Ensuring data privacy and cybersecurity infrastructure

Safwan Rob | Published: June 30, 2018 21:23:01 | Updated: June 30, 2018 22:09:13

The National Identification (NID) card has become a ubiquitous necessity in everyday lives in Bangladesh. Money transfer through use of mobile financial services (MFS) like bKash, iPay and Rocket requires NID to set up account. Ride-sharing service requires NID to register a vehicle or bike to be used for taxi services. The tax-return services have been upgraded to e-TIN (electronic tax identification number) linked with NID.

There may be flaws in these services; even then these are truly a step forward. These initiatives are potentially building blocks of a governance system that decreases principal-agent problem, increases efficiency and saves times. Personally, the pleasure of saving time by avoiding the road traffic due to some of these services gives the present writer joy. This whole process starts with the reliance on a centralised identity system - the NID.

There are immense possibilities of quality public services from both the government and private sectors using the potential of the smart NID card.

The people of Bangladesh have widely adopted the cell phone technology. Since the mass penetration of cell-phone services and adoption of smart phone there has been a significant growth, with increased efficiency, in overall economic activities in the country. This Eid season around 10-15 per cent shoppers used their credit cards and MFS for transactions. One of the practical benefits of using such services is that shoppers don't have to carry large amount of cash with them and can safely conduct transactions.

The flip side of this technological development is misuse of people's personal information. This is possible now on a big scale due to epidemic- level spread of social-media users and the generated data, consumer meta data, industrial information breach etc. However, most the private data is leaked unknowingly - and sometimes willingly by the general people. This shows that fallibility of security and privacy is not so much a technological factor but a human one. The Facebook and Cambridge Analytica controversy surrounding the 2016 US Presidential Election is not due to technological frailty; rather the wrongdoing resulted from deliberate decisions to use such technology and its byproducts unlawfully.

It is therefore a social responsibility to make people aware that their NID, e-TIN etc. are very sensitive private information. The agents, institutions, vendors, and point-of-sale (POS) transaction handlers must be trained properly to maintain data security. Also, government and private sector companies that are using disruptive technologies should prioritise the training and institutional design to handle citizens' NID information and complementary data with utmost security.

The writer has recently received his smart NID card and then registered for several NID-based services. The experience of obtaining the smart NID card provided him an opportunity to compare the process to several other countries with such centralised ID system. During college years and afterwards in private sector the writer had to obtain similar identification devices/cards such as smart-chip cards, driver's licenses and RFID (Radio Frequency Identification) devices. The vetting process and security system for the personal data was state-of-the-art. The most significant part was the emphasis on user-level security education that is ensuring that human factor does not become the security issue.

Most of the identity theft cases and financial fraud using such centralised ID does not happen through advanced high-tech hacking. In most cases it is done through social engineering and using a large network of people who collects such information through different avenues such as MFS agents, POS computers, copying a simple ledger and, most of all, just by taking a picture of the NID or such. The financial fraud and such crimes have not been high in Bangladesh compared to the West. However, as the adoption level of such mobile transaction and other services linked with NID increases so does the risk of vulnerability. Government and stakeholders should push for aggressive top-down approach to increase security awareness surrounding NID-linked services. 

In developed countries such personal ID numbers are handled with utmost security and a socially engineered behavioural process that instills the idea in everyone's mind that such ID numbers are not only very much private but can also be used for identity theft, illegal financial transaction etc. In Bangladesh, with enough enthusiasm from private sector and policy support from the government the digital service sector is being integrated into government services, consumer economy and financial transactions. Based on one centralised identity platform, tax returns, bank accounts, mobile payment systems, utility payments etc. are becoming digital and easy. However, digital and easy are relevant terms in the context of Bangladesh and without taking proper safety measures this easy measures may become easy targets for disruptive crimes.

A robust and adaptive Cyber Security Guideline is required, which will be targeted to educate the country's population about their personal data safety. Recently Aamra Technologies and PricewaterhouseCoopers (PwC) Bangladesh have entered into  collaboration to set up a Security Operations Centre (SOC) at Jashore High-Tech Park. The SOC will focus on providing protective measures through active monitoring and assessment of enterprise systems. This is a good initiative for corporate and business entities. The government should also take up similar digital protection service.

One of the big policy challenges in terms of securing the digital data and building the required cybersecurity infrastructure is implementing behavioural engineering to influence the mindset of the people about personal data, NID and other relevant digital services. Bangladesh with its young population is assertively adopting disruptive technology and integrating itself into the age of data. The government must ensure the safeguards for data privacy and cybersecurity infrastructure otherwise a systemic failure of the digital infrastructure may destroy the faith people have on these new technology- based services.

Safwan Rob is Archer Fellow, Lee Kuan Yew Scholar


Share if you like