On 21st August 2024, a vibrant and timely discussion was held on X-Space under the title “Digital IDs: Can They Live Up to Their Promise?” This session brought together experts from various fields to dissect the emerging issues surrounding digital identification systems and their implications on society. Moderated by Data Scientist Claire Babirye, the session attracted participants from different corners of the world, reflecting the global significance of this topic. Claire set the tone for the evening by urging listeners to involve everyone—friends, family, and colleagues—in the discussion, emphasizing that digital IDs are not only a pressing matter for Uganda but resonate across the region and even globally.

In the opening remarks, was a brief recap of a prior discussion held on 18th July, where the conversation touched on some unsettling developments, such as the controversial plan in Kenya to implant ID chips in newborns. This raised concerns about control versus convenience—whether digital IDs would enhance service delivery or impose unwarranted surveillance and limitations on personal freedoms. The goal of this discussion was to further unpack these concerns, with a focus on raising awareness about the potential risks and exploring whether digital IDs can truly deliver on their promises.

A panel of esteemed professionals from diverse fields was introduced, including Ronald Mark Serunjogi, an independent consultant in trade finance; Stephen Semigabo, an ICT consultant based in Kenya; Dr. Micheal Tuape, a software engineer and researcher in Finland; Bruce Tushabe Nzabanita, a human rights advocate; and Mark Nasasira Rubaihayo, a theologian and lawyer. These experts brought forward a rich presentation of perspectives, ranging from legal and theological to technical and financial, promising a comprehensive analysis of the digital ID debate.

The session, hosted under the hashtag #NoToDigitalIDs, opened with Stephen Semigabo explaining the concept of digital IDs and how they are perceived as modern solutions for enhancing service delivery, improving financial inclusion, and increasing convenience. Yet, the larger question loomed: Can digital IDs live up to these promises without infringing on personal freedoms or posing new risks in terms of privacy and surveillance?

This report distills the key points raised during the discussion, offering insights from each panelist while reflecting on the broader implications of digital IDs in both a local and global context.

1. What are Digital IDs?

The discussion began with an overview of digital IDs, providing essential context for understanding the topic. Digital IDs were described as the online representation of an individual or entity, serving as a foundational element of interconnected systems or the Internet of Things (IoT). Digital identity spans a broad spectrum, from simple forms like usernames and passwords to more advanced identification methods involving biometric data and even emerging concepts such as digital twins or digital doubles.

Three key types of digital identification were outlined:

• What You Know: The most basic form of digital identity, relying on knowledge-based methods such as passwords, PINs, or answers to security questions. While commonly used, this method is viewed as less secure in modern digital environments.
• What You Have: This involves possession-based identification, such as unique keys, access cards, or badges, offering a more advanced alternative to knowledge-based methods by tying identity to a physical item.
• What You Are: The most advanced form of digital identification, relying on biometric information such as fingerprints, facial recognition, and iris scans. However, this raises significant privacy and data security concerns as it involves the use of sensitive personal information.

Additionally, the concept of digital twins or digital doubles was introduced. This refers to virtual representations of individuals, replicating real-life behaviors and identities in the digital realm. The growing use of this technology raises important questions about surveillance, privacy, and how personal data is managed.

It was emphasized that digital IDs go far beyond traditional national IDs, which are typically associated with government-issued identification. While national IDs form a part of e-governance, digital identities encompass a wide range of applications across multiple sectors, including:

• Healthcare: Where digital identities are linked to patient records and medical services.
• Financial Services: Used for online banking and secure financial transactions.
• Telecommunications: Managing user accounts and service access.
• E-Government: Facilitating access to government services.
• E-Commerce: Verifying user identities for secure transactions.
• Travel: Exploring uses in border security and digital passports.

This introduction set the stage for further exploration of the implications of digital IDs, particularly their potential risks related to privacy, control, and security. The conversation also expanded into how digital IDs impact society, with a focus on their role in governance, financial inclusion, and service delivery across different regions, including Uganda and beyond.

2. Central Bank Digital Currency (CBDC), Digital IDs and Economic disruption.

After the introduction to digital IDs, the discussion delved into a financial perspective, focusing on the emerging trend of Central Bank Digital Currencies (CBDCs). CBDCs are digital versions of national currencies, issued and controlled by central banks. They have been promoted in various countries, including by major institutions like the Bank for International Settlements, the People’s Bank of China, and the European Central Bank, with promises of revolutionizing the financial system. These promises include greater financial inclusion, improved security, and more efficient systems.

However, significant concerns were raised about the potential risks of CBDCs. It was argued that while the idea of CBDCs may seem exciting due to their proposed benefits, several hidden risks must be seriously considered.

Monitoring and Control

One of the major concerns with CBDCs is the increased government control over financial transactions. Unlike decentralized currencies like Bitcoin, which operate without central authority, CBDCs would give governments real-time oversight of all financial activities. Every transaction would be recorded in a centralized ledger, potentially allowing authorities to monitor and track financial behavior down to the smallest detail. This could eliminate financial privacy entirely, placing the public under constant surveillance—essentially creating a “Big Brother” financial system.

Programmable Money

Another concern is the concept of programmable money, where governments or central banks could restrict how citizens spend their money. For instance, they could block purchases of certain items or even deny access to funds for activities they do not endorse. This level of control would be unprecedented, as it is impossible in the current cash-based or decentralized financial systems.

Privacy Risks

CBDCs could also lead to widespread privacy violations. The centralized nature of these systems would result in vast amounts of personal data being stored by governments or financial institutions, increasing the risk of misuse. With governments having access to detailed financial data, concerns were raised about the potential to limit prosperity or suppress dissent by restricting access to financial resources for individuals or groups that the state deems undesirable.

Countries like China (with its digital yuan) and Nigeria (introducing the e-Naira) were cited as examples of how governments could use digital currencies to exert tighter control over their populations, further raising concerns about surveillance and authoritarian overreach.

Cybersecurity Threats

In addition to privacy concerns, the centralization of financial data in CBDCs presents significant cybersecurity risks. Centralized systems become prime targets for cyberattacks. If a system storing vast amounts of sensitive financial data is breached, the consequences could be devastating. Data breaches, unauthorized access, and the risk of a single point of failure were highlighted as critical vulnerabilities.

Historical incidents like the Equifax and Capital One data breaches, where large amounts of sensitive information were exposed, were referenced to illustrate the potential dangers. If these breaches occurred in a system as centralized and sensitive as a CBDC, the financial security of millions could be compromised.

Impact on Commercial Banks and Financial Stability

CBDCs could also disrupt the traditional role of commercial banks, reducing their importance by allowing individuals to transact directly with central banks. This shift could lead to a concentration of power in the hands of central authorities, possibly leading to higher interest rates as banks compete for deposits. Moreover, in times of crisis, people might convert their bank deposits into digital currency en masse, potentially triggering a bank run and destabilizing the entire financial system.

Economic Disruption from Automation and AI

The conversation also touched on the broader impact of technological advancements, including automation and artificial intelligence (AI), on the economy. While these technologies promise efficiency and productivity gains, they also pose risks such as job displacement and wage stagnation. Sectors like manufacturing, healthcare, retail, and legal services are already seeing changes as AI takes over routine tasks.

While new jobs will emerge as a result of these advancements, there is a risk of growing inequality, particularly if lower-income workers are unable to adapt to the rapid changes in job requirements. This could lead to increased wealth inequality, especially in regions with limited access to technology or education.

Risks of Social Credit Systems

One of the most concerning aspects of digital IDs is their potential to contribute to the development of social credit systems. Such systems could be used to monitor and control individual behavior by tracking financial, social, and personal activities. This raises serious concerns about surveillance and discrimination, particularly against those who may lack access to digital infrastructure or who choose not to participate in these systems.

Examples of countries using digital IDs or implementing social credit systems, such as China’s social credit system, Estonia’s e-ID, and Canada’s digital ID initiative, were mentioned to underline the real-world implications of these technologies.

Economic Inequality and Access

In countries like Uganda, where much of the population remains unbanked and lacks access to digital infrastructure, the introduction of CBDCs could exacerbate existing economic inequalities. Many people rely on systems like mobile money for financial inclusion. However, a sudden shift to a CBDC system might leave large portions of the population behind, particularly those in rural areas or those without the necessary technological skills.

