Nadra wants FIA official’s explanation over remarks

Published November 27, 2021
People stand in a queue outside a Nadra office in Sialkot. — APP/File
People stand in a queue outside a Nadra office in Sialkot. — APP/File

ISLAMABAD: A day after remarks of a senior Federal Investigation Agency’s (FIA) official about security of the National Database Registration Authority’s (Nadra) data set off alarm bells, Nadra on Friday rejected as misleading the claim of citizens’ data being compromised.

Making it clear that Nadra’s data was not available online and had never been hacked or compromised, a senior Nadra official said the Authority does not provide unauthorised access either to its databases or citizen ID data.

“Instead, multi-layered control mechanisms and well-defined policies and practices have been implemented for the security and protection of all data that Nadra stores by taking all preventive measures”.

He said the Nadra management has taken a strong exception to what he called an irresponsible statement issued by a senior government official and has requested the relevant authorities to seek an explanation from the officer concerned.

Says its data is not available online and has never been hacked or compromised

“These baseless insinuations carry unintended consequences, including reputational damage to the organisation servicing foreign governments and clients as the leading system integrator.”

He regretted that as the irresponsible statement came at a critical juncture when Nadra after a lapse of six years was re-establishing its footprints as one of the leading ID solutions providers in the world and establishing prowess as trailblazer in ID world, such an allegation may result in hampering its efforts to regain market place in ID world.

He said Nadra, as the national registration authority, ensures through its design, policies and practices that privacy of citizens’ ID remains utmost priority.

In this regard, Nadra has always developed its products, services and infrastructure by incorporating security by default (SbD) protocols that ensures the protection of data at utmost level.

In addition, implementing a privacy-by-design-and-security-by-default (PbD &SbD) approach, Nadra deploys four types of controls in order to ensure privacy and protection of data. Moreover, Nadra IT and information security controls are aligned with world’s best information and security practices and standard ISO 27001 (ISMS).

The IT infrastructure of Nadra goes through regular internal and external security audits and vulnerability and penetration testing.

“Nadra uses the Defence in Depth (DiD) multi-layered approach to cyber security in which a series of defensive mechanisms are layered to protect citizens’ data and information. If one mechanism fails, another steps up immediately to thwart an attack,” he explained.

Nadra Chairman Tariq Malik, when contacted, linked malicious and baseless stories against Nadra with the attempts of Pakistan’s enemies to trigger creative chaos and create a trust deficit between the State and citizens.

He was disappointed to see how non-technical bureaucrats and some public servants play naively in furthering the agenda of enemies.

“Nadra’s data has been compromised, it has been hacked,” FIA Cybercrime Wing Additional Director Tariq Pervez claimed during a briefing to the National Assembly’s Standing Committee on Information Technology and Telecommunication on Thursday.

He subsequently attempted to clarify his remarks and said that all of Nadra’s data had not been hacked. “During the SIM verification process involving biometric data, Nadra’s biometric system is compromised,” he said, without providing further explanation.

Later on FIA retracted from the rem­arks of the additional director made during the meeting of the National Assembly Standing Committee on Information Technology and Telecommunication.

An official statement issued by FIA authorities said, “It is clarified that no such statement was given about the hacking of data which had been misrepresented”.

Denying any such hacking of biometric data, Nadra in an official statement issued immediately on Thursday said Nadra multi-biometric data is secure and well protected from any hacking attempt.

Published in Dawn, November 27th, 2021

Opinion

Editorial

Mianwali raid
Updated 02 Feb, 2023

Mianwali raid

The military needs to share intelligence with civilian agencies to neutralise the militant menace nationwide.
Corruption unlimited
02 Feb, 2023

Corruption unlimited

PAKISTAN’S consistent slide on Transparency International’s Corruption Perceptions Index over the last several...
Women police officers
02 Feb, 2023

Women police officers

IN a heartening development, a second female police officer has been appointed as DPO in Attock, weeks after the...
Road to perdition
Updated 01 Feb, 2023

Road to perdition

This is also the time of reckoning for those who sowed the seeds of a disastrous policy against militants.
Transport tragedies
01 Feb, 2023

Transport tragedies

TWO tragedies over the weekend illustrate the weak protocols governing the safety of transport in Pakistan. In fact,...
Disqualifying Jam Awais
01 Feb, 2023

Disqualifying Jam Awais

IT appears that there may be some kind of small punishment after all for PPP lawmaker Jam Awais, who was pardoned ...