Trust, and how to preserve it, was a recurring theme of a discussion on enabling frameworks for inclusive identity systems at ID4Africa 2019 in Johannesburg, South Africa. Representatives of the World Bank, civil society groups NAMATI and Haki na Sheria, consultancy LAWtrust, and Namibia’s Office of the Prime Minister delivered presentations on the kind of environment necessary to ensure the accessibility, effectiveness, and security of national ID systems during the informational session on day two of the annual event.
Melanie Tjejenda, who is director of quality assurance for standards, skills development and coordination, as well as project manager for eGovernance for the Department of Public Service IT Management in Namibia’s government, presented the architecture of the country’s sophisticated digital identity ecosystem, and how the government plans to use it to provide services more effectively to more people by digitizing its legacy systems.
Namibia’s ID system is in some ways already an African success story, particularly from a technical perspective. A central registry feeds many different systems through an interoperable digital ID platform, which includes biometric data, all gated by a security server to apply the rules appropriate to the use case. The National Population Registry System (NPRS) includes an automated fingerprint verification service, which allows the eNPRS and eID to be used for identity authentication and information sharing.
“Our national population registry system is built in-house. It looks after civil relations, looks after ID, and we have the various separate systems integrated,” Tjejenda explains. “Our interoperability framework and security allow us to let us exchange data, but only through the security server. We got the model from Estonia.”
The legal framework that underpins this system, however, is still catching up. As the other presentations in the session made clear, a well-engineered system run by technical experts can have many potential points of failure. Tjejenda acknowledges that cybersecurity concerns like insider threats are an area Namibia’s identity authorities can work on, and the rush to gain the benefits of digital government have left several areas where further attention is needed to fully leverage the system’s capabilities.
“We were so concerned about getting the systems in place, the IT infrastructure, and only later realized that the larger percentage which has to do with processes, the people aspect, the legislation, was held back. Now we are not able to move as fast as we would have anticipated, because these are blocking us from actually getting as much interaction or interoperability between the systems as we would like to effectively exchange data. We use memorandums of understanding just on a temporary basis for verification and to authenticate an exchange,” Tjejenda explains. “We have now seen our political leaders realize that they need to push for the electronic transactions bill that is currently on its way to being enacted. There’s a payment gateway as well, which has not been considered, and certificates, and all those things. The systems are available, but we cannot use utilize them.”
This frustrating situation should change by the end of the year, when the bill will allow the government to make use of several systems which are essentially sitting dormant in the meantime. The theme of political will was a recurring theme at ID4Africa, and Tjejenda says the Namibia’s Harambee Prosperity Plan aims to bring services from half of all government ministries online by 2020, which is motivating legislative action. The government’s e-government strategic action plan expired in December, however, and new mandates are needed with an election on the horizon.
“All of these things are causing us to sit back a little bit, and deal with the nitty-gritty,” says Tjejenda. “Of course you want to make a bigger impact, and unfortunately you don’t have the backing from which to make the leapfrog you want to.”
As for trust, Tjejenda also anticipates a new Namibian data privacy law will soon be passed. In the meantime, the MOUs allow her department to provide identity data to the ICT Department, which in turn provides identity services to private sector actors like telecoms. Because cybersecurity transcends public service, Tjejenda argues that a collaborative effort that takes in all stakeholders is necessary, even while the remaining aspects of the legal and privacy framework are being worked out.
“We have recently signed a policy for PPPs on various aspects that also include IT; cybersecurity, identity management, because the government is – in quotes – responsible for, or the custodian of identity management for citizens. The private sector, the telcos, the banks, want to get that verification of identity. Currently we are making strides with some banks to exchange data with them.”
The Harambee Prosperity Plan, by enabling the private sector to leverage government data, motivates the private sector to engage with the government to make the system work. Private sector motivation and a robust technical framework should ensure the final implementation of one of Africa’s most ambitious digital identity schemes will happen sooner rather than later. All that remains is for the country’s democratic institutions to complete the legal side of the framework. As they become more aware of the importance of this aspect, Namibians will expect them to do so, so they can more easily interact with different government departments, and the country can achieve the full benefits of digital government.