By Prince Osuagwu, Hi-Tech Editor

Founder and   chief innovation officer of UrbanID Global, a digital identity and technology solutions company, Mr. Olatunji Durodola, is a digital security professional whose support has helped put Nigeria’s technology space in the global map. 

In a recent interview with Hi-Tech, Durodola expressed worry that despite huge potentials, poor and unsecured identity history may derail the chances of Nigeria ever leading the global digital space. 

However, he still believes that if the FG takes a more serious approach to the issue of identity management by deploying functional  a mobile identity system, the country may not only surmount the huddle, but can also eliminate fraud, boost efficiency in public service and stem the scourge of insecurity.

 

Excerpts:

Let’s begin with your brave and daring move against software giant, Microsoft in early 2000, which earned you the name Mr Linux. Are you still using Linux to do the things that require Microsoft to do? 

I have always had an interest and passion about taking on big players. Microsoft, Oracle, Novell – having to pay top dollar for licensing for productivity. One day, I made a decision that   if anything one can do in Windows, can’t be done in Linux, then it’s not worth doing. So, since 1999, I have been a   passionate     Linux     advocate.     Since     August     2001,     I     have     not     used   any   Microsoft,   Oracle   or   other proprietary product; yet my productivity and solutions provisions have only increased – decade to decade.

You play big on the identity security turf. I was wondering if   you have ever used your wealth of experience to help out the country’s digital identity issues? 

Nigeria has had a lot of issues over the years with Identity. In the early 2000’s I became involved in the     overhaul     of     the     Identity     systems     for     a     large     Estate     in     Lagos.     I cut     my     chops     in     Identity Management during that period. In 2012, I was fortunate to have been headhunted to attend to some issues in Abuja, and that led me to raise my hand and offer to serve as Systems Integrator and Technical Consultant at the National Identity Management Commission (NIMC). A three-month contract eventually turned to 10 years. I have also been consulting for a few companies in Europe, advising and giving keynotes on the state of affairs in the Global South.

There are recent experiences of  reported data breach in Nigeria’s national identity sector, how could such misfortunes be averted?

There needs to be a more serious approach to identity management. Whilst every company is set up to   turn a profit and carry out business, relaxing restrictions so that companies can make money is a classic recipe for trouble.Each and every verification carried out on a person’s identity needs to be known, from the natural person carrying out the transaction to the company for whom that natural person is acting on their behalf, all the way to ensuring that the ID holder is kept in the loop at all times. My identity is mine –   not the Government’s. So I reserve the right to know how my identity is utilised, by whom, when and   where. If I wish to transfer money to another person, even if it is in two equal tranches, I need to authorise the transaction TWICE. Where companies are not constrained from doing store and forward, whereby they keep illegal copies of a legal request for data, it opens up vulnerabilities for such issues. 

Plenty   can be done, if we have the will to make it happen. Trust and reliability issues arise when individual data could be accessed without the  authorization of the data owner. 

Your views on Nigeria’s National Identity Database vis-à-vis the global standard of data security and protection?

Surprisingly, a lot has been done in a short space of time. Nigeria is actually in the forefront of enhancing Consent and Data Privacy. We just need to tidy up a few loose ends. We are currently, the envy of a few developed economies, who wonder how Nigeria could have come up with a system that puts the NIN Holder first. 

We just need to fine-tune some issues, and we will establish great relevance in the world of Identity Management and User Consent.

As a digital security expert, how do you think Nigeria can achieve full implementation of digitalisation of governance? 

The first thing Governments need to do, is focus on treating citizens/legal residents as customers whose needs come first. No environment or country is perfect – there are always flaws and issues. But where we take customer service delivery as paramount, and self last, a Government will be so highly praised, that even where it has flaws, they will be overlooked. I also suggest that we adopt a system of   rewarding public   servants who prioritise resolving customer’s needs. Nigeria is not unique in this regard. 

How will you rate the Nigerian digital journey so  far?

