Nadra wants FIA official’s explanation over remarks

Published November 27, 2021
People stand in a queue outside a Nadra office in Sialkot. — APP/File
People stand in a queue outside a Nadra office in Sialkot. — APP/File

ISLAMABAD: A day after remarks of a senior Federal Investigation Agency’s (FIA) official about security of the National Database Registration Authority’s (Nadra) data set off alarm bells, Nadra on Friday rejected as misleading the claim of citizens’ data being compromised.

Making it clear that Nadra’s data was not available online and had never been hacked or compromised, a senior Nadra official said the Authority does not provide unauthorised access either to its databases or citizen ID data.

“Instead, multi-layered control mechanisms and well-defined policies and practices have been implemented for the security and protection of all data that Nadra stores by taking all preventive measures”.

He said the Nadra management has taken a strong exception to what he called an irresponsible statement issued by a senior government official and has requested the relevant authorities to seek an explanation from the officer concerned.

Says its data is not available online and has never been hacked or compromised

“These baseless insinuations carry unintended consequences, including reputational damage to the organisation servicing foreign governments and clients as the leading system integrator.”

He regretted that as the irresponsible statement came at a critical juncture when Nadra after a lapse of six years was re-establishing its footprints as one of the leading ID solutions providers in the world and establishing prowess as trailblazer in ID world, such an allegation may result in hampering its efforts to regain market place in ID world.

He said Nadra, as the national registration authority, ensures through its design, policies and practices that privacy of citizens’ ID remains utmost priority.

In this regard, Nadra has always developed its products, services and infrastructure by incorporating security by default (SbD) protocols that ensures the protection of data at utmost level.

In addition, implementing a privacy-by-design-and-security-by-default (PbD &SbD) approach, Nadra deploys four types of controls in order to ensure privacy and protection of data. Moreover, Nadra IT and information security controls are aligned with world’s best information and security practices and standard ISO 27001 (ISMS).

The IT infrastructure of Nadra goes through regular internal and external security audits and vulnerability and penetration testing.

“Nadra uses the Defence in Depth (DiD) multi-layered approach to cyber security in which a series of defensive mechanisms are layered to protect citizens’ data and information. If one mechanism fails, another steps up immediately to thwart an attack,” he explained.

Nadra Chairman Tariq Malik, when contacted, linked malicious and baseless stories against Nadra with the attempts of Pakistan’s enemies to trigger creative chaos and create a trust deficit between the State and citizens.

He was disappointed to see how non-technical bureaucrats and some public servants play naively in furthering the agenda of enemies.

“Nadra’s data has been compromised, it has been hacked,” FIA Cybercrime Wing Additional Director Tariq Pervez claimed during a briefing to the National Assembly’s Standing Committee on Information Technology and Telecommunication on Thursday.

He subsequently attempted to clarify his remarks and said that all of Nadra’s data had not been hacked. “During the SIM verification process involving biometric data, Nadra’s biometric system is compromised,” he said, without providing further explanation.

Later on FIA retracted from the rem­arks of the additional director made during the meeting of the National Assembly Standing Committee on Information Technology and Telecommunication.

An official statement issued by FIA authorities said, “It is clarified that no such statement was given about the hacking of data which had been misrepresented”.

Denying any such hacking of biometric data, Nadra in an official statement issued immediately on Thursday said Nadra multi-biometric data is secure and well protected from any hacking attempt.

Published in Dawn, November 27th, 2021

Opinion

Who bears the cost?

Who bears the cost?

This small window of low inflation should compel a rethink of how the authorities and employers understand the average household’s

Editorial

Internet restrictions
Updated 23 Dec, 2024

Internet restrictions

Notion that Pakistan enjoys unprecedented freedom of expression difficult to reconcile with the reality of restrictions.
Bangladesh reset
23 Dec, 2024

Bangladesh reset

THE vibes were positive during Prime Minister Shehbaz Sharif’s recent meeting with Bangladesh interim leader Dr...
Leaving home
23 Dec, 2024

Leaving home

FROM asylum seekers to economic migrants, the continuing exodus from Pakistan shows mass disillusionment with the...
Military convictions
Updated 22 Dec, 2024

Military convictions

Pakistan’s democracy, still finding its feet, cannot afford such compromises on core democratic values.
Need for talks
22 Dec, 2024

Need for talks

FOR a long time now, the country has been in the grip of relentless political uncertainty, featuring the...
Vulnerable vaccinators
22 Dec, 2024

Vulnerable vaccinators

THE campaign to eradicate polio from Pakistan cannot succeed unless the safety of vaccinators and security personnel...