In the past few weeks the Election Commission of Pakistan had hired the services of a certain Mr. Hayee Bokhari of Cronomagic Canada Inc, a data warehouse, to electronically host Pakistan’s election lists in safe custody under hacker proof conditions, on the face of it, it sounds honest enough, but probing a little further armed with the interview published by Canada.com of the company reveals some interesting and eye-opening flaws.
It must be mentioned that the list containing the 80 Million names of all Pakistanis eligible to vote generally does carry all our sensitive and personal information, ranging from our names, ages, home addresses, parental information and most importantly our ID Card number, if not anything else, simply said enough information to be a security risk. Paranoid as I might be all such information must be protected by the Government of Pakistan and ensured that it must never fall into the wrong hands, let alone transfer the data across the world via the Internet to a software house located in Montreal, try as much as you might, the Internet is considered highly insecure regardless of any number of security levels one might use, it is all crackable at many points along the route and definitely prone to data monitoring & mining. We all know that NSA does not hide the fact that it does data mining of all traffic going in and out of North America despite the attempt to block them in 2003 but I am certain that due to the sensitive nature of Pakistan practically all information coming out of Pakistan will definitely get ‘mined’ to help collect information for their efforts on the War on Terror in this region
I am quite sure that our local IT industry is not ‘that’ inept that we cannot host this information locally within our own secure premises which could be under the full control of the Government, heck it just requires a few good servers and a good firewall to keep hackers out and does not requires a braniac in Canada to figure this out. In all honesty I feel this is sensitive country information which should be housed and protected within the confines of our own territory, not handed over to some company housed in a foreign land in god knows where.
If the ECP was promised a hacker-proof environment then sadly even Bokhari himself admitted to Canada.com that “There is no 100 per cent solution, but in tests that we have run we did all right. Hackers that we deal with it tried to get in and couldn’t.” hence we are back to square one, the list is still prone to hackers and if a leak does accidentally happen then we can all sit here twirl our fingers, curse the living day lights at a company located 4000 miles away, damages and court proceedings will do little to heal the repercussion we will face if it were to ever happen.
The other problem is that the ECP plans to host this information online allowing all Pakistani voters to check their registration information at the touch of a mouse-click, brilliant idea. But herein also lies another problem, as this critical data is now going to travel across the Internet across the globe on each click, had it been stored locally in Pakistan then a web browser request would have simply been routed locally on a Pakistan wide fiber optic cable never needing to every jump on the Trans-world or the Flag Internet backbones (the only two Internet access points leading out of Pakistan)
The comedy of errors does not stop here as KO went further and dug up some really interesting information about Hayee Bokhari, a Pakistani by origin based in Canada also happens to be the founding member of a Pakistani match making website called Mehndi.com. A match-making portal geared towards the Pakistani market… I hope you all see the apparent business edge he were to have if he accidentally uses it there, he now has access to the 80 million eligible bachelors and bachelorettes with their entire biodata which includes their names, ages, addresses and parental information, there could easily be a good side to all this, since not a single Pakistanis will ever die without having found the right match on Mehndi.com, the complete solution to all our match-making issues for the next many years. Mehndi.com will always have the right match for you, heck if you don’t like the first set of choices they offer, don’t worry their database of 80 Million will definitely land you suitable option so extensive will be the search that you can locate your significant-other by address location (hence posh localities will always be in higher demand) – a brilliant business plan which is bound to be a definite success, the new motto at Mehndi.com could now be, Pakistanis will find the perfect match made
in heaven at mehndi.com – Money Back Guarantee
Shaji in an interesting comment on KO’s Blog points out that the domain of the Election Commission of Pakistan ecp.org.pk was registered by Hayee Bokhari back in 2002, so its apparent why ECP thoroughly relies on Hayee Bukari for his advise on such information. While KO does the mathematics ’80 million records – a simple calculation, say each record takes up 16kb – which is enough to store a whole lot of info then: 16 kilobits * 80 million = 152 gigabytes’ heck that much data can easily fit on one simple 500 GB Hard Disk already available in the market for roughly $150.
On one hand it could be possible that Mr. Bukhari might have the right intentions at heart but I would not trust anyone with this data and remain shocked that the Government of Pakistan has taken this issue so lightly, that they could NOT find a local company and needed to outsource to Canada, brilliant on one hand they talk about economic progress, soaring GDP etc etc while the government cant develop their own products locally even in the IT sector, talk about market confidence
For more information do check out KO’s Blog posts on this issue – Pakistan electoral rigging outsourced to Montreal & Dating service provider to match voters to politicians
Update: ReallyVirtual has an interesting post on the hack-safe ECP website