As from 1st October 2013, all citizens of the Republic of Mauritius, who already have an ID card, should replace it with a new ID card.
The vision
The Government wants to provide all Mauritians with a high-security ID card linked to a new population database to serve as an ID document to prove identity and to allow more secure and reliable access to government e-services.
With this new form of identification and authentication, we will only need to carry one identity document instead of multiple documents. Maybe we won’t need to have our driving licenses with us all the time as all policemen will have identity card readers and real-time access to the population database. Another stated benefit is that people will also be able to access Governmental eservices at home or at work using their personal identity card readers.
What data is stored?
As pictured above, the following information is going to be printed on the front of the card:
- A black and white photo
- The ID Number
- Surname, first name and surname at birth
- Gender (“M”, “F”)
- Date of birth
- Signature
- SC logo for Senior Citizens to access benefits such as the bus pass
On the back of the card, we will have:
- A barcode, presumably to make the ID card number easier to read by a machine
- A card control number, presumably to check whether the ID card number (encoded in the barcode) has been read properly
- The ID Number of the person again
- The Date of issue
- The name in case there is not enough space to print the name on the front side of the card
In addition to the printed information, the ID card is a smart card and contains a chip which will store the following data:
- The photo, ID number, surname, first name, surname at birth, gender, date of birth
- The residential address
- Four fingerprint templates (2 thumb and 2 index fingerprints by default)
- A digital certificate
Note that the residential address is not printed on the card. Someone stealing your ID card won’t know where you live…
What is a fingerprint template?
The chip will only store a mathematical model (i.e. a “template”) of the fingerprint, not an actual image. This is mainly for two reasons: (1) the amount of data to be stored is smaller and (2) this makes for faster processing time.
My interpretation of this is that someone accessing a very secure e-service will have to go through a two-step authentication procedure. First, the person will have to insert the ID card in an identity card reader to prove ownership of the card. Secondly, the person will have to scan his fingerprint to prove his identity. This eliminates the case of someone stealing the card of someone else and impersonating him or her. Could this two-step authentication be done otherwise i.e. without resorting to fingerprints? Yes, by using, say, retinal scanners or similar invasive and expensive techniques. My point is that fingerprints are not that bad…
What about data safety?
A digital certificate is stored in the chip of the ID card. This is to ensure that an identity card reader can only read the data on an ID card when validated through the Mauritius National Identity Scheme (MNIS) Certificate Authority. In other words, all stored data is encrypted on the ID card and can only be unencrypted by an identity card reader if and only if the MNIS Certificate Authority approves that.
Furthermore, the whole system is protected by security appliances, access controls mechanisms, security policies, physical security, etc.
It looks like a lot of thoughts has gone into making the system as secure as possible.
The new ID card will only justify its high cost when…
This new ID card will cost a fortune and people need to understand that it is only a means of identifying and authenticating someone.
We will only have a good return on this massive investment if and only if most Governmental services become e-services. It’s high time that we, Mauritians, stop wasting our time having to go to Port-Louis, Phoenix or Ebène just to submit a form. Will this happen soon? I have some doubts…
In conclusion
- The ID card is nothing to worry about in principle.
- Most Governmental services need to become e-services soon or else we’re just wasting tons on money.
[All pictures courtesy of the Mauritian National Identity Card website]
Ish Sookun says
Nice article. In fact, I was looking for these details everywhere. Coming to the good or bad, well … Do we really need this “digital id card” at the moment? Not all the government services have gone electronic. So, we invest millions in something which we’re not ready to maximise the use while the country needs other services which are vital. I heard PM saying the country should keep pace with technology. Do they realise that most of the small enterprises still can’t afford to build online solutions “locally” and have to depend on external services (hosting, ip, etc)? Isn’t that something worth investing to make the country e-smarter? We’ll see how the country becomes a better place (or advanced) with this revolutionising idea of theirs.
