Should they have a right to ask for this?

December 17, 2008 at 12:43 pm 40 comments

I was watching an ad for the Dawn Lifestyle Expo – it sounded like an interesting and varied exhibition that I might have thought of attending but I have decided against it. Why? Because apparently although there is no entry fee, what they do ask is for you to hand over a copy of your ID card, Driving license or Passport.

I really do not understand that at all. To ask for proof of your identity is one thing, but why should I be expected to hand over to the exhibition organisers a copy of my National ID card which contains my name, my residence address, my father’s name, my date and place of birth and my photograph.

This is a privacy issue. Why do they need this information? What will they do with it? How many people in the organization will have access to it? What security measures will be taken to ensure that this they do not pass on a copy of it to someone else? What will be done to prevent someone from misusing this information?

Entry to an exhibition is normally through an invitation, an entry ticket or paid registration or its free. No-one has ever asked for a copy of an ID card to be handed over. So why should Dawn? I object. And so should we all.

We have no privacy legislation in this country and so anyone who asks us for any kind of information – whether it be a government organization/department or a commercial one, we hand it over without a thought to what they will use this information for, how many people will have access to it and what they will do with it once they are done. The number of feedback forms we fill up on websites without checking out the Privacy Policy and without questioning the right of anyone to have access to our personal data, is totally unnerving.

Shouldn’t we be thinking about this, debating it, making sure that policies are enacted that protect our individual privacy?

Entry filed under: Posts. Tags: .

SecretBuilders.com has taken the online kids world by storm So cool!

40 Comments Add your own

  • 1. Asim Imtiaz  |  December 17, 2008 at 1:09 pm

    Isn’t that over-security or perhaps maybe seemed by the organizers as a necessary step. God forbid, but in case of a mis-hap or incident – atleast they will have a list of entrants.

    However, I totally agree with the notion of the organizers providing clear cut information about the privacy of such documents (or copies of them). How they will be handled, what security measures they are taking to safeguard and if it is for security purposes what steps will they take to dispose the information once the event is over – safe and sound.

    The thing is people don’t usually bother about such things “Oh NIC copy, okay sure, here! Let me in.” Nobody thinks about the consequences.

    Reply
  • 2. Nosh  |  December 17, 2008 at 1:16 pm

    Jehan Ara one reason might be precaution majors. God Forbid in case of any mishap happen during the Expo, people should have their identities with them. If they are asking it to be submitted to them than it’s totally weired

    Reply
  • 3. Farrukh Ahmed  |  December 17, 2008 at 1:18 pm

    so so true! unfortunately no one understands the power of ‘voice of customer’

    Reply
  • 4. Jehan  |  December 17, 2008 at 1:24 pm

    I listened to the advertisement on Dawn News 3 times yesterday – they said that you have to submit a copy of your ID card, Driving License or Passport. I am not objecting to proof of identity or security precautions – just to the fact that I should not be asked to hand over a copy of such a document to an event organiser. Why should they know my residence address or my father’s name or my photograph? Why should they know how hold I am? This is all personal information.

    Reply
  • 5. Mariam chaudhary  |  December 17, 2008 at 1:59 pm

    This is really unpredictable now a days who is who . That was the same situation on Expo Pakistan on export products . I forgot my ID card they asked me to go back , and come again . Because of intensions and interest I came back but still they hold me like an hours outside the door for feeding information through computer in which my company name , my role and objectives were asked and I usually don’t like to tell openly who am I and what my companies desires from me . Jahan Ara is right why we tell our home address to others if it is security then Government must go for Biometric devices and directly connected to NADRA on Doors . This is Safe for Security and information has already been recorded to NADRA Centers . Security doenst mean Insult or giving punishment to normal human being standing outside like hours and hours

    Reply
  • 6. zakintosh  |  December 17, 2008 at 1:59 pm

    @ Asim Imtiaz: In case of a mishap (fire, bomb, terrorism) why assume that attendees would be gone, but the organizers and our cards/id docs survive. They could ask for an id card number, confirm it by viewing the original, and entering it into a database that even after the accident someone somewhere can access to verify who was there. and, equally important – if this was the reason – time in/out so that people can check i some close person was on the premises or ot during such a tragedy.

