A recently launched National Identity Management Commission (NIMC’s) self-service application where enrollees for the National Identification Number (NIN) are given the express liberty to modify their data, including date of birth and name(s), has raised questions within the IT and digital economy sector as to its dangers to data privacy and national security.
Many of the app’s antagonists believe that the self-service application on the surface would appear a welcome development, if it were for any other commercial service. However, they said, given the intricacy of citizens’ data held in the NIMC database, and the need for data security as well as the undeniable requirements to ensure that enrollees or citizens do not engage in rampant and authorised modifications of such data, the NIMC self-service application may do more harm than good to national security and data privacy.
According to an IT expert, Engr Tokuboh Liasu, Implementing a self-service application for identity record modifications by NIMC poses several challenges related to data privacy, data integrity, and even national security.
Liasu, a Lagos based data analyst, said some of the major problems that may arise from the NIMC include unauthorised access because to him, If not properly secured, self-service applications can become targets for unauthorised access, leading to potential exposure of personal information.
Ramadan: Dangote distributes 25,000 bags of rice in Bauchi
Husband sues wife for attempting to cut off his private parts
He added that insufficient authentication controls and weak authentication mechanisms, which are also potential dangers of the app, can allow unauthorised users to modify or access sensitive personal data, violating privacy regulations.
It can also lead to data leakage, he said, explaining that inadequate control over data sharing and display functionalities may inadvertently expose personal information to unauthorised parties.
Another experts, Mrs Ngozi Nuomah said with the new app compliance with data protection regulations with not be easy.
“Ensuring the application complies with various national and international data protection laws (e.g., NDPR, GDPR, CCPA) can be complex, especially when handling cross-border data transfers.”, Noumah said.
She also said it might cause unintended data modification because users may accidentally alter or delete critical information, leading to data integrity issues.
Also speaking on the issue, Lookman Ajisabi said the app could result into lack of audit trails because without comprehensive logging and auditing capabilities, “it becomes difficult to trace who made what changes, complicating data integrity verification and accountability”.
“Data Synchronisation Challenges – Ensuring consistent data across all systems in real-time can be challenging, especially in distributed environments, potentially leading to data discrepancies.”
Ajisabi said it also throw up problem of risk of data manipulation. “Malicious actors could exploit vulnerabilities to alter data for fraudulent purposes, impacting the integrity of the information”, he said.
Many of those condemning the app also said it could cause identity theft and fraud . They said the application could be exploited for identity theft, creating fake identities or taking over existing ones, which can be used for criminal activities, including threats to national security.
Closely related to that is exploitation by foreign entities. They said vulnerabilities in the application could be exploited by foreign adversaries to gather intelligence or conduct influence operations.
Also it said that access to sensitive systems can pose a danger to the country’s data base. “If identity modification allows changes to roles or access levels, unauthorised users might gain access to sensitive or classified systems, posing a threat to national security”, Engr Timothy Fajembi, a cyber security expert said.
Fajembi said the ease of modifying identity attributes might embolden insiders to engage in espionage or sabotage by temporarily assuming different identities or roles.
But Fajembi said addressing these problems or mitigating the risks associated with a self-service identity modification application requires a comprehensive approach, including:
Implementing robust authentication and authorisation mechanisms, including multi-factor authentication (MFA).
Also, he said, ensuring compliance with data protection regulations through regular audits and assessments might be a possible solution.
“Developing stringent access controls and monitoring systems to prevent unauthorised access and modifications. Creating detailed audit logs to track all user actions for accountability and traceability. Employing data encryption both at rest and in transit to protect sensitive information. Regularly updating and patching the application to address security vulnerabilities and Conducting user education and awareness programs to minimise accidental data modifications are some of the ways NIMC can solve the app’s possible problem”, Fajembi said.
By carefully considering these challenges and implementing robust security measures, NIMC can mitigate the risks associated with their self-service identity modification application, ensuring the protection of data privacy, data integrity, and national security, Noumah said.
But speaking with our reporter on the issue, NIMC’s spokesman Mr Kayode Adegoke said contrary to misconceptions, the self-service offering is not a carte blanche for unrestricted data modifications. Instead, Adegoke said NIMC had implemented stringent security measures to safeguard the integrity of the national identity database while ensuring user authentication and data accuracy.
“One of the key features of the self-service platform is its robust authentication process. Enrollees are required to create authenticated accounts and undergo facial biometric verification to validate their NIN. This multi-step authentication protocol ensures that only authorized users with valid NINs can access the modification services, mitigating the risk of unauthorized data alterations”, he said.
Moreover, he added that NIMC has addressed concerns regarding data privacy and security by adhering to Nigerian data privacy regulations and implementing stringent access controls.
He said unauthorized access to the national identity database is virtually impossible due to the comprehensive security measures in place, including continuous monitoring of data entry and exit points.
Another notable aspect of the self-service initiative, he said, is its user-friendly interface, which minimizes the risk of unintended data modifications. Users are guided through the modification process with clear instructions and prompts, reducing the likelihood of accidental alterations to critical information.
Furthermore, he said, NIMC emphasizes that data sharing and display functionalities are non-existent within the self-service platform.
“Modification requests are processed internally, and users receive notifications only after their requests have been approved and executed. This ensures that personal information remains confidential and protected from unauthorized access”, he said.
In conclusion, he said NIMC’s self-service initiative represents a significant step forward in the management of national identity data, providing citizens with greater control over their personal information while maintaining the integrity and security of the national identity database.