Jo says
Hmm is that only used for authentication? What is the real objective of this? Can it be used as a driving license? Can we pay the bus with this?
Mike says
No doubt about it that it is top of the line ID production hence it’s expensive nature. I personally believe that the idea is not simply for modernization sake but to facilitate government services. The initial benefit to the authorities will be one of census. The fact that citizens have to justify their identity and now their residential address could be a census exercise as well as updating population database. There is no reason for the collection of four finger-prints other than that these can be used in a police and immigration database. This in itself could be a gross breach of personal privacy. On the whole, the ID data collection is presented as one of national pride and modernization but the data will no doubt be centralized to be used by the authorities. The use of this data will facilitate several services such as MRA, health, social security, customs, immigration, police and national security. For example, centralized data can be used in detecting social security fraud and combating crime. Presuming the ID-card will be linked to E-services it could be used by citizens for connection to MRA and tax returns as well as in connection with health and social security services. Remains that the collection of personal data is a delicate and controversial affair inasmuch as the data can be misused by personnel having access. In the UK, when the population was consulted on having such a system it was totally rejected on the basis of privacy.
Jean-Marc Desvaux says
Agree it’s going to be similar as a plain plastic card at 1/100 of the price as long as government services are not seriously redesigned and well thought through. I am not sure about the Government applications strategy. The new portal is only a facade.
Buying hardware and security infrastructure is a good thing only if you have something to run with and to secure.
Let’s wait and see when and what kind of value will be made available soon….
One interesting discussion will be on the potential to leverage the card by businesses as I’m not sure about MNIS CA policy on this. Of course there is the basic bar code usage left and that could be used for example for attendance systems or other system where the employee Identity is required. However, I see a problem here: Say you use the card to record attendance, sliding the card daily can damage it and lead to its replacement…at the employee cost.
Let’s not think of a new Labour Act or ER Act clause requesting the employer to pay a monthly token for that and thus getting employers to indirectly repay the Gov Card investment…..
Yashvin says
To reply to Jo’s question: I don’t think that a national identity card has as objective to pay the bus fare. Far from that and as you mentioned the driving license, probably yes, it might come (else I don’t find the big investment worth it) but nothing has been specified yet. As Avinash mentionned, I also believe that its implementation might be associated with the unique code that each ID card will have and using the appropriate card reader and connection to servers, your personal details (including your driving license) can be retrieved. Will it become a reality and when? Only those in power can make things move in the right direction.
Mike said an interesting point concerning the rejection of the card in UK. With the alarming number of political interference, bias and fear of expressing yourself, I don’t think that Mauritians are going to drive into those protestations. Just an example, only 200 people showed up in a manifestation to protect a public beach area.
The “surname at birth” annoys me. Why did not they keep the “maiden name” label?
ashvin says
I think the UK case is obsolete. The means to protect privacy are quite clear here: since there is a digital certificate, it means that unless you get the matching certificate from MNIS, you will not be able to read the cheap. Now even, if you are reading the chip using an approved device, you still need to have the person’s fingers with you to be able to authenticate the card.
The applications are many: yes, driving license – surtout PERMI A POINT will no longer require carrying a DLC. The many service points (e.g. CAB) could have enough equipment to decentralise a lot of the activities that are currently done in Port Louis… Of course, it all depends on government policies and initiatives now…
Cherina says
Puisqu’il ne semble pas y avoir des inconvénients (niveau sécurité en tout cas) à cette nouvelle carte d’identité, je ne comprends pas pourquoi je vois circuler une pétition contre, même s’il n’y a pas beaucoup de signataires : https://secure.avaaz.org/en/petition/SAY_NO_2_FINGERPRINT_ID_CARD_IN_MAURITIUS/?fbss. Les gens sont-ils contre l’évolution ?
