The digital national identification project of the National Identity Management Commission (NIMC) has come under attack as a civil society organisation, Laws and Rights Awareness Initiative, has approached a Federal High Court sitting in Abeokuta to stop it.
While asking the court to stop the replacement of the plastic ID with the digital version, the CSO contended that the NIMC software was not secure and would breach the rights of Nigerians to privacy under Section 37 of the Constitution.
It would be recalled that the commission had announced that it was dumping plastic ID cards for digital identification.
In the suit, the Incorporated Trustees of the LRAI, through its counsel Olumide Babalola, told the court that the NIMC neglected to conduct a Data Protection Impact Assessment before embarking on the digital identification project.
He also added that the NIMC also failed to file a data protection compliance audit report with the National Information Technology Development Agency (NITDA) before uploading the personal data of Nigerians on “their insecure software application.”
Deposing to the an affidavit in support of the suit, one Adedayo Ade-Rufus, alleged that “barely 48 hours after the release of the software by the respondent, Nigerian data subjects started complaining on social media about data breach and malfunctioning of the respondent’s software application as well as the leakage of their personal data to the entire world.”
He further stated that the CSO suit was motivated specifically by the complaint of one Daniel John, whose personal data were among those uploaded by the NIMC “on a software application that can be downloaded on android and IOS devices.”
Ade-Rufus said: “The respondent’s insecure software is in violation of its obligation to secure personal data against all hazards and breaches such as theft, cyber-attack, viral attack, dissemination, manipulations of any kind, damage by rain, fire or exposure to other natural elements.
“The respondent’s processing of Daniel John’s personal data, including sensitive data, with an insecure software application threatens his right to private and family life.
“The Respondent’s continuous processing without an external audit will further interfere with Daniel John’s right to privacy.”
The CSO prayed the court to, among others, issue “a perpetual injunction, restraining the respondent from further releasing digital identity cards on their software application (NIMC app) or any other platform pending the independent report of external cyber security experts on the safety and security of the Respondent’s applications.”