NIMC’s digital ID comes under attack, as CSO asks court to stop it

The digital national identification project of the National Identity Management Commission (NIMC) has come under attack as a civil society organisation, Laws and Rights Awareness Initiative, has approached a Federal High Court sitting in Abeokuta to stop it.

While asking the court to stop the replacement of the plastic ID with the digital version, the CSO contended that the NIMC software was not secure and would breach the rights of Nigerians to privacy under Section 37 of the Constitution.

It would be recalled that the commission had announced that it was dumping plastic ID cards for digital identification.

In the suit, the Incorporated Trustees of the LRAI, through its counsel Olumide Babalola, told the court that the NIMC neglected to conduct a Data Protection Impact Assessment before embarking on the digital identification project.

Read also: NIMC makes case why it should take over distribution of COVID-19 palliatives

He also added that the NIMC also failed to file a data protection compliance audit report with the National Information Technology Development Agency (NITDA) before uploading the personal data of Nigerians on “their insecure software application.”

Deposing to the an affidavit in support of the suit, one Adedayo Ade-Rufus, alleged that “barely 48 hours after the release of the software by the respondent, Nigerian data subjects started complaining on social media about data breach and malfunctioning of the respondent’s software application as well as the leakage of their personal data to the entire world.”

He further stated that the CSO suit was motivated specifically by the complaint of one Daniel John, whose personal data were among those uploaded by the NIMC “on a software application that can be downloaded on android and IOS devices.”

Ade-Rufus said: “The respondent’s insecure software is in violation of its obligation to secure personal data against all hazards and breaches such as theft, cyber-attack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.

“The respondent’s processing of Daniel John’s personal data, including sensitive data, with an insecure software application threatens his right to private and family life.

“The Respondent’s continuous processing without an external audit will further interfere with Daniel John’s right to privacy.”

The CSO prayed the court to, among others, issue “a perpetual injunction, restraining the respondent from further releasing digital identity cards on their software application (NIMC app) or any other platform pending the independent report of external cyber security experts on the safety and security of the Respondent’s applications.”

Join the conversation

Opinions

Support Ripples Nigeria, hold up solutions journalism

Balanced, fearless journalism driven by data comes at huge financial costs.

As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake.

If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.

Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development.

Donate Now