Avinash Meetoo says
Je ne le pense pas. Par contre, c’est vrai que ceux qui sont derrière cette carte communique très mal… D’ailleurs, c’est à cause de cela que j’ai pris la décision d’écrire ce post: pour essayer d’expliquer simplement ce que c’est que cette carte.
selven says
Avinash Specimen! Great to meet ya. Tonn vinn Madras tou asterr, vue ki nom la fini par ‘en’!
Avinash Meetoo says
That’s just a coincidence… except that I was born in 1973 too 🙂
Triyam says
Dear Avinash,
Thank you for posting the article and for your technical analysis of the proposed new NIC in Mauritius.
As a common Mauritian and young adult the following are my immediate concerns:
1. While your analysis and approval of the security measures provided to safeguard the data is positive, my concern is whether such a system is 100% SECURE and UP-GRADABLE. As your know, it is much easier to hack/gain access to a website which was built in the early 2000s than in the 2010s. Maybe today, it is difficult for clandestine computer specialists to access the system but sooner rather than later, they will.
The site will not be able to resist the global might of Anonymous Hackers and the personal data of the Mauritians will be available to all online or to the highest bidder.
A clever fellow can even devise a way to reverse engineer the fingerprint templates and this is very scary.
2. Coming to the data stored on the card: Why do we need to submit out fingerprints and digital photo?
Common knowledge tells us that it is only when you commit a crime that the police are entitled to take your fingerprint.
Hence this is the most controversial issue of all as the collection of fingerprints of innocent civilians is a violation of the declaration of human rights (Article 3, article 12,article 21(2), article 28 and article 29(2).)
The storage of such data is open to abuse on behalf of the authorities themselves. And its not as if the elected government officials and civil servants have not given us any reason not to trust them, have they?
Any informed citizen will definitely cringe at the range of possible abuse which may ensure… eg. a disgruntled ex-partner obtaining one’s current address leading to harassment? Such abuses are common in developed countries where citizens’ private data are stored.
My suggestion would be that fingerprint,photo and address submissions should not be compulsory but VOLUNTARY. This will provide us with the freedom to choose whether we want to provide our private information or not.
3. What assurance will we have that other State organizations (such as the police) will not have access to our fingerprints and photos apart from the MNIS?
Many critics fear that we will eventually start living in a POLICE State where public surveillance cameras will automatically detect our faces via space recognition technology.
For instance, if you take part in a peaceful and legal protest rally or in a political gathering of an opposition party, say against injustice committed by the State or State-interests. Then you will be secretly identified and persecuted by the State.
If you have applied for a government job, you will not get it despite having the requisite qualifications. Or if you submit a tender to cater to some government ministry, you will not obtain it despite being an experienced and lowest bidder. Such examples already exist in our current society, but if the date is misused, then these examples will become the norm.
4. Who will have access to the new ID card READERS? No clear answers provided.
5. What e-services will be provided which needs authentication via a new ID card? No clear answers provided.
6. For how long will our information be stored in the MNIS system (as required by the Data Protection Act) and will an individual have the possibility of having his data deleted in the future if he so wishes? Again no clear answers are provided.
7. 1,200,000,000 Mauritian rupees is a lot. I am sure we have other priorities and urgent issues which need to be addressed other than the NIC.
8. Why run to Singapore for each and every problem which we have? We have highly-skilled Mauritian engineers in the Mauritius and abroad who would have readily helped and implented this project. We should give our people the chance to learn and innovate instead of lavishing public money via undisclosed contracts, to foreign governments and companies.
Last but not least, its not that I believe in a conspiracy that the Government is building a database of citizens for sinister purposes, I fear if we accept to submit private details such as fingerprints and photo, we are also setting a bad example to our children.
I don’t want my children to give details of themselves so easily as they should understand the importance and sanctity of the private information, and consequences of their abuse if they land in the wrong hands.
Be safe.
