Editorial

A mockery of data security

Failure to protect sensitive NID data shows government incompetence
VISUAL: STAR

With yet another incident of data leak coming to the fore, it seems those tasked with keeping our digitised data secure may not be aware of how to do their job. The latest case of data breaches reveals a rather perilous situation: personal details of a number of citizens who have been issued the smart national identification (NID) card are currently available on Telegram, an instant messaging service. According to our report, there is a channel on Telegram where a bot can provide all the details of a smart card holder enlisted on the national NID server when their 10-digit number is entered. The wing apparently learned of the matter on Tuesday, and found that the leak occurred through one of the 174 organisations that use the NID server. The authorities have yet to figure out who are behind the channel, and are apparently trying to get it shut down.

It is astounding to think that the safety of sensitive private information can be compromised to such extent, exposing the affected citizens to all kinds of threats, not to mention violating their privacy. The data includes names of card holders, names of their parents and spouses, photos, phone numbers, birthdates, permanent and present addresses, etc, all of which are up for grabs by anyone with an ill motive – be it identity theft or murder – without the fear of getting caught.

But what is more distressing is the nonchalance with which such data breaches are being dealt with. That our government web portals are not equipped to properly safeguard data is not news anymore. This year alone, we have learnt of quite a number of breaches into websites hosted by different government agencies, police stations, and even a state-owned bank and the national flag carrier. Yet, despite heavy criticism, there seems to be little effort by those in charge to address the vulnerability by employing stronger, more effective security measures.

Is the safety of our personal data a joke to the authorities? Or do they simply not understand the concept of data security? Given the frequency with which citizens' personal information is being exposed, both situations seem likely. This state of affairs is absolutely unacceptable – a mockery of the government's much-publicised mission to build a "Smart Bangladesh." It's time the government actively invested resources into making all state portals/websites secure. It must prioritise the safekeeping of citizens' personal information.


Follow The Daily Star Opinion on Facebook for the latest opinions, commentaries and analyses by experts and professionals. To contribute your article or letter to The Daily Star Opinion, see our guidelines for submission.


 

Comments

A mockery of data security

Failure to protect sensitive NID data shows government incompetence
VISUAL: STAR

With yet another incident of data leak coming to the fore, it seems those tasked with keeping our digitised data secure may not be aware of how to do their job. The latest case of data breaches reveals a rather perilous situation: personal details of a number of citizens who have been issued the smart national identification (NID) card are currently available on Telegram, an instant messaging service. According to our report, there is a channel on Telegram where a bot can provide all the details of a smart card holder enlisted on the national NID server when their 10-digit number is entered. The wing apparently learned of the matter on Tuesday, and found that the leak occurred through one of the 174 organisations that use the NID server. The authorities have yet to figure out who are behind the channel, and are apparently trying to get it shut down.

It is astounding to think that the safety of sensitive private information can be compromised to such extent, exposing the affected citizens to all kinds of threats, not to mention violating their privacy. The data includes names of card holders, names of their parents and spouses, photos, phone numbers, birthdates, permanent and present addresses, etc, all of which are up for grabs by anyone with an ill motive – be it identity theft or murder – without the fear of getting caught.

But what is more distressing is the nonchalance with which such data breaches are being dealt with. That our government web portals are not equipped to properly safeguard data is not news anymore. This year alone, we have learnt of quite a number of breaches into websites hosted by different government agencies, police stations, and even a state-owned bank and the national flag carrier. Yet, despite heavy criticism, there seems to be little effort by those in charge to address the vulnerability by employing stronger, more effective security measures.

Is the safety of our personal data a joke to the authorities? Or do they simply not understand the concept of data security? Given the frequency with which citizens' personal information is being exposed, both situations seem likely. This state of affairs is absolutely unacceptable – a mockery of the government's much-publicised mission to build a "Smart Bangladesh." It's time the government actively invested resources into making all state portals/websites secure. It must prioritise the safekeeping of citizens' personal information.


Follow The Daily Star Opinion on Facebook for the latest opinions, commentaries and analyses by experts and professionals. To contribute your article or letter to The Daily Star Opinion, see our guidelines for submission.


 

Comments