The potential harm caused by rushing into digital currencies and IDs was emphasized, particularly for vulnerable populations. Without proper safeguards, digital IDs and CBDCs could widen the gap between those with access to technology and financial systems and those without.

In summary, the discussion expressed a strong warning about the potential risks of CBDCs and digital IDs. While these technologies promise benefits such as efficiency and financial inclusion, they come with significant risks related to privacy, surveillance, cybersecurity, and economic inequality. The consensus was that governments should proceed with caution, ensuring that adequate safeguards are in place to protect the public from the potential downsides of these emerging technologies.

The conversation highlighted the importance of a balanced approach to digital innovation, one that prioritizes individual freedoms, financial privacy, and equitable access, while mitigating the risks of government overreach and economic disruption.

3. Digital IDs from the Human Rights Perspective.

The discussion shifted toward the human rights implications of Digital IDs, with a focus on how such systems may exacerbate exclusion and inequality. Drawing from experiences in Uganda, concerns were raised regarding the exclusionary nature of digital IDs, particularly for vulnerable groups.

Exclusion and Poverty

The core of the issue lies in the fact that millions of Ugandans could be shut out of the digital ID system, which is becoming an essential source of official identity. Without a National Identification Number (NIN) or a national ID card, individuals are increasingly unable to access critical services, including healthcare, social security, and other public services. The Registration of Persons Act of 2015, which established the national ID system, mandates that individuals must present their NIN or ID card to access these services, creating significant barriers for those unable to navigate the system.

One particularly troubling example cited was the exclusion of older persons from the Senior Citizens Grant, a social protection program designed to alleviate poverty. Many elderly individuals, often the most vulnerable, are being denied access to what may be their only source of income, pushing them further into extreme poverty. This exclusion represents a clear violation of their economic and social rights.

Access to Healthcare

Exclusion from essential services has been especially concerning in the healthcare sector. There are numerous documented cases where women and children without national IDs have been turned away from health centers, even in situations where they required life-saving medical care. The digitalization of the ID system has thus become a barrier to healthcare, disproportionately affecting the most vulnerable in society. This creates a situation where access to basic human rights, such as healthcare, is conditional on one’s ability to participate in a flawed digital ID system.

Global Comparisons and Privacy Concerns

Uganda’s situation is not unique, as similar issues have arisen globally. A prominent example is Jamaica, where the Supreme Court found a proposed digital ID system unconstitutional. The mandatory registration in Jamaica involved collecting extensive geographic and biometric data, which was ruled as a violation of the right to privacy. Such rulings highlight the global trend of questioning the legitimacy of digital ID systems that intrude upon personal freedoms.

In Uganda, privacy concerns are compounded by the government’s focus on economic and social development while neglecting its obligations under various human rights treaties. The Ugandan government has acknowledged the difficulties with the digital ID system, yet has failed to address the ongoing harm caused by barriers to healthcare and social protection services. This failure makes it difficult to justify the continued implementation of a system that violates the basic human rights of citizens.

Violations of Constitutional Rights

From a legal standpoint, the digital ID system was described as unconstitutional on several grounds. It infringes on multiple rights protected under Uganda’s Constitution, including:

• Right to Access Information (Article 41): Individuals are being denied access to information that is essential to their identity and well-being.
• Right to Correction and Storage of Personal Data (Article 27): The system’s management of personal data without sufficient protections violates privacy rights.
• Right to Freedom of Movement (Article 29): Denying individuals access to essential services effectively limits their ability to move freely and access public services.
• Non-Discrimination (Article 21): Marginalized and vulnerable groups face discrimination as they are disproportionately excluded from accessing digital IDs.
• Right to a Fair Hearing (Article 28): The lack of recourse for those affected by the system’s failures prevents individuals from having their grievances heard in a fair and just manner.
• Unconstitutional Delegation of Powers (Article 79): The digital ID system transfers excessive powers to administrative bodies without sufficient oversight, leading to potential abuse.

In conclusion, it was observed that, the digital ID system in Uganda has become a tool of exclusion rather than inclusion, violating multiple human rights in the process. Vulnerable populations, including the elderly, women, and children, face significant barriers in accessing basic services such as healthcare and social protection. The system has been described as a violation of constitutional rights, including privacy, non-discrimination, and access to information. These concerns echo global challenges faced by other countries that have attempted to implement similar systems.

