer their best products and solutions in an open market with no one vendor getting an unfair advantage. Biometric enrollment is not done according to best practice Currently the only program that uses biometrics is the CNIE and the enrollment is done in a hybrid fashion. First and in the interest of time, four fingers are captured on a live scan device. They are captured one finger at a time. Then ten fingers are inked and scanned and submitted to the database in due time for additional checks and archival. This is a nonstandard 10 print enrollment and is fraught with potential issues, which include: 1. Time to enroll and subsequent scan of the ten prints is costly; 2. Sequence errors could be introduced by a one finger at a time capture; and 3. Low quality: Ink and paper scan does not produce the same quality fingerprint images as live scan capture. Absence of a national identity strategy During the process of data collection it became clear that the country does not have a national strategy for identity that could meet the needs of all the stakeholders. The approach to identity continues to be fragmented with little coordination. Furthermore, there are many unilateral initiatives on the part of several agencies that aim to improve their identity systems. These initiatives have overlaps and redundancies among them. It is also clear none of the existing programs on their own are capable of meeting the current or evolving identity needs of the country. Indeed, the identity assets are currently underutilized which undermines existing registers to achieve their full potential. Cost of main credential is relatively high Almost all identity programs in the country issue a physical credential. For the most part they are a low- end ID1 card format whose cost is insignificant and not a factor in the adoption of the credential. This is true with the exception of the CNIE card, which is a smart card and appears to have a high procurement cost for the consumable since it is supplied by one vendor only. The cost to the government is about $8.5 per card, which is approximately the fee that the citizen is charged when they apply for their national 22 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco ID. This is double the average price for a processor smart card, which according to industry numbers is currently at $3.79 (Source Gemalto website). The physical ID card, the so called ID consumable, has a significant ongoing cost as it grows proportional to the population (in addition to the replacement cards for lost and stolen IDs and for change of address) and could reach hundreds of millions just for the card stock. This cost, if passed onto the citizen, which appears to be the case with CNIE, becomes an inhibitor and a burden on families that are poor or vulnerable. The law also requires that a new card be issued when changes in address or other fields printed on the card occur, which adds to the cost of the card. Even though the card is valid for a period of 10 years, during this period it is likely that a significant number of cards would have to be replaced. While official statistics were not disclosed, it was estimated that currently about 1 in 3 cards is a replacement card (the replacement rate has gone up since the program is entering into its 5th year and the population that has the card has increased significantly). Equally important, a high cost of the card robs the program of funds that could have been invested on an IT system and connectivity instead of on consumables. In general it is good to promote competition among multiple vendors supplying the card stock as such competition usually drives prices down. 3 .   A n alys i s 23 4.  Options for consideration Establishing a national organization for identity management Identity is now being recognized as a national asset in many countries around the world. Managing it properly has important implications to a country’s socioeconomic development. As such, identity has to be interoperable and available to support all needs and not just those of a specific ministry. For achieving such a purpose, it has become a best practice to establish a national body that coordinates all the activities related to identity verification in a country. In many countries such an institution is commonly known as the National Identity Authority (NIA). The institutional arrangements for the NIA vary dramatically from country to country. It can be an autonomous body with direct cabinet or executive level reporting, an autonomous body governed by a board representing stakeholders, or an agency/directorate of an existing ministry. More importantly there is a wide range of roles that can be attributed to the NIA depending on what identity assets exist in the country and at what stage of development they are in. For Morocco, there are several well developed identity repositories, as well as several identity enrollment processes. As such, we see the NIA not reproducing what exists already but coordinating the activity in order to create a unified identity infrastructure for the country. This does not mean consolidating data in a central place, but it means orchestrating interactions between different repositories (in the language of Service Oriented Architecture) so that a unified identity system could emerge through virtual means. The role of the NIA will be elaborated further below. It is important to emphasize that the NIA needs to represent all the stakeholders of the country as part of a collegial framework for cooperation between all those concerned with identity in the country. As such, its institutional governance needs to reflect that. Usually its Steering Committee is made up of high-level representations of each of the ministries or agencies that have legitimate need for identity management. The NIA needs to be an institution with provisions for good governance, change management, a sustainable business model, managerial and technical capacity, data protection expertise, strong operational controls, monitoring and evaluation (M&E), and long-term operations and maintenance (O&M). This NIA should not only demonstrate operational efficiency but should also be resilient to changes in the political environment and territorial competition between the different ministries. It is important to emphasize that the NIA does not have to be a large institution. It is often a very small organization with limited staff that takes on the role of coordination among other agencies and organizations that are the keepers of the identity assets. Establishing a unique identity number (UIN) for individuals While the need for a UIN seems to be clear in the analysis of several government agencies in the country, there is no consensus for how to get there. There is a universal desire, however, that whatever path is taken to get there, should leverage and use the existing identity assets which are scattered across several organizations. This principle has strong implications to what strategy should be adopted for establishing the UIN. It is important to emphasize producing a UIN requires producing a unified fundamental register of identity. 24 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco A priori one could imagine a circumstance where identity data is consolidated from various agencies, by moving that data into a central repository. This is the physical unification path. Moving identity data to a central place does not work unless all the identity processes that support it are moved along with it. These processes include what is done at registration centers, the mechanisms for updating data and information, and the procedures for recourse in case an identity has been captured incorrectly or compromised by a theft or other problems. Moving all of these processes and unifying them is not really feasible among a large number of organizations that have built a mature identity infrastructure, as is the case in Morocco. Indeed, these processes have been entrenched within existing ministries and cannot simply be moved without risking the collapse of the currently functioning identity systems of the country. For example identity enrollment of school children is done within MASSAR and is well elaborated using procedures that are adapted to the educational environment, so moving MASSAR under a central framework would require disruption of those procedures and their reestablishment within an organization that does not have the advantage that the schools have—namely knowing the students intimately. In addition, domain rivalries among agencies foster an atmosphere where data sharing through consolidation may be resisted by many who own valuable data. This is seen almost universally, for example in India when the UID project was put in place and in Nigeria before the formation of a central identity authority (the so called NIMC). If identity data and processes cannot practically be moved and consolidated, the next option to consider is consolidating identity knowledge in a National Identity Index (NII). Today, there are several agencies that have excellent identity knowledge of the segments they serve. For example, the DGSN knows the majority of adults above the age of 18, while the MASSAR of MENFP knows the majority of children between the ages of 6 and 18 years. One way to consolidate this identity knowledge is to create the NII which essentially lists a limited set of attributes of each identity, such as the name of the individual along with simple identifying information, but more critically, it will include a reference (a pointer in IT language) that shows in what institutional databases this identity was enrolled and can be found today. This extended set of attributes constitutes the so called Identity Data Structure Model (IDSM) (see Figure 4). It is worth noting that such a register is not an enrollment register but simply an identity index. It relies on the enrollment databases that will continue to operate separately in the country (under their respective functional programs) but will systematically provide and update information that would be used in the IDSM. The NIA could be tasked with the responsibility