Tags

, , ,

[This is a Guest Post by Anand Venkatanarayanan. Anand served as one of the Expert Witnesses for the Petitioners in the constitutional challenge to NIIMS/Huduma Namba, the Kenyan national biometric identification project, before the High Court of Kenya.]


This post analyses the Huduma Namba judgement of the Kenyan High Court, which was delivered on January 30, 2020 on the weighing stone of “public participation” (a guaranteed right under the Kenyan Constitution). It must be read along with the legal analysis for better context. 

Transparency Principle

It is now a well settled proposition that when it comes into deprivation of rights, people cannot be harmed based on a secret law whose contents and workings are unknown and unknowable to the affected party. Now, what if the State builds a technical system, whose workings are classified as a secret, based on which a determination is made about whether residents are eligible for welfare benefits? And what if the State then passes a law that governs the technical system and invites public consultation on the law, but not on the technical system itself

Arguments of the Parties

In the Huduma Namba case, the 2nd Petitioner, Kenya Human Rights commission, raised the issue of lack of public participation, as a ground for declaring the amendments unlawful (Paragraph 152). Note that – as indicated above – the Kenyan Constitution explicitly requires public participation as a precondition for passing legislation

a) A declaration that the amendments to the Registration of Persons Act, Cap 107 Laws of Kenya, vide the Statute Law Miscellaneous (Amendment) Act No. 18 of 2018 are unconstitutional null and void.

b) A declaration that the amendments to the Registration of Persons Act, Cap 107 Laws of Kenya, by the Statute Law Miscellaneous (Amendment) Act No. 18 of 2018 were enacted unprocedurally and without public participation contrary to Articles 10(2)(a) and 118(1)(b) of the Constitution.

The witness for the 2nd Petitioner, Mr. George Kegoro, brought out the issue of lack of information on the technical details of the system, in his testimony (Paragraph 195, Special emphasis included):

The second failing identified in the impugned law by the 2nd Petitioner was what was perceived as the opaqueness that surrounds the actual software that has been deployed for NIIMS. Mr. Kegoro averred that the nature, capabilities, ownership details and other critical features of the system were known only to the State, with no information with regard thereto known by the public. He discounted the 5th Respondent’s assertions that it designed and developed NIIMS with the combined effort of an inter-ministerial taskforce specifically formed for this purpose as a bare statement. In his view, there is no way of verifying that NIIMS meets minimum integrity, transparency and accountability standards as would guarantee privacy of personal information stored therein from unintended third parties or from abuse from within.

Another witness for the 2nd Petitioner, Ms. Munya, brought out an essential facet on the design being public, by advocating for Open Source design (Paragraph 236)

In supporting the position taken by the Petitioners that Kenya should have used ‘open source’ in the design of NIIMS, Ms. Munyua deposed that her company embraces ‘open source’. She stated that the term referred to “something people can modify and share because its design is publicly accessible.” She further averred that “the open source way” and “open source projects, products, or initiatives embrace and celebrate principles of open exchange, collaborative participation, rapid prototyping, transparency, meritocracy, and community-oriented development.

The argument, therefore, was that when a legislation encodes into law the a technological system, “public participation” on the terms of the law without public participation with respect to the design of the system, is meaningless.

On the other hand, the 2nd and 3rd Respondents, on the issue of public participation with respect to the design of the system, made the following averments (Paragraph 357, SIC):

When questioned on the public participation on NIIMS, Dr. Kibicho testified that he and various government officials and the national government administration infrastructure had sensitized the members of the public and carried out civic education on the benefits of NIIMS. He denied that they stated or threatened that the registration for Huduma Namba was compulsory. 

The witness for the 5th Respondent, Mr. Ochieng, made the following averments in reply (Paragraph 418):

On the preparations and development of NIIMS, Mr. Ochieng stated that the discussions on NIIMS started in January 2018, and he referred to a copy of his letter dated 10th May 2018 inviting the technical committee on NIIMS to a meeting. He, however, clarified that the technical development of NIIMS commenced in February 2019 even though the preparations had started much earlier. He testified that the software for NIIMS was developed by Kenyans, and stated that tests had been dome on algorithms to ensure they work, and on the system to verify its security and integrity, and ensure that there is no deduplication of data. He also explained that the data collected from NIIMS was currently not being utilized, in compliance with the orders of this Court, but that they had developed and tested the algorithms needed to utilize the data.

