It’s startling how casually authorities in Pakistan take and handle something as sensitive as personal data of its citizens. In one of its recent briefings to the Senate’s Standing Committee on Information Technology and Telecom, Pakistan Telecommunication Authority (PTA) has admitted that the personal data of passengers bringing in smartphone devices from abroad and registering them with the authority to be used in Pakistan has been leaked and that it is now being misused.
PTA did not say exactly who has access to this data and who is misusing it but it said it’s happening with the help of travel agents and other people handling data at the airport.
Exact number of those affected is not clear but PTA said its system has registered as many as 663,622 personal users in its mobile devices compliance system since February. If the leak happened at PTA’s system then it means data of all those users could have been potentially compromised.
It was revealed that local shops are also registering users after taking their personal data and then not handling it properly which the PTA admitted was due to the “same misuse of passenger’s information which is put in the portal and the phone gets registered.”
PTA kept using rhetorical “our system is foolproof” narrative to the committee which rightly grilled it for lack of success of the system. The committee criticised the system saying that this was supposed to generate revenue but it has caused more trouble and inconvenience.
This is a typical case of failing to deliver after making tall claims of ‘innovation’ and half-assed projects. PTA first started threatening users of shutting down the devices not registered with it last year and then urged the users to register it. A major leak like this one is bound to shatter confidence of the users who will now be more hesitant to register.
The jingoism doesn’t stop here. The country’s Prime Minister Imran Khan was seen urging the Muslim nations on use of technology and throwing buzzwords like Blockchain and Artificial Intelligence in his Organisation of Islamic Countries (OIC) Summit address in Makkah. He should really but his money where his mouth is and fix the technology disasters at home.
It’s admirable that the Senate is grilling PTA on it but grilling is not enough. We need those responsible behind the leak to be held accountable. But how exactly will you do that in face of lack of data protection legislation? And of course, the state has no interest to safeguard the personal data of its users because then how else will they thwart the country of “5th generation warfare” if they can’t even abduct citizens and seize their devices and steal their data?