ID4D Country Diagnostic: Kenya © 2016 International Bank for Reconstitution and Development/The World Bank 1818 H Street, NW, Washington, D.C., 20433 Telephone: 202-473-1000; Internet: www.worldbank.org Some Rights Reserved This work is a product of the staff of The World Bank with external contributions. The findings, interpretations, and conclusions expressed in this work do not necessarily reflect the views of The World Bank, its Board of Executive Directors, or the governments they represent. The World Bank does not guarantee the accuracy of the data included in this work. The boundaries, colors, denominations, and other information shown on any map in this work do not imply any judgment on the part of The World Bank concerning the legal status of any territory or the endorsement or acceptance of such boundaries. Nothing herein shall constitute or be considered to be a limitation upon or waiver of the privileges and immunities of The World Bank, or of any participating organization to which such privileges and immunities may apply, all of which are specifically reserved. Rights and Permission This work is available under the Creative Commons Attribution 3.0 IGO license (CC BY 3.0 IGO) http:// creativecommons.org/licenses/by/3.0/igo. Under the Creative Commons Attribution license, you are free to copy, distribute, transmit, and adapt this work, including for commercial purposes, under the following conditions: Attribution—Please cite the work as follows: World Bank. 2016. ID4D Country Diagnostic: Kenya, Washington, DC: World Bank License: Creative Commons Attribution 3.0 IGO (CC BY 3.0 IGO) Translations—If you create a translation of this work, please add the following disclaimer along with the attribution: This translation was not created by The World Bank and should not be considered an official World Bank translation. The World Bank shall not be liable for any content or error in this translation. Adaptations—If you create an adaptation of this work, please add the following disclaimer along with the attribution: This is an adaptation of an original work by The World Bank. Views and opinions expressed in the adaptation are the sole responsibility of the author or authors of the adaptation and are not endorsed by The World Bank. Third Party Content—The World Bank does not necessarily own each component of the content contained within the work. The World Bank therefore does not warrant that the use of any third-party-owned individual component or part contained in the work will not infringe on the rights of those third parties. The risk of claims resulting from such infringement rests solely with you. If you wish to re-use a component of the work, it is your responsibility to determine whether permission is needed for that re-use and to obtain permission from the copyright owner. Examples of components can include, but are not limited to, tables, figures, or images. All queries on rights and licenses should be addressed to World Bank Publications, The World Bank, 1818 H Street, NW, Washington, DC, 20433; USA; email: pubrights@worldbank.org. Contents About ID4D............................................................................................................................................................... ii Acknowledgments...................................................................................................................................................iii Abbreviations........................................................................................................................................................... iv 1. Introduction...........................................................................................................................................................1 1.1 Motivation..........................................................................................................................................................................................................1 1.2 High-level findings.........................................................................................................................................................................................1 2. Overview of the system......................................................................................................................................4 3. Components of the system................................................................................................................................ 7 3.1 Civil registration: Births, deaths, and marriages...............................................................................................................................7 3.2 Registration of aliens and refugees......................................................................................................................................................9 3.3 National registration of Kenyan citizens.............................................................................................................................................9 3.4 The Integrated Population Registration System (IPRS)............................................................................................................. 12 3.5 Privacy and data protection.................................................................................................................................................................. 13 4. The demand for identification: Citizens and some institutional clients................................................... 15 5. Recommendations............................................................................................................................................. 19 Annex 1: Legal and institutional framework ......................................................................................................26 Annex 2: Draft comments on the DP and NRI bills 2012..................................................................................28 Annex 3: List of people met..................................................................................................................................32 Tables and figures Table I. Policy Recommendations............................................................................................................................................................... 23 Figure 1: Kenya’s System for Registration and Identification..............................................................................................................4 C onte nts i About ID4D The World Bank Group’s Identification for Development (ID4D) initiative uses global knowledge and expertise across sectors to help countries realize the transformational potential of digital identification systems to achieve the Sustainable Development Goals. It operates across the World Bank Group with global practices and units working on digital development, social protection, health, financial inclusion, governance, gender, and legal, among others. The mission of ID4D is to enable all people to access services and exercise their rights, by increasing the number of people who have an official form of identification. ID4D makes this happen through its three pillars of work: thought leadership and analytics to generate evidence and fill knowledge gaps; global platforms and convening to amplify good practices, collaborate, and raise awareness; and country and regional engagement to provide financial and technical assistance for the implementation of robust, inclusive, and responsible digital identification systems that are integrated with civil registration. The work of ID4D is made possible with support from World Bank Group, Bill & Melinda Gates Foundation, and Omidyar Network. To find out more about ID4D, visit worldbank.org/id4d. ii ID4 D C o u nt ry D i ag no s t ic : Kenya Acknowledgments This report was prepared in 2016 by Alan Gelb, Vasumathi Anandan, and Arleen Cannata Seed as part of the Identification for Development (ID4D) initiative, the World Bank Group’s cross-sectoral effort to support progress toward identification systems using 21st century solutions. It was made possible through the generous support of the partners of the ID4D Multi-Donor Trust Fund (Bill & Melinda Gates Foundation and Omidyar Network). This report benefited greatly from the inputs and reviews by Robert Palacios, James Neumann, Mia Harbitz, ID4D team and the Global Practice members of the ID4D Working Group of the World Bank Group under the supervision of Vyjayanti Desai. This report would not have been possible without the insights and support of the Government of Kenya including representatives from the Kenya National Bureau of Statistics, the National Drought Management Authority, the National Treasury, the Department of Civil Registration, the National Registration Bureau, the Independent Electoral and Boundaries Commission, the National Social Protection Secretariat, the Integrated Population Registry System, the Directorate of Immigration and Registration of Persons, the Ministry of Health, the Council of Governors, the Ministry of Labor, the Hunger Safety Net Program, and representatives from the Department for International Development, the World Food Programme, the International Finance Corporation, and Safaricom. Ack now l e d g m e nts iii Abbreviations AFIS Automated Fingerprint Identification System ASAL Arid and Semi-Arid Lands CBS Central Bureau of Statistics CIC Commission for Implementation of the Constitution CRD Department of Civil Registration DIRP Directorate of Immigration and Registration of Persons DPA Data Protection Agency DP Data Protection FOI Freedom of Information GoK Government of Kenya ICTA Information Communication Technology Authority ID4D Identification for Development IEBC Independent Electoral and Boundaries Commission IPRS Integrated Population Registry Service HSNP Hunger Safety Net Program KYC Know Your Customer KNBS Kenya National Bureau of Statistics KTCIP Kenya Transparency and Communication Infrastructure MOI Ministry of Interior and Coordination of National Government MOVE-IT Monitoring of Vital Events through Information Technology MIRP Ministry of State for Immigration and Registration of Persons MPESA Mobile Money NADRA National Database and Registration Authority NDMA National Drought Management Authority NIHF National Hospital Insurance Fund NRB National Registration Bureau NRI National Registration and Identification Bill NPR National Population Register iv ID4 D C o u nt ry D i ag no s t ic : Kenya NSSP National Social Protection Safety Net Policy NRB National Registration Bureau PIN Personal Identification Number RENIEC Registro Nacional de Identificación y Estado Civil SDG Sustainable Development Goals UNICEF United Nations Children’s Fund UNHCR United Nations High Commissioner for Refugees UID Unique Identity Number WFP World Food Program A bbr e v i ati ons v 1. Introduction 1.1 Motivation Identification schemes are key enablers for the effective delivery of services and more broadly for the quality of engagement between a country’s government and its citizens. Legal identity is now recognized as an essential element of development; target 16.9 of the Sustainable Development Goals (SDGs) refers to the provision of universal legal identity, including through birth registration, by 2030. Legal identity is central to the rights set out, for example, in the Declaration of Human Rights and the Convention on the Rights of the Child. In addition, effective identification is important for at least ten of the other SDGs. This assessment of Kenya’s ID system was undertaken under the umbrella of the World Bank Identification for Development (ID4D) initiative. Its general objective is to map out the system, identify its ID assets and suggest areas where they can be strengthened. More specifically, the Bank is engaged in supporting a number of transfer and similar programs that place particular demands on identification systems through the National Safety Net Program for Results and is also financing the Kenya Transparency and Communications Infrastructure (KTCIP) project to scale up digital inclusion and e-Government. This project includes the digitization of registration data. In order to address these issues a World Bank mission visited Kenya May 18–28. Its broad objective was to better understand the nature and capabilities of Kenya’s ID system, its role in development and how best to work with the country to strengthen this. The mission also sought to assess the ID system from the perspectives of the identification needs of the operational engagements and their current and potential role in strengthening the system of civil registration and identification. The mission met with stakeholders from both the supply and demand sides of the ID system and thanks the Government of Kenya for facilitating open and comprehensive discussions. 1.2  High-level findings Kenya has a well established system for the civil registration and identification of its population. Birth registration dates back to 1904 although the initial process was limited to births by European and then Asian residents before being later extended to the entire population. The ID card system can be traced back to 1915. Today, a birth certificate is required to enroll in school and to sit examinations, while the widely held national ID card, together with its associated number, is required to access virtually all government services, file taxes, register mobile SIM cards, receive cash transfers, enroll in pension and social insurance programs, open banking and mobile money accounts and to be registered into the voter roll. Identification is based on tokens (cards, certificates) with a range of process checks by officials at central and local (county and subcounty) levels as well as the use of technology to help sustain the integrity of the system and to limit identity fraud. Data from the different sources including birth and civil registration, alien and refugee registration and the national population register are being combined into an integrated population registration service (IPRS). Although this is a work in progress, the IPRS is accessed by a growing number of authorized public and private entities to verify the credentials presented by individuals. Kenya is also starting to transition to e-Governance. Nationwide, e-Government Services are being shifted into an e-Citizen web portal. County- level multiservice (Huduma) centers have been established, with the objective of widening access to services and bringing e-Government to the people. 