of keeping the master NII. Within this framework there are three key institutional roles: 1. Users of identity: Any program that has a legitimate need for identity would be in that category; 2. Identity Attestation Services: These are the agencies that have identity knowledge with repositories that have enrolled a certain segment of the population. To qualify in that category, the enrolled identity data in these repositories has to be shown to be reliable or robust (using the criteria of the SPA tool) and already in electronic form. Reliability would be assessed more deeply than what was done during the current SPA assessment to ensure that identity is unique and is connected to a physical person even when no biometrics are used. This means the enrollment procedures of an agency would be assessed to ensure that they qualify to be an Identity Attestation Service provider. It is our expectation that there would be many attestation services in the country which cover different segments of the population. For example, the identity programs of CNIE, MASSAR, the civil register (if and when it is digitized), and to a lesser extent RAMED could serve as Attestation Services in Morocco based on the results of the SPA assessment; 3. Coordinating body (the NIA): This role would be undertaken by the NIA, which could be a small coordinating body tasked with generating and keeping the master list of UINs for the country in addition to certain other tasks which we discuss next. Figure 5 shows a schematic of how the three players could interact to achieve the desired result. 4.  O pt ion s for c ons id e r ati on 25 The process of generating a UIN and attributing it to a citizen could be on demand (batch10 or one at a time) and would work as follows: A program in need to add a UIN to an individual identity could request so to the NIA by submitting a basic set of identifying biographic information (name, family name, date of birth, etc.) along with an attestation reference code conforming to the IDSM. This latter code would tell the NIA in what Figure 4: Identity Data Structure Model Which Integrates an Enrollment Reference Number along with Biographic Data as Attributes for Identity Identity Data Structure Model (IDSM) Name, Family Name, Date of Birth, Enrollment Reference No. Figure 5: A Possible Mechanism for Generating a National Identity Index Social Elections Health Education Programs protection National Identity Index National Service: Interface: Request for Validation Attribution List of Identity Numbers Channel of UIN Numbers Index Authority Identity CNIE MASSAR Civil Attestation Register Services Source: World Bank. It is interesting to explore the batch mode: the UIR (Unique Identity Register) could be seeded by moving the list of names, date 10  of births, and the reference in the attestation databases (CNIE, MASSAR, etc.) to a central repository under the control of the NIA. Each entry would then be assigned a UIN and kept in the unified register. When a program requests the UIN for an individual, this master list would be checked first. Individuals who are not in the register but are in attestation databases would be verified from those databases and added over time to the UIR. 26 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco databases this individual could be found. Ideally it would include the identity number associated with that database.11 The NIA would submit a request to the referenced database for verification of that identity. Assuming the verification is successful (the identity is alive, it exists, and is associated with the biographic data and is unique) the NIA generates a UIN and attributes it to that identity, which is added to the National Identity Index and is communicated to the requesting program. Once the UIN is communicated, the program uses this number in association with that identity. As more programs participate in this process, the list of attributed numbers grows and all programs are assured to use the same number provided by the NIA to refer to the same identity. This approach achieves the harmonization without having to re-enroll any of the already enrolled identities. For the Morocco case, following up this method could create a unified register of individual identities by leveraging the CNIE for adults above 18, the MASSAR for children between the ages of 6–18, and the civil register when it is put online for those under 6 (see section on options for modernizing the civil register below). Securing the UIN with a PIN The architecture of the UIN is important and should be the outcome of technical analysis involving all the stakeholders. This includes deciding if the number includes certain immutable information about its bearer or not; and if it does not, whether it will be sequential or random. One element of critical importance to consider is associating a security mechanism to this number. This could be in the form of a Personal Identification Number (PIN) like what is used to secure banking or ATM cards. The PIN would be a private code, stored in the NIA database and could be changed by the individual through services provided by the NIA (just like one would change the PIN on a banking card by calling a service or going online). Figure 6 shows a possible structure for the UIN and the associated PIN. The PIN is kept private in the NIA database. It should be emphasized that the PIN is a critical ingredient in building mechanisms for secure delivery of services online within the context of eGovernment. Without a PIN to authenticate the identity of the demander of service, one cannot be sure that the demand is legitimate, and the privacy of the individual could not be protected. Thus absent a PIN or other mechanisms for securing the UIN, agencies would be Figure 6: A Possible Structure for an Uncoded UIN Showing Control Digit(s) and PIN XXXXX...XXXX C **** 10−15 Digits Serial or Hash or Personal Identification Random Number Control Digit Number (PIN) Source: World Bank. 11 If the identity number is not known, but one believes that the individual exists in a given database, an exhaustive search in the reference database could be made. In that case the submission may need to include additional biographic fields to remove ambiguities. 4.  O pt ion s for c ons id e r ati on 27 unable to use the web or mobile in order to deliver services. The UIN by itself is not secure to conduct transactions and/or to allocate transfers. The PIN can only provide a basic level of security, but it has the additional advantage that its authentication can be fast, easy, and could be performed by the NIA as a service. Other stronger mechanisms of identity authentication would involve the use of a smart card with biometrics and a PIN. The current CNIE has the potential to add strong authentication mechanisms, which would allow for highly secure transactions and identity verification, but such an initiative would require significant infrastructure to support it. Conducting a legal and a privacy impact assessment Before a unified register with a UIN is developed, a review needs to be conducted to determine the following: 1. Is the current legal framework sufficient to allow for the development of such a register? 2. What legislations may have to be put in place to allow such a development? 3. What are the potential effects of the UIN on privacy and what are the ways to mitigate or avoid any adverse risks? For the case of Morocco, it is most likely that new regulation would be required to introduce the UIN as a legal instrument for identification and to institutionalize its use in all of the government programs serving the public. On the second point, a Privacy Impact Assessment (PIA) would have to be conducted systematically by the identity stakeholders in the country, including the National Identity Authority, the CNDP and all the other organizations that use the register as a means to identity verification. In recent years, PIAs have become a standard element of IT system planning. They are routinely conducted by government as well as private organizations early in the life of a project in order to assess and minimize privacy risks to individuals and, where applicable, ensure compliance with existing privacy regulations and laws. In Morocco, as mentioned in Section 3, the legal framework for privacy is already well developed and hence a legal opinion would have to be sought to assess the type of constraints that the existing laws would impose on the UIN and the UII. This would be part of the PIA exercise. There is a body of best practices within the IT community that has emerged and a standard that is currently under development for the methodology of PIA (ISO/IEC WB 29134, targeted for release at end of 2016). Whatever approach is used, one should consider making the results of the PIA public so that people are assured maximal transparency from the get-go. Privacy is often a public concern regarding identity programs and unified registers. Privacy, however, is only part of the picture. In general there is another dimension that is typically encountered and that is the concern about the loss of control over their identity information once it is provided. The public is more likely to endorse a unified national register if they are treated as stakeholders from the beginning and their input and opinions are sought during the PIA and are taken into account in constructing the remedial plan. Modernizing the civil register As discussed earlier, the civil register of Morocco contains valuable identity information that is foundational to all other programs. It uses robust administrative procedures and controls for birth registration that prevent fraud and ensure the traceability of each individual within the historical register. Today it contains what is estimated to be 45 M birth records. Unfortunately that wealth of information is not easily accessible 28 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco as it continues to exist in paper ledgers only. To improve the access and capabilities of this register, there are some key actions to consider. These include: 1. Amend law 37–99 to cover an electronic