The journey of a thousand kilometres starts with the first step (or turn of the wheel). Let’s keep it up. Successive governments should take up the baton from the past one, and do better, rather than simply discard what was working and replace it. That’s like beginning a race all over again. The next folks will come in and repeat the process. 

Identity biometrics technology has evolved significantly over the years from smart card to   digital ID Apps that can run on mobiles and block chain systems, do you think Nigeria is keeping tabs?

Technology  should  be an  enabler for simplifying  use cases. Although there is definitely   a need for physical identity tokens, the support infrastructure is fragile and very capital intensive. eID Cards and Payment Cards, popularly known as ATM Cards may look alike, but their implementation, issuance and lifecycle are very different. Having designed Nigeria’s first eID Card back in 2012-13 and overseen the deployment of the Public Key Infrastructure (PKI) to support it, I am aware of the issues. The world, for good reason, is treading towards very secure MobileIDs and in increasing cases, mobile Drivers’ licence specifications   (mDL); all with   a view   to   using technology   to achieve a   low total cost   of   ownership, simplifying ID updates and features without the need to replace physical documents. 

Well, there is so much   more work to be done, to get our   functional IDs to work seamlessly with the   foundational one, ensure strict one-person, one-identity compliance, and more. 

  For now, if Nigeria opts to go back down the road of physical cards, I wouldn’t say it’s wrong. But simply discarding 23m issued and functional mobileIDs and secure documents in favour of identity smartCards, when both can run in parallel I personally think is not the way to go. I may be wrong, but   I doubt it. Time will tell.

Broadly speaking with your experience on global ID systems, what should be the ideal system for an   emerging economy like Nigeria?

There are international standards and best practices that it can tap into. A hybrid of Digital IDs and physical cards with a proper Public Key Infrastructure and Card Lifecycle Management System are necessary technologies. Training and technology transfer are key to customer services. 

The bank verification number (BVN) appeared  to have launched   Nigeria     into global reckoning with FinTech, will you consider BVN an appropriate tool for National Social Register?

The Bank Verification Number is a functional ID, designed for the fintech industry and has worked pretty well until now. Extending the BVN however, beyond that sector, especially to rival the National Identification Number (NIN), is a recipe for trouble. The NIN is a foundational ID, which in itself needs to be protected. It’s not meant to be shared willy-nilly under the umbrella of Mandatory Use of the NIN. Likewise, for a National Social Register, a functional ID needs to be created, which will be linked directly to the NIN, but should not be the raw NIN and most certainly not the BVN.

Issues in payment and access to finance have been linked to poor national identification system. To  what extent will you consider the new E-ID as the ultimate solution?

From the experience of Nigeria and other countries, physical ID Cards ALONE are not a solution. Certainly not where we have limited support infrastructure. 

What exactly is the difference between the current digital ID System and the E-ID?

Digital ID systems make heavy use of Smartphones and technologies that do not require physical cards to deploy credible tokens for personal identity. A very good case is the US where most states have physical driver’s   licences,     but     are now being integrated  into Smartphones, adopting mobile Driver’s licence standards such as ISO 18013-5.

eID are generally Electronic ID Smart cards containing a chip, and may be contact, contactless or dual interface cards. The eID infrastructure is great, if properly deployed, very secure, but very, very capital intensive.

Insecurity still persists in Nigeria despite the enrolment  and     issuance     of over120 million NINs by NIMC. Why do you think it is so difficult to track criminals in  spite of this?

The answer is a simple one: inter-agency cooperation and collaboration. Every problem has a solution. If we are ready to solve these challenges, it’s not hard. There are countries that link Healthcare, Banking, Property rental and purchase, and so much more, to the foundational ID. If Nigeria wishes to solve the problem, it’s not theory that will solve it. All hands on deck, collaborate between agencies without one believing they are superior to the other, and the solution will magically appear.

But so long as turf protection exists, individuals within and   without the country will continue to exploit our weaknesses.