1.  I ntrod u cti on 1    Under the ID4D program identification systems are assessed against three main criteria: the robustness of the credentials; how widely they are held across the population, and whether the ID system is, in fact, integrated into a wide range of uses. A fourth criterion is the strength of the legal framework for data protection and the privacy of personal data. Measured against the first three criteria, Kenya’s system has considerable strengths, including the creation of a functioning national ID system with wide coverage. Processes are ongoing to shift to a fully digital system and to expand the scope of e-Governance. Efforts are also in progress to facilitate change management and build the capacity of civil servants to cope with the rapidly evolving digital ID ecosystem. For each of the three ID4D assessment criteria the rating would be in the middle of the range. Nevertheless, areas for improvement have been identified. The system has a number of limitations: A. Lack of a strong integrated focus. The components of the registration/identification system have traditionally functioned in silos, each with its specific mandate. Unlike countries such as Peru or Pakistan, Kenya does not have a single authority mandated to provide identification services across the population. This implies considerable duplication of registration facilities as well as disjointed data from the various agencies. There is also no unique “number for life” to identify individuals from cradle to grave. B. Limited registration coverage and application gaps. Estimated rates of birth and death registration, at 63% and 45% respectively, are too low to provide a solid foundation for the national registration system. Coverage of the ID card system is probably quite high (poor death registration makes it impossible to distinguish the number of active cards from the number issued) but it appears to be lower in the poorest and border areas, particularly in the North, that have the lowest rates of birth registration and the highest percentage of vulnerable people and are also of the greatest concern from a security perspective. The use of the system to support e-Government applications on a decentralized basis, including through the Huduma centers, is constrained by still-limited connectivity. Not all users (administrators of various services) of ID services have full access to the consolidated population registration data that enables a check of the validity of an ID card. C. Outdated technology: manual processes and paper records. The system has only recently begun to evolve from paper-based to digital processes and from paper records to digital databases with some important components still needing to be scanned and digitized. Some key databases lack emergency backup and/or off-site backup. The heavy reliance on manual processes, as well as weak birth and death registration and an ID number without check digits increases the potential for error and possible ID fraud. 2 ID4 D C o u nt ry D i ag no s t ic : Kenya D. A focus on verifying documents rather than authenticating people. The biometric data collected in the process of registration, i.e. 10 fingerprints and photo, is not readily accessible to help authenticate individuals against their ID credentials. As a result, several programs have developed, or are developing, independent biometric systems for this purpose, raising the prospect of costly incompatible systems. The problem of individual identification (as opposed to the validation of credentials) will become more urgent as the system shifts to remote applications. E. An evolving legal framework. The increasing accumulation of personal data in electronic formats raises the importance of strengthening the legal framework around data privacy. Kenya does not yet have data protection legislation as the 2012 Data Protection Bill is still under consideration. Kenya will need to pass legislation covering data protection and the privacy of personal data, and to ensure that its identification system is fully compliant with its requirements. F. The need to look ahead. All of these issues are relevant in the context of the current system of registration and identification. They are also important as Kenya looks to the future, towards its “Third- Generation” ID system. Even as Kenya is able to impart valuable lessons to other countries, it may be able to learn from the experience of selected countries that have introduced improved approaches and in some cases new technology to create more advanced identification systems. 1.  I ntrod u cti on 3 2.  Overview of the system National registration processes in Kenya are governed by the Constitution and a range of existing and proposed legislation (see Annex 1 for a listing). These laws also provide for the establishment and operations of the various institutions responsible for managing these processes. The Draft National Registration and Identification Bill 2012, currently under discussion, would combine the separate processes and institutions responsible for births, deaths, immigration and the issuance of IDs. Figure 1 shows a representation of the main components of the system. The Department of Civil Registration has the mandate to register births and deaths and to issue the appropriate paper certificates. The registration of aliens is done by the Department of Immigration Services which provides visas and residence permits to aliens and passports to citizens. Refugees are registered by the Department of Refugee Affairs which works with UNHCR and also provides work permits to refugees who qualify for them. Figure 1: Kenya’s System for Registration and Identification Ministry of Interior Ministry of Interior Ministry of Interior Ministry of Interior Civil Registration Immigration, National Registration Birth/Death Passports, Refugee Registration (NRB) ID Card AFIS Marriage Visas Program IDs for IPRS Voter ID Social Transfers Central Database (Requires National (Requires National (National Population ID Card) ID Card) Register) Elections Tax Driver NSSF NHIF KNBS Register Register Register Register Register Register Police Banking Research Education Health Insurance Security Mobile Agencies 4 ID4 D C o u nt ry D i ag no s t ic : Kenya The National Registration Bureau (NRB) is the fourth major registering agency. Its mandate is to register citizens at the age of 18 and to issue national ID cards and numbers to applicants who meet the criteria for citizenship. It collects biographic and biometric data through its application process. The NRB is the key agency responsible for determining individuals’ claims to Kenyan citizenship. The NRB also operates the system-wide Automated Fingerprint Identification System (AFIS) that checks against possible duplicate or multiple registrations. The AFIS includes the fingerprints of all citizens, aliens and refugees that have been registered into the system. Since 2008 birth registrations have required the entry of the names of the parents (at least of the mother) and their national ID numbers, creating a feedback loop with civil registration that was not previously required. Selected data from these sources is then captured by the Integrated Population Registry Service (IPRS), a separate department under the Ministry of State for Immigration and Registration of Persons (MIRP). The mandate of the IPRS is to enable authorized public and private entities to conduct a validation check on identity documents issued by the previous agencies, in particular the national ID. The IPRS can be accessed by financial institutions, mobile operators, drivers’ services, tax authorities, and a widening range of other entities but not by individuals. There is at present no charge for access to its information. Figure 1 also shows two functional IDs that are discussed below. Social transfer programs have introduced their own biometric systems to enable them to authenticate their clients. Similarly, the Independent Electoral and Boundaries Commission (IEBC) uses its own biometric systems to register voters and authenticate them against voter lists at the polls. These systems involve separate enrollment exercises but all require a national ID as a condition of enrollment. Each of the components of the system operates under its own specific mandate and the flow of information between them has a number of noteworthy features. First, as in many other countries Kenyan citizenship is not granted on the basis of birth on national territory but on the basis of ancestry. It requires that at least one parent can demonstrate Kenyan citizenship. Because the national ID number of the parents, which provides prima facie evidence of citizenship, has only been included in applications for birth registration since 2008, for the next 11 years even applicants for national ID cards who can produce birth certificates will need a “vetting” process to consider whether they are indeed entitled to citizenship. Some birth registrations are applied for a number of years after birth, and officials flag this as a concern regarding their integrity. Especially in the border counties many births are to parents without ID cards and therefore of undetermined citizenship. There is therefore not a smooth flow of identity for life between birth/civil registration and the national ID issued to citizens. 2.  Ov erv ie w of the syste m 5 Second, systems are not yet interoperable. Birth registration records have only recently been scanned into PDF form and are still in the process of being keyed into a relational database. Records for aliens are still held in paper files. There also needs to be an auto-update from Civil Registration to the IPRS. The system has therefore not yet achieved full digital data integration. Third, there is not yet automatic transmission of data on deaths for those deaths that are actually registered (which requires the surrender of the ID card of the deceased) to the other parts of the system. This, together with the low rate of death registration, means that a genuine ID card and record provides no proof that the holder is actually alive. This makes it impossible for Kenya to have an accurate citizen count and also increases the potential for ID fraud. Fourth, the AFIS system used by the national registration department to de-duplicate applications for ID cards (as well as for the registration of aliens and refugees and the inclusion of their fingerprints into the AFIS) is designed to accept 10 inked rolled prints that are recorded on a standard form and subject to manual quality control. It is not currently set up to respond to requests from other users of identity services to authenticate individuals based on the submission of digital prints. This means that apart from very specific applications (such as detention and inked fingerprinting by the police or security services that can then be compared with the records) the authentication of individuals against their ID cards can only be on the basis of biographic information, such as the matching of number, name place and date of birth and visual comparison of photo and signature and one fingerprint image. Since ID cards do not expire there will be many where these images are not current. The NRB database can be used to access the more extensive biographic data collected at enrollment, such as parentage and more detailed information on birth location and community, but the system does not make full use of the extensive biometric information generated in the application process—and also again in the process of re-registration which is needed in the event of a lost or damaged card—to authenticate individuals. The system therefore has limited ability to rapidly and reliably authenticate individuals, rather than the credentials they present. Authentication may be needed, for example, by a border post seeking to verify an individual crossing the border, by a pension administrator concerned that the claimant is still alive, or by officials seeking to authenticate voters at the polls. As it is now, entities seeking to use biometric data to authenticate individuals who have been entered into their registers on the basis of national ID cards and numbers need to create their own authentication systems. The system is quite highly integrated in terms of the use of the ID card and the ID number, but is less integrated in terms of the authentication of individuals against their credentials. Fifth, the data being accumulated in the IPRS is ever more extensive and potentially of commercial value. While the IPRS implements business rules that restrict the range of data that can be shared with each authorized user, it does not yet appear to have formulated clear polices on the privacy of individual data including in response to potential queries driven by commercial interests as well as queries from individuals seeking to access their own data and check it for accuracy. 6 ID4 D C o u nt ry D i ag no s t ic : Kenya 3.  