ELECTORAL COMMISSION (EC) & FACIAL RECOGNITION

Dr. Kofi Anokye Owusu-Darko

…how relevant is this facial recognition in a non e-voting environment. test of the mandate of the Data Protection Commission (DPC)

 

It looks like I have to do re-mix some of my earlier articles to give it a refocus since the issues of the EC and biometrics still remains relevant. My concern now is with the Electoral Commission (EC), aside our thumbprint wanting to capture our facials as part of their biometrics database for the purposes of voting. How relevant is this when we are not using e-voting technology but our traditional paper based system?

Basically, data protection principles require that data collected must:

  1. be obtained and processed fairly,
  2. have been obtained for specified or explicit and legitimate purposes,
  • not be further processed in a manner incompatible with that purpose or those purposes,
  1. be retained subject to appropriate security measures against unauthorized access, and
  2. be processed in accordance with the rights of data subjects.

 

The object of the Data Protection Commission (DPC) in Act 843 is to:

  • protect the privacy of the individual and personal data by regulating the processing of personal information, and

(b)   provide the process to obtain, hold, use or disclose personal

information.

 

Our concern therefore must be with the legal basis for which the EC intends to capture our facials and not the usefulness of what they want to do with it. The DPC must therefore give us the comfort by answering the following:

  1. whether or not the face geometry including iris the EC wants to capture is relevant and not excessive for the purposes of our current voting system.
  2. whether or not by capturing our face geometry including iris the rights of the data subject by way of right to be privacy is not being infringed upon.

Why we should be concerned is the unintended uses of biometric databases called “function creep” which I will explain.

LEGAL JUSTIFICATION AND FUNCTION CREEP

Act 843 is a sword for the EC if it wants to embark on the should I say “extended biometrics” and also a shield for us the citizens if we want to protect our constitutional right to privacy. Section 22 of Act 843 allows the EC as a data controller to collect personal data for a purpose which is specific, explicitly defined and lawful and is related to their functions or activity but the EC under sections 20 and 23, must make us the citizens aware of the purpose giving us the right to object and stop such processing. Who is the referee? The DPC

Act 843 off course gives instances when personal data can be collected but Section 19 of Act 843 requires that personal data is only processed if the purpose for which it is to be processed, is necessary, relevant and not excessive. PDC what is your take with what the EC wants to do?

See Also:  COVID-19: Over 15,000 persons reached via contact tracing tested

 

Although the benefit of biometric database is unquestionable, there is the downside of abuse of the database. Once it is set up, there can be uses for it without boundaries. The functionality of the biometrics are with respect to either verification (a one-to-one search or comparison to determine if Anokye is who he claims to be and for this whether he is entitled to enter a building or entitled to vote, thereby seeking to answer the question : Are you who you claim to be?) and identification (a one-to-many search or comparison to determine if Anokye’s biometric characteristics is in the central database or his biometric characteristics collected independently can be matched to a name in the database, thereby seeking to answer the question: Do I know who you are?

The unintended dangers of function creeping with biometric databases to the extent that the EC wants to go should be every citizens concern.  Function creep is where a technology is introduced to do one popular cool thing (function) but later used to do other things which may be unpopular un-cool things (functions), meaning the original function has “crept” into another unrelated function. These could be both planned and unplanned and with the way the world is going one can never tell whether the actual function of the need for our biometrics is the voting or there is some “invincible hand” telling us that it is the way to go which looks credible on the face of it and harmless hence ready to even fund it but later collect data for other reasons.

Our worst fear should be our relatives and friends in the diaspora. The enforcement of data protection laws in the developed countries are so stringent that in as much as “big brother” may want to collect biometrics on foreigners they would have limitations so the way out is to come to “data havens” where there is so much ignorance like Ghana, fund the collection and later twist our arms to have access. In no time all our people will be traced in the name of voting. Their right to be left alone to enjoy a peaceful life with or without “papers” would be gone. “Big brother” has patience and this could be a 10-year agenda then the request is made, tied to loans and aid. Tell me which African government wanting to stay in power and needs funding will not compromise.

Some have struggled to leave this country and are remitting family and friends as a way to support our communities financially and to help alleviate poverty. Do we think all the inward remittances are coming from only people with a legal right to live abroad? They too, have the right to be left alone. Or we see it as our duty to help them. DPC is the facial recognition just nice to have or critical to our right to vote? If we can do without it please let us do without it. How strong is our Data Protection Commission to stop or sanction the EC should there be any function creep?

See Also:  Intravenous Infusions sweats under GH¢10m NHIA debt

Who for example gave the Electoral Commission the right to give access to our voters register for the banks to do verification of financial transactions? It is good to detect fraud but was it part of the original plan of collecting our information electronically or a “function creep”. Do the banks pay for it? Is it part of EC’s internally generated funds? In filling the forms, were we informed on this further and unrelated use?  Is it just possible they will likewise give access to the biometric database to international bodies in the name of fighting crime and terrorism? If yes, let us all agree by way of legislation on how the biometric database should be used so we take informed decision. After all that is our individual human right.

CONCLUSION

Our “digital persona” as data subjects must be protected before we create a digital monster that cannot be controlled or killed. Once the EC is collecting our biometric characteristics together with our personal details (residence, place of work, age etc) for identification purposes there is the need for our fundamental human right to privacy or “right to be left alone” to be protected. The national ID collected our iris. Well we can live with it though the risk of function creep exist but not voting as we presently have. Voting is just one aspect of our lives and DPC must let us know if the EC would be going against Act 843 and even if not, looking at the possible unintended “function creep” use by “big brother” should we even if legal, not find an alternative way of achieving the intended use since we are not going to e-vote. I find it unnecessary and excessive for the intended purpose. DPC address the following:

  1. whether or not the face geometry including iris the EC wants to capture is relevant and not excessive for the purposes of our current voting system.
  2. whether or not by capturing our face geometry including iris the rights of the data subject by way of right to be privacy is not being infringed upon.

Also, are we presently able to answer the two questions Are you who you claim to be?  and Do I know who you are? If yes is the facial recognition excessive? Is it relevant? DPC help us out, your mandate is to the test. Show you are in charge. Can you?

The author Dr. Kofi Anokye Owusu-Darko, holds an EMBA (IT Management) and an LLM (IT & Telecommunication ). Email: kofianokye18@gmail.com or visit kofianokye.blogspot.com

vote
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments