The Mexican government wants biometric information for all citizens. Given the fragility of its institutions and the penetration of organized crime into the government and law enforcement agencies, this is a major cause for concern.

Mexico has serious problems with identity theft. Last year, the country’s crime rate ranked eighth in the world. according to Data from Banco de Mexico, the country’s central bank. Since then, the scale of the problem has been expanding as a lot of work, leisure, and consumption have moved online.

A sort of Network security research A survey conducted by Citrix found that since the pandemic began, 60% of the Mexican companies it consulted have suffered some form of cyber attack, including identity theft and ransomware. Mexico is also one of the most frequently attacked countries by Trickbot. Trickbot is a Trojan horse whose main function is to steal bank details and other credentials. according to A recent report in the newspaper millennium.

In this context, the Mexican government of Lopez Obrador is seeking to pass a draft law to create a “Unique Digital ID Card” or CUID. If the law is passed, all Mexican citizens and foreigners living on Mexican land must use digital identities. All information, including biometric data of each user, will be stored in a central database. The proposed law was passed in the Mexican House of Commons in December 2020 and is currently awaiting approval by the Senate.

World Bank funding

Biometric ID card project is Funded by the World Bank, An organization that promotes the adoption of digital IDs worldwide, especially in the global South. The bank is promoting digital IDs in poorer countries, and its ostensible goal is to provide legal identities to 1.1 billion people, mainly in Asia and Africa, who currently have no identities.

But the plan is deeply controversial. After the recent U.S. Allied withdrawal from Afghanistan, it was discovered that many of the World Bank-funded data treasures left have fallen into the hands of the Taliban and can be used to track those who helped the occupying forces. These data include the Afghan National Army and the Afghan National Police for each member Approximately 500,000 records, including biometric identifiers, Report MIT Technology Review:

A person working on the system said that the data was collected “from the day they were enlisted” and will remain in the system forever, regardless of whether anyone continues to actively serve. He added that records can be updated, but he is not aware of any deletion or data retention policies-even in emergency situations, such as a Taliban takeover.

The NATO Afghanistan Joint Security Training Command’s presentation on the police recruitment process indicated that 36 data points were collected in just one application form. Our source stated that each profile in APPS contains at least 40 data fields.

This includes obvious personal information, such as name, date, and place of birth, and a unique ID number that associates each personal data with biometric data held by the Ministry of Interior of Afghanistan.

But it also contains detailed information about the individual’s military profession and career trajectory, as well as sensitive relationship data, such as the names of their father, uncle, and grandfather, as well as the names of the two tribal elders who each recruit serves as a guarantor for them. Enlisted. Ranjit Singh, a postdoctoral scholar at Data & Society, a non-profit research organization that studies data infrastructure and public policy, said this has turned the original simple digital catalog into something more dangerous. He called it the “pedigree” of “community connections”, “putting all these people at risk.”

Mexico’s security risks

More than 25 countries and international organizations, including Privacy International, Access Now, and Red en Defensa de los Derechos Digitales (R3D), have called on the Mexican Senate to block the implementation of the CUID program, citing the security risks to civilians and the authoritarian drift of the Mexican government. In April, the AMLO government passed a controversial reform of the Federal Communications Law and created a national mobile phone user register, which is a list of each user’s line number, activation date and time, their full name, and biometric data. Central database. other information.

The government claims that this data is needed to combat organized crime. It said that smartphones are often used in many of the most serious crimes, including kidnapping and extortion.

Approximately 75% of Mexicans own a smartphone, according to A government investigation. Now, the government wants biometric data for everyone. This should cause concern.in a Recent interview Mexican digital rights activist Luis Fernando García, in collaboration with the global non-profit publication Rest of World, “covers the impact of technology beyond the Western bubble,” he said. The proposed The centralized nature of the biometric database system will make it easier for the government to track and control citizens:

When the government created this identity system, every time someone went to a public or private service, they would give the same centralized ID. In the past, officials needed to go to different places to collect all the information they needed. Using CUID, they will have a way to connect to all databases. This gives governments and companies the power to monitor, control, manipulate, and punish people.

