Government to launch mobile app to deliver services digitallyIT experts say use of mobile SIM card registration data for applicant identification problematic; raise concern over cyber threat and misuse of digital information by the state.
The Prime Minister’s Office is currently working to develop a mobile application—Citizens App—to deliver a variety of citizen services digitally. The app intends to use the SIM card registration data to identify the applicant.
Accordingly, acting on the request of the Prime Minister’s Office, the Nepal Telecommunications Authority last week urged mobile phone users to use only those SIM cards that have been registered in their names. It also called on everyone to immediately register their SIM cards in their own names.
Current plans for the ‘Citizens App’ include applying for driver licence, Permanent Account Number, Public Service Commission examinations, land registration, company registration, social security and civil registrations such as births, marriages and divorces.
“After the app is installed, we will send a verification code to determine whether the SIM card has been registered in the name of the service seeker. We will also verify with the Nepal Telecom Authority whether the SIM card has been registered in the name of the concerned person,” said Asgar Ali, an IT consultant to the prime minister. “Once one puts the passport number or citizenship number on the app, we share the information to the concerned government office which verifies the details with the digitally shared information of service seekers from other offices and provide service digitally.”
Once the app comes into operation, according to Ali, service seekers will no longer need to visit the concerned offices with photocopies of their citizenship certificates and other personal documents to get the work done.
“We plan to launch this app in around two months,” he said.
Experts in information technology say although delivering services digitally is a good move, the government needs to ensure that the digitally provided information by the applicant is not used for purposes other than providing the service sought by the applicant.
“Nowadays, a mobile app can also be tracked to identify personal behaviour of an individual. We still don’t have a law on data privacy. While promoting digitalisation of government services, we need to introduce laws on digital privacy first,” said Bijaya Limbu, co-founder of Bhairav Technology, a company which works on cybersecurity.
According to Limbu, the mobile app should also be audited through third party software and a robust firewall should be built to ensure that the applicant’s private data is secure from hacking attempts and misdirection.
However, Ali said the new system would not violate the privacy of any person. “There won’t be personal data in the app anyway, hence even in the event of hacking, no damage will be done,” said Ali. “The mobile number, its International Mobile Equipment Identity, or IMEI number and personal details will be on the server—not on the app.”
Security experts say that could be an issue as the servers are vulnerable too. If not adequately protected, data stored on servers can be hacked, which has happened on numerous occasions throughout the world.
“It does not matter whether you have personal information on the app or not, because that can be a gateway for hackers to reach the main server,” said Limbu. “They can also target the server directly. So, sufficient security measures should be taken in both main server and apps.”
To aid the government initiative, Nepal Telecommunications Authority is also preparing to put a cap on the number of SIM cards a person can register in their name.
Currently, people can obtain as many SIM cards as they want.
“We plan to limit the number of SIM cards which can be registered in an individual’s name to two per telecom company,” said Purusottam Khanal, chairperson of the Nepal Telecom Authority.
Officials say by capping the number of SIM cards one person can use and requiring people to only use SIM cards registered in their own names could help reduce crimes as well.
“Even now, using SIM cards registered in other people’s names is illegal. But SIM cards are being distributed haphazardly which has made security vulnerable,” said Khanal. “So our effort is not only to support the government to provide services digitally, but also to control crimes.”
The Nepal Telecommunication Authority, the regulator of the telecom sector, does not have exact data on how many SIM cards are in use and how many are registered in other peoples’ names. But according to Khanal, an estimated 50-60 per cent SIM cards are registered in the names of original users.
Experts point out that with such imprecise SIM card registration data, the application of the ‘Citizen App’ would be problematic. “Until you register all the SIM cards in the name of original users, questions may arise about the authenticity of the data and create problems in operation of the system to deliver government services,” said Limbu.