Another witness for the 5th respondent, Mr. Omwenga, made the following observations regarding using Open source software (Paragraph 442):

Secondly, open source software rides on the presumed goodwill of the coding community which assumption is flawed since open source software attracts all and sundry, including persons with malicious intent. A third reason is that closed source software fosters accountability unlike open source software which does not inspire accountability for the simple reason that the general public is a non-entity. Lastly, whereas the innovation cost of the open source software is borne by the general coding community, the costs attributable to additional services, assistance or added functionality are non-transferable and open source software is therefore not entirely free 

The government witness further reiterated that he was not aware of the design and the architecture of the system (Paragraphs 431, 449, 452, 455):

Mr. Omwenga contended that the said population registers may either be centralized, decentralized or a combination of both, and could also be manual or electronic. He noted that the United Nations Principles and Recommendations for a Vital Statistics System provides that a population register need not take a specific form and states have unfettered discretion regarding the choice of the form, and the content of their respective population registers. It was his deposition that the rationale for this unfettered discretion is logically informed by the need to allow states to customize their respective population registers to suit their unique circumstances, which discretion enjoys adequate expression in international law. He cited Article 86 of the European Union General Data Protection Regulation 2016/679 (GDPR) which gives Member States the discretion to determine the specific conditions for the processing of a national identification number or any other identifier of general application.

Dr. Omwenga stated that he had enrolled for the Huduma Namba using his identity card in order to be able to get government services. He, however, could not tell if he could have registered for it if he did not have his identity card. He conceded that though he had testified as a government expert, he had not tendered any evidence on the design and architecture of NIIMS. He maintained, however, that the more information NIIMS had the more accurate it would be, and DNA could be included as a means of identification. 

It was Mr. Omwenga’s evidence that the consolidated Petitions raise legitimate concerns on security of the system, accuracy of NIIMS and misuse of data. He could not, however, confidently explain what NIIMS was since he was only involved in giving advice at the initial stage. His evidence was that it was the client, the Ministry of ICT, that was involved with designing NIIMS

With regard to the issue of encryption of data, his evidence was that he did not know the encryption standard the government employed for the data collected in NIIMS. He further stated that if the government were to predefine its encryption standard for data it collects in NIIMS, it would address the Petitioners’ concerns. 

Another witness for the 5th respondent, Mr. Muriithi, in his witness statement, viewed Open source as dangerous and preferred the closed source approach (Paragraph 478, 482):

Specifically, the costly programme that perform non-sensitive tasks were derived from open source software, which explains why NIIMS data capture kits were programmed to run on android operating system. On the other hand, programmes that perform critical and highly sensitive tasks such as encryption and deduplication were derived from closed source software in respect of which the government of Kenya restricts the sharing, viewership and modification of the underlying source codes to essential personnel only. He expressed the view that it would therefore amount to veritable irresponsibility on the part of the Kenyan government to disclose, to the general public, the very codes that found the programme meant to guarantee the safety of personal data of its citizens and foreign nationals resident in Kenya.

He further testified that the technical safeguards are only known to the developers of the system, and that the safeguards they put in place for children was that their biometric data would only be captured from the age of six years. According to Mr. Muriithi, there are two levels of architecture of NIIMS. The first, which he termed the high level architecture, can be disclosed. However, that the second, which is the low level detailed architecture of the system, cannot be provided for security reasons. 

