ELECTORAL COMMISSION (EC) & FACIAL RECOGNITION: HOW RELEVANT IS THIS FACIAL RECOGNITION IN A NON E-VOTING ENVIRONMENT. TEST OF THE MANDATE OF THE DATA PROTECTION COMMISSION(DPC


INTRODUCTION

It looks like I have to do re-mix some of my earlier articles to give it a refocus since the issues of the EC and biometrics still remains relevant. My concern now is with the Electoral Commission (EC), aside our thumbprint wanting to capture our facials as part of their biometrics database for the purposes of voting. How relevant is this when we are not using e-voting technology but our traditional paper based system?
Basically, data protection principles require that data collected must:
                                i.            be obtained and processed fairly,
                              ii.            have been obtained for specified or explicit and legitimate purposes,
                            iii.            not be further processed in a manner incompatible with that purpose or those purposes,
                            iv.            be retained subject to appropriate security measures against unauthorized access, and 
                              v.            be processed in accordance with the rights of data subjects.

The object of the Data Protection Commission (DPC) in Act 843 is to:
(a)       protect the privacy of the individual and personal data by regulating the processing of personal information, and
(b)   provide the process to obtain, hold, use or disclose personal
             information.

Our concern therefore must be with the legal basis for which the EC intends to capture our facials and not the usefulness of what they want to do with it. The DPC must therefore give us the comfort by answering the following:
1.      whether or not the face geometry including iris the EC wants to capture is relevant and not excessive for the purposes of our current voting system.
2.      whether or not by capturing our face geometry including iris the rights of the data subject by way of right to privacy is not being infringed upon.
Why we should be concerned is the unintended uses of biometric databases called “function creep” which I will explain.


LEGAL JUSTIFICATION AND FUNCTION CREEP
Act 843 is a sword for the EC if it wants to embark on the should I say “extended biometrics” and also a shield for us the citizens if we want to protect our constitutional right to privacy. Section 22 of Act 843 allows the EC as a data controller to collect personal data for a purpose which is specific, explicitly defined and lawful and is related to their functions or activity but the EC under sections 20 and 23, must make us the citizens aware of the purpose giving us the right to object and stop such processing. Who is the referee? The DPC
Act 843 of course gives instances when personal data can be collected but Section 19 of Act 843 requires that personal data is only processed if the purpose for which it is to be processed, is necessary, relevant and not excessive. DPC what is your take with what the EC wants to do?

Although the benefit of biometric database is unquestionable, there is the downside of abuse of the database. Once it is set up, there can be uses for it without boundaries. The functionality of the biometrics are with respect to either verification (a one-to-one search or comparison to determine if Anokye is who he claims to be and for this whether he is entitled to enter a building or entitled to vote, thereby seeking to answer the question : Are you who you claim to be?) and identification (a one-to-many search or comparison to determine if Anokye’s biometric characteristics is in the central database or his biometric characteristics collected independently can be matched to a name in the database, thereby seeking to answer the question: Do I know who you are?
The unintended dangers of function creeping with biometric databases to the extent that the EC wants to go should be every citizens concern.  Function creep is where a technology is introduced to do one popular cool thing (function) but later used to do other things which may be unpopular un-cool things (functions), meaning the original function has “crept” into another unrelated function. These could be both planned and unplanned and with the way the world is going one can never tell whether the actual function of the need for our biometrics is the voting or there is some “invincible hand” telling us that it is the way to go which looks credible on the face of it and harmless hence ready to even fund it but later collect data for other reasons.
Our worst fear should be our relatives and friends in the diaspora. The enforcement of data protection laws in the developed countries are so stringent that in as much as “big brother” may want to collect biometrics on foreigners they would have limitations so the way out is to come to “data havens” where there is so much ignorance like Ghana, fund the collection and later twist our arms to have access. In no time all our people will be traced in the name of voting. Their right to be left alone to enjoy a peaceful life with or without “papers” would be gone. “Big brother” has patience and this could be a 10-year agenda then the request is made, tied to loans and aid. Tell me which African government wanting to stay in power and needs funding will not compromise.
Some have struggled to leave this country and are remitting family and friends as a way to support our communities financially and to help alleviate poverty. Do we think all the inward remittances are coming from only people with a legal right to live abroad? They too, have the right to be left alone. Or we see it as our duty to help them. DPC is the facial recognition just nice to have or critical to our right to vote? If we can do without it please let us do without it. How strong is our Data Protection Commission to stop or sanction the EC should there be any function creep?   
Who for example gave the Electoral Commission the right to give access to our voters register for the banks to do verification of financial transactions? It is good to detect fraud but was it part of the original plan of collecting our information electronically or a “function creep”. Do the banks pay for it? Is it part of EC’s internally generated funds? In filling the forms, were we informed on this further and unrelated use?  Is it just possible they will likewise give access to the biometric database to international bodies in the name of fighting crime and terrorism? If yes, let us all agree by way of legislation on how the biometric database should be used so we take informed decision. After all that is our individual human right.      