Mike says
I don’t share the belief that privacy concerns are obsolete. The fact that such very personal information is being gathered and stored is one for concern. The fact that there is data security is not the issue. In security the weakest element is the human. The persons having access to the information will be multiple services and any can misuse the data. Some of the data being obtained goes beyond what is reasonable and infringes on human rights since the individual has no choice in the matter.
ashvin says
I did not say privacy concerns are obsolete. I mean to say that the technology has evolved now. Notice that the fingerprints themselves are not stored in the chip card.
To understand this, Lets take a case where you need to store your secret number 260. What the card may store would be 260 divided by 13 = 20. So if anyone gets your card, they are getting 20 – which is not your secret number.
Similarly, before even accessing other information, there is a Digital Certificate. Think of it as a lock with 2 keys, where you need both to be able to open it. If someone uses incorrect keys, they will get garbled information.
Before reading this article, I was against this card (because I thought our privacy was beingnot catered for). They did not communicate properly, like Avinash said.
ashvin says
To add to the above case… this is just a simplified example…
To verify your identity, you would enter your pin 260. The card reader would do the same calculation to obtain 20. Then it would compare with the value stored on the chip: 20.
Mike says
Interesting debate, I understand your explanation on the technological security aspect. I was in the military domain which utilised encryption and authentication methods so I am familiar with the basics and the evolution of technology. I am satisfied at the levels of technological security of the card. My main concern is more at human level like is it really necessary for citizens to give their finger prints? What about the residential address, people move, will there be an administrative tracking of residences and so electronic recording or amendments to the data? It is worrying that all this personal data will certainly be available to various legitimate services at different administrative levels. This is where the security breach is most likely to occur, where for example, a civil servant having access uses the data for illegitimate disclosure. Being that no citizen has a choice in the matter of personal data just means that big brother is the winner and the human the loser. Having said that I can appreciate the benefits for a smoother administration. However, having experienced the country’s government run administration system and work ethics I am not convinced that it will improve the service to the citizen. Wait and see, time will tell.
Triyam says
Dear Avinash,
Thank you for posting the article and for your technical analysis of the proposed new NIC in Mauritius.
As a common Mauritian and young adult the following are my immediate concerns:
1. While your analysis and approval of the security measures provided to safeguard the data is positive, my concern is whether such a system is 100% SECURE and UP-GRADABLE. As your know, it is much easier to hack/gain access to a website which was built in the early 2000s than in the 2010s. Maybe today, it is difficult for clandestine computer specialists to access the system but sooner rather than later, they will. The site will not be able to resist the global might of Anonymous Hackers and the personal data of the Mauritians will be available to all online or to the highest bidder. A clever fellow can even devise a way to reverse engineer the fingerprint templates and this is very scary.
2. Coming to the data stored on the card: Why do we need to submit out fingerprints and digital photo?
Common knowledge tells us that it is only when you commit a crime that the police are entitled to take your fingerprint.
Hence this is the most controversial issue of all as the collection of fingerprints of innocent civilians is a violation of the declaration of human rights (Article 3, article 12,article 21(2), article 28 and article 29(2).)
The storage of such data is open to abuse on behalf of the authorities themselves. And its not as if the elected government officials and civil servants have not given us any reason not to trust them, have they?
Any informed citizen will definitely cringe at the range of possible abuse which may ensure… eg. a disgruntled ex-partner obtaining one’s current address leading to harassment? Such abuses are common in developed countries where citizens’ private data are stored.
My suggestion would be that fingerprint,photo and address submissions should not be compulsory but VOLUNTARY. This will provide us with the freedom to choose whether we want to provide our private information or not.
3. What assurance will we have that other State organizations (such as the police) will not have access to our fingerprints and photos apart from the MNIS?
Many critics fear that we will eventually start living in a POLICE State where public surveillance cameras will automatically detect our faces via space recognition technology.
For instance, if you take part in a peaceful and legal protest rally or in a political gathering of an opposition party, say against injustice committed by the State or State-interests. Then you will be secretly identified and persecuted by the State.