The Court’s framing of the Issues involved

With the summary of the averments as described above, the Court framed the issue of Public participation as described below (Paragraphs 566, 570):

The Petitioners contend that the enactment of the impugned amendments did not comply with the constitutional requirement for public participation. The 1st Petitioner submits that apart from a call to the public to give views on the Statute Law (Miscellaneous Amendments) Bill 2018, no information was made available to the public as to what NIIMS was, what it would entail, its potential vulnerabilities, and how it would affect the lives of Kenyans and foreign nationals resident in Kenya. It submits that the right to public participation is intertwined with the right to information since, for adequate participation to take place, those participating must have the salient information necessary to intelligibly form and articulate their opinion on what is proposed. The 1st Petitioner cites the decision in the case of Katiba Institute vs President’s Delivery Unit & 3 others [2017] eKLR as stating that successful and effective public participation in governance largely depends on the citizen’s ability to access information held by public authorities, and the right to access information becomes a foundational human right upon which other rights must flow. 

The 1st Petitioner’s submission on the issue of public participation is linked to the claim that there was insufficient information on NIIMS. The 1st Petitioner submits that given the significant implication of NIIMS, the national government had a duty to disclose the information in order to allow the public to understand what was being proposed, how it would affect their lives and to make an informed decision whether the proposal was reasonable or not. 

It noted that the existing Kenyan jurisprudence on threshold of public participation requires citizens to have the necessary information (Paragraph 623):

Ensuring that ordinary citizens the “hoi polloi,” the “lala hoi” have the necessary information and are given opportunity to exercise their say not merely in election and appointment to political office but also economic participation, and conduct of their affairs.

 

And after a detailed analysis of various judgements, the Court concluded that there was indeed sufficient public participation under the given circumstances, without returning a finding if there was technical information available about the project as the petitioners had raised (Paragraph 636):

We also recognize that there were efforts made by the National Assembly in facilitating public participation when using the omnibus Bill mechanism in the Statute Law (Miscellaneous Amendments) Bill 2018. Unlike in the case of 2013 Law Society Case where the object of the Bill was clearly indicated as intended to effect minor amendments, in the instant case there was clear indication that the legislature intended to carry amendments on the targeted Acts without the use of the term ‘minor”. It is also clear that from the advertisement of 7th May 2018 that each Act targeted for amendment was linked to the relevant committee. Therefore, in effect, only a part of the amendments and not all of them were subject to stakeholder engagement in the Committees. Coupled with the fact that there was sufficient time availed to the public to give their views on the amendments, we find that there was sufficient public participations in the circumstances of these Petitions.

Why this is Problematic

Recall that the Petitioner’s case was that there was no effective public participation is not just about the law, but also about the technical information available about the NIIMS system. Even witnesses for the government testified in the court that 

  1. Only developers of the system know about the technical safeguards, and that they – i.e., the goverment witnesses – are themselves not aware of it. 
  2. The general public is a non-entity when it comes to open source.
  3. The state has unfettered discretion in designing the system. 
  4. Encryption and deduplication algorithms must not be disclosed. 

This actually proved the petitioners’ contentions. 

The Court, however, did not engage with the issue that was raised and instead focussed only on the legal and procedural aspects. Now, while a court might think that it does not have the competence to deal with technical architecture (this is problematic but we will deal with it later in subsequent posts), it definitely has the competence and the facts before it to determine if non-disclosure of technical information about a project that affects every resident Kenyan’s life can be construed as a “lack of public participation”. Indeed, a more nuanced understanding of “public participation” in this context would also be consistent with the principle of “technological self-determination” – discussed before on this blog – that requires individuals to have meaningful choice when it comes to engagement or participation in overarching technological systems.

Encryption standards in particular have been open for as long as 40 years and algorithms are open source for anyone to have a look and conduct security research. Modern browsers (Firefox, Chromium) are open source. Compared to NIIMS, they have much more access to individuals’ private data. Hence, the bar is already much higher, even for private corporations that are not backed by state power on information disclosure. 

That the Court chose not to decide this aspect, one way or another, is disappointing because there is no NIIMS (i.e., the biometric identification project) without the underlying technology layer. This is a general fact about all technological systems, and especially those that impact civil rights: the choice of design bears a direct correlation with the impact the system has on people’s rights. Thus, it is really not possible to separate the project’s technical aspects from its legal aspects, no matter how hard anyone tries; indeed, the legal form encodes the technological design, in a manner of speaking. 

Hence restricting the definition of public participation to only legal aspects but not the technical aspects is a blinkered view that requires reconsideration.