Pakistan’s new online tax profiling portal sparks data privacy fears

1 / 2
A policeman walks past the Federal Board of Revenue (FBR) office building in Islamabad, August 29, 2018. REUTERS
2 / 2
The national flag is seen on the Federal Board of Revenue (FBR) office building in Karachi, Pakistan August 29, 2018. (REUTERS/File)
Updated 23 June 2019
0

Pakistan’s new online tax profiling portal sparks data privacy fears

  • Personal data of 53 million people uploaded to a new tax database accessible through a national ID card number
  • Legal experts call the system unsafe, unconstitutional, in violation of privacy rights

KARACHI: Pakistan’s new tax profiling system has raised widespread fears of data security breaches, with citizens saying sensitive data uploaded on the portal may be misused and legal experts calling it unconstitutional and in violation of the fundamental right to privacy.
The two online portals, unveiled on Friday by the Federal Board of Revenue, hold information regarding the bank accounts, properties, travel history, and other data of at least 53 million Pakistanis, collected from Pakistan’s primary citizenry database, the National Database and Registration Authority (NADRA).
The tax portal comes on the back of the annual budget announced earlier this month which targets a sharp hike in tax revenues for the new fiscal year to June 2020. Ending a culture of rampant tax evasion is also high on the list of conditionalities attached to a $6 billion International Monetary Fund bailout package (IMF) that cash-strapped Pakistan agreed to last month.
Pakistan’s history is littered with statements by incoming governments announcing crackdowns and pledging tax reforms that fizzle out because of a lack of political will to force the rich and powerful to pay taxes.
As of last year, only 1.6 million people filed tax returns in a country of 208 million. Out of them, 400,000 showed income below the levels that tax cuts in, another 200,000 had minimal tax, and only 950,000 paid tax of any significance.
“Just checked it out. Security is too weak. Should require payment by a card in the name of the payer — as email verification possible if mobile not in taxpayer name,” marketing consultant Assad Ahmad said on Twitter. “Just got my data without giving a phone number registered in my name and answering simple questions about family.”
Experts are similarly alarmed.
“When over 100 million Pakistani citizens were disclosing their private data to NADRA, the understanding was that NADRA would use it only for issuing them an identity card, and not betray them to the tax-man,” Umer Gilani, a lawyer who campaigns for the protection of privacy, told Arab News. “NADRA’s decision to merge its database with FBR’s database is unconstitutional. It violates the fundamental right to privacy guaranteed by Article 14 of Pakistan’s Constitution,” he said, adding that Pakistan’s courts had consistently ruled that the right to privacy extended to the privacy of people’s data.
Sharing NADRA data with tax authorities and uploading it on what he called “a low security online portal” breached confidentiality, and was unsafe, Gilani said.
The FBR insists the data is safe.
“We will ensure the security of the data,” FBR chief, Syed Shabbar Zaidi told reporters on Friday. “The data will be kept centralized at FBR headquarters, even away from regional tax offices,”
Few are not convinced.
“The concerns are that in the absence of data privacy laws, the data the government is collecting through different sources... where will it be utilized and who is authorized to use it?” Dr. Umair Javed, a professor of politics at Lahore University of Management Sciences (LUMS), told Arab News.
According to Javed, the new Pakistan system has borrowed heavily from the blueprint of the United States’ Internal Revenue Services (IRS) which also employs different sources to collect data about citizens.
“Is the government prepared to guarantee its (data’s) security and privacy is the biggest question despite their good intentions and purpose,” he said.
A draft law for personal data protection is pending legislation since October last year, while the government has launched a huge online portal packed full of accessible citizen data with effectively no data privacy laws in place.
“In case of any security lapse, (there) would be dire consequences,” Badar Khushnood, Vice Chairman of the award-winning Pakistan Software Houses Association for IT and ITES ([email protected]), told Arab News. “The law should have been passed before launching the system for the clarity of data privacy,” he said.
Dr. Ikram ul Haq, a legal and taxation expert agreed.
“Security review by independent agencies renowned for awarding certifications is missing... There is no guarantee that data would not be misused or abused by the staff with access to it,” he said.
“It (profiling system) is a good thing, but it must be ensured that the information is not leaked and misused for extortion or... blackmailing,” said Dr. Mirza Ikhtiar Baig, Senior VP at the Federation of Pakistan Chambers of Commerce and Industry. “Our concern is that it could be leaked and harm any concerned individual.”
Fears of a massive data leak are not unwarranted. In 2018, a cyber-security services provider, the Pakistan Computer Emergency Response Team (PakCERT), reported 1,340 cases of website defacement and hacker attacks on Pakistani web domains (.pk).
“The .pk domain was attacked all over the world where it is being hosted or operated. The data only shows that websites were attacked and not necessarily reflect that the inside of the organizations’ systems were attacked,” Qazi Mohammad Misbahuddin Ahmed, CEO of PakCERT told Arab News. “If the security of the system is properly audited then there (is) no breach,” he said, adding that he assumed the government would have put security controls in place for the tax profiling portal.
There are additional concerns including that it might not take a sophisticated software hacker to break into the system, and that anybody with access to another person’s identity card could get hold of the information by paying a Rs.500 (approx $3) fee.
“The government has made it a source of making money by charging us for our own information,” [email protected]’s Badar Khushnood said. “By using NIC (national identity card) of any other person, anyone can get registered with the portal and get information,” he said, adding that the system could be useful in the documentation of the country’s vast informal economy only if its security protocols were made foolproof.


