The technology considered for Rwanda’s proposed digital identity (ID) cards, including biometric data such as fingerprints and iris scans, will make them ‘recoverable’, even when the holder has lost one or forgotten their identification number, the Minister of ICT and Innovation told The New Times on Monday, April 24.
ALSO READ: Rwanda to issue digital IDs in three years
Minister Paula Ingabire was shedding light on what could happen if someone loses their digital ID card — once such cards start being used in Rwanda — or forgets their digital ID card number.
Last week, Parliament adopted the relevance of the draft law governing population registration in the national system of single digital identity (SDID). This is intended to have an inclusive and trusted digital identification and authentication framework to enable the further roll-out of end-to-end digital services.
ALSO READ: Parliament votes personal data protection, privacy law
Ingabire told lawmakers that Rwanda plans to issue digital ID cards to all residents and replace the current physical IDs, within three years. She said the Digital ID will come in three forms: Mobile ID, Physical ID card with a QR (Quick Response) code; and tokens.
A QR code consists of black and white squares containing information about something, which can be scanned and read by digital devices such as smartphones and computers with dedicated QR code readers.
According to the bill, an entity requesting offline authentication uses the data stored in the QR code to validate the identity of the digital cardholder or credential holder for transactions and services. Ingabire said that the draft law provides for the collection and use of biometrics collected for both enrolment and verification, indicating that "this is in accordance with data protection and privacy law.”
"There will be different forms of authentication, including the use of biometrics collected. For example, if a citizen doesn’t have ID information, one could use their fingerprints or Iris for authentication. This will allow the citizen to get their ID-related information including its number,” she said.
According to the draft law, biometric data which includes an individual’s front-facing photograph, fingerprints, and iris scan, will be collected for the digital ID cards.
Iris recognition or scanning is an automated method of biometric identification, which uses specialized equipment to verify and authenticate an individual's identity based on the unique characteristics and pattern of the ring-shaped region surrounding the pupil of an eye.
It is considered very reliable and accurate.
However, the bill provides for "biometric exception” which refers to instances whereby there is a physical impossibility on the part of a person to give a complete set of biometric data or if the complete set does not meet the minimum threshold standards, but is registered in Single Digital Identity (SDID) system.
Data registered in the SDID system for a child
The bill proposes that when a child is below five years old, only the biographic data and front-facing photograph are collected, and the child SDID number is linked to his or her national identification number and to that of a holder of his or her parental responsibility in accordance with relevant laws.
And, when a child turns at least five years old, his or her complete biometrics data is captured and subsequent periodic biometrics data collections are set by the Authority – the public institution in charge of national population identification and civil registration.
Once a child attains 16 years of age, their complete biometrics data are also re-collected.