Stop Jordan’s digital IDs until the US regulates Big Tech

Ruba Saqr (Photo: Jordan News)
(Photo: Jordan News)

How come a country like Jordan, with its modest technological capabilities and the total absence of a governmental regulator specializing in consumer data protection and privacy, is adopting a “Digital Identities” system ahead of most countries in the world, including the European Union?اضافة اعلان

Something is not quite right here, and this article will attempt to explain why!
For a bit of background, the Ministry of Digital Economy and Entrepreneurship has recently said it was about to roll out the national digital IDs system, starting mid-August 2021. This step comes as part of the Jordan Digital Transformation Strategy, which has gone through several rounds of “public consultations,” in a country that has little awareness about digital privacy issues, and no “data-transfer laws” to protect our data. In terms of the actual authors of the strategy, and according to news reports, Microsoft was commissioned by the government as the lead consultant tasked with preparing said strategy, at least in its initial version.

To start with, Microsoft’s involvement in the strategy should have been balanced out by bringing in an outfit of strong and independent privacy and cybersecurity consultants from the European Union and the United States, considering how digital IDs are an extremely new concept. For more context, one of the first countries known to have adopted the digital ID system on a national level is India, under its highly controversial and mandatory “Aadhaar” program, heavily criticized by privacy and human rights groups.

Moreover, the timing is all wrong for rolling out digital IDs at this point in time.
The following should raise eyebrows; just a few days ago (on August 5), digital ministers meeting at the G20 in Italy have discussed for the first time the topic of digital IDs. At the summit, they issued a “cautious” statement about the importance of digital IDs as a possible component in governmental transformation.

The cautious tone comes on the heels of a serious pushback from privacy advocates warning against adopting European, global or even local versions of the digital IDs concept, without making privacy a built-in feature.

Interestingly, digital IDs are not even a discussion in the US at the moment, due to mounting pressure from Congress to regulate Big Tech. Several bills are on the table right now tackling antitrust and privacy regulation.

Compared to Jordan, the EU and the US have better safeguards in terms of privacy laws, or at least institutions specializing in monitoring digital tracking offences, such as the French privacy regulator CNIL and the Federal Trade Commission (FTC) in the US.

This takes us back to the question: how come Jordan is a “pioneer” in this area, when Europe is just starting to discuss this controversial step?
The answer is obvious; knowledge is power. Without it, we are nothing more than an easy target, effortlessly convinced to undertake grand modernistic ideas in the name of transformation!

Falling into uninformed traps and self-serving commercial agendas is most certainly unavoidable, especially when our top officials fail to read The New York Times, Forbes, Bloomberg, The Guardian and EU media on a daily basis to learn about the pressing issues in the sectors they are locally in charge of. It is also inevitable when lawmakers follow suit by rarely doing any homework relating to the study of global trends and contexts to better inform their decisions.

The local media, too, has a role to play in all of this. Local newspapers have just started publishing sporadic wire-service articles warning users against accepting new Facebook and WhatsApp terms of service that violate privacy, with surprise follow-up stories from local reporters asking readers to convert to alternative privacy-respecting apps like Signal. We are a little late in the game; global-scrutiny of Facebook has been around for a few years now in Europe and the US. This said, there is still almost zero coverage of tech policy news or analysis pertaining to Big Tech regulation.

You may ask, whose idea is it to create a centralized system for digital IDs, anyway?

In July 2018, shortly after the Facebook/Cambridge Analytica scandal rocked the US and the world, the European parliament live-streamed its 3rd Cambridge Analytica hearing in conjunction with the European Commission. On that day, then-vice president of public policy at Facebook, Sir Richard Allan, along with a female member of the European Parliament, mentioned, for probably the first time ever, the term digital IDs.

Some interpreted this exchange as a signal that Facebook was lobbying members of the European parliament to make digital identities a European, if not a universal, standard. Some even argued this would enhance the social media company’s digital surveillance and tracking capabilities, two things it has been accused of a lot lately by US Congress representatives and senators — including Senators Elizabeth Warren, Mark Warner, and Ron Wyden.

For citizens in any country, not just in Jordan, to create a single digital ID linked to their national identification means enabling Big Tech companies like Facebook, Google, Amazon, and Microsoft, through their multiple backdoors and immense tracking capabilities, to link any online activity to a real person, allowing them to build what privacy advocates call a “shadow profile.”
This means that with digital IDs in place, Google would not even need to assign you a Google Analytics ID (which it currently does) to sell your data to advertisers and to “micro-target” you with ads. It will now know your real name, national ID number, social security number, phone number, names of your family members, the school you graduated from, country of origin, home address, and precise location. Then it will “profile” you as a user, based on your online activity, harvesting intimate information about your habits, online shopping sprees, opinions, and biometrics, including voice and facial recognition data, your thumbprint, and even your mood swings.

What makes adopting digital IDs a colossal mistake, at this point in time, boils down to the fact Big Tech companies, artificial intelligence, and biometrics-harvesting technologies are still under-regulated in their country of origin, the United States.

Bar a scattered number of state-level laws (like the California Consumer Privacy Act (CCPA) that gives consumers more control over the personal information that businesses collect about them), the United States still has no laws in place to regulate online platforms, data clouds, digital tax, digital tools, Big Tech, and artificial intelligence “on the federal level.”

The EU, which has launched the world’s first data-protection framework in 2018, known as the General Data Protection Regulation (GDPR), has failed to include any stipulations that regulate the collection of biometrics data, facial recognition, voice recognition, artificial intelligence, emotion-reading technologies, and the internet of things (IoT).

To compensate for this oversight, the EU in April this year (which is quite recent), released its proposal for regulating artificial intelligence in Europe, under the leadership of the European Commission’s executive vice-president for a Europe fit for the digital age, Margrethe Vestager.

All things considered, Jordan may need to hold its horses and give digital IDs a few more years to simmer, while the US and Europe sort out all aspects of tech regulation. It will save us all a lot of headache, especially that once Jordanians’ very specific personal data is out there on multiple non-Jordanian servers, regrettably, there’s no getting it back!

Read more Opinions