civil register. Current law covers only paper-based registers; 2. Modernize the registration offices with connected IT systems; and 3. Develop a phased plan for modernizing the civil register which includes consolidation of the register centrally, electronic registration of new births, and a plan to digitize the historical records or at least a portion thereof focusing on the population segments underserved (0–6, and 6–18 years of age). The DGCL and the Ministry of Interior recognize the need to digitize the historical civil register. Cost, time, and lack of consensus are important challenges that need to be overcome before undertaking to execute this activity. Recent experiences in Africa show that the digitization of birth records can cost between $0.25–0.30 per record for central registers. As such, the cost of digitization of a large register could be significant, especially if the data is decentralized and scattered around 2200 locations as is the case for the civil register in Morocco. This activity, however, could be conducted in phases or through means other than full digitization. The options include: 1. Digitizing historical records going back a limited number of years (e.g., last 6 years); 2. Indexing as opposed to digitizing the civil register records (going back to its beginning, nearly 60 years); and 3. Digitizing the full records of the civil register (going back to its beginning nearly 60 years). The reason one may want to consider digitizing a limited number of years, such as 6 years for example, is that the civil register may be the only identity record that contains information about children under the age of 6. Thus in order to create a unified register it is inevitable that one may have to tap into at least Figure 7: Creating a Searchable Digital Index for the Civil Register Book Scanner Transcription & Data Entry Masking Software Identity Index JPG Name: Family Name: Image Date of Birth: Place of Birth: Volume of the Civil Register Source: World Bank. 4.  O pt ion s for c ons id e r ati on 29 6 years back in order to cover that segment of the population. This makes the digitization effort ten times less complex and consequently may become more affordable. Indexing records is another promising option. It involves taking digital photos of the pages of the register (using the same setup as those used to digitize books into pdf format). The digital photos would then be masked in software to show only a limited set of fields such as name, family name, date of birth, location of birth. These masked pages would then be presented on a computer screen to a data entry person who would transcribe the visible fields. The transcribed fields, which consist of searchable text, would be added to a database of the civil register and a jpg image of the birth act for that identity would be associated with each identity record. The digital image is not searchable but can be used to verify certain additional information that goes beyond the basic searchable text fields. See Figure 7 for a schematic of this workflow. Thus the digital civil register would be turned into a collection of digital photos along with a textual index of names, with each name associated with the corresponding digital photo. The advantage of this method is the speed by which it could be done and the reduced cost since there is less labor involved in indexing than in fully digitizing.12 Anchoring household registers on unified individual registers Many social protection programs need registers of the household, since the targeting methods are based on household socioeconomic data and not individual information. Registering households is clearly more complex since, unlike individuals, households are more dynamic. There are more events that change the composition of the household; individuals enter and exit a household more often than just birth and death, the only two events that affect individual identity. It is useful to consider building up household registers using data from the unified individual identity register. In other words, a household represents an association of multiple UINs Household # 5 {UIN1, UIN2, . . . , UINn} The UINs that form a household are kept in a link table, which tracks the individual participation. Within this framework there are two roles that can be played for a unique number within a household: It can either belong to the head of a household, the spouse, or to an adult dependent. Allowing for up to two people to assume role of head of a household (husband and wife couple), a household link table defining the relationship among a group of UINs or people would look as follows: Household # UIN1 UIN2 UIN3 uIN1 ... uINn Other methods could involve the transcription of all fields in the registration which could be costlier since there may be a lot of 12 information documented and even notations written by hand in the margins, which would require spending a significant amount of time per act to transcribe. In addition, OCR technology could be considered. However the success of OCR for civil register digitization has been very limited primarily because of the significant variations in the writings across time, pages, and volumes of the civil register. 30 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Where UIN1 and UIN2 are the kept for heads of household (husband and wife), and uIN1…uINn are for designating children and other dependents, such as other family members or relatives that are supported by the head of household. Other adults who are members of the household need to also be listed (e.g., UIN3) even though they are not heads of household since the earnings of these individuals are part of the scoring for determining eligibility for social protection. Additionally, there are some rules that have to be imposed on the process of constituting this table for each household and on checking its integrity against fraud. The principal ones are: Registration: The registration of the household could be open ended, in the sense that, as long as one head of household UIN is provided, any social assistance transfer that is dependent on the household size is not given based on declarative statements but allocated based on the UINs that have been provided. This could be done over time by the head of the household. Individuals are added to the household table by providing the evidential link (extract of birth act, marriage certificate, etc.) as well as the UIN for each member. Individuals could exit a household (upon marriage, divorce, death, etc.) which should not be a problem as long as the UIN of the individual is used to track the changes in the link table that constitutes the family. De-duplication: The UINs would be checked exhaustively against the link tables of all registered households. Any match in the UIN would trigger an investigation to determine if the match is acceptable within the business rules (e.g., a man with several wives registered under multiple households) or is an attempt at defrauding the system by registering, for example, the children in multiple households. Active or dynamic reconstitution: The challenge with household registers comes from the need to build in mechanisms to update the composition of the household because of their more dynamic nature. This may require that the registration has a limited duration of validity. With a permanent unified individual register, it becomes easier to reconstitute the household register more frequently in time and hence could help in maintaining the timeliness of the information that it contains. The concept of dynamic registration of households would then be very similar to the use of a unified individual register to reconstitute the list of those eligible to vote, in what is known as an Active Voter Registration process (see Box on Voter registration: An example of dynamic registers). Household registration and updates would be determined by the different programs and/or on demand for registration (when households would like to participate and register in a particular social protection program). This would be an example of a functional register that relies on a fundamental individual identity register to build the households on a more dynamic basis. This can only be possible if the UIN is available for every individual. Creating a unique digital identity International experience has demonstrated the importance not only of having a UIN infrastructure in the country but also that of a true digital identity. Digital identity has become a prerequisite for empowering the daily transactions of individuals online and via the rapidly growing mobile platforms. It is also a driver of economic development as it allows private enterprises to offer new services based on the nationally issued digital identity. Morocco has a national identity program that is very close to a digital or electronic identity but is not there yet. The CNIE lacks certain critical ingredients that would allow it to be truly a digital identity. In order to turn an identity into a digital identity, it needs to be associated with a set of digital assets given in Figure 8 (see World Bank Digital Identity Toolkit). Notice that one of those assets is the UIN. Therefore a UIN is a prerequisite for digital identity. A more thorough gap analysis needs to be performed to determine what elements need to be added to the CNIE in order to upgrade it to a digital identity. From a superficial analysis, we would expect that the CNIE, in addition to the UIN, would have to be supplemented by a digital signature, encryption and authentication infrastructure before it can be turned into a useful digital identity. 4.  