    Reply
  • 7. Ammar Faheem  |  December 17, 2008 at 2:15 pm

    This is an issue. Especially knowing the fact that you will never get to know where the copy of your ID went and who has access to it.

    I wonder how many people will actually make it to the exhibition.

    Reply
  • 8. Jehan  |  December 17, 2008 at 2:19 pm

    @Ammar the unfortunate thing is that many people will not even think of the privacy angle and will willingly hand over a copy of their ID without giving it a thought.

    Reply
  • 9. Should they have a right to ask for this? | Tea Break  |  December 17, 2008 at 2:32 pm

    […] This cup of tea was served by: In the Line of Wire […]

    Reply
  • 10. cyrenity  |  December 17, 2008 at 3:06 pm

    @marium, whatever you said, makes sense to me,

    Reply
  • 11. farzal  |  December 17, 2008 at 3:30 pm

    I just tell people I am Rabia Garib’s guest from China and they let me in😉

    Reply
  • 12. farzal  |  December 17, 2008 at 4:38 pm

    Jehan – how about a copy of your credit card? no pictures, no addresses, no father’s name.

    Reply
  • 13. Vic  |  December 17, 2008 at 5:00 pm

    @farzal: leaving aside the humour, it is important to cultivate an attitude in society to ensure that random dissemination of personal data does not take place,either inadvertently or blatantly, especially for crude commercial purposes.

    These days, one can hardly object to a heightened awareness of security demands. When these are exercised, however, it must be clearly understood as such, and such databases should not be allowed to lie poorly guarded and deflected to purposes other than the specific reason they were gathered.

    For example, simple access should become impossible within a day (or two, if there is really a need) of the event closing, and special secured access available for the period of time recommended by any country’s national security specialists (and advised by public debate). For an exhibition on ‘Lifestyle’, I hardly think that any useful purpose would be served in maintaining the database for more than a few weeks.

    Of course there might be commercial purposes too. But if this is so, this must be openly declared at the time of insisting on the documentation, leaving it up to the public to attend or not. It would be far better for the commercial house to declare that the additional data collected, such as father’s name, address, etc etc, would not be accessible by simple retrieval at all. Similar fine details can be determined (by society, collectively) for different kinds of data gathering exercises.

    And perhaps there should be a public campaign mounted by the government, informing the public of the relevance/importance of the national ID, and of safeguarding it.

    It is wonderful to see that society is waking up to the dangers inherent in such overenthusiastic ‘registration’ exercises, which represent the uninformed and non-techie societal response to the benefits of ICT. Used for all-round development, the leveraging is more than proven, but it must be used responsibly.

    Reply
  • 14. Jehan  |  December 17, 2008 at 5:05 pm

    @farzal stop fooling around otherwise some people may miss the point – that when collecting info of any nature, the collector must clearly state the purpose and its afteruse

    Reply
  • 15. farzal  |  December 17, 2008 at 5:28 pm

    Jehan & Vic, if someone made it through the serious post and the first 10 comments, a funny one liner will not make them miss the point. Those who know me know what I do for living (Mobile payment, Electronic Commerce, AML).

    anyways, welcome back,

    Reply
  • 16. Jehan  |  December 17, 2008 at 5:30 pm

    🙂 i just wanted to tell you off – it has been so long! Good to be back.

    Reply
  • 17. farzal  |  December 17, 2008 at 5:56 pm

    Another privacy nightmare is how our applications for credit card, auto loans, and even bank accounts contain vital personal and financial information. all this information is collected on paper and stapled together with pay stubs, property papers and tax returns.

    These ‘files’ pass through dozens of hands. I am 100% sure this documentation is copies and then used for call centre marketing, and perhaps in some cases, more sinister purposes.

    For electronic data, from call centre employee to bank’s CEO, all have access to sensitive financial transactions you conduct.

    MNO employees have access to all your SMS and call logs, many of which are publicly being used for black mailing and to solve crime cases.

    So there is good side and there is an evil side to all data collection. If laws are in place and culprits hanged for offenses, then only I will apply for my first credit card in Pakistan.

