The Computerised National Identity Card (CNIC) (Urdu: قومی شناختی کارڈ, romanized: qaumī śanāxtī kārḍ) is an identity card with a 13-digit number available to all adult citizens of Pakistan and their diaspora counterparts, obtained voluntarily. It includes biometric data such as 10 fingerprints, 2 iris prints, and a facial photo.[2][3] The National Database and Registration Authority (NADRA), was established in 1998 as an attached department under the Ministry of Interior, Government of Pakistan. Since March 2000, NADRA has operated as an independent corporate body with the requisite autonomy to collect and maintain data independently.[4]
The CNIC includes details such as legal name, gender (male, female, or transgender), father's name (or husband's name for married women), identification mark, date of birth, national ID card number, family tree ID number, current and permanent addresses, issue and expiry dates, signature, photo, and thumbprint (fingerprint).
Though not mandatory by law, the CNIC is essential for numerous transactions in Pakistan, including voting, passport applications, land and vehicle purchases, driver's license acquisition, ticket bookings, mobile SIM card acquisition, utility services access, education and healthcare access, and financial transactions.[5][6]
History
Efforts to establish a national ID system in Pakistan began in 1973, following the enactment of Article 30 of the Second Amendment.[7] This initiative aimed to collect demographic data, addresses, photographs, and thumb impressions from citizens for the purpose of maintaining a statistical database. However, the process relied on physical files and lacked the adoption of emerging technologies by the Directorate General of Registration. As a result, the government's ability to provide a reliable document for ID verification was limited.[3]
In 1999, the Pakistan Army, tasked with conducting a nationwide census, began considering merging two institutions: the Directorate General of Registration, responsible for issuing national ID cards, and the National Database Organization, established in 1998 for census purposes. This merger aimed to computerise census data collection and utilise it for issuing computerised cards. The National Database and Registration Authority (NADRA) Ordinance, 2000, effective from 10 March 2000, formalised this merger, combining the functions of both entities. The goal was to streamline the process of registering individuals and issuing biometric data based national ID cards while reducing government intervention. The Computerised National Identity Card (CNIC) contains a 13-digit unique ID, a photo, signature, and a microchip storing iris scans and fingerprints.[5]
In 2007, NADRA began implementing fingerprint deduplication for national ID card issuance. By 2008, the data architecture was enhanced to include a full set of 10 fingerprints and a digital photograph. This technology proved highly effective in deduplicating the national database, significantly reducing instances of dual IDs and identity theft.[3]
In October 2012, NADRA introduced the Smart National ID Card with enhanced security features to deter forgery and broaden its application in government services. Compliant with international standards, ICAO standard 9303 and ISO standard 7816-4, it incorporates a data chip, 36 security features, and a match-on-card applet, enhancing smart card authentication security by storing ID data on the card itself.
Challenges
NADRA faced significant challenges in issuing ID cards due to limited technical capabilities from 2001 to 2005.[8] To address this, they expanded their presence by setting up offices in every district and implementing mobile infrastructure to reach remote areas. With these improvements, registration surged from 54 million in 2008 to 98 million in 2014, with approximately 55 million men and 43 million women enrolled.
In relation, the percentage might be small, but many millions face challenges in obtaining this card, leaving them vulnerable.[9] Studies indicate that women and children of unregistered parents are at risk of trafficking and forced labor due to their inability to obtain CNICs or birth certificates.[10][11][5] To address this issue, mobile registration units with female staff and simplified processes to assist vulnerable groups ensuring better inclusion.[12]
Province and city codes
This 13-digit number is entirely different for every Pakistani.
This number hass three parts. The first part, which comprises five digits i.e. '12101', has its first digit '1' identifying your province. People whose CNIC number starts with 1, are residents of Khyber Pakhtunkhwa province, similarly, 2 represents FATA, 3 for Punjab, 4 for Sindh, 5 represents Balochistan, 6 for Islamabad and 7 represents Gilgit-Baltistan province.
The second digit in the CNIC number shows your division, which means every a digit identifies a different division in a province, while the rest of the three digit represent your district, tehsil and union council.
The second and middle part of the CNIC number, which consists of seven digits separated by hyphens i.e. XXXXX-1234567-X, is basically a code for the family number of a citizen. This code forms the family tree of a citizen.
The third part, which has only one digit following a hyphen, represents sex of a person. For a man, odd digits i.e. 1, 3, 5, 7, 9 are used, while even digits i.e. 2, 4, 6, 8 are used for women.
This is how a CNIC number is generated by the Nadra's automated system.
Pakistani citizens living abroad have the option to apply for NICOP, also known as the National Identity Card for Overseas Pakistanis, serving as a registration document. Initially, it was exclusively granted to individuals residing abroad for six months or holding dual nationalities. However, the eligibility criteria have since expanded to include all Pakistani citizens. Furthermore, those with ties to Pakistan, such as marriage to a CNIC or NICOP holder, can opt for a Pakistan Origin Card (POC).[13]
Data breach
In 2020, a significant data breach involving 115 million CNICs was disclosed to the public.[14] The CNIC database is accessed by 300 public and private service providers, but multiple data breaches indicate inadequate security.[15] In March 2024, it emerged that the sensitive personal data of approximately 2.7 million Pakistanis had been compromised from NADRA's database, notably from the Multan, Karachi, and Peshawar offices.[15]
Leaked personal information can lead to harassment and blackmail, particularly affecting vulnerable groups like women, journalists, activists, and minorities. Due to a missing data protection law, there's no accountability for such breaches.[16][17]
References
^ ab"Fee Structure". nadra.gov.pk. National Database and Registration Authority. Retrieved 22 April 2024.
^Ibtasam, Samia; Razaq, Lubna; Anwar, Haider W.; Mehmood, Hamid; Shah, Kushal; Webster, Jennifer; Kumar, Neha; Anderson, Richard (20 June 2018). "Knowledge, Access, and Decision-Making: Women's Financial Inclusion in Pakistan". Proceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies. Vol. 2018. Association for Computing Machinery. p. 22. doi:10.1145/3209811.3209819. ISBN978-1-4503-5816-3. PMC8018240.
.jpg)
