By Ciaran Ryan
The government’s draft official Identity Management Policy was released on 22 December, just before Christmas.
Publishing something just before Christmas is a tried and trusted tactic in the news business if you want to bury a potentially acrid story.
The Department of Home Affairs wants a new randomised ID that allows for sex alterations, links you to your parents, captures your biometric information at birth and then later in life, and all this in the interests of serving you better as a governing body.
Is it just me, or is this a tyrant’s wet dream
Reading the sales pitch for this policy document, you might think “fine, okay, I don’t really see how this will help me, but I’ll go with it.”
The document is freighted with roseate buzz words like “international best practice”, “respect for privacy” and “interoperability”.
Let’s pause right there. What is meant by “interoperability”? Essentially, gathering every bit of information possible on everyone in the country and sharing this “between identity subsystems” and other domestic and international jurisdictions.
SA’s ID system is not currently integrated and interoperable with those of other African countries and the EU, and that’s about to be rectified. Even the most venal of sins committed in SA will be shared with other jurisdictions. It’s already happened in the tax sphere, where jurisdictions share information through what is called Common Reporting Standards. In other words, South African expatriates under new rules to be introduced in March 2021 can be hunted down anywhere in the world for taxes owing.
The sharing of data between “jurisdictions” is about to get a lot more fluid. One of the justifications for this is combatting organised crime. The new draft proposal wants to capture facial and other biometrics, like fingerprints – which should make capturing criminals a doddle, right? How’s that worked out so far?
This begins to take on the vague outlines of China’s Social Credit System, where eating or playing loud music on public transit systems earn you demerit points on your social credit score, as do traffic violations, failure to sort your waste, cheating in exams, jaywalking, and cheating in online video games. Making blood donations and volunteering work hours can earn you back points. The list of potential ways to earn demerit points is too long to list here, but you can take a look yourself. It’s pretty frightening. Snitching on religious minorities is encouraged, and there’s an app to track “deadbeat debtors” – those who owe money.
Viewed through this prism, your conduct in life determines the extent to which you are declared a person or a non-person. Consider that as of June 2019, nearly 27 million Chinese citizens were denied high-speed rail tickets based on their social credit score, and by July 2019 2.56 million were denied flight tickets.
Is this what’s in store for us?
There’s been little discussion around this draft ID system – which is in itself a worry. Any proposed change in the law must be subject to rigorous cross-examination from the viewpoint of socio-economic impacts.
Anyone watching the farce of the US election – and the ability of people with no ID to vote and potentially skew an election – may be wondering what’s wrong with our system of national IDs. Americans have resisted the idea of a national ID for decades on the basis this is an infringement of privacy and Constitutional rights, though they have something approximating this in the form of a Social Security Number. Then, of course, they have state drivers’ licences. There are multiple ways to track US citizens, with or without a national ID.
It seems our elections are far more trustworthy, if only because you have to have a national ID and then register to vote.
South Africans long ago accepted the national ID as a fact of life. ID numbers were introduced under the 1950 Population Registration Act as a way of keeping tabs on different racial groups. What was an apartheid contrivance has served the ANC well, which introduced the Identification Act in 1997. The original aim of racial profiling is still very much alive today, but this new ID system will expand it well beyond that.
What’s wrong with the current system?
So, what’s wrong with the current ID system that it needs a complete overhaul?
And what kind of an overhaul is contemplated by the Department of Home Affairs (DHA), the government entity responsible for ID management?
To find this out, we go to “Problem Analysis” in the draft policy document. The Identification Act is now more than 20 years old, needs modernising, will help deliver e-government and e-commerce services to those in need, and all the other motivations that typically accompanies a proposal such as this.
The Identification Act of 1997 was enacted for the purposes of maintaining a population register and to enable government to issue ID cards. Section 7 of the Act obligates the Director-General to issue ID numbers in a way that details date of birth, gender and whether a citizen of resident.
The current ID system and how it works
Here’s how it works. The existing national ID comprises a 13-digit code as follows: YYMMDDSSSSCAZ.
The first six digits represent the date of birth, and the next four digits (SSSS) are based on gender. The next digit “C” shows if you are a South African citizen – 0 being a citizen, 1 being a permanent resident.
The last digit (Z) is what is called a “checksum” which is a statistical check that the number sequence is correct.
Here’s how it will change under the proposed new system
ID numbers will be based on parents: the ID number of a child must be processed on the basis of biographic information and linked to their parents’ ID numbers and mother’s biometric data.
Recognition of other sex/gender categories – The new legislation and population register must make a provision that enables the establishment of a category that is neither male nor female.
Random unique identity number – Another option is to issue a random unique identity number that is not linked to or founded on a person’s sex/gender, date of birth, place of birth or any other marker.
Records of persons throughout their lifespan – Every birth that takes place in the country must be registered. If possible, the biometrics of children must be captured at birth. Where impossible, the biometrics of a parent must be linked to the birth certificate of a child.
Re-registration – Children must be reregistered when they reach age five with 10 fingerprints and iris and facial photographs. A combination of different biometric data for children should be considered with options such as the photograph of the ear.
The capturing and management of this data will fall under the National Identity System, or NIS, which will link with both government and non-government databases, such as banks and retailers. On the government side, health and education data will round off a near full picture of the citizen.
It’s not hard to see how the Chinese credit scoring system is but a hop, skip and a jump away for South Africans. Also linked to the NIS data are the issue of passports, immigration and refugee data. As some have remarked, it’s almost as if the Chinese government wrote the policy document for us.
The government plans to hoover up every bit of data it can on you and your children yet to be born. What’s also clear from the document is that government plans to monetise (sell) this data. This should concern us on several front: state security agencies have been implicated in extrajudicial surveillance against SA citizens, while law enforcement bodies appear to have an extremely wide interpretation of their powers under the Criminal Procedure Act to gather up cell phone subscriber records (having obtained 70,000 such records, according to Right to Know).
Where does privacy fit into this?
Section 14 of the Constitutes guarantees the right to privacy, which includes the right not to have your person or home searched; your property searched; possessions seized; or privacy of communications infringed.
Though the draft ID document makes multiple mentions of privacy, most of these relate to data privacy – but even that must be regarded with suspicion, as we have seen a number of devastating breaches of data security (and privacy) at the hands of companies like Experian. There may be severe penalties for mishandling of private data under the Protection of Personal Information (POPI) Act, but that’s no guarantee of anything placed in the custody of a new, and massive, government bureaucracy.
All this is being sold to us as a way to afford rights to non-traditional gender groups, and to accelerate transformation and government services to those in need. It ticks all the right boxes. But we had better know what we are signing on to.
Have your say
Have your say on this police document here.