Nadra wants FIA official’s explanation over remarks

Published November 27, 2021
People stand in a queue outside a Nadra office in Sialkot. — APP/File
People stand in a queue outside a Nadra office in Sialkot. — APP/File

ISLAMABAD: A day after remarks of a senior Federal Investigation Agency’s (FIA) official about security of the National Database Registration Authority’s (Nadra) data set off alarm bells, Nadra on Friday rejected as misleading the claim of citizens’ data being compromised.

Making it clear that Nadra’s data was not available online and had never been hacked or compromised, a senior Nadra official said the Authority does not provide unauthorised access either to its databases or citizen ID data.

“Instead, multi-layered control mechanisms and well-defined policies and practices have been implemented for the security and protection of all data that Nadra stores by taking all preventive measures”.

He said the Nadra management has taken a strong exception to what he called an irresponsible statement issued by a senior government official and has requested the relevant authorities to seek an explanation from the officer concerned.

Says its data is not available online and has never been hacked or compromised

“These baseless insinuations carry unintended consequences, including reputational damage to the organisation servicing foreign governments and clients as the leading system integrator.”

He regretted that as the irresponsible statement came at a critical juncture when Nadra after a lapse of six years was re-establishing its footprints as one of the leading ID solutions providers in the world and establishing prowess as trailblazer in ID world, such an allegation may result in hampering its efforts to regain market place in ID world.

He said Nadra, as the national registration authority, ensures through its design, policies and practices that privacy of citizens’ ID remains utmost priority.

In this regard, Nadra has always developed its products, services and infrastructure by incorporating security by default (SbD) protocols that ensures the protection of data at utmost level.

In addition, implementing a privacy-by-design-and-security-by-default (PbD &SbD) approach, Nadra deploys four types of controls in order to ensure privacy and protection of data. Moreover, Nadra IT and information security controls are aligned with world’s best information and security practices and standard ISO 27001 (ISMS).

The IT infrastructure of Nadra goes through regular internal and external security audits and vulnerability and penetration testing.

“Nadra uses the Defence in Depth (DiD) multi-layered approach to cyber security in which a series of defensive mechanisms are layered to protect citizens’ data and information. If one mechanism fails, another steps up immediately to thwart an attack,” he explained.

Nadra Chairman Tariq Malik, when contacted, linked malicious and baseless stories against Nadra with the attempts of Pakistan’s enemies to trigger creative chaos and create a trust deficit between the State and citizens.

He was disappointed to see how non-technical bureaucrats and some public servants play naively in furthering the agenda of enemies.

“Nadra’s data has been compromised, it has been hacked,” FIA Cybercrime Wing Additional Director Tariq Pervez claimed during a briefing to the National Assembly’s Standing Committee on Information Technology and Telecommunication on Thursday.

He subsequently attempted to clarify his remarks and said that all of Nadra’s data had not been hacked. “During the SIM verification process involving biometric data, Nadra’s biometric system is compromised,” he said, without providing further explanation.

Later on FIA retracted from the rem­arks of the additional director made during the meeting of the National Assembly Standing Committee on Information Technology and Telecommunication.

An official statement issued by FIA authorities said, “It is clarified that no such statement was given about the hacking of data which had been misrepresented”.

Denying any such hacking of biometric data, Nadra in an official statement issued immediately on Thursday said Nadra multi-biometric data is secure and well protected from any hacking attempt.

Published in Dawn, November 27th, 2021

Opinion

Editorial

Judiciary’s SOS
Updated 28 Mar, 2024

Judiciary’s SOS

The ball is now in CJP Isa’s court, and he will feel pressure to take action.
Data protection
28 Mar, 2024

Data protection

WHAT do we want? Data protection laws. When do we want them? Immediately. Without delay, if we are to prevent ...
Selling humans
28 Mar, 2024

Selling humans

HUMAN traders feed off economic distress; they peddle promises of a better life to the impoverished who, mired in...
New terror wave
Updated 27 Mar, 2024

New terror wave

The time has come for decisive government action against militancy.
Development costs
27 Mar, 2024

Development costs

A HEFTY escalation of 30pc in the cost of ongoing federal development schemes is one of the many decisions where the...
Aitchison controversy
Updated 27 Mar, 2024

Aitchison controversy

It is hoped that higher authorities realise that politics and nepotism have no place in schools.