If you have applied for a government job, you will not get it despite having the requisite qualifications. Or if you submit a tender to cater to some government ministry, you will not obtain it despite being an experienced and lowest bidder. Such examples already exist in our current society, but if the date is misused, then these examples will become the norm.
4. Who will have access to the new ID card READERS? No clear answers provided.
5. What e-services will be provided which needs authentication via a new ID card? No clear answers provided.
6. For how long will our information be stored in the MNIS system (as required by the Data Protection Act) and will an individual have the possibility of having his data deleted in the future if he so wishes? Again no clear answers are provided.
7. 1,200,000,000 Mauritian rupees is a lot. I am sure we have other priorities and urgent issues which need to be addressed other than the NIC.
8. Why run to Singapore for each and every problem which we have? We have highly-skilled Mauritian engineers in the Mauritius and abroad who would have readily helped and implemented this project. We should give our people the chance to learn and innovate instead of lavishing public money via undisclosed contracts, to foreign governments and companies.
Last but not least, its not that I believe in a conspiracy that the Government is building a database of citizens for sinister purposes, I fear if we accept to submit private details such as fingerprints and photo, we are also setting a bad example to our children.
I don’t want my children to give details of themselves so easily as they should understand the importance and sanctity of the private information, and consequences of their abuse if they land in the wrong hands.
Be safe.
Avinash Meetoo says
Thanks to all for your very insightful comments.
Personally, I understand why fingerprint templates are stored : that’s for the 2-step authentication which is pretty much standard practice and highly recommend today.
As for the one black and white photo stored, that’s highly insufficient, in my opinion, to do face recognition. But, of course, I’m not an expert and I could be wrong.
Once again, at the end of the day, everything will depend on the people working within the system. It’s true that, right now, we cannot be overly optimistic : there are too many incapable political nominees everywhere but, hopefully, things will change for the better in the future.
Anarchist says
Let’s be clever. It’s obvious what the government wants is our damn fingerprints. We’ll actually be losing our identity if we get this card. We will be tracked and watched carefully. Talking about e-services, come on guys, you must be kidding.
INSTEAD OF LOSING MONEY WITH THIS STUPID PROJECT, THE GOV SHOULD MAKE SURE THAT EVERYBODY HAS ACCESS TO CLEAN WATER ALL OTHER THE ISLAND. THAT SHOULD BE THE MAIN PRIORITY OF A GOV THAT CARES FOR HIS PEOPLE.
Avinash Meetoo says
We’re all trying to be clever here 🙂
It’s true that all Mauritians should have access to water. That’s what the CWA needs to ensure.
The ID card is something else. It’s a means to, in the long run, to have better Governmental e-services. Let’s hope this doesn’t take too long.
Both are necessary in a modern country.
Dev Luckheenarain says
Comment faire pour changer sa carte ID si on est pas a Maurice?
Contacter l’ambassade de Maurice?
Merci
Avinash Meetoo says
A terme, très probablement. Je vais essayer de me renseigner.
Mauritian says
What happens when we need to do application for something. Always need a copy of your identity card, would they scan it? they wont be able. Will every corner hence have the card readers for applications making??
Our privacy is tempered. Why need to put our address on it??? we will always need to provide a billing form to prove our address.
Shall one move long way to change data on the card and will it be free of charge?? lets say when there is a divorce for example.
fortunately they did not include how many cars we own,how many land we have……thats because mr the ministers will be demasked.
TheComputerGuy says
Why Fingerprints?
I think this card makes us more vulnerable than we used to be, as this card will contain the mathematical schema of your fingerprints, using those schemata, they can build out images and then print them on silicon layers, we do know that the government bought some new expensive printers, do we know what type of printers. There are some printers which allow you to print replica figures on any type of materials. This means that they can get you involved in judiciary cases simply by printing your Fingerprints by the mean of the silicon fingerprints replica on some evidence items. I won’t be surprise that a few years later, after we’re starting to feel safe with that card, many crimes which were never solved, miraculously get solved. Innocent people get imprisoned while the criminals stay free.
