Why a ruling on digital ID by Kenya's High Court has global implications for online privacy

A hand holds a mobile phone as issues remain about the implementation of digital ID systems

Digital ID systems offer great benefits, but also come with privacy and security concerns. Image: Rodion Kutsaev/Unsplash

Gretchen Bueermann
Knowledge Lead, Centre for Cybersecurity, World Economic Forum
Giulia Fanti
Assistant Professor of Electrical and Computer Engineering, Carnegie Mellon University
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Digital Identity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Digital Identity

This article is part of: Centre for Cybersecurity

Listen to the article

  • Digital ID systems can improve inclusivity, financial participation and access to government initiatives and services.
  • But a ruling by the Kenyan High Court highlighted concerns about their implementation, particularly around privacy and security.
  • Data protection, decentralization and increased trust in such systems are needed for them to succeed.

For the estimated 1 billion people worldwide without a legal ID, digital identity programmes provide a unique opportunity for increased inclusivity, better financial participation, and wider access to government resources and initiatives.

However, for the countries implementing these programmes, the associated benefits come with a host of thorny tradeoffs surrounding privacy, security and logistics.

Have you read?

Following a landmark ruling by the High Court of Kenya in 2021, which concluded that the rollout of a country-wide biometric ID scheme was illegal, many countries continue to grapple with the legal, regulatory, and ethical boundaries of national identification systems.

Nationally, many countries lack clear legal precedents to govern processes and infrastructure in the digital identity space, and international consensus is just as, if not more, jumbled.

The Kenyan case echoes challenges faced by the EU, the US, and other governing bodies when it comes to digitization of national ID programmes, and the subsequent expectations of privacy for individuals and groups.

Countries are at different stages
Countries are at different stages of introducing digital ID systems. Image: Gelb, A and Diofasi, A

Kenya's digital ID scheme ruled illegal

Kenya’s digital ID programme, called the National Integrated Identity Management System (NIIMS), was ruled illegal by the High Court because there was no clear documentation of the data privacy risks, nor was there a clear strategy for measuring, mitigating and dealing with those risks.

Related concerns about data privacy and security have arisen in other digital ID platforms as well. For example, India’s Aadhaar is the world’s largest biometric digital ID system.

Registration is linked to biometrics and demographics, and can connect to services including SIM cards, bank accounts, and government aid programmes, making financial systems more inclusive.

Despite these advantages, Aadhaar has seen pushback regarding feasibility and privacy. For example, there are concerns that the Aadhaar database can be used to profile ethnic minorities or violate the privacy of residents.

Issues faced by many national digital ID systems

The Kenyan NIIMS ruling and experiences from other global digital ID platforms highlight three major recurring issues that characterize many national systems:

  • Keeping too much personally identifiable information in one place creates new and major targets for potential attacks, including data exfiltration.
  • Many countries lack the security infrastructure to protect sensitive data and maintain rigorous privacy standards.
  • National digital ID programmes open the door to the further exclusion of vulnerable groups, based on factors like demographics (such as ethnicity) or socioeconomic status (for example, digital connectivity).

At their core, these concerns stem from the centralization of data, which increases the likelihood and potential damage of external cyberattacks. It also increases the viability of insider threats and lowers barriers to systematic discrimination from within government.

Reasons to reduce centralization of ID data

These threats become even more pronounced to the extent that digital ID platforms are linked to different services and use cases within a nation. As digital ID systems become more prevalent, there are compelling reasons to reduce the degree of centralization inherent to their architecture and operation.

However, managing and mitigating the degree of centralization in digital ID systems is highly nontrivial; the design space is vast, with subtle tradeoffs. Nation states should consider both technical and nontechnical approaches to manage centralization of ID databases.

First and foremost, to navigate this complex landscape, a multi-stakeholder approach should be taken to consider a variety of voices before rolling out new digital ID programmes. For example, many digital ID schemes (such as Estonia's, Aadhar and MOSIP) were developed through public-private collaboration.

Access controls for digital ID systems

Many governments simply do not have the in-house capacity to roll out and maintain a new digital ID system. At the same time, care must be taken when outsourcing development and maintenance.

ID systems are critical infrastructure, and once governments are locked into a vendor, it can be difficult to back out or make changes, due to technical debt and interoperability requirements with downstream users.

From a technical standpoint, one technique for reducing the implications of data centralization involves partitioning databases and enacting appropriate access controls. This enables a database of digital IDs to be split according to attributes, such as the region where the identifier was first registered.

Operators can be given access to only a subset of the data. Such access controls reduce the damage that any single malicious agent can exact, at the expense of greater system complexity and fragmentation.

Mitigate risks of biometrics through encryption

However, access controls alone are not enough to mitigate the risks associated with storing sensitive ID information, such as biometrics.

A major risk surrounding biometrics in particular is that if, and when, an attacker obtains these credentials for a victim, they may be able to impersonate the victim indefinitely, since a user’s biometrics do not change.

These risks can be mitigated using emerging technologies like computation over encrypted data with rotating keys. For example, homomorphic encryption could be used to store only encrypted iris scans and conduct authentication over encrypted data – thereby significantly reducing the information that is available to the ID database operator, as well as to potential hackers.

Standardize ID systems for better interoperability

At the other extreme, a significant problem with existing ID solutions today is their lack of interoperability, both across nations and services. For example, registration systems for nationalized healthcare do not necessarily communicate with systems for government aid.

The fragmented state of digital ID systems inherently limits data centralization, but it can also hamper their potential benefits. Possible solutions to this problem include standardization of digital ID.


How is the Forum tackling global cybersecurity challenges?

For example, MOSIP is intended to be an open-source digital ID platform for multiple nations and use cases. Others have proposed decentralized, interoperable architectures for storing digital identifiers.

These architectures would enable existing ID issuers to issue their own identifiers while maintaining ID databases in a decentralized manner – for example, on a blockchain maintained by different stakeholders.

Decentralized ID systems may pose challenges

Such technologies are relatively untested compared to more classical databases, and could introduce new challenges surrounding governance and database maintenance.

Notice that decentralized architectures do not inherently help with the problem of centralized data aggregation; many blockchain-based data storage architectures are designed mainly to provide transparency, not confidentiality.

Privacy considerations, and well as the potential for exploitation, are incredibly important when it comes to building inclusive and valuable national digital ID systems.

Privacy vital for digital ID platforms

This infrastructure has the potential to generate value and usher in a new era of legal, digital and financial inclusion.

However, there must be a solid foundation of data protection, decentralization, and an environment of digital trust for these programmes to succeed.

The Kenyan courts have simply done the work for the rest of their peers by flagging these issues at the outset.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
CybersecurityEmerging Technologies
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

FBI takes down army of ‘zombie’ computers. Here what to know

David Elliott

June 19, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum