You have probably heard about the different ways of checking if you are registered to vote for the next elections. But did you realise that the electoral commission actually allows anyone else to access some of your personal details just by entering your National ID Number?
Wanna give a try? -> http://electoral.govmu.org/portal/sites/electoral2014/default.jsp
Searching for an elector
Just enter the National ID card of the person you want to look for and click on the “Search” button :
For those who did not know, that’s my name above.
Other registered electors in the same household
Things get worse when they provide an additional feature : Get a list of all registered voters in the same household by clicking on the name in the previous result ;
How can this be potentially dangerous?
While it does not sound alarming at first, it can be, depending on how these information can be used and manipulated for evil needs.
Let’s say that you purchased a mobile phone at a shop. The owner has most probably your ID card number. He keys in the ID card. He gets a list of everyone else in your household who is above 18 years old ( and also, registered to vote). He can already include the list of your family members in his next marketing strategy.
That’s how sometimes you can’t understand how Company X got your home address and name correct when you never purchased anything from them!
Getting hold of your home address
Someone gets hold of a bank of data containing list of National Identity cards. It isn’t quite difficult when you think about it. Even the government has publicly made available several similar lists on the governmental web sites. One of my blogger friend, Ish Sookun wrote about these problems when names were leaked on the Tourism Authority web site and same on the MNIS web site.
That person keys in the ID card number and VOILA! He now knows your home address and also, the names of other people living with you too. Now, he can plan his visit to your house.
The risk of getting the online database exploited
Without any offense to those government officers, we all know how reliable our governmental institutions and services can be. It has already been proven in the past especially with the vulnerabilities in the online servers and after the huge problem affecting all governmental web sites and email addresses. By connecting the database containing details of about approximately 900,000 electors to the internet, I have some doubts. It might probably be among one of the biggest online database connected to the internet through which queries are being made from a Mauritian governmental web site.
Is the IT structure secure enough? How can we be sure that hackers can’t get access to those thousands of records?
How it could be made more secure?
That can be a quite challenging practical issue we have here. Those who log in the MRA web site to submit their annual tax returns might recall that no password is needed. You just key in your Tax ID to log in the web site to fill in the tax. However, no personal information is displayed.
The Electoral Commission should perhaps mask those details too. Taking into consideration that no authentification method is used and that anyone can access these details, why is there the need to display my own household members and the home address in this context?
A last point : Some might argue that those names are made available to the political agents during the election period. You have surely seen them in the corner of streets, drawing a line on the names of those heading towards the vote centers. Yes, that’s true but those lists are not available to the wide public, nor the names are grouped by households.
But don’t worry! The government has even further plans. Biometric National Identity Cards…