Now that the National Electronic Identity ( e-ID) Card has been formally launched, a lot of questions are being asked, which need to be cleared up. If anyone has any doubt as to the authenticity and accuracy of what is contained below, they should kindly back up their claims with real facts and proof so as not to mislead the General Public. Firstly, the new National e-ID Card issued by the National Identity Management Commission (NIMC) is primarily a National Identity Card with a SmartCard built-in, containing provision for up to 13 applets, of which 5 are activated when an applicant picks up his/her Card.
The National Identity Database is not open to inspection by ANY party, home or abroad. There is absolutely no provision for any foreign Government or body to access the database. MasterCard is providing functionality for 1 of the 5 applets, just as you have with your ATM Cards. No one complains that your name is on the ATM card, or that that information may be held in America. The concern here is biometric data and other demographic information such as next of Kin and so on. MasterCard DOES NOT HAVE and WILL NEVER have access to such information.
Any suggestion that MasterCard, Visa, or any other foreign body will gain access to the database is pure fiction not backed up with evidence. This is NOT the same as verification services, which is where an Embassy may request to verify a person's National Identification Number (NIN) to ascertain that the person requesting a visa is the genuine article. It is done all over the world, and the provision for NIN on the Visa application forms for many countries such as UK, US and even Schenghen states, was not introduced because of Nigeria's NIN.
The applets active when you pick up your card may include:
1. Match-on-Card
This is where a secure terminal matches a specific fingerprint against that locked away on The Card. Too many attempts, and the applet is blocked for security reasons. That way, an agency or concerned body can be sure that the person presenting the Card is the true owner. It is no different than what is currently done with your International Passport.
2. ICAO
The National Identity Card is also a travel document and conforms to the same standards (ICAO 9303 Rev 2) as International Passports and National Identity Cards of other nations which have TD1 functionality built in. It is hoped that the document will be used for ECOWAS travel (without the need for a Passport), as the applet CANNOT be forged. NIMC has its own Document Signer (DS), on behalf of the Federal Republic of Nigeria. So we are not sending certificates requests (CSRs) outside Nigeria to be signed for this applet.
3. Payment
In the first phase, MasterCard is offering payment functionality for the Card. There is a firewall between this applet and all the other applets so not even a POS terminal can access the secure data protected by EAC2 on certain parts of the Card. As stated earlier, the National Database is NOT the business of MasterCard and never will be. Later on, we will have Visa and Verve Cards as alternatives to MasterCard. MasterCard will only be available on the first 13 million Cards. This applet is OPTIONAL. If you do not wish to use the payment applet, simply decline to activate it during collection.
4. e-ID
This is the MAIN applet. The electronic ID applet, which contains some of the information submitted during enrolment. Other information such as address are also available on the Card but protected by higher levels of access control called EAC2. The NIN is also locked away in EAC2 protection. Most information is NOT available on the Card, such as next of Kin, parentage and so on. These are only available in the National Identity Database (NIDB).
5. e-PKI
This applet contains strong certificates which allow for document signing, non-repudiation, encryption and so on. NIMC has conformed to International Best Practices to provide this applet. The Non-repudiation simply means that where a person has digitally signed a document with his/her Card using the e-PKI applet, the person CANNOT turn around tomorrow and say “I didn't sign this document, it's a forgery”. For this to occur, aside from the applet, other security measures have been put in place to ensure that indeed, a person won't be able to deny his/her document signature.
Fact: Verification Services
Any embassy wishing to participate in verification services in the near future will need to go through a very stringent and rigorous approval process. NIMC will then offer a 1-to-many service, meaning that a NIN is supplied via a secure channel to NIMC's verification platform and then a lookup is done against the National Database.
Fact: Comparison with other documents
The National e-ID Card is a means of Identification. It does NOT confer citizenship to anyone, Nigerian or otherwise. Legal residents are fully entitled to the e-ID Card. So it is misleading to compare the Card to the American Green Card (which is NOT issued to American Citizens), the U.S. Social Security Card or the British National Insurance Card. Neither of these countries has a National Identity Card.
It is also unfair and inaccurate to compare the National Identity Card to the Nigerian International Passport as the latter is PURELY a travel document, whilst the former has travel functionality built in.
The Federal Government has also stated that after the next General Elections in 2015, the 2019 election will require the National e-ID Card issued by NIMC to vote. Incidentally, a Voter's applet (or function) is also on the card and the data is 100% isolated by very strong firewalls and encryption from all the other functions.
Fact: Data Protection
NIMC is the custodian of the National Identity Database and we would be contravening so many national security laws if it EVER handed access to the National Database to a local company or organisation, talk less of a foreign one. Nigeria is a sovereign nation. There is no nation on earth that can dictate to the Federal Government of Nigeria about how to manage the database of its citizens and legal residents.
The Department of State Security (DSS) has scrutinised NIMC and can attest that The Commission has put all kinds of processes and security measures in place to avoid such breaches of National Security.
NIMC has also passed ISO 27001:2005 Certification. For those in the know, this is reviewed every year by external auditors and if certification is not renewed, then NIMC cannot continue to serve in its capacity as the legal custodian of the National Database.
Fact: Public Key Infrastructure
NIMC has even gone as far as implementing its own PKI Infrastructure, which means that Digital Certificates and Keys issued for each individual are not sent offshore for signing, but are signed internally at NIMC HQ, as Nigeria now has its own Registration Authority (RA) and Country Signing Certificate of Authority (CSCA) as well as a host of other PKI systems thereby negating the need to depend on a foreign Government to sign our certificates. Nigeria has its own OID (for those who know what that means) and we had to apply through the Standards Organisation of Nigeria (SON) and the ITU. Which means that Nigeria's RA is recognised by ICAO worldwide, making our Card a globally-acceptable Identity Card which conforms to International Standards.
Fact: Strong encryption
If there is one thing NIMC has done very well, and can be proudly and loudly mentioned, it is in the area of strong encryption.
As mentioned earlier, NIMC has had to undergo a lot of stringent processes and procedures to comply with and follow International Best Practices as they relate to Information Security.
Likewise, the chip embedded on the Card body (actually a computer with memory, processor and logic) has a plethora of International Standards which it can boast of. Just to ensure that the information provided by Nigerians (and legal residents) are not open of casual or even unauthorised inspection.
Fact: Suggested Possible Shutdown of NIMC Infrastructure by MasterCard or U.S Government?
In the unlikely event that Nigeria has problems with the US Government similar to the issue with Russia, the only part of the entire Card that can cease to function is the payment applet. This applet is only 1 or 13 on the Card. It has ABSOLUTELY NOTHING to do with the ePKI, eID, MoC, Tax, Voter, Travel, Health or other applets. If in future Verve chooses to come on board, then even that will be a major plus.
It is NOT a glorified payment Card, but a National Identity Card offering a myriad of functions of which, one is payment.
Card Management Services
National Identity Management Commission
Follow us on twitter: @nimc_ng
No comments :
Post a Comment