Components of the system 3.1  Civil registration: Births, deaths, and marriages Kenya’s Birth and Deaths Registration Act CAP 149 provides the legal foundation for this component. The activities of the Department of Civil Registration were initiated in 1904 but initially covered only European births before extending to Asian births and later to all births. By 1971 it was compulsory to register all births and deaths occurring in Kenya for the entire population. The Department now has 107 branches providing services throughout Kenya’s 47 counties. On average, a branch is responsible for an area of 5,475 sq km and around 400,000 people. Both area and population per branch are very large in international context.1 Particularly in the North the spatial density of branches is low, with only around two per county. Only 29 branches out of the 107 have internet connectivity. Approximately 60% of births and 20% of deaths take place in institutions. For these, there is a process to document them and their rate of registration is high. For the many births that take place outside facilities the Department operates on a decentralized agency model at the level of the sub-location, an administrative unit usually headed by a subchief. Chiefs and subchiefs are paid public servants; they serve administrative units of different areas and population sizes but a subchief might typically be responsible for one or two thousand families and for the reporting of a considerable number of births per year. The mother of the child initiates the birth registration process while the chiefs and subchiefs complete the registration as well as the process of reporting deaths.2 The standard time to produce a paper birth certificate after the filing is reported to be around one month. Previously, there was little control on who could apply to have a copy of a birth certificate but new controls seek to limit the provision of certificates to the persons concerned. The birth number consists of 12 digits and is generated by the local registration office. The number consists of the subcounty code (3 digits), the year of birth/death (4 digits) and a running number (5 digits) assigned to events in sequence as they occur from the beginning of the year. This set of 12 digits is referred to as the birth entry number. Birth registration is mandatory and must be completed within 3 months of the birth, but many births are registered much later or not registered at all. A regular birth certificate costs 50 KSHS as does a regular death certificate. Late birth registration (after 6 months) costs 150 KSHS. Enforcement of the statutory penalties for failure to register or for late registration (which can include 3 months prison time) is considered impractical. Kenya’s rate of under-5 birth registration, at 63%, conceals wide regional variation. Rates are as high as 90% in more developed and urban areas and as low as 20% in the sparse arid and semiarid areas, particularly in the North. The reasons for low birth registration include a lack of motivation by parents to register their children in advance of any particular need and challenges of access to distant facilities. Local officials do not appear to place a high priority on incentivizing registration. Registration requests tend to increase in particular periods, such as the start of the school year or the need to register for examinations. Though 1 For comparison, each registration agency in Brazil covers 1128 sq km and 15,000 people; see Measure Evaluation 2013, “Kenya: National Civil Registration and Vital Statistics System: Baseline Systems assessment Report” April 18. Brazil has a lower population density than Kenya, at 24 versus 80 persons per sq km. 2 As an illustration, suppose that the area includes 1000 women with an average fertility rate of 4 and a childbearing span of 25 years. The average number of births reported per year would then be around 160. For more detail on the registration process see Measure Evaluation 2013. 3.   Compone nts of the syste m 7 required in principle, the birth registration number is not used to track individuals through their schooling on a continuing basis to provide a record. Some registration requests even come at the point at which an identity card is required. Although a birth certificate is included as one of the documents that can be submitted to support an ID card application, in practice it is not essential for obtaining the card. This has possibly also contributed to low demand for birth certification. In addition, birth registration forms collect 28 fields of information, and there could possibly also be some unintended impact on registration from the 2008 inclusion of fields for the ID numbers of parents in the case of parents unsure of their own status and lacking IDs and reluctant to apply for them. Rates of death registration at around 45% are lower than for births. While deaths that take place in institutional facilities are reported, the incentive to register other deaths is low unless there is an estate to be settled or a terminal pension benefit to be collected. Most local deaths are believed to be known by the relevant subchiefs but, as in the case of births, the families of the deceased do not have any incentives to report death. In addition, few of the chiefs or assistant chiefs have the knowledge needed to provide useful information on the cause of death—a problem that also affects death reports from hospitals and clinics. New programs are under way to increase the rate of birth registration by building a relationship between health service delivery and civil registration. This has potential since the rate of immunization coverage stands at around 96%. Most mothers and babies have already come into contact with health services within the first four months after birth. Efforts to boost the rate of birth registration include the MOVE-IT (Monitoring of Vital Events through Information Technology) program, an innovative partnership between the Department of Civil Registration and the Ministry of Health.3 Community health workers, usually volunteers who are paid a modest allowance, are provided with software that enables them to report the incidence of a geo-coded birth to the local subchief and to a central database using mobile phones. The number of birth registrations initiated by the subchief can then be compared in real-time against the number of births reported in his/her subcounty. This is expected to help the subchief to locate births and also incentivize the filing of registration reports by providing an indicator of how well he/she is carrying out the registration activities mandated by law. Initial results of MOVE-IT suggest that the program still has a way to go before it can overcome historical inertia. Although some 3,000 births were reported by health workers in the first months of the MOVE-IT program, it is understood that only around 120 have been officially registered and that none of these have yet received birth certificates. Actions may be needed to publicize and energize the program, perhaps including highly visible recognition awards to those subchiefs and community health workers who achieve large increases in registration rates. In addition, there could be further steps to streamline and digitize the process and devolve more responsibility for registration to health workers with sign-off by the assistant chiefs. Incentives would need to be provided to ensure that health sector workers see registration as an essential part of their mandate. Marriage registration is complicated by the multiple forms of marriage recognized in Kenya’s multiethnic society, including traditional marriage and polygamous marriage. The Marriage Act of 2014 (Cap 150) mandates that traditional marriages be registered within 6 months but compliance, as for death certification, is likely to be less than complete. Many children are born to mothers who are not in formal relationships (they may well be in established relationships) although the picture differs between social groups. The civil registration data collected by the system is therefore not able to provide a picture of the complex family structure of the Kenyan population, even though parent’s details, including their National ID numbers, should now be recorded at the time of birth registration. A comprehensive picture is probably beyond the capability of the identity system for some time to come so that programs that need information on de facto dependents and family structure will need to secure this through their own surveys. Civil registration documents are in the process of being digitized. Birth registration records are grouped into sets of 250 and bound into volumes. The original copy of the record is kept at the local branch of the 3 For more detail on MOVE-IT see http://www.who.int/healthinfo/civil_registration/crvs_report_it_2013.pdf 8 ID4 D C o u nt ry D i ag no s t ic : Kenya department and the duplicate copy is held at the Department in Nairobi. With some 60 million records this translates into two sets each with about 250,000 books. The central set has been scanned into PDFs and is in the process of being digitized into a relational database by 80 data entry personnel using single-entry and a check by a second operator. Reportedly about 75% of the data entry has been completed. Only when this task is done will it be possible to check for likely duplicate birth registrations.4 The death certificates have been digitized and fed into a relational database. But the records have not been checked against the IPRS. Both the paper-based data and the digital databases containing civil registration records are vulnerable. While duplicate copies of the paper records exist at the branches for registrations outside Nairobi, there is no off-site backup of paper records for Nairobi registrations because these are handled in the Nairobi office. In terms of the digital databases, scans and data are backed up by on-site tape storage in the Department of Civil Registration (CRD) offices in Nairobi but there is no off-site backup facility. 3.2  Registration of aliens and refugees The Directorate of Immigration and Registration of Persons (DIRP) and the Department of Refugee Affairs register aliens and refugees respectively. Registrations for aliens and refugees are separate but the data systems are similar. The registration of aliens is provided for by the Kenya Citizen and Immigration Act and the Kenya Citizens and Foreign Nationals Management Service Act. Immigration provides passports to citizens and visas and residence permits to foreigners in three centers, Nairobi, Mombasa and Kisumu. The process of registration of refugees in Kenya is regulated by the Refugees Act Cap 173. It is undertaken in collaboration with United Nations High Commissioner for Refugees (UNHCR) which implements its own refugee registration system that is used in providing relief; in the process, UNHCR takes a picture and two index fingerprints. The number of registered refugees in Kenya is over 620,000. Most originate in Somalia but there are sizeable numbers from South Sudan, Burundi and other countries. Many have been born in Kenya and know no other country; some have lived in Kenya for over 20 years. It is not always easy for the authorities to distinguish between refugees and other aliens and Kenyan nationals of similar ethnicity. The Department of Refugee Affairs also provides work permits to refugees who request them and qualify. Data collected in registration is shared with the National Identification Bureau to enable the latter to search across all registrations made in Kenya when issuing ID cards. This is essential, since individuals can be motivated to acquire zero, one or two ID cards (both refugee and citizen) depending on their particular situation and the benefits attached to each type of registration. Records for immigration services have not yet been digitized. They are held in some 2 million paper files, covering several floors of the Department’s office building in Nairobi. They are therefore vulnerable to fire, floods or other disasters. While many records are inactive and of little likely value apart from possible historical interest, the vulnerability of the active files is a matter of concern. 3.3  National registration of Kenyan citizens The legal basis for Kenya’s current system of national registration is CAP107, a series of legislation that has been amended and extended many times. Registration dates back to 1915 when the Native Registration Ordinance made it compulsory for all male natives over the age of 16 to wear a metal container (the “Kipande”) around their necks. This contained the registration certificate and fingerprint of the holder, and 4 Double birth registration is possible if parents initiate the process at the place of occurrence and also at the place of residence. It can also happen if the family did not collect the certificate at the time of birth and are unable to locate the original birth notification slip when they apply for a new certificate; it may then be easier to re-register than to go through the lengthy search process to locate the original. The ongoing shift to digital registration together with the inclusion of the parents’ national ID numbers in the birth documentation should alleviate these problems. See also Measure Evaluation 2013. 3.   Compone nts of the syste m 9 was an instrument to enforce labor control under the colonial regime. In 1947 the Kipande was replaced by an identity booklet. In 1980 legislation was amended to include women and the booklet was replaced by the “First Generation” paper identity card. This was replaced in 1995 by the smaller credit-card size “Second Generation” card, also a laminated paper card. This in turn was upgraded to the present plastic card in 2011 without fundamentally changing its features. The current generation of IDs therefore dates back to 1995, the last time that the population was re-enrolled. The card includes basic information [name, sex, date and place of birth, date and place of issue] a photo, a signature and an image of one fingerprint. It also includes a sequential 8-digit national ID number (just a sufficient number of digits to cover a population the size of Kenya’s) as well as a 9-digit serial number. The information on the front of the card is machine readable on the back. There is no expiry date for the card requiring the cardholder to re-register. Since 2007 there have been intentions to move to a “Third Generation” e-ID card with a chip and enhanced security features, but these have not materialized because of financial constraints. Three efforts to move forward have been stalled by procurement disputes. ID cards are mandatory for all Kenyan citizens at the age of 18 and registration is normally around that time. An ID card is considered to be a security and citizenship document as much as identification and the processes for registering and re-registering cardholders reflect this reality. Some 24 million cards have been issued to date, with an additional 1.2 million registrations each year, but the number of active holders cannot be determined since the records may contain some duplicates and inactive records of the dead.5 While coverage is believed to be high in the more developed and urban areas, it is lower in the poorer and more arid border counties, particularly in the North. One indication of coverage in these areas comes from beneficiary registrations conducted by the Hunger Safety Net Program (HSNP) in four poor Northern counties. These found that around 20% of target households did not have one or more adults with an ID card; this suggests an individual registration rate on the rough order of 50% for this group in these areas. This number is speculative because it is not clear whether the probability of an adult having a card is positively or negatively correlated with whether another adult in the same household has a card, and also because of lack of clarity on whether all individuals covered by the registration actually qualified for Kenyan citizenship and were therefore entitled to a card. Some might not be sure that they would be recognized as eligible, as an effort to expand registration resulted in only a modest take-up. More recent registration exercises involving the World Food Program (WFP) suggest that the percentage of adults without an ID card might now be lower than found by the 5 A rough calculation based on estimates of adult deaths over 1995–2015 and assuming a constant rate of ID coverage and death reporting suggests that the coverage of the ID card could be in the range of 88%. 10 ID4 D C o u nt ry D i ag no s t ic : Kenya HSNP but the exact percentage will differ by locality. Age can also be a factor with surveys suggesting that the most elderly are less likely than others to have an ID card. Determining citizenship can be a complex process in countries like Kenya where eligibility is not determined simply by place of birth. Not all Kenyan applicants for ID cards have birth certificates and some of those that have them may be suspected of having acquired them by fraudulent means. Birth registrations before 2008 did not include the national ID numbers of the parents, and so do not in themselves provide evidence of eligibility. The civil registration record now includes both the numbers and inked thumbprints of parents as a check of identity. Especially in border areas the application process often includes a “vetting” procedure by identification committees that can include public officials such as chiefs or deputy chiefs, community elders, security agents, and an officer from the national registration bureau. The first step in an application involves an initial submission by the applicant to the local chief or subchief, together with supporting documents. After authorization the application moves to the next stage, which involves the formal local process for vetting the applicant and preparing the application. This can include interviewing the applicant, taking testimony from his/her family and references, and reviewing supporting documents. The latter can include birth certificate, school-leaving certificate, parents’ registration and other evidence. The review process can be centered in one of the 600-plus branch offices maintained by the department. Fingerprints are used to help ensure that the same applicant is involved throughout the process. Following this step the applicant completes the formal application. The package includes two separate fingerprint forms each with 10 ink rolled prints in sequence and impressions of the full fingers of each hand to check that the order of the fingerprints is as specified by the form. The package is signed, stamped and sent to Nairobi for a validation check. This first involves a document check, including any birth certificate data against the records and verification that the prints match those from the finger sequences. At this point a national ID number is generated and linked to the barcode that connects the set of documents. One set of fingerprint images is retained in paper form as a backup while the other set is scanned into the AFIS and checked against a unified database that includes the prints of all persons registered in Kenya, citizens, refugees and other aliens. Refugee fingerprints are provided by the Department of Refugee Affairs; this works with UNHCR but carries out its own registration technology compatible with the national system. If a duplicate entry is discovered the application is referred for further investigation. If it is eventually disallowed the identity number is revoked and never reused. Manual follow-up may also be required in the case that the fingerprint impressions are low quality; this is reported to occur in one or two percent of the cases.6    6 Some of those interviewed indicated that they had come across rare cases of two separate people linked to a single ID number. This should not be possible and they attributed it to error, possibly sometime in the past. It was not clear whether they had managed to check the credentials against the IPRS database. 3.   Compone nts of the syste m 11 The standard time for processing an application is reported to be one month but can be variable. On the positive side, the “My ID My Life” program is reported to have helped enroll a large number of citizens prior to the 2013 election, suggesting that the system does have the capacity to respond to surges in demand. However, the experience of the HSNP with mass efforts to enroll identified beneficiaries in four Northern counties suggests that the time can be far longer in situations when the authorities have concerns about the bona fides of the applicant. In the rare cases where an application is made by a Kenyan resident and rejected, the data, including fingerprints, is understood to be retained on file whether or not steps are taken to remove the person from the country. ID cards have no expiry date requiring re-registration and the updating of pictures and other personal information, but there are many applications for new cards because of loss or damage to an existing card. Re-registration involves a check of biographic information against the details captured by the application form and in the database as well as a new photo and signature. It also requires submission of a full set of 10 ink rolled prints that are compared by the AFIS against the record. These new prints, as well as the new photo and signature, are added to the record while preserving previous versions. This enables information to be updated at each re-registration while maintaining continuity of the record. When an ID card is checked by the appropriate authorized entity, they can access the record of all previous registrations. The AFIS system operated by the NRB is designed to work with the particular ink form so that shortcuts, such as verifying fingerprints taken by a digital slap fingerprint scanner against the previous prints, are not possible. However, a process is understood to be under way to develop templates from the JPEG fingerprint images that would enable comparisons against digital prints.7 The outcome of this effort is not expected before 6–8 months. It would represent a step forward in enabling the ID system to readily authenticate individuals against their credentials without requiring re-registration. For example, a border post would be able to digitally authenticate entrants claiming Kenyan citizenship or legal residence against the fingerprint templates attached to her/his ID number. As described below, the capability to authenticate persons is urgently needed by some other important users of the ID system. 3.4  The Integrated Population Registration System (IPRS) The aspiration of the IPRS, (a department under the Ministry of State for Immigration and Registration of Persons), is to provide an integrated and unique identity service starting from birth. However, it is constrained by reality to accept the different starting registration points in Kenya as well as the fact that each other component of the system has its own particular mandate. The main current role of the IPRS is to enable authorized entities to check the validity of identity documents, in particular the national ID card. 7 Thales is implementing this project. 12 ID4 D C o u nt ry D i ag no s t ic : Kenya The IPRS draws on several databases, including those from civil registration, citizen registration, and the registration of aliens and refugees. The relevant data fields are pulled by the IPRS from the source databases, in principle several times a day, to ensure an almost real time data record. In total, the IPRS includes data relating to 42 million records although not all individuals may be living. The data records are distinguished by an internal 14-digt PIN that links them together for an individual. The IPRS does not run de-duplication checks, that being the responsibility of the NRB. At 15 Terabytes, storage capacity is reported to be adequate for at least a further 6 million records. The IPRS dataset has a mirror off-site backup at a data facility some 15 miles outside of Nairobi. The biometric data stored by the IPRS (fingerprints, images and signatures) are held as JPEG images, biographic data in separate fields that can be queried by Oracle-based software. In some cases the IPRS may cross- check and interpolate to fill in certain fields. For example, in cases where the ID card data only includes the year of birth it will check to see if a corresponding birth record can be located to provide the information. Security is maintained through firewalls and tokens for authorized users as well as by segmenting the data and restricting users’ access to only authorized data fields but data are not encrypted. The IPRS reports responding to around 1.5 million electronically generated identity related queries per day. These mainly come from the financial sector but are increasingly coming from other agencies as more are connected into the system. Citizens can, for example, apply online for a tax ID and PIN; the tax department will then query the IPRS to ensure that the name and number match the records. Some 20 firms are currently waiting to become authorized users of the IPRS and the number is growing. Since the mandate of the IPRS is to respond to queries about the authenticity of credentials (not of persons), it provides only limited information in response to queries, essentially the data embedded in the credential (for an ID card, name, number, date and place of birth and issue, picture, signature and fingerprint image) but it can also provide previous versions, for example when the individual concerned has had to replace his/her ID card. The ability to easily verify ID numbers against names in the central database is particularly important in Kenya since the ID number has no check digits. Common mistakes such as entering a wrong digit or transposing digits are therefore not immediately apparent when entering the number, increasing the likelihood of errors. Kenya may want to rethink the structure of its ID number at some future stage, but for the present the IPRS check constitutes the main control against errors. 3.5  Privacy and data protection Article 31 of Kenya’s Constitution protects the right to privacy, including the right of individuals not to have information relating to their family or private affairs unnecessarily required or revealed. It does not yet have data protection legislation but a Data Protection Bill 2012 has been drafted and is under discussion. Issues of privacy and data protection must also be considered within the context of the Draft National Registration and Identification Bill 2012. Comments on these two draft bills are set out in Annex 2. Some of the points noted relate to the fact that the two issues—data protection and national registration and identification—are being considered separately. This conforms to the practice in some other countries so is not unusual, but it is not presently clear how the provisions of the data protection bill will be reflected in the design of the identification system and its regulation. 3.   Compone nts of the syste m 13 Data protection and privacy are important issues for Kenya, which has made great strides in ICT development in the past few years and is now considered to be a leader within Africa.8 The government’s focus on developing an ICT-enabled country has contributed to development of a robust ICT landscape. Citizens have a generally positive appreciation of technology partly, no doubt, because of the extraordinary success of mobile communications and mobile money and the use of that platform for a variety of purposes. There is scope to position the country as a digital center for Africa, and it is important that this positive attitude is not undermined by lapses in the protection of personal data, including data collected in the course of administering social transfer programs.9 8 http://siteresources.worldbank.org/EXTINFORMATIONANDCOMMUNICATIONANDTECHNOLOGIES/Resources/ 282822-1346223280837/ICTCompetitiveness.pdf 9 For discussion of this issue in Kenya and reference to studies ongoing see http://www.saspen.org/home/wp-content/uploads/ 2015/01/Newsletter-VII-Oct.-Dec.-2014.pdf 14 ID4 D C o u nt ry D i ag no s t ic : Kenya 4.  The demand for identification: Citizens and some institutional clients Demand for identification services is high in Kenya, for reasons including national security and the security and convenience of transactions undertaken by typical citizens. ID credentials are accepted as part of life by individuals; they are required for virtually all transactions with public agencies as well as to access financial services and engage in the formal economy. Not having an ID card (or an equivalent credential for noncitizens) is therefore a serious barrier to inclusion. Towards an e-Economy. Following on from its remarkable and pioneering success in the development of mobile money and a platform for a growing range of digital payment mechanisms and other services, Kenya is also taking important steps towards e-Government, including electronic access to data and public services, e-payment, e-Procurement, electronic tax filing and other areas. These are increasingly integrated into e-Citizen, an integrated one-stop shop electronic service portal. This now has 295,000 registered users, with the number growing by 6,000 per day. Fees and payments collected average KSH 8 million daily, for services such as the issue of provisional driving licenses and the renewal of licenses and passports, business name searches and registrations and others. e-Citizen is now ranked the number 52nd website in Kenya in terms of popularity. Log-in is by name and ID number and the systems checks the combination against the IPRS. Not all of the government services are completely automated yet, but the objectives include increasing convenience for citizens and reducing costs and corruption associated with access to and payment for services. An ultimate goal, as expressed by some officials, is to minimize the role of cash and effect a transition to a largely e-economy. This trend is set to accelerate further and for many years even though several factors constrain the rate of expansion. While cell phone ownership is widespread and networks cover about 70% of the territory, part of the population is not connected. The first Huduma center (Pilot Model CSC) was inaugurated in Nairobi, followed by 11 more counties from January to July 2014, 25 counties from July to December 2014, and 10 counties from December to July 2015. Huduma Centers are multi-service centers that provide a range of electronic services such as driving license renewals and test booking, procurement opportunities for youth, women and disabilities, a cybercafé operated by young Kenyans and a hotline and desk to report instances of corruption. One Nairobi center attracts between 6,000 and 12,000 people every day. However, broadband connectivity is limited and costly, and many of the county-level centers lack connectivity or have poor connectivity. Most are affected by the unreliable power supply across large parts of the country that can cause outages lasting several hours. These obstacles have to be overcome for Kenya to become a full e-economy. In addition, political resistance can be expected from those that stand to lose from the transition to electronic services. A fully electronic process for building permits, for example, would cut out the facilitators and middlemen who now intervene in the process and extract a markup that has been suggested to be around 60% of the official fee. Perhaps for such reasons, the integration of property and business registration into the system has been slower than expected. Some 4.  