The government has thankfully scrapped the tender that would have allowed a foreign company to collect and verify sensitive personal information of Nepali citizens. The tender related to the national identity card was hastily approved by former home minister Rabi Lamichhane by circumventing due process. The government has also decided to investigate the decision-making that led to the handing of the contract to an international agency. The probe should not ignore Lamichhane’s claim that he was only giving continuity to the process that had long been underway, much before he took office. After all, Lamichhane could not have just walked into the office and started the procedure of awarding the contract to a foreign agency overnight. While Lamichhane should be made accountable for his actions as the minister leading the project, he was in all likelihood egged on by a gang of fraudsters within and outside the government. The probe should bring them all under the radar.

The procedural flaw, however, is not even the most significant problem in the identity imbroglio. In their eagerness to get the work done quickly, notwithstanding their intention, Lamichhane and his team nearly committed a gargantuan crime of potentially selling the data of Nepali citizens. For those unaware of the scale of security threat a breach of data entails, it is more vast and wide than we can imagine; once out of the secret vaults of the government, the information cannot be brought back to keep it safe. For a crude example from our own neighbourhood, criminal mobs during the Gujarat riots in 2002 had raided neighbourhoods with voter lists in their hands, checking which houses to attack and which to spare. Here in Nepal, each political party candidate, and by extension literally any individual, can buy voter lists and access personal information of voters at throwaway prices.

A big trove of confidential personal data is a treasure in the neoliberal capitalist age. Getting easy access to such data is a dream come true for agencies intent on capital accumulation by any means. The former home minister, and in all likelihood, a cohort of unscrupulous government authorities, almost made the acquisition of the citizens’ private data a cakewalk for the international agency. At a time when a global industry trading in confidential personal data is operating surreptitiously, there would have been the ever-present risk of our data circulating across the industry with a price tag. From insurance agents to telemarketers, impersonators to thieves, anyone would be able to misuse or sell our data.

The identity imbroglio exposes the insensitivity, even criminal apathy, with which the Nepali state functions when it comes to protecting the fundamental rights of its citizens. Apart from the criminality embedded in it, the breach of data also entails the break of the bond of trust and respect between the citizens and the state. The state is entitled to obtaining personal data of citizens strictly for governance; however, it has no right to sell the data or make it available to non-state actors by any means. But now the state has decided to do the verification work itself, there is also a concomitant need to develop solid firewalls around the data it collects and verifies. It is no good keeping all the confidential information in the country if our databases can be breached.