P.S America have the money and the technology to build those types of cards, why you think they haven’t done it yet, their people are not dumb. Also, there are several biometrical elements that could be used to identify somebody, why fingerprints? cheapest alternative? NO, not at all. Think about it.
Avinash Meetoo says
It’s true that we still know very little about the launch dates and kinds of e-services we are going to have. It’s also true that we don’t know anything about personal card readers. They really don’t know how to communicate…
Eric Morel says
That’s true. If only a few bodies will be able to use the card efficiently so it would be useless. But I hope this will be ok in the near future.
Jean-Marc Desvaux says
From what I read, hear, watch (thank to Yashvin’s blog entry for the Lalit video) on the new ID Card, It seems there is a confusion between the Card itself and the Central Population Database leading to the wrong idea that everything you do with your card will be recorded in that Database.
In fact, blame is on the card when it should be on its potentially dangerous usage.
The Card project, as it is today, is not exposing any risky usage which by the way is not covered by the National Identity Card Act but the Data Protection Act mainly.
The new ID Card is just a Card and whether it has biometrics data on it or not to validate an Identity does not change in anyway the fact that the event is recorded or not in a datastore own by the Government. Even with the old ID card, the ID number could be used to track a citizen.
What the new ID card brings in is a new Identification mechanism with many security levels ranging from just the ID number (similar as the old card) and a bar code (just an ID number alias) to biometric hash codes (*) allowing 2 steps authentication and thus highly minimizing ID fraud risks where/when necessary.
(*) irreversible encoding : you need the finger to check if the hash code matches but you can’t just use the hashcode alone.
I believe any government has the right to record (and it is already the case) who is leaving the country, who is back to motherland, who lost his ID card, who is paying tax and so on and this as long as the Identity data is recorded in the context of a “Government based event/transaction”. Again, it is already the case with the Passport Number or ID number.
Trying to sell the idea that the Card in itself is a danger is an “hors sujet”. Where we need to be highly vigilant is on what can or cannot be recorded and again that part is not new and does not fall under the NIC Act.
So what’s wrong really with the new Card ?
The only thing possibly wrong is purely on the financial aspect (as I mentioned earlier in another comment) : If no added values, mainly in terms of e-services, are available quickly, it will be a bad investment, made too early or a fancy one as you prefer.
Avinash Meetoo says
Great comment, Jean-Marc. I, too, believe that we should distinguish between the ID card and the centralized database (which I didn’t cover in my post). The card is harmless and will allow us to easily access online services.
mel says
this seems to be a complete waste of money. Money which Mauritius probably does not have. E-services???
Are you kidding me?
armand says
The new card will be accepted if their is biometric fingerprint stored on a server which is not 100% secure.
And instead replacing id card replace driving licence so we dont need to carry DLC and a paper licence which will get destroyed in rain.
R Bheenick says
I remember the crashes and glitches on the MRA site, Delivery of DLC and even the Govt portal, all of which were to “international norms” and approved by the Authorities before deployment.
What happens if Internet goes down and you have a deadline dependent on the electronic ID card?
Who has the manpower and technicians to ensure and audit that transferred files are really destroyed in a proper and permanent way? That no screen captures have been made? That no auto archiving has been made? That the officer does not leave the file on the computer when he is transferred? That no transfer has been made to a pen drive? Remember even top secret info was left on the tube train in the UK and several million records misplaced…
Look at the definition of Data Controller in our context:
EXTRACT FROM DATA PROTECTION ACT
• For the purpose of the DPA, the data controller is the person who processes personal information of individuals and in our context, the data controller is the MICT, the CISD, CIB, GOC, NCB, and all other departments, parastatals and private companies falling under the purview of the MICT, as far as they collect personal data of employees and clients for example.