India defends blocking politicians from visiting Kashmir

Updated 25 August 2019
0

India defends blocking politicians from visiting Kashmir

  • If everything is normal, asks opposition’s Rahul Gandhi, why are Congress leaders not allowed in Jammu and Kashmir
  • Hurriyat Conference has released its first official comment since the clampdown, calling for locals to resist New Delhi’s move 

NEW DELHI: Authorities on Sunday defended blocking opposition Indian politicians from visiting Muslim-majority Kashmir, saying it was to “avoid controversy” weeks after stripping the restive region of its autonomy and imposing a major clampdown.
India’s Hindu-nationalist government has been criticized by the main opposition Congress party over the contentious move on August 5 that brings Kashmir — which has waged an armed rebellion against Indian control since 1989 — under its direct rule.
The region remains under strict lockdown with movement limited and many phone and Internet services cut, although authorities say they have been easing restrictions gradually.
Former Congress president Rahul Gandhi, still a key figure in India as a scion of the powerful Nehru-Gandhi political dynasty, was earlier invited by local governor Satya Pal Malik to visit Kashmir.
But a video released by Congress showed Gandhi questioning officials about why he was stopped from entering Kashmir’s main city of Srinagar at the airport on Saturday.
“The governor has said I’m invited. He has invited me so I have come but you’re saying I can’t go,” he said.
“And the government is saying everything is OK, everything is normal. So if everything is normal, why are we not allowed out? It is a bit surprising.”
Regional police chief Dilbagh Singh told AFP police supported the decision.
“In an environment that is getting to normalcy, we didn’t want any controversial statement from anyone. That’s why they were asked to return from the airport itself,” Singh said.
Malik told the ANI news agency he invited Gandhi out of goodwill but that he then politicized the issue.
The controversy came as key separatist group Hurriyat Conference, a coalition of local political parties, released its first official comments since the clampdown and called for locals to “resist at this critical juncture” New Delhi’s move.
“Each and every person must face the naked Indian brutality with courage ... People should organize peaceful protests and demonstrations in their areas of residence,” top separatist leader Syed Ali Geelani said in a statement obtained by AFP.
The Hurriyat Conference, which supports Kashmir’s right to choose whether it wants to be part of India or Pakistan, added that Pakistan and the wider Muslim community should “come forward to ... help the besieged people.”
The call came as India’s home affairs ministry refuted a report by India’s News18 television on Sunday that the region was running out of lifesaving medicines, saying supplies were “slightly higher than the monthly average.”