T he de m a nd for ide ntifi cation: Citize ns and some institutiona l c l i e nts 15 60% of properties in Nairobi are reported to be mis-registered and not all owners can be expected to welcome the increased scrutiny and tightened property tax net that can be expected to follow from a data cleanup. Individual agencies also face transitional costs, including those related to the digitization of their processes and records. Nevertheless, the trend is clear, and Kenya’s move towards an e-economy and an e-society needs to be considered as an important factor shaping its future needs for e-Identity, including the ability to authenticate individuals remotely. The Financial System. The financial sector, including access to mobile money, is an important user of identity services. Opening any bank or mobile money account requires the holder to provide a national ID. Registering for a SIM card also requires an ID or for foreigners, a passport. The sector is also responsible for the largest share of the ID verification queries sent to the IPRS. Kenya has gone further than many countries in integrating information on the holders of financial accounts. An amendment to the Banking Act in 2007 gave rise to the Credit Reference Bureau Regulation in 2008. This mandated banks to share data on nonperforming loans. In 2012 this was extended to the sharing of positive credit history, setting the stage for a credit information system. Microfinance institutions were mandated to share information and nonbank credit providers such as utilities allowed to join the system. The first phase led to a substantial decline in the share of nonperforming loans, while the second phase has been associated with an increase in the number of loans and a decline in the proportion of secured loans. The system is managed by the Association of Credit Providers, located in the School of Monetary Studies. Strong customer identification, including the ability to look across accounts owned by a single individual, is also seen as critical for effective Know Your Customer (KYC) enforcement and to ensure that Kenyan institutions are able to maintain and build correspondent relations with institutions abroad. Individuals with Mobile Money (MPESA) accounts can receive and send transfers to the UK subject to daily limits on each individual account holder. Direct account-account transactions within established daily limits are facilitated by Western Union for 60 countries, with MTN for 10 African countries and with Vodaphone for Tanzania and South Africa. Nineteen hawala providers were recently integrated into the system. One priority for the financial system is to ensure that all Kenyans have robust national IDs to eliminate regulatory barriers to financial exclusion. Another is to better integrate identification for those under the age of 18—who are not yet eligible for ID cards—to increase access of younger clients to finance. Looking forward, as in other countries Kenya’s financial system will face the challenge of remote authentication of individuals, going beyond PINs, passwords and tokens towards a wider set of possibilities. The Independent Election and Boundaries Commission. The Commission is both a client for ID services and a driver of the spread of ID across the population of eligible voters. Kenyan voters are required to produce an ID card to be included in the voter roll; the mobilization of supporters by political parties is therefore an important driver for enrollment in the national ID program. The Commission has 800 permanent staff and services 290 constituencies. Kenya has an advantage relative to some other countries where the national ID is not held widely enough to provide a basis for the voter roll. These countries hold costly one-off voter registration drives that produce no lasting impact on the availability of ID services to the population. Having the national ID as the entry point for voting should ease the task of the Commission which accepts the uniqueness of the ID number as a check against duplicate voter enrollments. Nevertheless, the Commission carries out a 16 ID4 D C o u nt ry D i ag no s t ic : Kenya separate biometric enrollment of voters (four fingers and face) in order to authenticate them at the polls. For the 213 elections, 14.4 million voters were enrolled in one month using 15,000 voter registration kits. Both voter registration and voter identification involved the use of very costly proprietary technology. According to the critical report of the Auditor General, the cost of the biometric voter registration and identification kits amounted to $113.7 million, which would represent $7.90 per voter.10 This is far above the expected unit cost of civil or national registration. One priority for the ID system is to reduce the number of Kenyan citizens without a national ID and therefore ineligible to vote; this would also make less necessary the kind of intensive registration drive required in the past. A second priority is to move towards a more integrated system that does not require separate and costly rounds of biometric registration and voter identification. Social Protection. In 2012 Kenya approved the National Social Protection Safety Net Policy (NSSP) to ensure that the design and implementation of programs is coordinated and to help scale up social assistance programs, including through financial transfers, and to move towards more efficient and cost-effective ways of delivering them. The five major programs that constitute the National Safety Net Program, NSNP (one now terminated), cover some 500,000 recipients and it is planned to scale this up to 1 million. All require beneficiaries, or at least adults in the beneficiary households, to be identified by way of a valid national ID card. The card’s veracity can be validated by an icon/link that can be authenticated against the IPRS. As is the case in a number of countries, the programs are linked to a single beneficiary registry to limit access to multiple programs. The national ID card and number provide the ability to de-duplicate the registry. Three of these programs use custom payment arrangements effected through agents of two designated banks, Equity Bank and the Commercial Bank of Kenya. Because the programs pay out to designated recipients or caregivers such as older persons, persons with disabilities, orphans and vulnerable children, they need to have some mechanism to authenticate them to ensure that they are still living, so that they use a biometric smart-card for two-factor authentication. In the case of children, and elderly with mobility issues or person with severe disabilities, the authorized caregiver is enrolled and authenticated to receive benefits on behalf of the child, but the children are not enrolled biometrically.11 Each of the two banks has thus implemented its own custom biometric program. These are not interoperable and a change in the financial intermediary used for a program would necessitate a new and costly enrollment. The HSNP program seeks as to promote normal financial inclusion and pays through mainstream accounts with Equity Bank. As for any other accounts these require a National ID. Since the HSNP is a family-based program with periodic beneficiary eligibility recertification it does not cease on the death of any particular member of the household as long as the family continues to meet the eligibility criteria. The WFP implements several types of programs in Kenya, cash transfers, direct in-kind distribution to households, distribution to schools and nutrition centers. Some 400,000 individuals were identified as eligible and of these around 200,000 are currently enrolled into the programs and receive transfers. The trend is to move away from in-kind support and towards financial transfers. Recipients for the programs need to be well identified. Ration cards cannot be renewed more often than every two years as this is costly and in some locations dangerous, so that programs face the problem that many cards are sold to others— who continue to receive benefits—when the original holders leave the area or the program. Incorporating UNHCR’s biometric registration of refugees into the process has resulted in savings of $1.3  million per month. This saving is reportedly enough to cover the cost of the registration, at around $4.7 million, over a few months of the program. Office of the Auditor General 2014: Special Audit on Procurement of Electronic Voting Devices for the 2013 General Election by 10  the Independent Electoral and Boundaries Commission. June 6. The cost of voter registration kits was $97 million, and of voter identification kits $16.7 million. The total cost of the elections appears to have been around $300 million. 11 Authenticating the caregiver provides no assurance that the children are alive but provides a check that the card has not been lost or stolen and that the person who accepted responsibility for the children is receiving benefits. 4.  T he de m a nd for ide ntifi cation: Citize ns and some institutiona l c l i e nts 17 Strong and unique national ID is therefore central to social protection programs as they are being rolled out in Kenya. One important ID priority is to minimize exclusion; these are typically the poorest and most vulnerable members of society. As described above, there appear to be areas and groups in Kenya where coverage of the ID program is less than complete. Special provisions could be considered for these areas, for example extending the hours of subcounty offices or supplementing them in sparse areas through mobile registration services, an approach followed in countries like Peru and Pakistan that have especially targeted under-registered communities and areas. In the absence of high ID coverage, programs can seek out an identified adult as a contact point for assistance—for example, for a household where there is no member over the age of 18. In some cases they have operated on substitute program IDs on a temporary basis; however, this is strongly discouraged since it introduces the risk of multiple payments into the program. The other priority area for some of the programs is to be able to authenticate individuals, especially remotely (i.e. off-line). This is not at present possible with the national ID as the IPRS system validates the credential not the holder. Pensions. Civil service pensions provide another user perspective on the demand for ID services. Kenya has some 233,000 civil service pensioners, more than the number of current civil servants (199,000), and pension payments represent a very substantial cost to the Treasury. Pensioners are identified by their employee service numbers as well as by their NID numbers. All civil service pensions are paid directly into bank or mobile accounts. The pension registry is not, however, set up to connect into the IPRS; the check has to be manual as the pension data systems are not internally connected. One consequence is that there is less check against ID errors and frauds. These are known to exist, for example payments have been made to the wrong persons because of errors in identification. The Pensions Department sees two further priorities for identity services. The first—for pensioners who are still living at the time they exit the civil service—is to be able to authenticate claims that the main beneficiary is still living. Pensions typically continue to pay benefits to dependents for a period of five years after the death is certified so there is no incentive to report death. As a result, the pensions department plans to re-register all pensioners together with their biometrics and to require them to recertify life status every six months. This approach would present a formidable logistical challenge, particularly to reach beneficiaries living in the more remote parts of the country. It would be far more cost-effective to have such a system made available in a uniform way through the national ID system so that one authentication mechanism could serve a number of applications.12 The second need is accurate identification of the beneficiaries that are dependents. Especially in rural areas this is normally done through the local administration. As noted above, it will probably be outside the capability of the central system for some time. Voice biometrics is increasingly being used for remote authentication but it would need to be carefully assessed for accuracy in 12  the Kenyan context. 