    Reply
  • 18. Fariha Akhtar  |  December 17, 2008 at 6:46 pm

    I was visiting one organization a few weeks ago, the security personnel there asked me to handover over my CNIC to them else they won’t let me in and that’s their usual security policy for all visitors. I gave them my CNIC since I had no other choice but kept thinking what if somebody gets it photocopied and the photocopies get misused!
    Other than this I have known of one organization where all employees are required to submit their CNIC and Passports to the management which’d scan them and keep the scanned copies with them. I failed to understand the purpose behind it..why would they keep the scanned copies? In fact why would they need their employees’ passports in the first place? unless they are sending them abroad or something :S
    Do they ensure that the security of the system where they r keeping those scanned copies will not be compromised? Do they promise that they would discard those copies once the employee leaves the organization..I think NO and this is what raises privacy concerns!

    Reply
  • 19. Fariha Akhtar  |  December 17, 2008 at 7:04 pm

    Other than this you might want to add to your post that if at any point it is absolutely necessary for one to submit a copy of his/her CNIC then he/she should do so only after clearly mentioning the purpose of submission on both sides of the copy(preferably in the top right corner) For e.g. if I’m submitting it while opening a new account at a bank then I’d mention on the copy of my CNIC “For opening a bank account” so that, that copy could not be used for any purpose other than the one stated.

    Reply
  • 20. Jehan  |  December 18, 2008 at 4:39 am

    @Vic the over enthusiastic use/abuse of data gatherers is I believe encouraged by naive people like us who have until now never questioned anyone who has ever asked us for any personal information. I must admit that I was only recently made aware of this when Simon, Gus and Dave visited from Privacy International and Simon held up a form that we had asked all attendees to fill up at the door. He asked “how many of you asked why you were being asked to provide us this info, what we were going to do with it, who would have access to it and how long would we would retain it with us.” Everyone looked blankly at him and then suddenly a bulb lit up in some of their brains (a la cartoon style). We should try and spread that light and that is why questions are important.

    @Farzal, total agree about all the financial organizations and auto companies etc. and the information ending up in call centers and with freelance individuals who are just hired for the purpose of a wide marketing blitz. As a pacifist, I must however disagree with you on the need for corporate punishment although I too have felt quite violent when several of these over enthusiastic people have called me on my mobile at all hours of the day or night to sell me a credit card I did not need or want.

    @Fariha, thank you for pointing out the need for crossing out one corner of the CNIC when submitting it for a particular purpose. Again it was only recently that my friend Rukhsana who is a lawyer pointed this out to me when I was submitting a copy of my National ID for the registration of a company. So many of us are just unaware or maybe just too trusting and naive.

    Reply
  • 21. Barrister Ali K.Chishti  |  December 18, 2008 at 5:16 am

    That’s interesting but obviously the folks do not want to take any chances (security-wise) but the question is: would they misuse your details? Prorably Not!!!!

    There’s an Act in UK called The Data Protection Act 1996 which covers the “right of information” and protects your information to be misused – unfortunately, Pakistan lacks such laws but there is always a criminal proceeding one could initiate under the Criminal Code Procedure if you even have a suspicion that your information is being / was misused.

    Reply
  • 22. Jehan  |  December 18, 2008 at 7:00 am

    @Ali the question is not whether they will misuse the information, the question is why are we leaving ourselves exposed to the risk of allowing anyone to do that – whether they do so knowingly or whether it happens due to neglect or lack of any attempt on their part to build in the safeguards that are necessary.

    Reply
  • 23. Vic  |  December 18, 2008 at 11:46 am

    @Jehan: exactly the point. Why create a situation for which one has to go to a court to have it resolved, why not avoid it in the first place? Since you live in a country where citizen databases have been in place since time immemorial (and yet even today the work is not 100% complete) it is not unreasonable to use the national identity card as a proof of existence on record. Of course, until the registration of all people is not complete, it cannot and must not be the only such criterion.

    However, keeping the information gathered for that reason stored is an invitation to have it misused. Far better to lock the stable door *before* the horse bolts than to grease the economy with unnecessary work, pursuing the horse expensively through the courts. With due respect to Barrister Chishti, there are better ways of earning money from the practice of law, than litigation.