The overarching sentiment was clear: the digital ID system in its current form is deeply flawed and represents a violation of human rights. The call to action was to resist further implementation without first addressing these fundamental issues, encapsulated by the hashtag #NoToDigitalIDs.

4. Crowd Strike/Global Tech Outages and the fragility of Digital IDs.

The discussion delved into the fragility of digital infrastructure and the implications of recent tech outages. A notable event highlighted was the global outage affecting Microsoft on July 19, 2024 which impacted various sectors, including banking, aviation, and transportation, leaving many people stranded and unable to access essential services.

Impact of the Outage

The discussion highlighted that the Microsoft outage had widespread repercussions across multiple sectors, severely disrupting operations in banking, aviation, and transportation. For instance, individuals were left stranded at airports, while financial transactions ground to a halt. In healthcare, patients were unable to access their medical records, leading to disruptions in both medical procedures and communication among healthcare professionals. The ripple effects highlighted the interconnectedness of digital infrastructure and its reliance on robust technology.

In light of these vulnerabilities, the discussion raised an important question: Given the risks inherent in the current digital infrastructure, should governments actively pursue the mass rollout of digital IDs? This inquiry invites a critical examination of the balance between technological advancement and the potential consequences of digital dependency.

Causes of Global Outages

The discussion showed several key causes of global outages were identified:

Infrastructure Failures: These failures can stem from a variety of sources, including outdated technology and inadequate maintenance. It was noted that the July 19, Microsoft global outage was triggered by a security service update from CrowdSource.

Cyberattacks: A notable example was cited involving a distributed denial of service attack on Twitter during an X-space event featuring Elon Musk and Donald Trump, which delayed proceedings.

Software Bugs and Updates: The recent Microsoft outage exemplified how an update from CrowdSource led to widespread system failures.

Human Error and Natural Disasters: These factors also contribute significantly to the fragility of digital systems.

Consequences of Outages

Financial implications: Using a historical context for understanding tech outages, a reference was made to a significant event in 2021 when Twitter experienced an outage lasting nearly an hour. This incident not only affected users’ ability to access news and communication but also resulted in financial losses for sponsors and advertisers reliant on the platform.

The financial implications of outages are profound. Any disruption in service can halt business transactions and e-commerce, leading to widespread economic consequences. In particular, if a digital ID system experiences disruption, users may find themselves unable to authenticate access to critical services, such as internet banking, resulting in severe repercussions for their financial security.

Vulnerabilities for Ordinary Users:Another underlined consequence is on the vulnerabilities faced by ordinary users who rely on digital systems for their healthcare and financial services. If these systems are compromised by data breaches, the consequences can be devastating, as illustrated by the Capital One hack, where sensitive credit card information was stolen.

Privacy and Critical Services: It was emphasized that the sensitivity of digital systems cannot be overstated. The implications of a data breach extend beyond mere inconvenience; they can directly impact individuals’ access to critical services and their overall well-being. For example, if an individual is unable to access their life savings due to a breach, the repercussions can be dire.

Data breaches:Data breaches came out strongly as a consequence basing on a more recent incident that involved a breach of national voter information in the United States, which has received limited mainstream media coverage. This breach, reported on a cybersecurity forum called “KrebsOnSecurity,” involved a data broker that aggregates public records, including voter information. The sensitivity of this data is particularly concerning given the proximity to upcoming elections.

Other Concerns

AI and Automation Concerns: As we increasingly rely on artificial intelligence and automation, there are growing concerns about the exclusion of human decision-making in critical processes. The sensitivity of these automated systems raises questions about the reliability and security of technology that is increasingly designed to operate independently of human oversight.

Concerns Over Data Collection: The report concluded with a discussion on the broader implications of data collection practices. While legal and commercial interests often drive the collection of extensive personal information, the sensitivity of that data is frequently overlooked. It is essential that technology be designed to capture only relevant information. Ideally, personally identifiable information should include basic data such as a person’s name, address, and date of birth, rather than invasive details like fingerprints, iris scans, or GPS coordinates.

