The complete lack of any form of concerns over privacy in Pakistan, and indeed the rest of the developing world, is a tragedy. When the US initiated mandatory fingerprinting for foreign visitors post-9/11, Pakistan was one of the countries that voiced protest. The idea of treating all visitors as criminals until proven otherwise was at that time an affront to the centuries-old legal principle of "innocent until proven otherwise". But, of course, companies had invested millions in developing biometric technologies and the only way they could make a profit was to make mass fingerprinting a legal and global obligation.
As for this exercise of the world's "largest and fastest" biometric data collection effort, there has been nothing but fulsome praise from everyone on PDF that somehow this is "progress" that will "prevent terrorism". Let us, however consider some issues:
- Pakistan has been collecting citizens' fingerprints since before fingerprint scanners were invented. Once they were invented, they became a mandatory part of the CNIC issuance protocol. Has this in any way helped to reduce or prevent crime and/or terrorist activity in Pakistan?
- It is a known fact that CNICs have been obtained by non-citizens by illegitimate means, and for nefarious purposes. If the existence of the NADRA biometric database has not prevented the deaths of thousands of Pakistanis from terrorism, what makes us believe that a second privately-owned and operated database will fare any better?
- The telcos used the tragedy of 16 December 2014 to launch the present biometric collection drive. One doesn't just launch such a massive technology-based exercise without significant prior infrastructure investments requiring time, effort and money. In other words, they had been working on this for months (years?) and were just waiting for the right moment to operationalize the "give us your freedom in return for security" meme. One can only despair in recalling the following truism from Benjamin Franklin: "Those who surrender freedom for security will not have, nor do they deserve, either one"
- There have been persistent reports over the last few years that the NADRA database has been (a) outsourced to a third party; (b) made available to certain foreign governments during Rehman Malik's time as minister; (c) the subject of repeated hacking attempts from foreign countries. Assuming that there is some element of truth in these reports (anything, after all, could have happened in Zardari's time in Government) if a Pak Government database cannot be secured from such intrusion, what guarantee is there that databases managed by private telcos would fare any better?
- Tariq Malik is quoted in the above referred article as suggesting that Big Data "can strengthen the link between citizens and state to enhance state capacity", "tax collection" and "powerful and effective methods for optimizing governance". This implies that there are big plans here, beyond the stated one of tracking terrorists. Pakistan's democratic Government has demonstrated that it will open up the NADRA database to private organizations for "verification purposes", who can, at their whim, block services to the general public as and when they please, just as the telcos are now doing.
As if all of the above concerns weren't enough, the loopholes in this wonderful fastest-and-largest biometric data collection exercise are manifold:
- Joe Terrorist can now simply steal someone's cellphone or SIM Card to do what he wants to do, and destroy an innocent citizen's life in the process
- Someone who doesn't want to give their fingerprint scans to a private organization (and, indeed, why should they?) can merely ask a friend or relative to get a second SIM card that they can happily use
- Foreigners visiting Pakistan are likely to have roaming services turned on and can happily use their foreign SIM cards, and circumvent the entire system, in a manner where there will be no biometric identifier or trail for the police to latch onto
It is quite remarkable that in spite of these issues, repeatedly raised by privacy advocates - and there are other significant legal, moral, ethical and technical issues related to the biometrics industry as a whole - people have bought into the argument that giving your fingerprints to someone else is somehow "progress" that will "stop terrorists".
What a truly sad world we live in today.