 CONCLUSION

Our “digital persona” as data subjects must be protected before we create a digital monster that cannot be controlled or killed. Once the EC is collecting our biometric characteristics together with our personal details (residence, place of work, age etc) for identification purposes there is the need for our fundamental human right to privacy or “right to be left alone” to be protected. The national ID collected our iris and I guess we can live with it though the risk of function creep exist but what has facial recognition got to do with our current voting system that the thumbprint that has already been captured cannot do.  Voting is just one aspect of our lives and DPC must let us know if the EC would be going against Act 843 and even if not, looking at the possible unintended “function creep” use by “big brother” should we even if legal, not find an alternative way of achieving the intended use since we are not going to e-vote. I find it unnecessary and excessive for the intended purpose. DPC address the following:

1.      whether or not the face geometry including iris the EC wants to capture is relevant and not excessive for the purposes of our current voting system.
2.      whether or not by capturing our face geometry including iris the rights of the data subject by way of right to privacy is not being infringed upon.

Also, are we presently able to answer the two questions Are you who you claim to be?  and Do I know who you are? If yes is the facial recognition excessive? Is it relevant? DPC help us out, your mandate is to the test. Show you are in charge. Can you?


The author Dr. Kofi Anokye Owusu-Darko, holds an EMBA (IT Management) and an LLM (IT & Telecommunication ). Email: kofianokye18@gmail.com or visit kofianokye.blogspot.com


Comments

Post a Comment

Popular posts from this blog

LEGAL ISSUES IN E-COMMERCE WEBSITE DEVELOPING IN GHANA: OWNER BEWARE

Introduction Website presence in the new global village will become a “sine qua non” in conducting business if Ghanaians want to take advantage of the digital platform.   The first point of call in wanting to do this is to approach a website designer with some ideas on how you want the site to look like and the features you expect to see. Design functionality and aesthetics most invariably are the issues the developer becomes pre-occupied with but there are legal issues to contend with especially more so when the website is accessible to anybody, anywhere and at anytime. The Electronic Transactions Act 2008(Act 772) however gives directions as to how website developers can resolve these legal issues. I intend to raise the legal issues in website designing and attempt to give some indications as to what functionalities and best practice may be needed to satisfy the law   Legal Issues in Trading Through A Website There are a lot of legal considerations when designing a website and th
Read more

IMPLEMENTING THE FREEDOM OF INFORMATION ACT: ARE WE EXPECTING TOO MUCH TOO SOON?

INTRODUCTION Information flow between government and its citizens was deemed by Rt Hon Jack Straw (a UK MP) to not only empower the people but to promote a “vigorous and robust democracy”.   The Right to Information Act, 2019   except under certain exemptions is intended to give the public the “right to know” the type of information held by public bodies. It is an attempt for “greater transparency, accountability and engagement” in government business and should “transform the culture of Government from one of secrecy to one of openness ” . In the UK for example, it led to the resignation by Michael Burgess as coroner for the late lady Diana’s inquest; it led to the disclosure of detailed breakdown of MPs travel expenses after an initial plan by ministers to exempt such disclosure; it led to World Development Movement (WDM) getting information relating to the biggest carbon dioxide polluters in the UK which before the Act would not have been readily available. There is the argu
Read more

ELECTRONIC SIGNATURES AND DIGITAL SIGNATURES: HAS GHANA GOTTEN IT MIXED UP UNDER THE ELECTRONIC TRANSACTIONS ACT 2008 (ACT772)?

INTRODUCTION In my opinion there is a distinction between an “electronic signature” and a “digital signature” and I stand to be corrected but Act 772 seems to be referring to “electronic signatures” whilst talking about “digital signatures” or vice versa and this gets me confused. My understanding of “electronic signature” is that it is data in electronic form which can be attached to, or logically associated with other electronic data and which serve as a method of authentication. This therefore means that the following may fall under electronic signatures: A hand signed signature in ink, scanned and electronically delivered Electronically typed (Computer) signature and electronically delivered An electronic typed name and electronically delivered An electronic symbol that is electronically delivered The above attached to an electronic document may not be a safe way of authenticating a document but acceptable as long as the signatory accepts having signed the document. After a
Read more