eNIC goes to Supreme Court.
Petition to SC on invasion of privacy
The Supreme Court has been petitioned against the Government’s new regulations to create an electronic database allowing the Commissioner General for the Registration of Persons “virtually unrestricted access to any information concerning any citizen recorded with any public authority”.
The regulations mandate the Commissioner General to maintain a national register in respect of each application for a national electronic identity card (eNIC). Citizens must provide name, date of birth, gender, address, family details and numbers of national identity cards of parents, guardian, spouse, children and siblings. Divorcees are even required to specify the date of decree, case number and court in which the divorce decree was entered.
The Commissioner must be informed of any birth or adoption of a child, marriage or divorce of a person and death of a spouse. Regulation 7(1) requires any person applying for registration to give impressions of fingers of both hands. The telephone number and email address of each applicant must be entered.
The petitioner, R Ratnasabapathy of Colombo 7, points out that the national register grants access to the Commissioner, and any other person he shares it with, such information as “the entire family tree of any citizen of Sri Lanka”.
The Commissioner would have “virtually unrestricted access to any information concerning any citizen recorded with any public authority” in the country. Furthermore, personal information of a confidential nature required in terms of the regulations is not adequately protected from disclosure to third parties.
“The Commissioner General and the State would effectively have at its disposal an index to all official and quasi-official records relating to a person and, thus, through cross-references, the key to a total life history of every individual,” the petition states.
Since the regulations envisage the centralisation of information concerning a citizen, separate databases can be linked together to obtain a full profile or bio-data of any citizen and their families. Consequently, it would be possible through a searchable database to, for example, enter the assessment number of any property or building and discover the names of the owners and the names of any tenants.
“With the name and eNIC of the owner/tenant, it will be possible to get the details of other properties, vehicles, businesses and family details, among others,” the petition observes. It would be possible to enter a vehicle number and discover the owner and then gain a full profile of the owner and his family. And it would also be possible to enter a phone number or email address of a person and obtain a full profile of the owner and his family.
The petitioner states that, through this scheme, citizens will be subjected to two major risks. They are unauthorised access through hacking (“these would become magnets for hackers”); and abuse by interested parties for personal or political gain. The above risks are multiplied as the data collected and stored would be widely available to State functionaries, including low-level police officers.
“…the collection of a full family tree of all citizens with information concerning each person offers little or no public service or benefit,” the petitioner holds. “However, it would enable the identification and monitoring of relatives of a particular individual and will enable the targeting of family members of opponents for personal or political gain.”
The respondents are Internal Affairs Minister S B Navinna, the Commissioner General for the Registration of Persons V Gunathilaka and the Attorney General. The case will come up on October 12.