Personal Data for Security in Kenya

Hellen Mukiri-Smith

Hellen Mukiri-Smith

PhD Researcher, Global Data Justice, at Tilburg Institute for Law, Technology & Society, Tilburg University Hellen is a PhD Researcher on the Global Data Justice project. Her research interests include digital surveillance law, big data and power, data value chains, data governance and ethics, and the impact of data technologies on people’s privacy and other areas of human development. Hellen’s PhD research focuses on Kenya as a case study. Prior to joining TILT, she worked as a development policy consultant for the Government of The Bahamas, in the Office of The Prime Minister. She previously practiced law, and also taught law at The University of the Bahamas/University of the West Indies joint law program. Hellen has a Master of Science in Development Studies from the London School of Economics and Political Science, a Master of Laws from King’s College London, a Postgraduate Diploma in Bar Vocational Studies from Cardiff University, and a Bachelor of Laws from the University of Northampton. She has been called to the Bar in England and Wales by the Honourable Society of Gray’s Inn and is registered as an Associate with the Supreme Court of The Bahamas.

Even with increased surveillance of populations through use of new technologies, some panoptic features of surveillance remain. In Kenya, physical and spatial surveillance carried out from a single or central point aimed at ‘self-disciplining of watched subjects,’ to influence their behaviour, to make them docile, remains very much a reality. This form of surveillance is increasingly combined with collecting personal data at central points within government and private buildings, using both traditional and modern methods of data collection.

For as long as I can remember, in order to access public and private buildings in Nairobi, one has always needed to either show and or leave an identification document, usually a National Identification Card (ID) at reception desks in these buildings. IDs contains personal information, including biometric data such as one’s facial image, thumb print and signature. During my recent visit to Nairobi, it became evident that since the Westgate bombing in Nairobi in 2013, receptionists or askaris (watchmen and watchwomen) stationed in both public and private buildings, including apartment buildings, have been mandated to collect more personal information from visitors than they did previously, before visitors are granted access to buildings. To access buildings, visitors are required to, in addition to being subjected to physical security checks on their person and property and monitoring through CCTV cameras, provide or note down in designated building log books, personal information, including:

  • Full Name
  • Identification Card Number
  • Mobile Telephone Number
  • Vehicle registration plate
  • Signature
  • Time in and out of buildings

In addition to providing the above information, visitors are also required to leave an identification document at the reception desk before accessing buildings – an ID, passport or other accepted identification documents. In some cases, identification documents are also scanned before they are placed in a pile with all other visitors’ documents collected by the receptionist or askari. In highly secure buildings, mobile telephone numbers provided by visitors have to be verified before a visitor’s pass is issued. After submitting a mobile number, an automated message with a security PIN is sent to the visitor’s mobile phone and the visitor is then required to provide the code to the receptionist or askari. The PIN is a way for the receptionist or askari to verify that the mobile number provided to them is correct.

With large amounts of data being collected across buildings in the country in different forms, consideration should be given to what happens to all the data collected and how best to balance competing interests that come to the fore with surveillance. On the one hand, there is a strong case for surveillance within buildings especially after the shocking Westgate bombing left ‘72 dead and nearly 200 injured’ and the 2015 Garissa University College attacks left 147 students dead. On the other hand, there are concerns about: (a) preservation of ‘a zone of informational autonomy’ for individuals in the face of surveillance needs and (b) spillover effects of data – acquisition of data by other parties, especially in light of news reports of stolen IDs from reception desks and claims that log books with personal information are often sold by receptionists or askaris, to people who then use the information for unscrupulous purposes.

About the project

Places and populations that were previously digitally invisible are now part of a ‘data revolution’ that is being hailed as a transformative tool for human and economic development. Yet this unprecedented expansion of the power to digitally monitor, sort, and intervene is not well connected to the idea of social justice, nor is there a clear concept of how broader access to the benefits of data technologies can be achieved without amplifying misrepresentation, discrimination, and power asymmetries.

We therefore need a new framework for data justice integrating data privacy, non-discrimination, and non-use of data technologies into the same framework as positive freedoms such as representation and access to data. This project will research the lived experience of data technologies in high- and low-income countries worldwide, seeking to understand people’s basic needs with regard to these technologies. We will also seek the perspectives of civil society organisations, technology companies, and policymakers.