Mexico’s government wants the biometrics of all its citizens. Given the fragility of its institutions and organized crime’s infiltration of both government and law enforcement, this is a major cause for concern.
Mexico has a serious problem with identity theft. Last year, the country ranked eighth worldwide in terms of the incidence of the crime, according to data from the country’s central bank, Bank of Mexico. Since then the scale of the problem has done nothing but grow, as huge amounts of work, leisure and consumption have migrated online.
A cybersecurity study conducted by Citrix found that 60% of the Mexican companies it consulted had suffered some form of cyber attack since the start of the pandemic, including identity theft and ransomware. Mexico is also one of the countries most frequently targeted by Trickbot, a Trojan horse whose main function is the theft of banking details and other credentials, according to a recent report by the newspaper Milenio.
Against this backdrop Mexico’s Lopez Obrador government is seeking to pass a draft law that will create a “Unique Digital Identity Card,” or CUID. If the law is passed, digital identity will become mandatory for all Mexican citizens and foreigners living on Mexican soil. All the information, including each user’s biometric data, will be stored on a centralised database. The proposed law was already passed by Mexico’s lower chamber in December 2020 and is now awaiting passage in the Senate.
World Bank Funding
The biometric ID card project is being funded by the World Bank, an organisation that is driving digital ID adoption around the world, particularly in the Global South. The bank is pushing digital ID in poorer countries with the ostensible goal of providing legal identity to the 1.1 billion people, mainly in Asia and Africa, who do not currently have one.
But the program is mired in controversy. After the recent exodus of U.S.-allied forces from Afghanistan, it was discovered that many of the World Bank-funded data troves left behind had fallen into the hands of the Taliban, and could be used to track down people who had aided the occupation forces. That data included some half a million records, including biometric identifiers, on every member of the Afghan National Army and Afghan National Police, reported MIT Technology Review:
The data is collected “from the day they enlisted,” says one individual who worked on the system, and remains in the system forever, whether or not someone remains actively in service. Records could be updated, he added, but he was not aware of any deletion or data retention policy—not even in contingency situations, such as a Taliban takeover.
A presentation on the police recruitment process from NATO’s Combined Security Training Command–Afghanistan shows that just one of the application forms alone collected 36 data points. Our sources say that each profile in APPS holds at least 40 data fields.
These include obvious personal information such as name, date, and place of birth, as well as a unique ID number that connects each profile to a biometric profile kept by the Afghan Ministry of Interior.
But it also contains details on the individuals’ military specialty and career trajectory, as well as sensitive relational data such as the names of their father, uncles, and grandfathers, as well as the names of the two tribal elders per recruit who served as guarantors for their enlistment. This turns what was a simple digital catalogue into something far more dangerous, according to Ranjit Singh, a postdoctoral scholar at the nonprofit research group Data & Society who studies data infrastructures and public policy. He calls it a sort of “genealogy” of “community connections” that is “putting all of these people at risk.”
Security Risks in Mexico
More than 25 national and international organisations, including Privacy International, Access Now and Red en Defensa de los Derechos Digitales (R3D), have called on Mexico’s Senate to block the CUID program’s implementation, citing security risks to civilians as well as the Mexican government’s authoritarian drift. In April, the AMLO government passed a controversial reform to the Federal Communications Law that created the National Register of Mobile Telephone Users, a centralised database containing the line number, date and time of activation for each user, their full name and biometric data, among other information.
The government claims the data is needed for its fight against organized crime. Smart phones, it says, are routinely used in many of the worst crimes committed, including kidnappings and extortion.
Continue reading on Naked Capitalism
Nick Corbishley 