[ad_1]
May 13, 09:20
What the state, companies and citizens must understand in a situation of data leakage
The other day there was a massive leak of personal data of citizens of Ukraine: the data of a large number of citizens ended up in the chat bot UaBazaBot. The bot offered to enter, for example, the name of a citizen of Ukraine and receive personal data, even emails and passwords for them. According to the owners of this bot, it had 327 million entries and 4.5 billion user names and passwords. This is definitely perhaps the biggest data leak in Ukraine’s history.
As a step?
Most likely, it was not hackers who did this, but ordinary workers. (or contractors) owners of state records for subsequent sale.
Does the project have a relationship to this?
Technically, Diya most likely has nothing to do with it. The Ministry of Finance has already stated that the project has nothing to do with this leak.
But communication, yes, because a large-scale IT project obviously becomes the epitome of state information technology. And therefore it will constantly be associated with all the problems in IT sphere.
The fact is that:
- With the state of IT there are systemic problems throughout the history of Ukraine.
- There are many reasons, and describing them for sure will not work within a column;
- The public sector is becoming more digital and therefore vulnerable.
- Many state IT services in Ukraine are in private hands, because the support is provided by external contractors who can access productive data.
What should the state do in this situation?
A holistic approach is required for the development of IT services. Of course, it is not a Unified Comprehensive Architecture Plan for all IT. But we urgently need general principles: approaches to selecting technological architectures, principles to organize information security, approaches to data protection, approaches to building services. This is actually what is called IT policy.
- Maximum possible openness: code, development, selection procedures. This is not the only tool to build trust in public services, as well as anyone’s ability to verify the reliability of protection.
- The work of law enforcement agencies and the judicial system becomes critical (how for all areas)
- The critical thing is fast and transparent communication. Thus “a plus” in MinTsifri’s karma, which reacted quickly
There is bad news for successful reform movements: you will be responsible for your colleagues’ problems. Because for a citizen we are all a state. And the fact that, for example, Prozorro does not catch criminals remains the problem of our reform. Similarly, Diya is now forced to answer for IT issues rather than enforce the law.
What should a company do?
The state alone can never master the advance to quickly rectify the situation with IT. Therefore, open collaboration, ecosystem solutions are really necessary. For example, the Prozorro system in the next few days will launch a permanent program to search for vulnerabilities in the system. (insect reward) and encourages everyone to participate in it: this is a tool when, thanks to cooperation with the private sector, a state-owned company can get rid of problems in the future.
An active position and a willingness to join IT services and the legislative field often provide new opportunities, for example, as is the case with the Cloud Cloud bill in Ukraine Cloud First
What to do to citizens:
- Unfortunately, we must proceed from the position that all the data in the state can be stolen.
- Digital hygiene skills must be developed
- Finally, you must be prepared to defend your digital rights.
Meanwhile, UaBazaBot has closed. Well, in the absence of justice and punishment in our society, so far the only chance to end crime is to attract a lot of public attention.