    Reply
  • 24. sarah islam  |  December 19, 2008 at 12:04 pm

    umm, we have a similar debate going on here in Calcutta/Kolkata. But Calcuttans have simply refused to hand over any personal identification so far. I would understand if people were asked to show their IDs but having to hand over a copy? I don’t think so! I know terrorism, etc need stringent measures but how far are we willing to go and what about basic civil liberrtis is the question…good post! I like your sushi drive too:-)

    Reply
  • 25. sarah islam  |  December 19, 2008 at 12:05 pm

    sorry misspelt liberties there:-(

    Reply
  • 26. Ali Hasan Naqvi  |  December 19, 2008 at 2:03 pm

    Dear Friends,
    My name is Ali Hasan Naqvi and I work in the Marketing department of DAWN Newspaper. Being one of the organizers for this year’s “All About Lifestyles” (AAL), I read your comments with keen interest.
    Let me state that I fully respect your views, however, I would like to present my point-of-view as to why we had to resort to asking people for bringing a photo ID with them. Most of you know that AAL is a regular feature and this is going to be the 14th AAL exhibition organized at EXPO Center, Karachi. You would also recall that in all the previous exhibitions, we had neither imposed an entry ticket fee, nor asked the visitors to bring in their Photo ID. This year, due to prevailing law and order situation, we were told by the management of the EXPO Center that as per their new guidelines for arranging exhibitions of this magnitude, we would need to move beyond the only filter of restricting entry of visitors to “families only”. We were given 3 choices for this additional filter:
    1. To allow entry to visitors by invitation only.
    2. To allow entry by making visitors buy entry tickets.
    3. To arrange for on-site registrations of all the visitors.
    The first option was out of question because AAL is not a B2B exhibition but a B2C exhibition.
    The second option was also ruled out because it sounded too greedy and commercial, and did not go well with the image of our organization.
    The third option would have been a logistic nightmare, keeping in view the huge number of visitors coming to AAL.
    It may also be noted that for all of the above 3 conditions we would have required Production of Photo ID or Retention of Important Person Data.
    We had to reconcile the two opposing urges of keeping AAL absolutely safe for families visiting on the one hand, and encouraging people to visit AAL, on the other hand.
    Thus it was decided in consultation with the management of EXPO Center, Karachi that we would request the visitors to prove their identity by bringing in Photo ID. The reason why we have asked for submission of the photocopies at the time of entry is because this will create a sort of deterrence for any mischievous person from creating a situation detrimental to the safety of the visitors, since we would know as per our record of the day, as to who visited the exhibition on a particular day.
    In case of a family, we would not be asking every member of the family to submit the photocopy of their ID. Depending upon the size of the family, the photocopy of one or two members would be considered sufficient. For those visitor who forget to bring in a photocopy of their ID, we have arranged a scanner (just as the one installed at the parking of Park Towers) through which the photo ID will be scanned.
    Let me assure you that once AAL is over, we will destroy all the data collected during the course of AAL through shredders and similarly the data downloaded on the DVR of the scanner will also be properly destroyed. We will not be using this data for any commercial purpose or to gain access to your personal information.
    You would appreciate that there are better ways of data collection than processing information of random visitors who may or may not be DAWN readers, through an expensive and tedious exercise.
    In the end let me state that your presence will make AAL a success. I therefore, invite you all to visit AAL and enjoy good weather and exhibition. In case of any difficulty, please contact me directly at the venue through any of our representative at the EXPO Center and despite our stretched resources, I will try my level best to help you, should you need it.
    Your comments matter to us, hence instead of being at the venue today, I am writing these lines.
    Thank you for your patience.
    I am signing off and heading for the Expo Center and await to welcoming you there.
    Good luck and best regards.
    Syed Ali Hasan Naqvi.

    Reply
  • 27. Arfeen  |  December 19, 2008 at 5:20 pm

    Its better to take only N.I.C. number only if there is matter of any accident or other security thingy. Giving an NIC number will make sure that only authorised persons can get the data from NADRA (if they really need it), otherwise, there is no need to gather such sort of things.

    Reply
  • 28. Yahya  |  December 19, 2008 at 6:16 pm

    I was asked the same, having not carrying a copy with me I did not want to waste the trip. I still managed to get inside. Sneaked in rather (chup chupa ke) & by the time the last person to see me pass by believed i submitted a copy of the NIC. It was also the only fun part at the event.

