My Authors
Read all threads
1/ Whatever 'good intentions' there may be, the launch of another PITB app integrating NADRA's database (Relief Management System) could be another data security disaster in the making. Dashboard link found through promo video shared by Governor Punjab's team. Won't mention here.
2/ Access to NADRA databases from an Android app which, among other things, allows for CNIC verification as well as uploading photo of hardcopy raises serious data security concerns. Observations from the promo video by Governor Punjab.
3/ An example of past PITB-NADRA data mishandling is an app for Punjab Police which was exploited/distributed in various forms by data sellers. Screenshots attached.
4/ Another example of PITB's mishandling of user data is Driving License Info Management System (DLIMS) through which you can access anyone's photo and driver license records if you know their CNIC number. You don't need a 'black app' for that. Won't share the process here.
5/ PITB has a criminal past record in mishandling data due to a combination of casual oversight, lack of adequate data security protocols during app development/integration and/or sabotage by unknown current/former employees.
6/ PITB's 'Privacy Policy' says they 'vow' (not 'take responsibility') to protect user data. If someone outside Pak misuses your data using their apps, nothing can be done. Also, there are no existing laws to protect your personal data.
Source: pitb.gov.pk/privacy_policy
7/ PECA is deficient, limited in scope, does not hold data controllers responsible for infosec. Unless the Personal Data Protection Bill is reviewed by all stakeholders and approved by lawmakers, all our personal data is a free-for-all and no one can be legally held responsible.
8/ Question for authorities concerned:

Does PITB have an international-standard Data Management Policy?
9/ Question for authorities concerned:

Are project managers and core software developers at PITB bound to sign NDAs? If not, why?
10/ Question for authorities concerned:

Is there a vigilance mechanism in place to ensure that PITB staff does not keep copies of official data or recklessly upload entire source codes online?
11/ Question for authorities concerned:

Has PITB ever conducted external/third-party digital forensic analyses of their critical information infrastructure, including data centre and computer systems/laptops/devices used by core developers?
12/ Question for authorities concerned:

Have lawmakers in Punjab (government/opposition) ever discussed data security issues with PITB?
13/ Question for authorities concerned:

Will NGOs that are members of the Punjab Development Network (PDN) have login-enabled access to this new Relief Management System app? If yes, have appropriate security guidelines and liabilities been shared with them?
14/ Question for authorities concerned:

To what extent is NADRA responsible for contributing to the integrity of this new PITB app?
15/ Question to authorities concerned:

Who is the Chief Information Security Officer (CISO) or equivalent in PITB?
16/ Last question for authorities concerned:

Who is that ONE person/entity to be held responsible if the new Relief Management System app leads to another sensitive data spill?
17/ As a resident of Punjab, I seek answers to the genuine questions I have posed, most of which have been framed in lieu of historical incidents.
18/ Distorting or questioning the bona fide intent behind these questions, by any or all concerned, will be perceived as attempts to circumvent accountability and transparency. Looking forward to detailed answers. Thank you.

[End]
@threader unroll
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Zaki Khalid

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!