An alarming lapse in data security protocols
The National Telecommunication Monitoring Centre's (NTMC) recent revelation about the illicit sale of citizens' NID card and phone call details comes as yet another reminder of how susceptible government-stored data is to breaches and exploitations. The fact that government employees themselves have exploited their access to the data—selling it through various social media groups and messaging apps—adds another dimension to this story. For one, it exposes an alarming lapse in the data security protocols. It also means that nothing short of an overhaul of the whole data security infrastructure will be enough to contain this multifaceted threat.
The NTMC server keeps data relating to citizens' NID cards, passports, driving licenses, and call detail records, according to our report. Nearly 500 officials of 42 organisations can log in to the centre's National Intelligent Platform (NIP) using their IDs, and access the data for verification and investigation purposes. The latest breach, as per a letter by the NTMC to the home ministry, was traced to unusually high numbers of logins to the NIP by IDs belonging to two high officials from the Anti-Terrorism Unit (ATU) and Rab-6 between March 25 and April 25. Both of them are now under investigation for unauthorised data transfers. Previously, two data entry operators of the IDEA 2 project were arrested for similar offenses.
For all latest news, follow The Daily Star's Google News channel. 
Although we don't know how many people were affected by the latest breaches, the NTMC in its letter said that personal data was being sold through 21 WhatsApp, 48 Telegram, and 720 Facebook groups and pages, which collectively have 32 lakh members and followers. Such widespread dissemination of sensitive information poses a severe risk to the security and privacy of individuals concerned. Personal data including NID details can be abused to commit various crimes. We have seen how such data was used to open fake bank accounts and obtain loans, or to illegally access government grants. Victims, it goes without saying, have to pay the price even years after the commission of such crimes in their names.
The latest revelation should serve as a wake-up call for the government. It has waited too long for the data security system to fix itself, without undertaking any robust measure, but this was a fool's dream. What the government needs to do is act decisively to not just ensure that our data is unbreachable for hackers but also implement stringent security and accountability measures for officials and organisations having access to the data. The NTMC has made a number of recommendations in this regard, which the government should carefully evaluate and implement.
Comments