You have probably heard about the different ways of checking if you are registered to vote for the next elections. But did you realise that the electoral commission actually allows anyone else to access some of your personal details just by entering your National ID Number?
Wanna give a try? -> http://electoral.govmu.org/portal/sites/electoral2014/default.jsp
Searching for an elector
Just enter the National ID card of the person you want to look for and click on the “Search” button :
For those who did not know, that’s my name above.
Don’t look so surprised please. http://www.dooshiantsinghblogs.com was a bit long, so I opted for http://www.yashvinblogs.com instead. ^^
Other registered electors in the same household
Things get worse when they provide an additional feature : Get a list of all registered voters in the same household by clicking on the name in the previous result ;
How can this be potentially dangerous?
While it does not sound alarming at first, it can be, depending on how these information can be used and manipulated for evil needs.
Let’s say that you purchased a mobile phone at a shop. The owner has most probably your ID card number. He keys in the ID card. He gets a list of everyone else in your household who is above 18 years old ( and also, registered to vote). He can already include the list of your family members in his next marketing strategy.
That’s how sometimes you can’t understand how Company X got your home address and name correct when you never purchased anything from them!
Getting hold of your home address
Someone gets hold of a bank of data containing list of National Identity cards. It isn’t quite difficult when you think about it. Even the government has publicly made available several similar lists on the governmental web sites. One of my blogger friend, Ish Sookun wrote about these problems when names were leaked on the Tourism Authority web site and same on the MNIS web site.
That person keys in the ID card number and VOILA! He now knows your home address and also, the names of other people living with you too. Now, he can plan his visit to your house.
The risk of getting the online database exploited
Without any offense to those government officers, we all know how reliable our governmental institutions and services can be. It has already been proven in the past especially with the vulnerabilities in the online servers and after the huge problem affecting all governmental web sites and email addresses. By connecting the database containing details of about approximately 900,000 electors to the internet, I have some doubts. It might probably be among one of the biggest online database connected to the internet through which queries are being made from a Mauritian governmental web site.
Is the IT structure secure enough? How can we be sure that hackers can’t get access to those thousands of records?
How it could be made more secure?
That can be a quite challenging practical issue we have here. Those who log in the MRA web site to submit their annual tax returns might recall that no password is needed. You just key in your Tax ID to log in the web site to fill in the tax. However, no personal information is displayed.
The Electoral Commission should perhaps mask those details too. Taking into consideration that no authentification method is used and that anyone can access these details, why is there the need to display my own household members and the home address in this context?
A last point : Some might argue that those names are made available to the political agents during the election period. You have surely seen them in the corner of streets, drawing a line on the names of those heading towards the vote centers. Yes, that’s true but those lists are not available to the wide public, nor the names are grouped by households.
But don’t worry! The government has even further plans. Biometric National Identity Cards…
Well…nothing surprising..we all knew it was gonna be shit…soon we will be sold like cattle to foreigners who require slaves…fingerprints are already there…just incriminate you in a crime, blackmail you about your family members… kidnap them…or so.. (total extreme..but then…) 😛
No capcha? You realize anyone can get all of these information about anybody by using a simple script right?
Holy shit. We need a batman or a Mauritian Edward Snowden.
Thanks for adding this point too 🙂
i guess this list was always available in print, so nothing extra.
Yes indeed, as mentioned in the last paragraph of the article. However, the names are not grouped by households. it is not correct, as far as I know.
Here the misuse of data will be from the marketer side. When you agreed to give your nid to the phone store, it becomes your responsibility as you decided to give that number voluntarily. As per data protection laws everywhere in the world, am organisation need to ask for the data only it needs for the purpose of the transaction and cannot store the data longer than needed. We may well ban the MT phonebooks too as it contain all such data.
Sometime we have to make a choice. Either we stay secured in our house or we take a few risks (accidents, weather, personal safety etc ) and we step out of our fortress. Another example, The best way to keep a PC secure is to keep it isolated, not linked to internet, no usb/disc use. No virus, no hacking, no nothing. Then whats the use?The same applies in most fields including IT and internet. We have to see where we get more benefits. We cannot just find evil in all actions. I am an IT person in private sector and i am not siding on public IT officers. This is an open debate and i just expressed my views.
Thank you for participating in the blog. Indeed, that’s true but still, there are privacy risks associated
Hi. You mentioned risks. Like what type of risks? Can you substantiate please.
Prior to giving access to these details through a public Web site, no one had access to the names of people living under my roof or even my address except of course the relevant authorities. Risks have already been detailed in my post.
most people create facebook accounts and agree to have their information given to anyone whos willing to pay for it. yet we all happily upload our pics and info and private life. so in terms of marketing we are already all doing it anyway.
HAven’t you heard of Privacy Settings? I’m on FB, and I have made everything visible only to a few friends. You can’t even find me if you search. It’s called using the brain.
its called using google… sorry if my brain is slow.