18 ID4 D C o u nt ry D i ag no s t ic : Kenya 5. Recommendations Kenya has made a substantial investment in the development of a functioning identity system. This puts it ahead of many countries, including in Africa, that have yet to consolidate a national system as a basis for providing people, firms and government agencies with a sound basis for legal identification. There is also clear demand for identification services; they are recognized as integral to the realization of citizenship and participation in the formal economy. Although Kenya has substantial identity assets, there is room for actions to strengthen the present system in ways that are needed to build a sound foundation for the future. There is also the need to think longer term about the kind of identity system—the “Third Generation” system—that Kenya should aspire to. This area is evolving rapidly and in addition to offering lessons to others Kenya can benefit from the experience of other countries. Strengthen focus and increase capacity to manage a strong integrated registration/identification system The components of the current system have traditionally functioned in silos, each with its specific mandate. Unlike countries such as Peru or Pakistan, Kenya does not have a single authority mandated to provide identification services across the population. This implies duplication of registration facilities as well as disjointed data; there is also no unique “number for life” to identify individuals from cradle to grave. Kenya should constitute a focal point for identification services, to help coordinate the approaches and activities of the several government entities that constitute the system as well as support from funding institutions. This would align with the intent, as set out in the Draft National Registration and Identification Bill, to combine the functions now being undertaken. The focal point could be complemented by a user group representing several of the major customers of the system such as finance, health, social protection and the Elections Commission, to provide a perspective on the nature of future demand for identification services. Such an integrated approach to registration and identification services could save resources and improve services. For example, the 107 civil registration centers could be integrated with the 600-plus national registration centers to create a stronger service network. This would also help to increase the current low density of civil registration facilities and to boost registration. Increase civil and national registration rates Birth and death registration rates are not high enough to provide a solid foundation for the national registration system. National registration rates, though higher, seem to be lower in the poorest and border areas, particularly in the North, that have the lowest rates of birth registration and the highest percentage of vulnerable people and are also of the greatest concern from a security perspective. The MOVE-IT program should offer incentives to increase the rate of birth registration and potentially also the registration of deaths. As a first step these could include positive reinforcement through recognition prizes and other public exposure to celebrate local officials and health workers who post large increases in registration rates. Other measures could be considered if this is not sufficient, such as streamlining the registration process so that it can be carried out at the point of birth, with health workers enrolled as primary registration agents and equipped with mobile registration technology. The process of documenting parentage would be eased by improvements in the ability to authenticate persons as outlined below. The registration of deaths could be improved through some similar approaches but is complicated by the need to create capacity to provide useful information on cases of death. 5.  R ecom m e ndati ons 19 As well as strengthening civil registration, Kenya also needs to ensure that all citizens have access to national ID credentials. Special efforts are needed in remote and border areas, including longer hours for local administrative offices, outreach to citizens and mobile registration units. Such approaches have been used successfully by countries like Peru and Pakistan that have also faced difficulties in registering poor isolated populations. It would also be appropriate to consider the registration status of long-time residents who are not citizens and who have not been registered as either resident aliens or refugees. It is not in Kenya’s interests to have undocumented people resident on its territory. There is also the possibility of loss of nationality by children born of temporary residents, undocumented persons or refugees, with the consequence that they become stateless. This is a concern for much of Africa as expressed by the recent report on the Right to a Nationality by the African Union. Kenya, like other African countries, might consider its policies on nationality against the recommendations of that report.13 Strengthen and update technology and connectivity Kenya’s system has only recently begun to evolve from paper-based to digital processes. Some key databases lack emergency backup and/or off-site backup. Reliance on manual processes, weak birth and death registration and an ID number without check digits increases the potential for error and possible ID fraud. Not all users (meaning the administrators of various services) of ID services have full access to the consolidated population registration data that enables a check of the validity of an ID card. The digitization of birth and death certificates should be completed as well as the digitization of active records in the department of immigration. Backup facilities are needed for both paper and electronic files. Interoperability of the system can be improved by strengthening the links between key databases. Access to the system should be improved for key users, such as the Pensions Department. Telecommunications links should also be strengthened to enable more remote border posts to communicate fully with the system. Verify people in addition to verifying documents Kenya’s ID system does not at present have the capacity to offer individual authentication except in limited ways and not remotely. In response, a number of disparate vendor-specific biometric systems are being implemented or contemplated by various users and programs. These have serious implications for future cost and flexibility, and need to be headed off by the development of a national system that would also be available to other users, for example border posts. The problem of individual identification (as opposed to the validation of credentials) will become more urgent as the system shifts to remote applications. One approach within the current system is to develop templates from the current biometric images held by the NRB that can be compared with fingerprints read from mobile digital scanners. If sufficiently high quality, the templates would provide the system with the capacity to authenticate individuals remotely against the central IPRS database. As for India’s Aadhaar program, this would enable the central database to provide a simple yes/no response to authentication queries from border posts, financial institutions, pension programs and other authorized users. If re-registration is necessary, as noted below, it could be prioritized on a flow basis to meet the needs of key users. Establish an adequate legal framework for registration and identification The increasing accumulation of personal data in electronic formats raises the importance of strengthening the legal framework around data protection and privacy. Kenya will need to ensure that its identification system complies with the principles set out in the 2012 Data Protection Bill when this becomes law. Annex 2 offers some comments on the draft legislation. African Union 2015: The Right to a Nationality in Africa. January 29. 13  20 ID4 D C o u nt ry D i ag no s t ic : Kenya Look to the future Looking to the future, Kenya can consider a number of alternative options for its “Third Generation” e-ID system. Countries offer examples of a wide range of institutional and technical alternatives. It could be useful to plan a visit to India and Pakistan by a group from Kenya that combines representatives from both the ID providers and ID users. In terms of institutional alternatives, some countries have created a central provider of identity services such as Registro Nacional de Identificación y Estado Civil (RENIEC) in Peru or National Database and Registration Authority (NADRA) in Pakistan. Both are public institutions and are respected for their technical capability and the quality of the services that they offer. NADRA, for example, consolidates all of the functions now performed in institutional silos in Kenya. It operates without budgetary allocations, relying on fees levied for providing identity services in Pakistan to banks, border security and virtually all sectors of the administration and the economy, as well as successful bids for foreign contracts to provide identity services. Financial incentives encourage performance and responsiveness to needs for identification; in addition, de-linking of the provision of identity services from particular government ministries increases confidence in its independence. The proposed consolidation of Kenya’s system as set out in the Draft National Registration and Identification Bill 2012 could pave the way towards such an integrated high capacity service provider. Technology also varies widely across country systems. It is understood that current thinking on the Third Generation system envisages the use of iris and digital face biometrics, in addition to fingerprints. The costs and benefits of more complex biometrics need careful consideration. Iris has been successfully used in India and also in Indonesia’s national system. It is not necessary for accurate identification for a population the size of Kenya’s but it has some advantages, including high power, a low rate of failure-to-capture (eyes are self-cleaning and do not become degraded by manual labor) and the possibility of capture at a young age. It is now becoming integrated into mobile devices and this should reduce costs. Kenya should avoid a proliferation of public programs that capture biometrics using different incompatible systems. The transition to the future system could be facilitated by introducing stronger individual authentication on a flow basis. This would involve setting uniform, consistent and open standards for biometric re-registrations as well as for particular groups where this is urgent, such as pensioners and recipients of social transfers and safety net programs. This would also accelerate registration to the standards required by the “Third-Generation” system. Technology procurement is a challenge for many countries. India’s Unique Identity (UID) Program has pioneered the use of open, standards-based procurement, an approach that has reduced costs and increased competition between vendors. India’s UID enrollment costs, at $1.16 per head, are the lowest in the world. Kenya, like India, should move to a “plug and play” system. Kenya also has a range of options when considering its future ID card. Some countries have moved from simple ID cards to multipurpose ID smartcards. Others, like Estonia (which has possibly the world’s most advanced e-ID system) offer single-purpose cards and, more recently, mobile-based IDs. The benefits of integrating a banking card into the ID card may well be lower in Kenya than in other countries because of the remarkable penetration of mobile money. India’s UID program has dispensed with ID cards altogether, relying on remote biometric authentication of citizens and other residents. Kenya may not wish to move completely to this extreme, but India’s experience offers a useful example of the benefits of enabling a wide range of options for authentication to complement a strong core identification system. Towards a unique number from birth. Several users of Kenya’s ID services have flagged the desirability of having identity centered around a single life-cycle number. This is the case in many countries, as in Uruguay where the birth certificate and the national ID number are issued at birth with the number of the child 5.  R ecom m e ndati ons 21 linked with those of its parents.14 Unlike in Uruguay birth on Kenyan territory does not confer citizenship; however, citizenship is far easier to document for most new births since the ID credentials of the parents are included in the data taken for the birth certificate. Especially as it strengthens birth registration, Kenya could therefore streamline the registration process for many of its citizens and this, in turn, would increase the incentives to register births. The process of issuing a national ID credential could be pushed back to a younger age to reduce the interval between birth and national registration and further increase the integrity of the registration process. The draft National Registration and Identification Bill makes provision for registration between the ages of 12 and 17 but some countries are now registering children at younger ages. India’s Aadhaar program is registering children as young as 5 years old and, seeking to combat child trafficking, Mexico has also successfully registered children at a similar age. Both systems use fingerprints and iris. Summary recommendations and identified support Table 1 provides a summary of recommendations some of which, especially in the area of technology, can be supported by the Kenya Transparency and Communications Infrastructure Project (KTCIP), (P094103). As background to this project, The Government of Kenya has made good progress on establishing a foundational system for e-IDs through collaboration between the Ministry of ICT and the Ministry of the Interior. Within the Ministry of ICT, technical implementation is facilitated by the ICT Authority (ICTA) under the direction of its CEO. In 2007, the Government of Kenya (GoK) and the World Bank signed the KTCIP whose development objectives are: (i) to contribute to lower prices for international capacity and extend the geographic reach of broadband networks, and (ii) to contribute to improved government efficiency and transparency through e-Government applications. The first objective has been substantially reached and the second objective is now the focus of the project. Digital identities are rapidly becoming essential for citizens to access e-Government applications and as a result, several activities already undertaken within the project relate to digitization of birth and death certificates, which form the basis of an identity system. This work has already yielded substantial benefits, and as a result of this assessment, the team has agreed to apply additional resources to addressing some of the recommendations in this report. It is recognized that additional resources will be required to address the remaining recommendations, and discussions are under way as to the establishment of a new project to tackle these areas. The only exception is for births to parents in the service of a foreign government, such as diplomats. Births outside the country to 14  Uruguayan nationals are also entitled to citizenship. 