I still have to see a Govt office or police station or civil status office or other with a swipe card and password on a secured computer to limit access to data.
Vincent says
I will create a new religion which will prohibits to give fingerprints. So the government cannot force me to give my fingerprints as it will be a severe breach the human right acts.
Rajiv Ramkurrin says
It is not clear to many why the smart ID card is useful. Let me share my views …
While Avinash seems to be saying that the card is useful for e-services, I can already see many benefits already to the ID Card which I agree may not have been shared due to poor communication.
The card is a smart card and this simple fact will allow all agencies to be able through some readers to read information which normally they are keyed-in now.
Reading data from the card using some form of access control be it through SAM readers or simple readers is an enormous advantage to any agency be it the Government agencies or the private agencies. This in itself will save considerable time and will avoid errors which we are all so familiar with.
e.g. Jonny for Johnny, Sweety for Swetee. This errors make all citizens databases unclean and unreliable. Should the data on the smart card be accessible with the ID number, then all the databases in Mauritius could be cleaned.
Now, the data on the card will be signed electronically. This means that any unauthorised changes will be detected by verifying the signature and the signing certificates. Here also we will need to have some more information. Most probably after the card has been rolled out, we would be having more information.
Let us see the database, Central Population Database or whatever name it has.
If the citizen data are there in some secure databases, the government agencies should be able to share the information among themselves so that they can clean their data. For e.g. the social security should now know who is born or who is dead. Better service and less fraud.
The address of the citizen is on the card and in the database. Excellent. We could check the address from authorised agencies to reduce cases of fraud. e.g. People buying from CIM, Courts, etc each giving different addresses should stop now. Te agency should be using the address on the card rather than trusting the address the customer is proposing which may be wrong.
I understand the Act provides for the citizen to have an obligation to register an Change of Address. But we may need to have the facility for change of address decentralised to have better convenience.
Card and Documents
I have observed that many agencies tend to ask for many documents. The bio-data on the card (seeing from the website) should be enough for many transactions. So it is important to have all the data on the card verified at the registration so that we have clean and trusted data on the card.
If this is the case, the agencies will trust the card and the data on the card. It is only then that the agencies will stop asking for many documents. e.g. If you Surname on your ID Card is always same as that on your Birth Certificate, then no need to bring the Birth Certificate to verify your name. Similarly for your Date of Birth.
Hence the purpose of verifying all the data before registering the citizens.
Verification of fingerprint
The minutiae is a hash value representing the fingerprint. Now at verification anywhere, the live fingerprint is enrolled and the minutiae computed again before being compared with the one on the card. If it matches, then its you, else you may have stolen the card.
Is there a mechanism for agencies to verify our fingerprints. Now they don’t but they can buy readers and the SDK and the need to have some access rights may be by purchasing readers from Government of access modules for their readers from Government.
So the fingerprint most probably will be used for verification in offline environment, i.e. we should not require any network or Internet access. The card is smart (Intelligent). We should be able to do that?
Can we use it for identification.
We need to access some fingerprint database for fingerprint identification (1 to N). But the LAW do not provide for this and we also have the Data Protection Act and so on.
Coming to the Photo Identification.
If we need to identify a person on a photo on the newspaper, then the human beings are better at that. Now if we need to compare with some existing photo, we can compare with a photo from facebook or other social media website. Many US agencies are doing that already. Why do we use the Black and white photo of the Card. No need there are so many photo of our political friends on facebook, google, etc,
The Comm needs to be improved otherwise there are too many speculations with many science fiction scenarios ..