O pt ion s for c ons id e r ati on 31 Figure 8: Digital Assets Associated with an Identity Biometric Biometric Unique ID Digital Digital Image Data Templates Number Certificate Credential The public portion of Extracted from Generated and Captured during encryption key pair, The private portion Biometric Image assigned to the enrollment in packaged with some of the key pair Data using biometric unique identity standard formats identifying and use generated securely coding algorithms for life information Stored in a trusted Archived in a secure Stored in an active May be environment either in central repository. database. Accessed communication to a central repository Accessed again only on an ongoing basis other government Stored in the PKD and/or on a secure if a need to during de-duplication agencies to use it for physical token re-template arises. & verification. client administration (smart card, mobile, etc.) Source: World Bank report. Voter registration: An example of dynamic registers At the appropriate time in the election cycle, an election commission invites the population to register by a certain date in order to actively assert their eligibility to vote for an upcoming election. With a Unified Identity Index or Register this process is very simple. According to pre-determined rules, an individual needs to provide proof that he/she is alive by showing up to voter registration centers to be verified against their registered identity in the UII; and if they are of the correct age for voting their name is added to the voter roster for that election only. While the unified individual register remains permanent, the voter register is reconstituted actively for each election cycle and hence is different for each election in order to account for people that have died, and for individuals that have attained voting age. The concept would be similar for household registration, where the individual register is used as the foundation of the household register and is reconstituted as members of the household go through milestones of their lives. Once the CNIE is recognized as a digital identity (in the sense that it possesses the ingredients necessary for it to become a traceable unique electronic identity that can be accessed online as listed in Figure 8), a ubiquitous authentication infrastructure could develop, which would use the CNIE not just as a badge but as a token against which identity could be verified at all points of service. For example, through the use of specialized points-of-service devices or mobile terminals (similar to the readers of credits cards at points of sale) equipped with single finger readers, the CNIE could be securely read, and the templates on the card could be used to verify against the live fingerprint of the bearer of the card. This is an example of strong authentication. It gives the assurance that the person holding the card is the legitimate person. This type of strong authentication has been implemented successfully in cash transfer and subsidy programs in many countries, including for example a program in Mexico that has distributed 30,000 point-of-service terminals to verify the digital identity of individuals buying subsidized goods from a social protection store. 32 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Upgrading the CNIE enrollment process As explained in the previous section, the current biometric enrollment process of the CNIE is nonstandard and does not conform to any of the internationally recognized best practice recommendations. It uses a two-step process where four fingers are first captured (one at a time) on a live-scan reader, then the 10 fingers are inked and subsequently the page is scanned in order to convert them into digital records. A more efficient alternative to this procedure which would ensure high quality capture, avoid sequence errors and could make it faster to perform the capture is the use of 10-print scanners whose price has now dropped to about 30–50% of their original price when the CNIE was put in place five years ago. The 10-print scanners are available from multiple vendors around the world and are subject to so called US FBI Appendix F certification. In addition the software that drives them captures the fingerprint data subject to the ISO/IEC 19794 (Part 4), thus ensuring an open standard which allows interoperability both with capture devices (can buy off-the-shelf products that are interchangeable) as well as with any AFIS system or biometric matching system bought from any third vendor conforming to open standards. Improving openness and interoperability of the CNIE In the course of our SPA data gathering we became aware that the CNIE uses a proprietary template for the fingerprints stored on the card (in other words the mathematical code representing the fingerprint). As explained in the previous section, this has many undesirable consequences since it is a form of a vendor lock-in. In best practices, the template that is stored on the card should be the interoperable verification template, the so-called Minex compliant template. The Minex template can be generated and matched using any certified algorithm and not just the original vendor algorithm and hence mitigates against potential vendor control. As a remedial action, the DGSN should consider the following: 1. Issue the new cards with an open source Minex compliant template; 2. Demand that the vendor provide SDKs for reading and matching the template that could be used by a third party without a need for a license in order to create products that use the CNIE for authentication; and 3. During the period of time, support the legacy template—vendor proprietary—as well as the Minex template. This is easy to do since the authentication software could decide which matcher to use based on the header of the data or the date of issuance of the card. Conducting a technical review of the identity assets More generally, it is recommended that a technical review of all identity systems that could be relied on for the unification process of the proposed UIR be conducted. The review should assess, subject to internationally accepted standards, the following dimensions for each system (in particular CNIE, MASSAR, and RAMED): 1. Conformance to international standards for open architecture; 2. Cost efficiency (look for alternative lower cost suppliers for consumables and technology modules); 3. Scalability; 4. Reliability as IT systems; 5. Information security: resilience against intruders and attacks; and 6. Availability and its impact on the performance of the NIA. 4.  O pt ion s for c ons id e r ati on 33 Annex 1:  Color-coded matrix of practices Accessibility Minority of Majority of Almost universal Universal coverage population has an population covered; coverage with (including ƒƒ Coverage accepted ID; poor acquiring ID isolated pockets noncitizens); cost ƒƒ Access and generally excluded; less costly but not covered; civil of acquiring ID timeliness acquiring ID costly in government policy registry captures minimal in relative ƒƒ Updating and link relative terms. Civil can be onerous; civil majority of births terms. Good links with civil registries registry unreliable or registry functional in central registries with centralized civil inaccessible with very but coverage is low, with minimal delays; registry for updates; low rates of birth and records decentralized obtaining ID not children issued death certification. and with significant costly and proactive unique numbers in delays after birth; efforts to enroll in timely fashion in passive enrollment progress. full coordination approach for ID. between ID agency and civil registry. Robustness Official IDs are Some control of ID Modern technologies All IDs de-duplicated easily falsified and issuance, quality employed for ID and in electronic ƒƒ Uniqueness weak enforcement; control and database security features; format; very ƒƒ Security government and maintenance. Basic authentication difficult to produce ƒƒ Authentication donor programs use Mostly paper based processes. fraudulent IDs. proprietary ID to fill recordkeeping. Good authentication gap. No institutional standards applied. capacity to monitor ID database. Integration Little or no database A few major Some private and Most private and linkages across programs use public transactions public transactions ƒƒ Ubiquity programs; high a common can be done with can be done with ƒƒ Interoperability dependence on identification single ID; most single ID at national ƒƒ Common local knowledge platform. Benefits program MIS linked; level. Same advanced transaction (e.g., community) tied to particular authentication authentication standards and references for locale and not standards exist but standards used verifying identity. portable. are weak and vary across programs. across programs. Vast majority of government MIS can be linked by unique ID or through other mechanism. (continued) 34 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Legal framework/ Ad hoc or non- Minimal protocols in Government agency Government agency Personal data existent mechanisms place for personal designated as designated as protection for privacy and data data protection and responsible but responsible and access. privacy. Government lacking resources for well resourced, agency designated as implementation and good capacity. Full responsible. limited capacity. Most compliance with of the internationally internationally accepted personal accepted personal data protection data protection standards and guidelines. protocols are followed; mostly digital information on individual records. Anne x 1:  C olor- co d e d m atr i x of p r acti c es 35 Annex 2:  Methodology and raw data collected The assessment pilot was conducted based on an instrument including a questionnaire with structured and open-ended questions and supplemented by in-depth interviews. The instrument includes subsection focusing on different dimensions of the identification and civil registration process ranging from the use of technology to legal and regulatory issues. These issues are described along with the rationale for the assessment criteria in the “What Matters” section of the identification module (which, in turn, is the first of a planned series of ‘delivery modules’). The tool was used in Morocco June 23–28, 2014. The team that visited the country included Joseph J. Atick (Identity Counsel International, consultant to World Bank), Diego Angel-Urdinola, Dorothée Chen, and Fatima El Kadiri (from the World Bank Morocco office), and Ariel Pino (from ILO) and was supported by Robert Palacios (TTL for SPA assessment) from