22 ID4 D C o u nt ry D i ag no s t ic : Kenya Table I. Policy Recommendations Theme Activities Actions A 1. Create a focal point for Identification 1. Ministry of Interior to convene. KTCIP Strengthen focus on Services and a user group represent- can support: either through the current identity management ing major users of the ID system. Project Manager for e-Government or assign this role to a new consultant. 2. Integrate the 107 civil service reg- 2. Ministry to Interior to review the roles istration centers with the 600+ and functions of the various service national registration centers, wher- centers and consolidate. ever possible at the Huduma Centers. B 3. Establish incentives to register 3. Ministry of Interior in coordination Increase rates of (including for chiefs) who achieve with Ministry of Health. Using the civil and national near 100% registrations under their MOVE-IT databases, analyze the report- registration jurisdictions. ing data and establish a yearly prize for the government agency which best uses the national ID system 4. Streamline the registration process 4. Ministry of the Interior for birth/marriage and death registra- tions, and for national ID card acqui- sition and increase the geographic reach of registration facilities by establishing mobile registration units for the rural areas. 5. Identify individuals who cannot 5. Ministry of the Interior. This will help prove Kenyan citizenship but who are the GoK to have a reliable count of not yet declared stateless. Assign a undocumented persons in the country temporary and uniquely identifiable so as to improve security information. number until status is confirmed. C 6. Digitize all remaining Birth and Death 6. KTCIP support to the Ministry of Inte- Strengthen system Certificates (DC) and ensure that rior could be continued to establish a technology these are continually updated, and sustainable process for continual updat- (KCTIP: USD that the databases are updated in a ing of the digitization and the database 12.5 million) consistent way. entries. Establish which activities are triggered by the DC and create links into these systems. 7. Digitize active Department of Immi- 7. KTCIP can provide support to the gration Records and add them to Department of Immigration for this a relational database, ensuring that activity. ongoing active records are continu- ally scanned and update the database. Information from the DCs should be sent to the IPRS for updating. Older inactive records can be indexed and stored in acid-free boxes. (continued) 5.  R ecom m e ndati ons 23 Continued Table 1.  Theme Activities Actions 8. Protect both paper and electronic 8. KTCIP can provide support to the CRD files by establishing a backup facility and the Department of Immigration for for the CRD records and for those of this activity. the Department of Immigration 9. Improve interoperability of the 9. ICTA to examine the interoperability records by establishing links between requirements of each of the systems, the CRD’s vital statistics databases, establish data flow routines and cre- the Department of Immigration’s data- ate links between the systems such bases, the Pensions databases, etc., that data flows continually and in real and the IPRS. (For example, Pension time between the relevant government Department requires access into the institutions. Full completion of this work IPRS as is done for Social Protection is likely to take longer than the duration to verify the identify information of of the KTCIP, but analytical and tech- government pensioners. nical preparatory work can be under- taken. (This would eliminate the need for manually inquiring from each of the MDAs the names of civil servants due to retire.) 10. Increase access to the system for key 10. a) KTCIP can provide support to assist users such as Banks, other govern- key users to establish URL links to the ment departments and certain UN IPRS along with appropriate security agencies, NGOs, etc. to establish measures. authentication of their end users. b) KTCIP can provide support to the Department of Immigration with telecommunication links, training and equipment at the border posts. 11. All existing systems and new sys- 11. ICTA to establish standards (open stan- tems should use a common open dards) and help existing systems and standard which will allow for ease of newly developed systems to increase authentication. interoperability. 24 ID4 D C o u nt ry D i ag no s t ic : Kenya Theme Activities Actions D 12. Establish the IPRS as the one defini- 12. Ministry of Interior. This would elimi- Introduce the capacity tive source of biometric identifica- nate disparate systems for identifica- to authenticate tion. tion. Authentication should be available individuals as well as on a yes/no basis from the IPRS. credentials 13. Digitize templates for fingerprints. 13. Ministry of Interior and focal point for Re-register individuals on a flow basis ID services. Approach will depend on if needed to improve the capacity for the success of ongoing effort to digitize remote authentication. Depending on inked prints. decisions on “Third-Generation Sys- tem” data may include digital face and IRIS scans 14. All existing systems and new systems 14. ICTA to establish standards (open should use a common open standard standards) and help existing systems for authentication. and newly developed systems to ensure interoperability. E 15. GoK to consider alternative options 15. Ministry of Interior, focal point for Towards the future for “Next Generation” e-ID system. ID services and user group. Include system to provide consideration of national registration at lifetime e-ID to all birth. In addition, to support to the ID system the KTCIP project and the ICT Authority manage the Kenya Open Data Initiative, KODI. In order to increase access to information, the team has agreed to strengthen the offerings on the KODI site with important datasets from the Kenya National Bureau of Statistics (KNBS): Increase access to information KNBS has large numbers of valuable KTCIP KODI team can facilitate this population-related datasets that work through its Open Data site. should be displayed on the Kenya Open Data Initiative (KODI) site. The KODI and KNBS teams should develop a plan for the systematic and sustainable flow of information from the KNBS to the KODI site. 5.  R ecom m e ndati ons 25 Annex 1: Legal and institutional framework The national registration processes in Kenya are governed by the Constitution and a number of existing and proposed pieces of legislation. These also provide for the establishment and operations of various institutions charged with the responsibility of managing these processes: Civil and National Registration and Immigration ƒƒ Births and Deaths Registration Act of 1928, Cap 149 (2012) provides for the notification and registration of births and deaths. It also provides for the period and mode of registration of these births/deaths. It establishes the office of the Principal Registrar of Births and Deaths, and provides for the appointment of registrars and deputy registrars for various areas. ƒƒ Age of Majority Act of 1974, Cap 33 (2012) provides for the general age of majority (18). ƒƒ Registration of Persons Act of 1949, Cap 107 (2012) provides for the process of registration of persons and the issuance of their identity cards. It provides for the appointment of principal registrar, provincial and county registrars. ƒƒ Kenya Citizen and Immigration Act of 2011, Cap 172 (2012) provides for matters relating to citizenship, issuance of travel documents and immigration matters (including foreign nationals management). It provides for the appointment of the Director of Citizenship and Immigration. ƒƒ Kenya Citizens and Foreign Nationals Management Service Act of 2012, Cap 174 (2012) provides for the establishment of the Kenya Citizens and Foreign Nationals Management Service whose primary function is to create and maintain the administration of the national population register and oversee the implementation of policies and laws relating to births and deaths, identification and registration of citizens, immigration and refugees. ƒƒ Marriage Act of 1902, Cap 150 (2008) provides for marriages in Kenya and provides for the establishment of the office of the Registrar General, Deputies and Assistant Registrars of Marriages. Marriage certificates are issued for each marriage registered. ƒƒ Refugees Act of 2007, Cap 173 (2012) provides for the recognition, protection and management of refugees. Establishes the Department of Refugees with the Commissioner of Refugee Affairs as the department’s head. It provides for the criteria and circumstances in which refugee status will be granted, denied or revoked. ƒƒ Draft National Registration and Identification of 2012. This Bill currently under stakeholder consultation proposes to provide for the notification and registration of births and deaths, identification of Kenya citizens and issuance of documents of registration and identification. It proposes to combine the separate processes and institutions regulating and responsible for birth, death, immigration, issuance of IDs and refugees. Other ID Credentials ƒƒ Kenya Revenue Authority Act of 1995, Cap 469 (2013) establishes the Kenya Revenue Authority as a central body for the assessment and collection of revenue, for the administration and enforcement of the laws relating to revenue. The KRA issues Tax Pin numbers for purposes of collection and receipt of revenues. ƒƒ National Hospital Insurance Fund Act of 1999, Cap 255 (2012) provides for establishment of a National Hospital Insurance Fund and the provision through which contributions to and the payment 26 ID4 D C o u nt ry D i ag no s t ic : Kenya of benefits out of the Fund. Contributing persons are issued with a National Hospital Insurance Fund card. ƒƒ National Transport Safety and Authority Act of 2012, Cap (2012) provides for the establishment of the National Transport and Safety Authority. The NTSA issues national drivers licenses. ƒƒ Pensions Act of 1950, Cap 189 (2007) provides for the grant and regulating of pensions, gratuities and other allowances in respect of the public service of officers. Pensioners are identified using payroll pension numbers. ƒƒ National Social Security Fund Act of 2013 (2014) provides for the establishment of a National Social Security Fund, and the processes of contributions to and the payment from the Fund. The Fund issues a National Social Security Fund Card to all contributing person. Data Protection and Privacy ƒƒ Draft Data Protection and Privacy Bill of 2012. This bill currently under consideration provides a framework for protection of public data and citizen privacy. Kenya also has a number of administrative and legal mechanisms whose objective is to foster synergies between the various institutions. While in principle this can help to resolve silo problems, it appears that cross institutional synergies are yet to be fully realized. Examples of institutional integration include: ƒƒ The Kenya Citizens and Foreign Nationals Service Board consists of Principal Secretaries from Immigration, Foreign Affairs and Internal Security. ƒƒ The Refugee Affairs Committee consists of representatives from Ministries relating to internal security, refugee affairs, foreign affairs, local government, health, finance, planning and immigration. It also has representatives from the State law Office, Police and the National Registration Bureau. ƒƒ UNHCR now shares various reports on refugees with the Civil Registration Department and the Kenya National Bureau of Statistics. ƒƒ An Inter-Agency Technical Working Group as well as a sector working group that brings together the institutions for planning, budgeting and quarterly reporting as a thematic area under the Governance, Justice, Law and Order Sector. ƒƒ Increased collaboration between the Civil Registration Department, Ministry of Health and Kenya National Bureau of Statistics on death certificates and causes of death. Anne x 1: Legal and institutional f ra m e wor k 27 Annex 2: Draft comments on the DP and NRI bills 2012 Draft comments on the draft Data Protection Bill 2012 (DP Bill) and draft National Registration and Identification Bill 2012 (NRI Bill) The following are comments on the draft Data Protection Bill 2012 (DP Bill) and the draft National Registration and Identification Bill 2012 (NRI Bill). We have endeavored not to duplicate the comments and observations contained as part of the broader technical review process. These comments have been prepared without—and are subject to—local law advice. We have not reviewed (or received) the Freedom of Information Bill (FOI Bill). No separate analysis has been conducted on, and accordingly no inference should be drawn with respect to: (i) the broader legal and regulatory environment within which these legislative instruments will operate; or (ii) how the proposed scheme(s) will interact with other laws which permit the collection, use and disclosure of information. General comments It would appear that there is still more work to do on both bills. The question for the Government of Kenya (GoK) is whether these concerns should be addressed prior to submitting the bills to Cabinet and then the legislative process, or as part of the Parliamentary reading process. Some jurisdictions have elected to treat the subject matter covered by the DP Bill and the FOI Bill in a single, integrated piece of legislation. It seems Kenya has elected to do so through two bills and some of the issues raised below arise as a result of this structure. Practice is mixed on this issue, with some countries (e.g., Canada, Ireland) electing a single instrument and others going with separate instruments (e.g., UK). One of the main issues is to ensure that the single Commission which will oversee both pieces of legislation, and referred to in the DP Bill, is subject to a consistent and coherent suite of statutory obligations and powers. The application of the DP bill to data collected and used under the NRI bill is also uncertain. We are aware of a number of existing laws in Kenya that might affect the rights and obligations under the DP Bill. As such, it would be advantageous to identify specifically any existing legislation that will be amended, abrogated or repealed as a result of the passage of this bill. We are always