In view of the inherent weaknesses of Mexico’s political and legal institutions and the extent that organized crime has penetrated into the government and law enforcement agencies, so that the boundaries between organized crime and public authorities are almost indistinguishable, “a simple way to provide a new surveillance tool… …The ability to track, monitor, and analyze on a large scale is a matter of great concern,” Say Privacy International, a charity in London:

The digital ID system has the potential to become a monitoring tool for tracking sports and activities and linking all activities of a person with a number.Given the continued targeting of communities at risk, this is particularly serious in Mexico, including Journalists, human rights defenders and environmental activists. And if Indian criminals abuse Aadhaar In any case, organized crime may use this system to achieve their own, deadly purposes.In an interview with the Mexican human rights organization CentroProdh lawyer PI Emotionally Monitoring the impact on human rights defenders, lawyers and activists. This surveillance intrusion will not only affect the lives and work of activists, but also affect their families.

Data is not secure

There are also data security issues to consider. In recent years, Mexico’s political and financial institutions have suffered multiple destructions. In 2018, hackers Pull off A bold heist of US$20 million was carried out on the Mexican interbank payment system operated by the Bank of Mexico. As mentioned at the beginning of this article, Mexico ranks eighth in the world for identity theft. The central database of biometric data of each citizen will become the ultimate honeypot for complex cybercriminals.

“The idea of ??a data breach is not a question of whether it exists, but a question of when,” said Professor Sandra Wachter, a data ethics expert at the Oxford Internet Institute. “Welcome to the Internet: everything is hackable.

Privacy International stated that authorities in India, South Korea, and the Philippines have suffered data breaches that have resulted in the theft of biometric ID data for millions of individuals in these countries. When biometric data is leaked, the consequences can be catastrophic. If the biometric data is attacked by hackers, there is no way to make up for the loss. It is not possible to change or cancel your fingerprint, iris or DNA like changing a password or canceling a credit card.United Nations High Commissioner for Human Rights Say Biometric technology “by definition is inseparable from a specific person and that person’s life, and may be severely abused.”

Another problem with biometric systems is that they are far from perfect.As wired Report In 2019, a test conducted by the U.S. government found that even the best-performing facial recognition system had a false recognition rate of 5 to 10 times that of whites.In Mexico, this may be a major problem because 67% of the population Self-categorize their skin color As a medium tone and 20% as a dark tone.

ID4D

The World Bank’s Identification for Development (ID4D) program was launched in 2014, with “catalytic contributions” provided by the Bill and Melinda Gates Foundation, as well as the British government, the French government, the Australian government, and the Omidyar network.According to the World Bank Group’s website, it is a “cross-sectoral platform for establishing and leveraging partnerships with United Nations agencies, other donors, non-governmental organizations, academia, and the private sector.” The goal is to “help[ing] Countries are aware of the transformational potential of digital identification systems. “

The program ends with comfortable buzzwords such as digital development, social protection, gender issues, and financial inclusion. But digital identity systems can also be weaponized by the authorities, preventing millions of people from accessing the most basic services and even depriving people of their legal rights to stay within their respective jurisdictions.

This is exactly what happened in the Dominican Republic.As Eve Hayes de Kalaf, a research assistant at the Centre for Latin American and Caribbean Studies, University of London, wrote in a article for dialogue, Dominican government, and World Bank Project Provide citizens with proof of their legal existence, “introduced an exclusion mechanism, Systematically prevent Black Haitian descendants cannot access and renew their Dominican identity cards”:

For many years, people of Haitian descent born in the Dominican Republic found themselves in a fierce battle to (re)obtain their identity documents. Officials claim that for more than 80 years, they mistakenly provided Dominican paperwork to people born to Haitian immigrants, and that this error needs to be corrected. These people said they were Dominicans. They even have documents to prove it. But the country disagrees…

Who is considered eligible to be included in the civil registry (ie, Dominican citizens) and who is excluded (of Haitian descent) are considered sovereign issues that need to be resolved by the state. As a result, thousands of people found themselves undocumented and were subsequently excluded from basic healthcare services, welfare and education…

Hayes de Kalaf listed other cases where digital ID registrations were used for discriminatory purposes, including India’s Assam’s exclusion And Kenya’s systematic abuse Somali refugees:

For people who find themselves excluded from this new digital age, daily life is not only difficult, it is almost impossible.

Although the need to speed up the registration of digital IDs is imminent, in this post-pandemic world, we need to take a step back and reflect.call Digital COVID passport, Biometric ID cards and data sharing tracking systems not only promote the supervision of cross-border personnel, but also increasingly promote the supervision of the population living in them.

It’s time for us to seriously discuss the potential flaws of digital ID systems and their far-reaching, life-changing effects.

We can only hope that the Mexican Senate will fully consider these potential risks before voting on CUID. The same is true for many governments in the global south and global north.