In summary it came out clearly that, the fragility of digital infrastructure poses significant challenges to privacy and security, particularly in light of the threat of a single point of failure. The recent outages have highlighted how interconnected and vulnerable our systems are, reinforcing the necessity for robust contingency plans and security measures. As we move toward increased reliance on digital IDs and other technologies, it is crucial to address these vulnerabilities proactively. Ensuring that technology is designed with security in mind is essential for safeguarding individuals’ rights and well-being in an increasingly digital world. The potential consequences of failing to do so could affect not only personal privacy but also the functionality of critical services that millions rely upon daily.

5. Digital IDs and Identity theft, loss of anonymity and privacy.

The discussion focused on the fragility of technology and its susceptibility to failure, particularly in light of recent global tech outages. It was noted that security specialists prioritize three key aspects of computer security: confidentiality, integrity, and availability. A recent Microsoft outage highlighted how a software update made during active use can disrupt system availability, raising concerns about the reliability of digital infrastructure.

Perspectives on Digital IDs

Participants examined whether governments should implement digital IDs in everyday life. There are significant concerns surrounding the rollout of such technologies. It was emphasized that careful consideration is necessary before implementing any technology, and the legal framework should ideally be established before technology is introduced—a point that is often overlooked.

Examples from Europe

Examples from European countries like Finland, Sweden, and Estonia were discussed, showcasing successful digital identity systems governed by strong legal frameworks. These laws prioritize public trust and protect personal data, underscoring that without public confidence, the effectiveness of these systems is compromised.

Accessibility Issues

The discussion highlighted issues of accessibility, noting that a digital ID system implemented without adequate infrastructure could create barriers for many. For instance, individuals in remote areas may struggle to access healthcare services if identification relies on digital means and internet connectivity is limited. Comparisons were drawn to Uganda’s national identity system, which presents challenges such as fees and limited accessibility.

Internet Penetration and Infrastructure

Statistics were presented showing that internet penetration in Uganda stands at 45%, while Kenya boasts 85%. Although mobile coverage is higher across East Africa, reliable internet access remains crucial for the success of digital services. The conversation noted that advancements in technologies like driverless cars and AI have been hindered by poor infrastructure, especially the slow rollout of 4G and the absence of 5G.

Challenges of Digital Transformation

Despite these challenges, it was acknowledged that governments may still pursue the implementation of digital IDs. Participants urged citizens to prepare for this shift, suggesting that while acceptance of technology is necessary, it should be paired with efforts to build civic resilience. Citizens must advocate for their rights concerning data use and ensure legal frameworks are in place to address potential breaches.

Emphasis on Trust and Community Empowerment

Trust emerged as a central theme in the discussion. Empowering communities to understand their rights regarding data use is essential. It was suggested that organizations like the Digital Agenda should conduct studies to gauge public sentiment about digital technologies and involve all stakeholders, including law enforcement and judicial systems, to prepare for potential challenges.

Recommendations for Moving Forward

Several recommendations were proposed:

• Establish a strong legal framework to govern digital identity implementations.
• Conduct community sensitization and training initiatives to raise awareness about digitalization.
• Ensure that technology is designed to be inclusive, accessible, and respectful of privacy.
• Develop mechanisms for public accountability and redress in cases of data breaches.

In summary, the discussion highlighted the importance of a cautious approach to digital ID implementation, ensuring that robust legal and technological frameworks are in place. The fragility of digital infrastructure, along with issues of trust and accessibility, necessitates careful consideration and community engagement. As Uganda and other countries navigate the complexities of digital transformation, proactive measures are essential to protect citizens’ rights and foster trust in emerging technologies.

6. Digital IDs and misuse of centralised power – The Tower of Babel.

The discussion delved further in using the analogy of the tower of Babel in the Bible in relation to the centralisation of power through digital IDs.

The concern about digital IDs and Central Bank Digital Currencies (CBDCs) centers on how much control they might give to governments or, more worryingly, private tech giants. While these systems promise convenience (one-stop access to all your documents like passports, IDs, licenses), the real question is: at what cost?

Control and Power

In the Bible, the story of the Tower of Babel is used as an example. People came together to build a tower to the heavens, which led to a centralized control of power. This mirrors today’s concern that consolidating power—whether through digital IDs or CBDCs—gives a few people or entities significant control over the masses.

Who Holds the Power?

