In recent times, cybercrime has become a threat to just about anyone so long as they are connected to the Internet. As a result, there is a pervading feeling of reluctance- which sometimes borders on paranoia- to give out too much personal information. One cannot rightly blame anyone because after all, no detail is too insignificant to be exploited by cybercriminals. Countries across the globe, no matter their sophistication and digital advancement, experience their fair share as far as cybercrime is concerned. In 2021, the Federal Bureau of Investigation published a report on cybercrime. It placed Nigeria in 16th position on the list of top countries most affected by Internet crime in the world. Later that year, Nigeria’s Economic and Financial Crimes Commission disclosed that about 80 per cent of its 978 convictions were connected to cybercrime and cybercrime-related offences.
In the light of all this, you would understand the paranoia many Nigerians suffer from when it comes to parting with their personal data. A few days into 2022, news surfaced about a hacker who allegedly broke into the National Identity Management Commission server and accessed the personal information of millions of Nigerians. While the hacker’s claim later proved to be false, the possibility of such an occurrence cannot be discounted.
Since the introduction of the national identity database by the Nigerian government, the issue of data security has been a burning issue in the minds of Nigerians. While the very concept is a step in the right direction, questions such as “How secure is the national database?” “How much faith can we put in the agency responsible for handling and managing the data of millions of Nigeria?” still remain the concerns of citizens.
Almost three weeks ago, the NIMC experienced a technical problem that shut down its portal for eight solid days. It was later reported that the glitch originated from the Hosting Service Platform of Galaxy Backbone Limited, an Information and Communications Technology Services provider, wholly owned by the Federal Government.
Telecommunication firms, financial institutions, as well as various ministries and agencies of the government such as the Nigerian Immigration Service were affected as most of their activities hinged on being able to verify the National Identity Number of their customers. For telco operators, I cannot possibly imagine how many millions in sales of Subscriber Identification Module cards they must have lost due to the glitch that affected the NIMC server and for individuals that were waiting in line for SIM swap, it must have been a rather frustrating experience.
Not to draw an unfair comparison but I don’t think that the US or German identification card system such as the social security numbers database can be out of service for days on end while citizens and businesses are left floundering.
The fact that the NIMC portal outage wasn’t limited to a day or two is in itself alarming. I mean, could it have been the result of the hasty NIN-SIM integration of last year? If this glitch could happen once, what’s to stop it from happening again? More importantly, what are the possible ways to prevent a recurrence? I feel that we need to ask these pertinent questions especially if the Federal Government succeeds in its plan to make the National ID become the single data point of virtually every activity in the country.
Meanwhile, the NIMC again recommended that telco operators use the alternative tokenisation platform (vNIN) to verify their subscribers. The outcome of this was not a happy one for telcos who complained that the process was painstakingly slow. You may recall that last December, the Federal Government announced plans to roll out a suite of digital tokens to enhance the verification of the National Identity Number, effective January 2022.
Unsurprisingly, this idea was met with rejection by telcos based on the argument that neither operators nor citizens were ready. I know for a fact that some key players in the industry have been kicking against the vNIN policy because the government failed to dialogue with relevant stakeholders on the merits and demerits; of such a development. It is sad to say that nothing has changed on that front.
In the light of recent events, certain players in the telecommunication industry have intimated that the glitch could have been a ploy to make people embrace NIN tokenisation. Whatever the case may be, I believe that we cannot totally rule out this possibility. The government has a long-mile track record when it comes to shoving its policies down our throats.
By way of explanation, vNIN is a tokenised version of a person’s actual NIN. It is a 16-digit sequence comprising letters and numbers that customers will be required to provide for third-party verification, either through the NIMC mobile App, or the USSD channel for SIM retrieval or other related services.
As with one-time passwords that become invalid after a specific amount of time has passed, the virtual NIN tokens are issued to users and expire after a set period of time- give or take 72 hours.
Given today’s obsession with data privacy, tokenising the NIN authentication process will allow NIMC to help protect users’ personally identifiable information from being stolen and stored by data-hungry private companies. However, it should not be mistaken for a fail-safe measure against hacking and impersonation.
As much as the government might want to use vNIN as a shiny new toy to deflect attention from the NIMC portal breakdown and the ensuing shameful scramble to fix it, it still doesn’t change the fact that the unfortunate event did happen.
To tell the truth, I’m mystified the NIMC relies on Galaxy Backbone for its server services, won’t it have been smart to also have one of the premium data centres in the country host an aspect of the operations in order to prevent a complete shutdown. Similar to the way they switch from one electricity source to another to keep operations going, organisations usually retain two or more service providers in case of eventualities.
The country has more talents in the tech industry than it knows what to do with them. At this point, we cannot keep reminding the government of the need to collaborate with experienced players in the sector who can help develop more robust platforms for National Identity management. It’s past time we moved beyond the trial and error phase.
Copyright PUNCH.
All rights reserved. This material, and other digital content on this website, may not be reproduced, published, broadcast, rewritten or redistributed in whole or in part without prior express written permission from PUNCH.
Contact: [email protected]