A cybersecurity specialist from India has claimed that the Sh6 billion Huduma Namba system acquired by Kenya is archaic and will fail.
Anand Venkatanarayanan who has 21 years’ experience in the field was testifying in the case where Nubians have challenged the implementation of NIIMS.
Anand told a three-judge bench that the system has so many loopholes that can facilitate duplication, hence, the data is not secure.
“NIIMS thus is an archaic design compared to modern-day systems architecture and can be rightly thought of as a horse-bungee drawn by a lame horse on a digital highway. That it would fail and fall behind is a foregone conclusion,” he said.
He further argued that data leaks by centralisation and that this is not a perception but an outcome that can neither be avoided nor mitigated.
He said that in computer security, nothing is truly secure and there are only costs of benefits of hoarding data.
“Centralised databases such as Aadhaar and NIIMs, however, hoard so much data that the cost of benefit ration tilts definitely in favour of the attackers,” he added.
Anand claims that every study done in India of the Aadhaar Project which is very similar to NIIMS indicated that the costs are too high compared to the benefits it offered.
He claimed that the NIIMS project is functionally, architecturally and technologically very similar to Aadhaar project and suffers from the same flaws.
“While the Kenyan government may promise that it will not repeat the same mistakes as Aadhaar project, it has not provided evidence of technological capabilities to honour the promise,” Anand said.
He said his assessment was based on the government’s gross misreading of how NIIMS is not very different from Aadhaar
Justices Pauline Nyamweya, Mumbi Ngugi and Weldon Korir also heard that the Biometrics authentication is defined as a comparison between the biometric parameters IRIS or fingerprint versus what was stored during enrollment, it would be hence right to call is as a biometric comparison across time.
According to Anand, a central database will inevitably leak and compromise the personal data of the residents.
“For instance, the number of times the Aadhaar database has leaked is beyond counting as even simple google searches reveal,” the court heard.
While harmonising the various databases that contain resident’s data is a laudable goal, the Kenyan government has not done a detailed cost-benefit analysis of such an approach and other alternatives.
Earlier in the day another witness Grace Bomu an expert in Digital data said there was no law to protect children’s digital data rights.
Bomu said that the way NIIMS is currently designed will not protect the information of the children.
Anand who was stood down yesterday will take the stand again this morning to continue with his testimony.
In the case, the three-judge bench had ruled that Kenyans should not be compelled or threatened to give their personal information to the state.
The court also barred the state from sharing or disseminating the information collected with any organisations whether international or otherwise.
The Kenya National Commission on Human Rights, Kenya Human Rights Commission and Nubian Rights Forum had moved to court seeking the suspension of the collection of data from Kenyans under NIIMS.
The lobby groups argued the process interfered with an individual’s right to privacy.