…
Avinash Meetoo says
Thanks for this very insightful comment.
vishal bunjun says
question ki posser eski mauritian contant donne renseignement ki pou dans so card a ban officier? ki pou arriver si kelkun famille ar ene officier ki pe check ou card, eski li pas pou guet renseignment so neveu ou famille dans so card ou bizin met blinkers?
morisien p contan donne renseigment, faire li quand pou ena jalousie lerla pou konai, car lile maurice c ene ti pays avec palabre.
lol
Avinash Meetoo says
Hi Vishal, sure, there need to be appropriate guidelines and policies concerning the manipulation of the ID card. But the most interesting aspect of it (according to me) is that we’ll have card readers at home to give us access to a myriad of online services (in the future…)
vick says
Hi Avinash
About: The chip will only store a mathematical model (i.e. a “template”) of the fingerprint, not an actual image.
Is this certain?
Can a forward search of a mathematical model x return precisely only model x in the database?
Or can it only return say a dozen matches, which then need further human inspection to match precisely? (in which case they will need to store the picture in the database)
Say on a crime scene there is only a partial or unclear fingerprint.
Also do you think future upgrades might include storage of DNA information?
Thanks
Avinash Meetoo says
Hi Vick,
I think the idea is not to store the fingerprint anywhere (neither in the card, nor in the GOC servers). What is stored in the card instead is a signature (“template”) derived from the actual fingerprint. When someone needs to be authenticated, a fingerprint reader is used which then calculates a new signature. If both signatures match, then the person is authenticated.
For added security, the fingerprint reader can only read the signature from the card if valid certificates are used and this is enforced by the GOC certificate authority.
Seems pretty straightforward to me.
In the future, of course, other kinds of data might be stored in the card but I hope that (1) we’ll know what is being stored and (2) appropriate security measures (like above) will be taken to make sure 3rd parties cannot read that data using, say, a hacked card reader.
Raphael Rocher says
Is there somebody who can explain howis bult the personal number. I just can say that the 1st letter corresponds to the name of the holder followed by the birth date.
But, I do not have been able to explain the remaining data.
Avinash Meetoo says
The rest of the numbers look random to me except possibly for the last number which is a check digit.
Moorad says
mon envie koner ki sa NIC number la stands for
like
S0808739500254
mo koner ki S = 1st alphabet of Surname
08 = DD
08 = Month
73 = year
mais le rete la mean what
Avinash Meetoo says
Hi Moorad,
You are absolutely right about the first 7 characters. The remaining digits correspond to, if I am not mistaken, a reference number (in your case, 9500254) which I suppose is unique.
NEELAM says
how can i get my id card control number online
Avinash Meetoo says
What do you mean, Neelam, by ID card control number? If you mean your ID card number, then please call the civil status office of your locality or the Prime Minister’s Office if they are not answering. They will be in a better position to help.
Bhoobun says
No comment
Beeltah Vikash says
Hi been robbed. I would like to get my I’d control number plz my id number is XXXXXXXXXXXXX my name is Beeltah Vikash my phone number is YYYYYYYYY.
Avinash Meetoo says
Hi Vikash, my website is not affiliated with the Civil Service. So, please, contact them directly to obtain your control number. And you will noticed that I have anonymised your ID number and phone number.
Mamta says
Hello.. Iv got a little problem.. How can i get the control number at the back.. 3 number is broken.. At the back
Avinash Meetoo says
Hi Mamta, my website is not affiliated with the Civil Service. So, please, contact them directly to obtain your control number.
Michael says
How do I verify the authenticity of a Mauritius National Identity Card.
Avinash Meetoo says
Better ask the people at https://mnis.govmu.org/
Ronny davis says
Bonjour les trois numéro de mon card control number du mieux est effacer comment g peut l’obtenir svp c très important merci
Avinash Meetoo says
Le mieux est de contacter le bureau de la sécurité sociale.
Krishi says
My card control number does not match with the national identity card number provided. What can I do?
Avinash Meetoo says
I would advise you to contact the ID card unit of the Government. Here are the phone numbers in Port-Louis: 207-5300 / 207-5301 / 207-5302. And, in Rose-Hill: 467-6575
Check https://mnis.govmu.org/