As part of my Yoti fellowship (2019–2020), I interviewed unemployed and underemployed people living in Greater Buenos Aires and Mar del Plata about identity and digital identity. This post stems from the findings of that research (identifique.cc).
Talking about identity (as legal identification) in Argentina was tricky. On the one hand people tend to associate it with having your human rights upheld and on the other hand the State effectively removes people’s personhood and access to their fundamental human rights by way of identification systems. If you are not registered in SIBIOS, the unified national identification database, you are considered a non-existing person and cannot access the most basic systems of public health and education. Having access to social benefits or services is only possible in exchange of your biometric data, with no alternative.
Tricky because, as expressed by my interviewees, people experience discrimination thanks to their identification credentials, yet at the same time they are constantly told (and therefore end up feeling convinced) they only have human rights because they have such identification credentials. If you find someone run over by a car in the street and you take him to the hospital and that person happens not to have an identification credential, and his biometrics are nowhere to be found in the system, would you expect that person to get treated or not? You’d probably expect such help, right? Well, according to Argentina’s law, he doesn’t have the right to that care (if you understand Spanish, have a look at this poignant video of people telling how miserable their lives were/are without an official credential). Getting your national identification card (DNI by its acronym in Spanish) is the “entrance door to your rights”: that is exactly how public institutions explain it.
#ID4D (ID for development) or #ID4E (ID for exclusion)?
So, there is this pervasive narrative that says the State identifies you to care for you (safety and security), and serve you (public services). While there is also this lived experience of feeling discriminated, stigmatized, bullied, thanks to such identification systems. You experience that fully if you do not have a DNI, but also if you do have one and happen to live in a certain place and/or come from a certain place, or have a certain kind of name/lastname: the DNIs include data like place of birth and current address, and some of my interviewees have many times experienced being stigmatized on the basis of such information. This stigmatization seems rather obvious offline, in person, for instance when looking for a job and being told they don’t hire people from your neighbourhood because it is considered dangerous.
But when it comes to digital identification systems, stigmatization and then wrongful categorization might also occur, only in less visibly appalling ways.
Let us first see where identification data is located. In Argentina, people’s biometric data is digitized into one single unified database, the Federal System of Biometric Identification for Security (SIBIOS), created in 2011 by Executive order 1766/11. Since 2017 all agencies dependent on the Executive Branch or the Judiciary, at the National and Provincial levels (including the Autonomous City of Buenos Aires), can use SIBIOS. Then, there is also the Digital Identity System (SID), a state-run digital identity platform, “intended to draw upon the widespread use of the DNI, and the data available on the National Population Register (RENAPER) and the National Social Insurance Agency (ANSES), in order to develop a facial recognition eID system in the Country” (OECD, 2019). Both the public and private sectors can use SID as it uses facial recognition software to validate people’ access to public and private services (CITRIS Lab, 2019). And actually, according to the OECD report, the banking and financial sector supported the development, implementation, and adoption of the system. For now, SID is still a voluntary system; individuals can opt-out from inclusion. Originally introduced as a mechanism to prevent crime, SID verifies the user by matching the scan to biometric data from SIBIOS and linked to the RENAPER database.
I am often profiled offline, am I also profiled online?
Are people being categorized through these systems? Are they being discriminated against on the basis of these categorizations? Are people who are receiving public benefits through ANSES being categorized for other purposes apart from getting such benefits?
4.8 millions of new bank accounts were created in 2020 after the government announced that the Covid Emergency Family Income (IFE) for vulnerable people was going to be handed to people only through online bank transfers. Are these new bank account holders being categorized, using which algorithms, by whom and with what purposes? Which safety measures are taken with our biometric data ? Is our behavioural data being recorded and why? Is our spending data being recorded and why? Are banks working towards somehow getting our web history to decide our credit scores? (like some researchers from the IMF recently proposed it should happen!) How can people make sure they are not being stigmatized and wrongfully profiled? How does the State select the companies running identification systems (like SID, SIBIOS)? These questions need answers. But often getting answers requires public outcry, or at least a certain level of visibility and concern among the population.
Group/collective privacy to get into the demanding mood?
How to grow such collective concern? By looking at my interviewees’ experiences, we might see a window of opportunity with privacy. Their understanding of privacy seems to be transitioning from a simple “oh if you are a private person offline you’ll be private online” towards “that’s not the whole story but I don’t know what’s going on”. Maybe because of the effects of the lockdown on people’s screen-time, moods and attitudes, privacy is revealing to be more complicated and important than previously thought. They felt deeply annoyed with the tailored ads they are permanently shown on social media. But talking about privacy as it is often discussed, as a personal matter, won’t take us far. One of the concepts that helped me make sense of my collected interview data is “group privacy” (see Group Privacy book and Véliz). The issue of profiling and machine learning technologies have so far been addressed at the individual level, despite the fact these technologies are precisely directed at the group level. These technologies “enable their users to target the collective as much as the individual” (Group Privacy, p.1), and that, if we care about social justice, should make us worry. Considering group privacy and not only individual privacy opens up a larger window for active social movements to engage in data governance and data justice work. If it becomes clear, in an accessible narrative, that privacy is not only about yourself and your short, medium and long-term future, but also about your kids’, your family’s present and future, it might be easier to get people moving and changes happening.
Corporatized identities (see Smith, 2020) might be another relevant concept to use to call for people’s attention, whether we are talking about online identities (like our profiles on social media) or digital legal identification. Corporations are having a huge impact on what is done to our data, how it gets managed, on how we can and cannot identify ourselves online.
For people to care, new and easy to grasp narratives are needed. Civil society organizations with a tracked record of impacting collective understandings of hard to swallow issues could join forces with activists already working on data governance and data justice. Maybe, in Argentina getting the Madres de Plaza de Mayo and Abuelas de Plaza de Mayo together in a room with organizations like Accessnow and ADC would be a good thing.
The discourse around identity has to change. We might need to start dropping the word identity and use identification instead. Identification feels intrusive while identity feels nice, maybe because we know identity relates to agency, to autonomy, to uniqueness and we humans know how essential that is to our freedom. The State doesn’t provide anybody with identity; it provides us with legal identification. By doing so, States allow conditions for our agency to be respected, or not, and the private sector does have a huge influence as well (in part because it partners with the State). But our agency isn’t respected when our privacy isn’t respected. And in Argentina we just do not know if our privacy is being respected at all. By collecting all of our biometric data and sharing it with a variety of public and private actors, the Argentinean State does as it pleases, with no social debate and no accountability involved.
Ever expanding digitalization is hurting the most vulnerable people. They don’t have the right hardware, they don’t have the right Internet connection, the Internet feels irrelevant as it excludes them. Under the guise of “financial inclusion”, for example, a lot of stigmatization and grouping could be done behind people’s backs.