the World Bank office in Washington DC. ƒƒ The assessment involved consultations with government officials, including a series of meetings with the main institution responsible for the national ID and civil registry. These included the MAGG, DSIC of the Ministry of Interior, DGCL (civil register), Division of DSIC in charge of Passport, DGSN for the CNIE, CNDP, ANAM and Division of DSIC in charge of RAMED, the MENFP for MASSAR, and CNSS. ƒƒ There were also several presentations to large groups of stakeholders which covered a wide array of policy and technical matters and provided for an exchange of information over and above what was collected through the questionnaire. ƒƒ Stocktaking and review of published literature, reports, guidelines and assessments. The team collected and analyzed publications and reports produced by many agencies, notably the civil register, the CNDP and DGSN. In preparing this report many websites operated by the many agencies in Morocco were accessed. Most notably: ƒƒ http://www.ramed.ma ƒƒ http://www.cnie.ma ƒƒ http://www.cnss.ma ƒƒ http://www.passport.ma ƒƒ http://www.hcp.ma ƒƒ https://www.watiqa.ma/ ƒƒ http://www.service-public.ma/ ƒƒ http://www.egov.ma/fr ƒƒ http://www.maroc.ma/fr ƒƒ http://www.pncl.gov.ma/fr/Pages/default.aspx 36 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Background information 1. Name of country Morocco 2. Date survey was filled out June 23–27, 2014 3. Name of person filling out survey Joseph J. Atick Except for CNSS and RAMED where it is Ariel Pino 4. Employer of agency with whom associated Joseph J. Atick, Identity Counsel International— Consulting partner to World Bank Ariel Pino, ILO 5. Counterpart government agency Ministry of Interior Part I: National level civil registration and identification ecosystem Civil registry 6. What government entity is responsible for The DGCL (Direction generale des collectivités locales) administering the civil registration system? which is a directorate within the Ministry of Interior. The a. Ministry of Interior DGCL is responsible for coordinating the affairs of the local districts or communes in the country. Within the b. National ID agency DGCL there is the office of civil registration, which is made c. Specialized, autonomous agency (name) up of a small central staff charged with coordinating the d. Other, please specify ________________ civil registration activities of a large distributed number of civil registration offices attached to the local districts where the actual civil registration takes place. 7. Does the responsible agency (if not the No same as the ID agency above) have formal cooperation arrangements with other agencies or organizations to improve inclusion and access to registration and identification documents? a. Yes, with other government agencies b. Yes, with the private sector c. Yes, with international agencies and donors d. Yes, with nongovernmental organizations e. Yes, with other organizations, please specify _________________________ f. No 8. How is the national level ID system linked to birth Births are not communicated to the national ID but an and death registries? extract of the birth registration act or a full copy of the a. It is not act pertaining to the concerned individual is required for enrollment in the national ID or for that matter in many b. Births and deaths are reported to the agency functional identity programs. intermittently and updated c. Birth registration is regularly communicated to the ID agency (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 37 Civil registry  Continued d. Death registration is regularly communicated to the ID agency e. Birth registration is directly linked to the issuance of a new national level ID 9. What is the estimated percentage of births that Not known take place in medical facilities (i.e. institutional births)? 10. What is the estimated percentage of actual births 86.5% (according to official and published government that are registered (i.e. issued birth certificates)? statistics in 2001). ~95% according to unofficial government estimates to update the previous 2001 figure. 11. How long is the process from the time of birth The law requires that new births be registered within to the issuance of a birth certificate (number of 30 days of birth. Beyond 30 days it provides for a penalty days)? and for registration via a court declarative judgment. Thus adults that have not been registered at birth can do so following a legal procedure which includes declaring under oath in the competent court the specifics related to their birth, and the issuance of a declarative judgment by the presiding judge. This legal document can then be used by the civil register officer to insert the birth into the civil register records. The adult is inserted into the volume for the current year and not in the year of birth (since that is closed at the end of each year following the administrative controls). 12. Are there specific population groups that No encounter obstacles to obtaining a birth certificate? a. Yes, indigenous people b. Yes, migrants and/or nomadic people c. Poor people d. Women e. Other, please specify ________ 13. Are birth registrations digitized, stored No electronically? Yes/no 14. Is birth registration information centralized at the No national level? Yes/no 15. Is there national legislation that makes the Yes. The civil registration law is called Law registration of births and deaths mandatory? No. 37.99 promulgated by Royal Decree (Dahir) Yes/no 1-02-239 of 2002 and further clarified by Executive Order 2-99-665 of 2002. The law mandates birth and death registration for everyone on the Moroccan territories and for Moroccans abroad, and defines in detail the processes that have to be followed to perform them. It must be noted that the law is specifically written for a paper-based registration process and not electronic registration. 38 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco 16. Are there regulations or norms that oblige No. Hospitals and clinics do not bear the responsibility hospitals and clinics to report births and deaths to to declare births. It is the family that is responsible. The the Civil Registration authority in a prespecified hospitals and clinics provide what is called an attestation period of time? Yes/no or testament to the birth which is used to perform the declaration and subsequent registration by the family. On the other hand should a death occur in a hospital or any public establishment such as clinics, jails or other institutions then they do bear the responsibility of reporting the death to the civil registration officer. 17. What is the total number of offices that handle ~2200 offices distributed throughout the country. These civil registry functions across the country break down into two categories: including the decentralized or local offices? a. Principal offices attached to the offices of the municipalities/communes or administrative districts; ­ b. Subsidiary offices in areas where the principal offices are insufficient to cover the demand. In addition the 69 diplomatic bureaus overseas perform the civil registration function. 18. What percentage of these offices are estimated to NOT KNOWN. Majority do not possess connected have the following infrastructure capacity? information systems. The responsibility to equip these a. Photocopiers centers lies in the hands of the municipal councils of the communities that use their budgets with discretion to b. Telephone decide on their priorities. Thus the offices range from c. Computers well equipped modern to very primitive facilities. d. Electronic forms e. Capacity to transmit data by internet 19. Is there a mechanism for working with Yes. Education, awareness and campaigns to explain to communities and community leaders for the population that registration of births is the first step registration of noninstitutional births? Yes/no towards admission into society. 20. How is documentation about births and deaths Each office of the civil registration organization has a from local and regional offices transferred to a register, which is a ledger with serially numbered pages central, national data repository? in which entries are made by hand. There is one register a. On-line transfer in real time for births and another for deaths. They are produced in two copies. At the end of the calendar year, one copy b. Electronic transfer periodically remains in the local office and the other is sent to the c. Physical files or copies periodically transferred local public prosecutor’s office (Procureur du Roi) for d. Documentation is not transferred and remains verification and control. As a consequence there is no at the local agency centralization of records. 21. Is there a specified time frame for this transfer to No transfer is done. occur? a. n/a b. No c. Yes, the time frame is _________________ 22. Can individuals request birth and death No. They must request them from the district office where certificates in any civil registry office in the the event took place. Alternatively the individual can country independent of where the original present the family booklet if available (or an expired copy registration took place? Yes/no of birth record from the original district) to any civil register office which could issue a certified extract of birth record. (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 39 Civil registry  Continued 23. How long does it typically take to obtain a birth There is no birth certificate. A citizen when required certificate? to prove their birth has to go to the district office and obtain a copy of their birth record. The copy is certified as a true copy. The copy is retained by the agencies that required the proof of birth. It is not returned to the citizen. Thus each time a proof of birth is required a copy needs to be obtained. Typically the copy takes one day to obtain and costs 2 Dirhams in stamps (about 25 cents). Alternatively the family booklet could be used if available. In 2012, a new egovernment service was put in place to allow individuals who know their birth reference numbers to order copies of their birth registration act online. This service costs about 10 times more than the normal procedure. 24. Are there mobile units or kiosks that allow No individuals to obtain these certificates without having to visit civil registry offices? Yes/no 25. How much does it cost for an individual to obtain 2 Dirhams (considered an insignificant cost) a birth certificate at a civil registry office? 26. In the case of an individual that does not have a There is a well-defined process, where the individual is birth certificate but wishes to apply for a national required to obtain declarative judgment of court which ID, what is the process? may or may not require witnesses and affidavits from a. There is no process defined or in place local community leaders. See response to question 16 above. b. Individual must obtain a birth certificate first by documenting his/her identity through multiple witnesses with notarization or some other legal certification process c. Individual must obtain birth certificate first documenting his/her identity through witnesses recognized by the national ID agency without further legal process d. Individuals can obtain both the birth certificate and national ID through the same enrollment process using witnesses e. Other, please specify _____________________ _________________ 27. What is the annual budget for civil registration Not disclosed. (latest year available)? 28. Are those registered as dead removed or Deactivated. But the communication of the deaths to the deactivated from the national ID database? Yes/no national ID is not reliable. Also it is estimated that only 50% of the deaths are communicated. Additional Questions Not in Original Questionnaire (additional questions are unnumbered in order to maintain original numbering) What is the cumulative number of records in the civil Estimated at 45 million records. register for births? How many births occur annually? They registered 660,000 per year which is supposed to represent 95% of all births. 40 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco How many deaths occur annually? Currently they register about 220,000 deaths per year which is supposed to represent however about 5% of all deaths. What are the origins of the civil registration system in The first system of civil registration was put in place in the country? 1915 which was inspired by the French civil registration code. It was applicable to French and foreign nationals only present in Morocco. The system began to accept on a limited basis registration of Moroccan births and deaths starting in 1931. But registration of Moroccans was optional and not mandated by the law. So this register remained primarily a foreign register. In 1950 a separate full-fledged civil register for Moroccans was put in place and registration became mandatory for those requiring social assistance. In 1959 the two registers were unified but little change has really taken place in terms of regulations requiring obligatory registration. Only in 2003 with the adoption of the new law 37–99, did Morocco finally have a civil registration legal framework that would enable a robust civil registration system to emerge. From then on, declarations became obligatory. It also defined guidelines as to acceptable names and names for abandoned children. It simplified the procedures for rectification of the civil registration in cases where a registration was not done at birth. What identifying documents are issued by the offices While there is no birth certificate as such, the offices of of the civil registration? the civil registration are able to produce the following documentation: 1. An official copy of the birth Act—two page copy of the full act registering the birth. 2. An extract of birth registration act—an abridged one page document. 3. Family booklet given to the head of a family docu- menting the information available in the civil register about all members of his family. National ID 29. Does a nationally issued ID exist? Yes/no (If ‘no’, Yes skip to question 60) A national identity card existed since the late 1970s. It was instituted under law 1-73-560. This identity card which was called the CIN was replaced by an electronic ID card called the CNIE. The CNIE for the most part has replaced the CIN. 30. What is the title of the legislation that establishes Law 35-06 which went into effect in 2007 and defines this form of identification and the year that it was approved? _____________ (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 41 National ID  Continued 31. Is it intended to cover Covers citizens. Mandatory for all adult citizens 18 years a. All residents and above. b. All citizens In principle the same card (different color) covers residents but its adoption by residents has not been c. All adult citizens or voters significant. d. Other, please specify ___________________ 32. What is the name of the most prevalent ID card? CNIE (Carte Nationale d’Identité Electronique) 33. Do other national level IDs exist? If so, please There is a very large number of other national ID specify. programs which cover different segments of the a. Tax identifier population. For the most part these are functional programs. They include: b. Voter ID Tax identifier—limited coverage c. Social security number Social security number—see section on CNSS d. Other, specify _______________ MASSAR e. There is only one national level ID RAMED 34. What percentage of the population is estimated to More than 20 M cards have been issued thus far. have the most prevalent ID listed above? Majority has been issued over the last 2–3 years. It was emphasized by officials from the DGSN that they believe they have about 20 M unique and living individuals in the database for the CNIE out of an adult (> 18 years) population of 26–28 M. This represents more than 75% of the adult population. There is doubt about this number since it does not take into account the duplicates. We understand the duplicates were not a significant number before, but they are becoming significant now. The DGSN has recently ordered another 5 M cards to cover its short-term needs. 35. When was this ID, in its current form, first issued? 2009 36. What is the estimated number of undocumented Undeclared or illegal residents or noncitizen refugees? Issuing Agency 37. What is the name of the agency that is responsible The identity card is issued by the DGSN—Direction for issuing this ID? generale de sureté nationale—which is essentially the national police. 38. Is this an independent agency (ie. not part of It is not. It is part of the Sureté Nationale, which is another agency or ministry)? loosely under the Ministry of Interior. 39. If no, to what Ministry or other government entity Ministry of Interior does it report? 40. What is the annual budget of this entity? Undeclared 41. How many branch offices does it have? 120 offices throughout the country 42. How many employees/staff? Undeclared 42 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco Information captured for the ID and other characteristics of the ID 43. What information is captured in the ID database ƒƒ Family name, given name: in Arabic and Latin for those enrolled? characters a. Name ƒƒ Date of birth b. Date of birth ƒƒ Place of birth in Arabic and Latin characters c. Sex ƒƒ Sex d. Address ƒƒ Address e. Ethnicity ƒƒ Name of father and mother f. Religion ƒƒ Optional: Name of husband, or indication if woman or g. Political affiliation man is widowed h. Information on parents or other family members ƒƒ Reference no. of civil register i. Other, please specify __________ 44. Is a photo captured at the time of enrollment? No. a. Yes Applicant is supposed to supply 4 photos that conform b. No to international standards. c. Other 45. What biometric information, if any, is captured at ƒƒ 4 fingers (flat) are captured on live scan device one at enrollment? a time a. None ƒƒ 10 fingers (rolled validate) are captured via ink then b. Fingerprints scanned. c. Iris ƒƒ The 4 live scan fingers are used to do a quick check on duplicates in the database d. Digital facial image ƒƒ The 10 inked and scanned fingers are used for offline e. Other, please specify ____________ validation ƒƒ Note: It is not clear why they have opted for this type of nonstandard biometric enrollment process. One theory is that they wanted 10 print fingers rolled for criminal applications down the line. 46. Are biometrics used to ensure that new ID Yes. An AFIS is used to check the fingerprints against the numbers are not issued for people already in the cumulative database of all fingers captured. database (i.e. deduplication)? Yes/no 47. How many IDs were issued last year? Undeclared. But estimated at around 5 M 48. How many IDs have been issued to date More than 20 M (cumulative figure)? 49. What proportion of these are deduplicated? 100% 50. How many IDs are estimated to be held by Since the majority of the population has received its CNIE individuals today (IDs issued net of deceased card in the last few years, nearly 20 M cards are in the ID holders)? hands of living individuals according to official estimates. The total database of individuals registered at the DGSN as a result of the old CIN and the new CNIE registration is 28 M but only 20 M have been issued CNIE cards. They estimate 5 M more cards to be issued in the next 12–18 months. It also includes duplicates which are becoming more significant. (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 43 Information captured for the ID and other characteristics of the ID  Continued 51. What kind of ID is issued? Contactless smart card a. None b. Paper c. Bar card d. Mag strip e. Smart card 52. What information is printed on the face of the Recto: card? ƒƒ Family name, given name: in Arabic and Latin a. ID number characters b. Name ƒƒ Date of birth c. Address ƒƒ Place of birth in Arabic and Latin characters d. Age ƒƒ Date of expiration of card e. Sex ƒƒ The first letter of family and last name in Latin f. Ethnicity characters g. Political affiliation ƒƒ Photograph in color h. Religion ƒƒ National identity number or the No. CNIE i. Other, specify __________ ƒƒ The same photo in black and white and reduced size ƒƒ The authority that issued it with signature Verso: ƒƒ No. CNIE ƒƒ Date of expiration of card ƒƒ Sex ƒƒ Address ƒƒ Name of father and mother ƒƒ Optional: Name of husband, or indication if woman or man is widowed ƒƒ Reference no. of civil register ƒƒ 2D bar code 53. What information is stored on the card that is not In the 2D bar code: visible but machine-readable? ƒƒ No. CNIE a. ID number ƒƒ Sex b. Name ƒƒ Family name, given name: in Arabic and Latin c. Address characters d. Age ƒƒ Date and place of birth in Arabic and Latin characters e. Sex ƒƒ Date of expiration of card f. Ethnicity g. Political affiliation h. Religion i. Other, specify __________ 44 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco In the electronic chip: ƒƒ No. CNIE ƒƒ The photograph of card holder ƒƒ Sex ƒƒ Family name, given name: in Arabic and Latin characters ƒƒ Name of father and mother in Latin characters ƒƒ Date of birth ƒƒ Place of birth in Latin characters ƒƒ Reference no. of civil register ƒƒ Address in Latin characters ƒƒ Date of expiration of card ƒƒ The proprietary templates for two fingers (best two out of four are chosen; cogent template is used) 54. Are biometrics stored on the card? Yes/no Yes. Face image. Two fingerprint templates. 55. What external security features are on the card? Hologram, microprinting, UV printing. a. Holograms b. Microprinting c. UV printing d. Other, specify __________ 56. How many digits are in the ID number? 10 digits 57. Is there ‘logic’ in the number? Yes/no Two alpha for issuing office 6 digits serial number (no code) 2 digit check sum 58. How often must the ID be replaced? Once every 10 years a. Never b. Less than every five years c. More than every five years 59. How much does the ID cost to produce and issue? 6.25 euros 60. How much is the individual enrolled charged for 75 Dirhams this ID? 61. Is there a cost to the individual for replacing a lost Yes or stolen ID? Yes/no 62. If so, what is the cost of replacement to the 75 Dirhams (need to check) individual? 63. What is the estimated number of days that it takes Normally 5–10 days in all cases including transport of to issue a new card in the following cases: card a. New ID b. Renewal c. Lost or stole (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 45 Information captured for the ID and other characteristics of the ID  Continued 64. What documents are required to apply for this ID? Certificate of residence a. None, issued at birth along with birth Copy of the relevant pages of the family booklet which certificate should also be presented for examination b. Birth certificate Or c. Community verification/affidavit Copy of the civil registration of birth d. Verification of another individual or individuals Or e. Other __________ An extract of the birth register Copies should have been done within last three months 65. What is the age requirement for obtaining this ID? Age considered as an adult a. None b. Voting age c. Age considered as an adult d. Other, specify __________ 66. If yes, what age? 18 years 67. Are there particular categories of the population No that face geographic, cultural, economic or legal barriers that prevent them from obtaining this ID? a. Yes, migrants b. Yes, indigenous people c. Yes, women d. Yes, other groups, specify e. No 68. Is there a mechanism for changing information on Yes under change of address, change of name, correction the ID? Yes/no of erroneous information. New card is issued. 69. How many requests for such changes are No accurate information was provided. processed annually? Transactional uses of the ID 70. Is the national level ID used commonly for any of The National ID in Morocco replaces four documents the following purposes? ƒƒ Birth certificate a. Opening a bank account ƒƒ Certificate of residence b. Obtaining credit or loans ƒƒ Attestation of liveness c. Reporting to the tax authority ƒƒ Certificate of nationality d. Obtaining marriage certificate It is used and requested in almost every aspect of e. Obtaining private health insurance transactional life in Morocco, from opening up a bank f. Enrolling in social insurance programs account to obtaining a passport to getting a driver’s license. The list includes every application that requires g. Qualifying for cash transfers, food or other identification. safety net programs 46 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco h. Getting a cell phone account However it is important to emphasize that the CNIE is i. Obtaining a passport used as a badge. It is not used as an electronic credential that can be integrated online or for mobile transaction. j. Getting a driver’s license It is simply requested and used upon presentation and k. Voting inspection by an agent of the requesting agency or l. Registering a vehicle organization. It is used both for government as well as private applications. m. Purchasing property n. Other, specify __________ 71. In which of these databases would the national, Social insurance programs personal identification number be included? Income tax records a. Social insurance programs Vehicle registration b. Social assistance programs Driver’s license c. Income tax records Voter registration rolls d. Vehicle registration Bank records e. Driver’s license Criminal records f. Voter registration rolls Passport records g. Credit rating agency records Formal employment records h. Bank records Others have not been verified. i. Utility billing records j. Criminal records k. Passport records l. Formal employment records m. Private insurance records n. Other, specify __________ Interagency information flows and interoperability 72. Does the ID agency use IDs to help other Yes, but for one application only. The electronic passport government entities to cross-check databases? is totally dependent on the CNIE records. The bureau Yes/no of passports has established a link into the DGSN which allows them to verify name, family name, date of birth, and nationality of an applicant by simply submitting their CNIE number along with the minimum passport application information. An electronic verification is conducted and a response is sent back to the passport bureau. Fingerprints and photo are transmitted from the CNIE database for the personalization of the electronic passport. In other words, one cannot have an electronic passport without first having a CNIE. This covers the entire traveling adult population. (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 47 Interagency information flows and interoperability  Continued For children above the age of 12 that need a passport they are required to enroll as if applying for the CNIE but they would not be required to have possession of the smart card. Only a CNIE no. is issued to them printed on a paper which is then subsequently used by the passport bureau to verify their identity. The significance of the age of 12 is that it is the minimum age that by a policy, fingerprints (like in Europe) could be captured and de-duplicated reliably. 73. If yes, what kind of cross-checking is done? The CNIE is presented for visual inspection and a. Social insurance and social assistance verification of biographic data. Only the electronic passport uses the CNIE database for cross-checking. b. Social assistance and income tax data c. Social insurance and income tax data d. Property/assets and income tax data e. Public employment status f. Other, specify __________ 74. How many government agencies issue their own Cards are issued for the Social Security, driver’s license, forms of ID cards? RAMED, and other programs but they are not considered a. 1 as a form of ID. The CNIE is really the only form of ID that exists in the country (and its predecessor the CIN). b. 2 c. 3–5 d. 6–10 e. 10+ 75. Are there formal coordination mechanisms Only between the passport bureau and the CNIE between government ID card issuers? Yes/no 76. Are there standards for data formats and No. Each organization has its own data structures. fields that apply across the major government databases? a. Yes, but only for a subset of government agencies/programs b. Yes, and widely applied c. No 77. Are there common ID authentication standards for No transactions in different programs? a. Yes, for most transactions there is a single authentication mechanism b. Yes, for some transactions there is single authentication mechanism c. No 48 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco 78. How many of the major government programs Currently zero require some form of electronic authentication using this ID? a. 1 b. 2 c. 3 d. 4 e. 5 or more 79. How many government programs require Currently zero biometric verification of identity using this ID in order to receive a benefit? a. 1 b. 2 c. 3 d. 4 e. 5 or more 80. Are there any private transactions that use this ID Currently no to electronically verify identity at the point of the transaction? Yes/no Personal data protection 81. Are there explicit rules and regulations as to how There is a law 09-08 which provides legal framework government agencies can link their databases for the protection of data and personal information. using the national ID? Yes/no Interpretation of this law by the CNDP or the Commission national de contrôle de la protection des données à caractère personnel, would impact how government agencies can link their databases. 82. Is there an explicit list of government agencies There is no specification of who can access. Each agency that are allowed to access the national level ID accesses its own information and with limited exception database? Yes/no (the passport) they do not currently share. 