Governments are supposed to hold power over their citizens, but the speaker argues that governments increasingly lack the ability to control modern digital systems. Instead, private tech companies (e.g., Alphabet, Meta) have more influence and power than many nations, especially in Africa. This shift could mean that global tech giants, not governments, end up controlling sensitive personal data, raising the risk of surveillance and misuse.

Example: Data and Tech Failures

• A woman discovered that photos she thought were permanently deleted from her iPhone resurfaced after a system update. This shows that data you think is gone may not be truly deleted—what happens when all your sensitive personal data is tied to one system?
• The Cambridge Analytica scandal is another example of how personal data can be used for political manipulation without the public’s knowledge.

Loss of Liberty

The major issue with digital IDs and CBDCs is that they could be used to control individual freedoms:

• Governments or private entities could potentially freeze your digital assets if you don’t comply with certain rules or policies. For instance, imagine if someone’s passport or bank accounts were disabled because they expressed dissent or refused to follow government directives.
• The example of sanctions placed on Uganda’s speaker of parliament illustrates how those in power can control wealth or impose restrictions when individuals don’t “toe the line.”

Tech Outages: Who Controls What?

A Microsoft outage once grounded planes globally, proving that key sectors like aviation are dependent on private tech firms. If these firms control crucial infrastructure, then a single individual or company could potentially decide the fate of entire nations.

Biblical & Legal Perspective

From a biblical perspective, this centralization of power feels like the return to Babel, where a few people dictate the fate of the masses and everyone is compelled to conform to the same way of thinking and pattern. From a legal standpoint, it undermines liberty, privacy, and freedom, values enshrined in many constitutions.

The conclusion? We’re not ready for these technologies. The dangers to individual freedoms and privacy outweigh the benefits of convenience.

7. Key Takeaways

The speakers expressed concerns regarding the country’s infrastructure, the implications for privacy and control, and the broader global trends in technology adoption. The following were the key takeaways.

1. Opposition to Central Bank Digital Currency and Digital IDs:
   There is strong opposition to CBDCs and digital IDs, mainly due to Uganda’s insufficient infrastructure to support such technologies. Even in advanced countries, technological glitches, such as those experienced by platforms like X (formerly Twitter), are common. Without robust systems, Uganda risks financial instability, where citizens could lose access to money in times of technical failure. Additionally, CBDCs lack tangible backing, unlike traditional currency tied to gold, making them vulnerable to manipulation that could exacerbate inequality.
2. Digital Currencies Unrealistic, but Digital IDs Likely:
   Digital currencies are viewed as far-fetched for Uganda due to current technological and infrastructural limitations. However, there is a strong belief that the government will push for digital IDs despite public mistrust. Civic engagement is crucial in resisting unwelcome initiatives and holding leaders accountable for their decisions. Citizens must be vigilant about who they elect to ensure responsible leadership.
3. Concerns about Forced Internet Access and Exclusion:
   Moving towards digital IDs and CBDCs would necessitate widespread internet access, but there are concerns about Uganda’s lack of control over its internet infrastructure. Historically, Uganda has been pressured into adopting policies before being ready, as seen with previous economic reforms dictated by international institutions. The issue of exclusion is also significant; for example, the Banyarwanda people have been denied national IDs and passports despite being recognized as citizens in the Constitution, highlighting the discriminatory potential of digital systems.
4. Lack of Accountability and Lessons from the Pandemic:
   While digital IDs could have benefits in areas like e-governance and financial inclusion, there is concern over the absence of collective accountability. The COVID-19 pandemic is cited as an example, where vaccine mandates were imposed without holding pharmaceutical companies or governments accountable for potential risks. The same lack of oversight could apply to data collection under digital ID systems, where citizens are asked for consent only at the point of data collection but not for how their data is used or commercialized.
5. Final Reflections:
   The discussion concluded with warnings about privacy, inequality, and potential mass surveillance resulting from digital IDs. The risks of digital divides and economic exclusion were also emphasized, calling on decision-makers to carefully weigh the consequences of adopting such technologies in Uganda.

Find the detailed discussion here:

X at https://x.com/DigitalAgendaT/status/1841829919644434486
YouTube at https://youtu.be/yk524BTbtJg?si=e_vASPZyIO1-wIa8