TDS Desk:

The Election Commission has remained silent over the last one year and apparently taken no action regarding the data breach of around 50 million citizens from the National Identity (NID) server.

When the leak of NID data was reported for the second time in the first week of October last year, the authorities concerned at that time denied it.

The personal information of individuals, obtained through the Smart National Identity Card (NID) system, is available on a Telegram channel. By providing a NID number and date of birth, an individual’s complete personal information can be obtained.

The breach of NID data came into light first in July last year when American media outlet TechCrunch reported that a website belonging to the Bangladesh government was leaking the personal information of the country’s citizens, including full names, phone numbers, email addresses and national ID numbers.

On 14 October 2010, controversial technology company TigerIT joined the Election Commission’s “Preparation of Electoral Roll with Photographs and Facilitating the Issuance of National Identity Card (PERP-FINIDC)” project.

Brig Gen Akhtaruzzaman Siddiqui, the then project director of the Election Commission, and Ziaur Rahman, chairman of TigerIT, signed the agreement on behalf of their respective institutions for the project. The project later evolved into the “Identification System for Enhancing Access to Service” (IDEA) project.

Sources said the technical development of the NID system was done, spending $219 million, in the second phase of the IDEA project with the help of the World Bank financing.

TigerIT, along with its shadow company IBCS-PRIMAX, developed the NID server that contained the Automated Fingerprint Identification System (AFIS) and Automated Biometric Identification System (ABIS).

Controversial entrepreneur Ziaur Rahman’s company TigerIT got the task of developing the NID server due to his good relations with Shahnaz Siddiqui, wife of Tarique Ahmed Siddique, security adviser of ousted prime minister Sheikh Hasina, and relative of Sheikh Rehana.

TigerIT was “blacklisted” in 2019 by the World Bank for financial irregularities shortly after the second phase of the IDEA project started. But conniving with the then ruling Awami League, TigerIT remained active with the project.

TigerIT and its shadow firm IBCS-PRIMAX took control of Election Commission’s National Identity Card (NID) server by creating a syndicate with Hasina’s adviser Tarique Ahmed Siddique.

The controversial company still has control over the information of 180 million citizens of the country, confirmed three officials of the Election Commission’s NID division on condition of anonymity.

A source confirmed that TigerIT’s syndicate bagged work orders worth “thousands of crores of taka” through eight financial packages and serially arranged tenders.

TigerIT was supposed to hand over the control of the NID server, including its source code, to the government after developing it, but it has not done it even after finishing the job about seven years ago.

In this way, the information of the common citizens of the country has been grabbed by the syndicate of the Awami League’s beneficiaries, to whom the NID section of the Election Commission is completely helpless, said sources.

Source also said the Election Commission did not conduct any technical audit or inspection of the voter management system after taking the services of TigerIT due to their political clout. As a result, the system’s API (Application Programming Interface) management and security remains under huge risks.

UTTER DISREGARD FOR REGULATIONS LEAVE CITIZENS’ DATA VULNERABLE

Sumon Ahmed Sabir, an information communication technology expert, thinks that the infrastructure of the NID server is not adequate to secure the sensitive information.

“There is a lack of legal framework for data privacy. If the data leak happens in any European country, the citizen has the right to get legal support under the GDPR guideline. However, we find that the Bangladeshi authorities remain silent on the data breach issue,” Sabir, an executive council member at Asia Pacific Network Information Centre (APNIC), told  on Saturday.

The General Data Privacy Regulation (GDPR) has created a benchmark for the countries in the European Union to have control over the internet companies’ operations, especially social media, through taking legal actions against the violator of privacy.

Moreover, the authorities of TigerIT transferred the database of 180 million citizens from Oracle’s engineering box solution to “Postgre” – an open source database – without getting any approval from the government. As a result, the information of all citizens of Bangladesh is now at risk, according to technology experts.

Regarding security flaws, cyber security expert Rezwanur Rahman said important data of the country should be in the National Data Centre, which should be maintained by local manpower.

“Data centres should be manned by skilled engineers of the country who are interested in government jobs. The first and most important prerequisite for smart governance is building your own IT team,” Rahman, a Most Valuable Professional at Microsoft, told the Daily Sun.

He said the dependence on third party companies gives companies like TigerIT the opportunity to corrupt the country’s government, people, and industry.

According to the Government’s PPR (Public Procurement Rules) 2008, blacklisted organisations cannot participate in local tenders.

Despite being blacklisted by the World Bank, TigerIT was awarded a work order by the fascist Awami League government for the GD-35 package of the second phase of IDEA project in 2023.

This Correspondent tried to reach Election Commission Secretary Shafiul Azim for comment on the information leak, but did not get a reply.