    Reply
  • 29. farzal  |  December 19, 2008 at 6:26 pm

    Ali Hasan – thanks for the clarifications and having gone through your length response, I felt like an FSc grader who gives good points to long answers.

    Anyways, hopefully your shredders will be put to good use before any leaks take place. You may want to save electric and burn them to produce some heat in these cold winters.

    Reply
  • 30. Anthony Mitchell  |  December 19, 2008 at 6:26 pm

    Most security breaches are in-house breaches. Let us therefore look at how well collected data is being safeguarded.

    Are the collectors of personal data now implementing personnel-reliability-policies to screen their employees in Pakistan? Step one would be to verify stated home addresses of employees. IMHO – or rather – in my professional opinion – PK companies are not operating adequate personnel-reliability-programs.

    The consequences? Simple. Resale of consumer IDs has been commodified. They are bought and sold in global marketplaces. Although a PK ID is not as valuable as, for example, an identity from a UK citizen, a PK identity still gives immediate profitability and liquidity in the secondary markets.

    Ignorance or naïveté is not an acceptable excuse for Dawn or any other event promoter to recklessly engage in the collection and retention of sensitive personal information.

    It is a well founded truism that the security and military agencies are always more concerned with re-living prior conflicts than future ones. But the facts clearly point to PK citizens being targeted now for fraud that has long-lasting consequences.

    Just because foreigners are not being dropped off on the shoreline with weapons-in-hand does not mean that Pakistan’s citizens are not being victimized by identity fraud perpetrated on a global level.

    All institutions in Pakistan need to take a fresh look at security priorities in the Internet era. In the case of Dawn, it is not important that they have complete databases of citizen IDs in order to verify attendance at public events. Rather, a name or an ID number from an ID card should be all that is needed, with the actual personal information being retained by the relevant government office – under lock-and-key except in the most extreme circumstances.

    Protection of citizens’ personal financial integrity needs to be a national priority. Jehan Ara is asking important questions that have profound positive implications on the security of every single person in Pakistan. These questions deserve a better, more thoughtful response from Dawn. I hope and trust that such a response will soon be forthcoming.

    Reply
  • 31. عمار - aMmAr  |  December 19, 2008 at 6:43 pm

    A very important issue raised and the debate is highlighting some valuable pointers. LACK OF TRUST is obviously the only reason which makes organizers take such extreme steps. The other day I was filling a form of a job portal and they asked for my NIC card number. I am sure they will come up with some justification but I cant trust them with my credentials😛 or can I?

    Reply
  • 32. Syed Talha Izhar  |  December 20, 2008 at 2:57 am

    @Ammar: I think with the NIC they are applying the unique constraint in their own records for easy of management. And they have more information about us than just the NIC…🙂

    Reply
  • 33. Vickram Crishna  |  December 20, 2008 at 9:55 am

    Clearly the response from the organisers is inadequate, not to mention slightly confused.

    If the purpose was crowd security management, simply scanning the CNIC or any other photo-ID would probably have been sufficient, and barely takes any time. Crowd control gates, with horizontal bars providing a passageway, allow for this time, while the person or group enters. This sort of thing is routine in any crowded place where some form of entry verification is normal, such as commuter railway stations.

    Importantly, there would be absolutely no immediate need to print the scans, a waste of paper, electricity and money. Of course, none of these things would be expenses to the organisers, and since they are doing this exercise as a service to the public with no profit motive, they apparently have to determine limits to their generosity. We need not examine the logic of this further, since apparently the exercise of collecting (and then destroying) all that paper was much cheaper for the organiser.

    But that is not the question raised in the original post. Jehan asks about the future use of this data, especially the CNIC (although apparently any photo-ID would have done – these days I find it convenient to show my IGF registration photo-card when asked, since it has my name and photo and no further personal details on it – and gives it useful life beyond a bookmark).

    A simple notice certifying non-retention of data beyond the exhibition, and absolutely no commercial use of the data during or after, would have helped. It might even have avoided raising suspicions.