available to provide GoK with assistance in addressing issues prior to submission of the drafts to Cabinet. Comments on the NRI bill Safeguards on personal privacy and data security. The NRI bill does not appear to include robust safeguards in the areas of digital authentication, collection, storage, use and dissemination of information, necessary to protect individual privacy and protect personal data. The DP bill may provide a mechanism for ensuring 28 ID4 D C o u nt ry D i ag no s t ic : Kenya that information collected under the NRI bill is protected, however, these two legislative instruments do not seem to be linked explicitly. GoK could consider including provisions aimed expressly at addressing: (a) the use of alternative means— to establish identity for purposes of securing services; (b) the physical national identity card—including limiting the purposes for which the card can be used and sanctions to prevent it being required for other purposes; (c) the information on the card—to prevent unauthorized access to, collection or misuse of information on the card; (d) the information on the system—to prevent unauthorized or unintended uses and disclosures, including unauthorized information sharing; and (e) rights of individuals—to ensure transparent rights to access and, where necessary, challenge and correct information on their card and in the system. An independent process of monitoring and enforcement (e.g., via an ombudsman or privacy commissioner) may also be helpful to further safeguard individual rights. GoK might consider including provisions which prescribe expressly (i) what information may be disclosed, (ii) to which agencies, (iii) under what circumstances, and (iv) the conditions of disclosure. Certain categories or types of disclosure(s) may need additional consideration and safeguards, including regard to the local legal context (including any constitutional or other legislative or procedural rules around due process) governing the rights of law enforcement agencies to access information, including any biometric components stored on the registry. The NRI bill could also include a mechanism for individuals to seek a remedy where they have been denied services or suffered loss, as well as creating sanctions and penalties against individuals or bodies (public and private) that breach these protections. Moreover, it is important that the legislation is not relied on by itself to protect individuals’ privacy. A robust privacy framework can only be achieved by a rigorous combination of design, technological, legislative, and oversight measures. The bill is silent on technical design issues regarding the card, national database, card readers, etc., which should form part of the overall data privacy and security framework. Additional remarks on the NRI bill. With reference to specific provisions in the draft NRI bill, the following section is intended to highlight our general remarks above regarding safeguards on personal privacy and data security. It is not intended to be exhaustive. Art. 18 provides that “[a]ny institution, in the exercise of its lawful function, may require production of a certificate of birth and such requirement shall be lawful.” There is no definition of “institution” and it is not clear whether this power is intended to be limited to public authorities or whether and in what circumstances it may extend to private actors (e.g., financial institutions under “know your customer” regulations). Art. 28(1)(b) contemplates the collection and maintenance of “biometrics.” However, the term biometrics is not defined and it is not specified whether this includes some or all of, e.g., iris, fingerprint(s), DNA, etc. The bill also does not appear to contemplate that specific protections and safeguards may be needed to guard against the inappropriate use or disclosure of such biometric information. Art. 28(2) confers on the Director the power to ensure the protection and confidentiality of the data or information contained in the registration and database systems, etc. However, it does not impose mandatory obligations around the protection of such information. Nor does it appear to indicate how such powers should be exercised having regard to the draft DP bill. Art. 29(5) provides that registration is only open to citizens. What alternative mechanisms for identity will be available to noncitizens? Could such a restriction become a mechanism which denies or restricts lawful access to services by noncitizens? Art. 32 provides for the issuance of a national identity card “in the prescribed manner.” However, no guidance is given specifying what information shall be disclosed on the cards or the technological or other security features of the card which might be applied to protect individual privacy and promote data security. Anne x 2: Dr aft c omme nts on the DP and NRI bi l ls 2 012 29 Art. 35 provides that the state authority may require a registered person to produce his or her national identity card to the satisfaction of the authority in the exercise of its lawful functions. However, no further context or safeguards are prescribed in the primary law guiding the preparation of subordinate instruments, e.g., to ensure that this power is not used inappropriately in a manner which infringes individual privacy rights. Comments on the DP bill The DP bill is confusing, mixes concepts, lacks clear objectives and key definitions, and otherwise leaves many loopholes. Application to public and private actors. It is unclear whether the bill is covering information held both by private and public actors, or only public actors. Three things point at the possible inclusion of both: (i) the Memorandum’s reference to the need of promotion of e-transactions; (ii) the definition of “agency” both as a public and private body, paired with the extensive use of the term “agency” in the bill; and (iii) the definition of data controller, which does not refer exclusively to a public body. The DP Bill is lacking many key concepts regarding the protection of data held by private bodies (e.g., provisions on cross-border data transfers, data breaches, or a defined framework for information security). It is also lacking some concepts regarding private bodies that are at the forefront of the data protection agenda, e.g., under proposed EU Regulation on General Data Protection (2015) and the US White House Consumer Privacy Bill of Rights (2015), including on privacy by design or codes of conducts. In addition, the body of the DP Bill reads as if it would have been written with just public bodies in mind. Some of the derogations to the obligations of an “agency” that collects the data (read as data subject rights) are very broad. For example, the Bill provides that the “agency” that collects personal information does not have an obligation to inform an individual of that collection if “that compliance would prejudice the purposes of the collection.” What would already be a broad exception for public actors, could be an open door to private actors to collect data under any legal purposes they may see fit. Without any further contextualization, it’s foreseeable that may open the door to include practices such as open profiling or data mining. Such practices are targeted for regulation in the above mentioned initiatives by the EU and the US. If the DP Bill is not intended to cover both public and private actors, this is really a missed opportunity. It poses serious questions as to how this bill is going to accomplish its goal of promoting e-transactions. Protection for data subjects. Some of the rights of the data subject are mentioned, but otherwise not spelled out in sufficient detail in the bill. For instance, it is unclear how (and following which procedures) the data subject is supposed to gain access to its personal data or provide valid consent. Is the idea that there will be a further regulation defining this? Data portability. This right, which has now been clearly defined in the new proposed EU Regional (Article 18 on the right to data portability), ensures that the data subject can obtain from the controller, for data being processed by electronic means, a copy of his/her personal data in a format commonly used that would allow for further use by the data subject. This right would seem consistent with Open Data principles and consideration should be given to explicitly covering this in the DP Bill. Consistent application of “best practice” concepts. The DP Bill seems to pick up some concepts from OECD/EU/US/APEC rules, but not necessarily marry them in a cohesive manner. For example, it provides a definition for the concepts of “controller,” “processor” and “data subject.” However, they are rarely used in the text of the bill and instead the term “agency” is used throughout the bill to refer to any “body” dealing in some way or the other with the data. At the same time, there is no clarity as to whether “agency” refers to any employee within the agency, a data controller, or a data processor. 30 ID4 D C o u nt ry D i ag no s t ic : Kenya In addition, there is no mention of cross-border data transfers, information security (only mentioned superficially, without really giving much of a framework), data breaches, privacy by design or codes of conduct. All of these concepts should be considered in connection with this bill. Consistent use of terminology. The DP Bill would benefit from clear definitions and consistent use of terminology. Some examples: (a) Use of “personal information,” vs. “information,” vs. “data.” The DP Bill seems to use somewhat interchangeably all the terms above. The same goes for the seemingly interchangeable use of “right to secrecy,” vs. “privacy,” vs. “data protection.” (b) Use of the term “person” to define the data controller. The DP Bill should clarify if a data controller can be both a natural and a legal person, like the international standards indicate, or whether it is only a natural person. (c) Definition of “consent.” This term has probably been the subject of dissertations both in the EU and the US, however, this key concept is not defined or elaborated on in the bill, only mentioned under the guiding principles for data protection. This can leave the door open to a lot of interpretation (for instance, the big international debate on opt in v. opt out). For example the proposed EU Regulation provides in part that consent “[. . .] should be given unambiguously by any appropriate method enabling a freely-given, specific and informed indication of the data subject’s wishes, either by a written, including electronic, oral statement or, if required by specific circumstances, by any other clear affirmative action by the data subject signifying his or her agreement to personal data relating to him or her being processed.” (d) Definition of “processing.” (i)There are inconsistencies, since “processing” is defined to cover only data processed through automated means (art. 2), while already art. 3.1.c mentions manual processing. (ii) The definition is very narrow and seems to only cover two instances for extracting information and the use of a data controller of services provided by the processor. International standards give a much broader definition. For instance, the proposed EU regulation defines “processing” as “any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination (. . .) restriction, erasure or destruction.” (e) In general, it may be easier to do more simple definitions, e.g., for personal information refer to “any information” and then carve out exceptions. Language inconsistencies. The DP Bill needs to fix some language inconsistencies. Two examples are below: (a) Some of the guiding principles seem to have been formulated in the opposite sense of what they presumably were intended to achieve and would need to be reformulated. For example, art. 4.1.e reads “The principles and objects for data protection include: [. . .] information is distributed in a way incompatible with the purpose for which it was collected.” (b) The use of the term Commissioner should be revised. It seems at different points that the bill is may be mixing up the terms Commission and Commissioner. Anne x 2: Dr aft c omme nts on the DP and NRI bi l ls 2 012 31 Annex 3: List of people met No. Name Position Institution Email Telephone 1 Zachary Director General Kenya National Bureau zwangi@knbs.or.ke +254 0722262143 Mwangi of Statistics 2 Markus ICT specialist International mkimani@ifc.org +254 702919176 Njehiah Finance Corporation Kimani 3 Ric Goodman Team Leader National Drought ric.goodman@hsnp +254 706855678 Management Authority .or.ke 4 Liz Drake Senior Advisor and Department for l-drake@dfid.gov.uk +254 0706111109 Section Head International Development 5 Anne K Mugo Pensions Secretary The National Treasury amugo@treasury +254 2252437 MBS and Director of .go.ke Pensions 6 Ms. Joyce Director Department of Civil mrsjmugo@gmail Mugo Registration .com 7 Ruben Director National Registration — +254 4920000 Kimotho Bureau for National ID 8 Mr. Ezra CEO Independent Electoral andrew.limo@gmail +254 722819655 Chiloba and Boundaries .com Commission 9 Cheryl Coordinator World Food Program, cheryl.harrison@wfp +254 207622766 Harrison UN .org 10 Emily Program Officer National Social kimsop2005@yahoo +254 720539856 Kimosop Protection Secretariat .com 11 Ms. Joan Senior Manager Safari.com agitonga@Safaricom +254 721695020 Aluoch Owino .co.ke 12 George Director Integrated Population ganyongo@mirp +254 0202222022 Anyango Registry System .go.ke 13 Gordon O Director Directorate of gordonkihalangwa +254 721294925 Kihalangwa Immigration and @yahoo.co.uk Registration of Persons 14 David Soti Head Division of Health dosoti2002@yahoo +254 724830143 Informatics, Ministry of .com Health 15 Roselynn Communication Council of Governors Roselynn.omolloh +254 725815206 Omolloh Officer @ymail.com 16 Shem O Deputy Director of The National Treasury snyakutu@treasury +254 202252299 Nyakutu Pensions .go.ke 32 ID4 D C o u nt ry D i ag no s t ic : Kenya No. Name Position Institution Email Telephone 17 Winnie Fiona National Ministry of Labor mwasiajiwf@yahoo +254 722829900 Mwasiaji Coordinator .com 18 Mr. Joseph Senior Manager Safari.com jwanjohi@safari +254 722540682 Wanjohi .co.ke 19 Ric Goodman Team Leader Hunger Safety Net ric.goodman@hsnp +254 706855678 Program .or.ke 20 Dr. Gandham Program Leader Kenya, Rwanda and gramana@worldbank +254 733332464 N.V. Ramana Eritrea Country Dept. .org Anne x 3: L ist of p eop l e m e t 33 worldbank.org/id4d