83. Is there a standard format for MOUs between No the ID issuing agency and other government agencies? Yes/no 84. Is there legislation on privacy or protection of Yes. The legal framework is provided from three sources personal data that delimits the access and use of ƒƒ Law 09-08 of 2009 data in the national ID database? Yes/no ƒƒ Article 24 of the Moroccan Constitution of 2011 ƒƒ Preamble to the Constitution In general, there seems to be a heightened sensitivity about privacy and this is reflected in the legal framework as well as the activities and heightened profile of the CDNP. (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 49 Personal data protection   Continued One area of concern is the fact that national security is exempted from the application of the privacy and data protection laws. The exemption is very vague. Since the CNIE is issued and managed by the Sureté Nationale, some would argue that none of these provisions are applicable to the national ID. 85. Has a “privacy impact assessment” ever been No conducted? Yes/no 86. Does the legislation establishing the national level No. But Article 5 of the DAHIR which promulgates the ID clearly establish protection of privacy of data? 35-06 law establishing the CNIE limits under penalty of Yes/no law access to information in the smart card or 2D bar code to only government and their agents concerned with national security or administration. 87. If yes to 85, are there ambiguities or broad While no formal privacy impact assessment was made, a exceptions to this protection that could be quick review of the body of law shows that there are very abused? Yes/no ambiguous exceptions for national security that could be exploited. 88. Is the public reporting of exceptional cases of It is published in the body of the law. accessing data (e.g., based on national security threats) required? Yes/no 89. Is there a supervisory body within government Yes. The CNDP responsible for monitoring compliance with privacy and data protection rules? Yes/no 90. Are the penalties for violation of the privacy rules Penalties have not yet been applied or specified. The clearly established and appropriate? Yes/no CNDP has 7 people working and has only been in operation for two years. 91. Is the process for grievance redressal for The CNDP is working on a process for grievance and is individuals who claim their privacy was violated encouraging the public in the meantime to come forward clear? Yes/no on an adhoc basis for help with redress. To date, no case has been dealt with. 92. Is the information that must be provided for In our opinion the information is not a minimum set. obtaining the national level ID the minimum What is being requested goes beyond the core minimum. required for the purposes of this ID? Yes/no Strategic issues 93. Is there a national strategy for identification? No Yes/no 94. Is there a coordination body or steering No committee involving different government agencies and stakeholders that focuses on improving coordination of identification across sectors and programs? Yes/no 50 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco 95. If yes, which of the following are objectives of Does not exist this strategy? a. Reduce coverage gaps b. An integrated national identification system c. Establish a unified system of civil registration and identification d. Reduce leakages in social protection programs e. Reduce exclusion from social protection programs f. Ensure identification for KYC for financial inclusion g. Security and border control h. Other, specify __________ 96. Are there budgetary incentives in place based No on results in terms of the coverage of civil registration and identification? Yes/no 97. Is there a national strategy for communication Yes. Through brochures and a webportal that explains and awareness for the national level ID? Yes/no to the public in Arabic and French the requirements and benefits of the CNIE and presents the laws and decrees that impact it. 98. What approach or approaches are taken for NA extending awareness? a. Periodic information campaigns at local level b. Permanent process of advertisement and dissemination c. Linking ID to specific incentives d. Customizing awareness campaign to specific groups (e.g., indigenous) e. Other, specify __________ 99. Are there specific policies to address the most No vulnerable population groups? Yes/no 100. If yes to question 73, please provide a NA description of this policy 101. What barriers to civil registration and The cost of acquisition is a little high given that each identification have been identified by the individual needs to pay 75 Dirhams. A family of 10 may responsible agency (ies)? have to invest a considerable sum. It is our understanding a. Economic that from time to time the ministry of interior creates campaigns where they are able to cover the enrollment b. Geographic and CNIE issuance cost for a targeted group of poor or c. Cultural vulnerable individuals in certain communities. It is also d. Legal the case that the local authorities do the same. But it is not a systematic policy. e. Religious f. Other, specify __________ (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 51 Strategic issues  Continued 102. Does the responsible agency provide free Yes. But not systematically as they do not have a services for vulnerable groups of the population? targeting system. See answer to prior question. Yes/no 103. If yes, how are these groups designated? (e.g., Targeting is done geographically by the local authorities. targeting mechanism or other criteria) 104. Does the responsible agency have formal No cooperation arrangements with other agencies or organizations to improve inclusion and access to registration and identification documents? a. Yes, with other government agencies b. Yes, with the private sector c. Yes, with international agencies and donors d. Yes, with nongovernmental organizations e. Yes, with other organizations, please specify __________ f. No Part II: Program specific ID (repeat the following questions for each program assessed) 1. What is the name of the program that uses MASSAR. It is not an ID but an identity database and a this ID? system for managing the identity and scholastic needs of students. 2. When was the current form of this ID first issued? Officially 2014 3. How many individual IDs were issued during the 6,512,192 students have already been enrolled in the last year? database. On an ongoing basis it is expected that about 600,000 students would be added annually. 4. How many individual IDs have been issued Same as above since program is brand new cumulatively? 5. What type of program is this? Ministry of Education, identity management for schools a. Social insurance b. Contributory pension c. Health insurance d. Social assistance e. Public works f. Social pension g. Other, please specify __________ 6. What is the total spending of this program (last Figure not available year available and please specify year)? 52 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco 7. Is the card used by individuals or on behalf of No card is used households? 8. How many individuals are direct beneficiaries of Number of students enrolled this program? 9. What type of benefit is provided by this program? No direct benefits but identity management of the a. Food (in kind) student and includes tracking all aspects of the student’s life b. Vouchers for food c. Cash d. Health care e. Access to public works employment f. Educational scholarships or stipends g. Subsidized nonfood goods (fertilizer, fuel, other) h. Other, please specify __________ i. Multiple benefits, please specify __________ 10. What is the name of the agency/ministry that is Ministry of Education responsible for issuing this ID? 11. What is the estimated annual budget directly Figure not available related to issuing IDs? 12. How many employees/staff are directly involved in Figure not available issuing IDs? 13. Is there an operations manual that documents the This is a well-documented IT system; it explains the ID issuance process? enrollment process that school officials need to follow in order to enroll a student, vet that their identity is unique and the system generates a unique identity number for them that will follow them throughout the scholastic life. 14. What information is captured in the ID database ƒƒ Name, and family name for those enrolled? ƒƒ Father’s name or guardian’s name and their national ID a. Name number (will also add mother’s information, currently b. Date of birth not in system) c. Sex ƒƒ Sex d. Address ƒƒ Address e. Ethnicity ƒƒ Socioeconomic variables coming from another system called Taysir which is being integrated into MASSAR f. Religion g. Political affiliation h. Information on parents or other family members i. Socioeconomic variables (income, housing type, etc.) 15. Is a photo captured at the time of enrollment? No Yes/no (continued) Anne x 2:  M e tho dology a nd raw data c ol l ecte d 53 Continued 16. What biometric information, if any, is captured at None enrollment? a. None b. Fingerprints c. Iris d. Digital facial image e. Other, please specify __________ 17. Are biometrics used to deduplicate? Yes/no No 18. What kind of ID card is issued? At the moment None a. None (no card issued) b. Paper c. Bar card d. Mag stripe e. Smart card 19. What information is printed on the face of the NA card? a. ID number b. Name c. Address d. Age e. Sex f. Ethnicity g. Political affiliation h. Religion i. Other, specify __________ 20. What information can be derived from the card NA that is not visible but machine-readable? a. ID number b. Name c. Address d. Age e. Sex f. Ethnicity g. Political affiliation h. Religion i. Other, specify __________ 21. Are biometric data stored on the card? NA Yes/no 22. Are there transactions where the biometrics on NA the card are used to verify identity/authenticate? Yes/no 54 ID4 D C o u nt ry D i ag no s t ic : Mo ro cco 23. What security features (aside from smart NA encryption) are on the card? a. Holograms b. Microprinting c. UV printing d. Laser engraving e. Tactile f. Other, specify __________ 24. How many digits are in the ID number? 10 25. Is there ‘logic’ in the number? Yes/no 1 digit—codes region 2 digits—for year of creation of number 7 digits—serial number 26. Are there clear rules for access to the data Yes. Access is only granted to Ministry of Education maintained by the program? Yes/no authorized individuals. 27. How often must the ID be replaced? NA a. Never b. Less than every five years c. More than every five years 28. How much does the ID cost to issue? Not known 29. How much is the individual enrolled charged for Nothing this ID? a. Nothing b.