    According to Mr Naqvi, “The reason why we have asked for submission of the photocopies at the time of entry is because this will create a sort of deterrence for any mischievous person from creating a situation detrimental to the safety of the visitors, since we would know as per our record of the day, as to who visited the exhibition on a particular day.”

    To which I can only respond, quoting Bob Dylan, “Twenty years of schooling and they put me on the day shift”. If all that schooling produces this level of rational thinking, the ‘day shift’ should be considered an upgrade.

    Reply
  • 34. Vickram Crishna  |  December 20, 2008 at 9:55 am

    Clearly the response from the organisers is inadequate, not to mention slightly confused.

    If the purpose was crowd security management, simply scanning the CNIC or any other photo-ID would probably have been sufficient, and barely takes any time. Crowd control gates, with horizontal bars providing a passageway, allow for this time, while the person or group enters. This sort of thing is routine in any crowded place where some form of entry verification is normal, such as commuter railway stations.

    Importantly, there would be absolutely no immediate need to print the scans, a waste of paper, electricity and money. Of course, none of these things would be expenses to the organisers, and since they are doing this exercise as a service to the public with no profit motive, they apparently have to determine limits to their generosity. We need not examine the logic of this further, since apparently the exercise of collecting (and then destroying) all that paper was much cheaper for the organiser.

    But that is not the question raised in the original post. Jehan asks about the future use of this data, especially the CNIC (although apparently any photo-ID would have done – these days I find it convenient to show my IGF registration photo-card when asked, since it has my name and photo and no further personal details on it – and gives it useful life beyond a bookmark).

    A simple notice certifying non-retention of data beyond the exhibition, and absolutely no commercial use of the data during or after, would have helped. It might even have avoided raising suspicions.

    According to Mr Naqvi, “The reason why we have asked for submission of the photocopies at the time of entry is because this will create a sort of deterrence for any mischievous person from creating a situation detrimental to the safety of the visitors, since we would know as per our record of the day, as to who visited the exhibition on a particular day.”

    To which I can only respond, quoting Bob Dylan, “Twenty years of schooling and they put me on the day shift”. If all that schooling only produces this level of rational thinking, the ‘day shift’ should be considered an upgrade.

    Reply
  • 35. Ali Hasan Naqvi  |  December 20, 2008 at 12:02 pm

    Dear All, thanks again for your comments. I will be more than glad to welcome you at the venue during my “day shift”.

    Reply
  • 36. sadia  |  December 20, 2008 at 4:47 pm

    hey i noted with quite an interest that today’s DAWN advert for All About Lifestyles states one to ‘show’ a copy of the NIC. Guess they changed the submission criteria…

    Reply
  • 37. Jehan  |  December 21, 2008 at 12:49 am

    @Sadia interesting but the radio and television ads still state that you have to submit a copy of the NIC.

    @Ali thanks for the clarification. However, I think instead of giving in to the Expo Center, a group with as much clout as yours, should actually have explained the privacy issues to them and got them to agree to seeing proof of identity without the need for submission of the document.

    Reply
  • 38. Danish Iqbal  |  December 22, 2008 at 12:05 am

    submitting a CNIC copy is not fair with public. if they continue such as receiving a copy of NIC , then i think public interest will be on decline in such a situation…

    Reply
  • 39. Shahjahan  |  December 22, 2008 at 7:07 pm

    One thing that is not being highlighted is that submission of original/copy of Photo ID of any sort does NOT enhance security.

    Let us say 10,000 people visit the Expo Center in a day. 9,999 of them are NOT dangerous, are NOT terrorists, and are NOT there to blow the place up. The so-called security check is used to be rude to visitors/guests, treat them as untrustworthy aliens, and so on.

    And what about that 1 person who is going to blow up the place or cause havoc? He won’t come with his own ID, and even if he does – it would be fake. When the security team is busy harassing 9,999 people, they can’t be bothered with identifying that one man who will slip through their system.

    George Bush uses ‘fear’ to steal the civil liberties of his people. The same thing is happening in Pakistan: scare us with threats, and in order to save us – start harassing us.

    Reply
  • 40. Web Designing Karachi  |  September 9, 2010 at 8:57 am

    I am quite sure they will learn lots of new stuff here than anybody else!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Past Posts

Twitter Updates


%d bloggers like this: