When it comes to IT in this country we are not having a great year, especially when it comes to IT involving health and security.
Last November, within days after launching a covid tracker by the government, several people were able to find vulnerabilities, and I was able to completely own the system.
Last week the .LK domain registry got hacked, and people visiting Google.lk was redirected to a defaced digital ocean droplet.
And today another privacy scandal involving government and healthcare.
The government started vaccinating people for the covid pandemic earlier this month. And when they started the vaccination the government launched a website for people to register and probably get an appointment for the vaccination.
However, within weeks of launching the app, the website was shut down several days back. However, it was brought to news today by Colombo Gazette.
However, the biggest concern is not that the website was shutdown, but what the website did during the time it ran.
Even though I didn’t signup for the website, most of my colleagues who are doing Health Informatics today told me that the website was asking some alarming details about the users who signed up to get the covid vaccination.
Some of the details it gathered included,
- The precise GPS location of the user
- The blood group
And several other personal details that were unrelated to getting the vaccination.
According to the government who shut down the website today, they are reasoning it that it was a pilot project and was a success. However, they had to shut the website down because of lack of resources to maintain the service.
But that is a reason that we can’t buy, because more advanced tools and apps were designed and maintained by smaller group of people.
But it was more like a pilot project to test a system to collect personal data, more than a system to collect information about vaccination registrations.
According to news sources there have been nearly 50,000 visitors to the website within one week, and great number of people who visited the website would have registered to get the vaccination.
But the privacy concerns are real, and I would not trust any IT solution that is given to me by the government unless they are not requiring any personally identifiable information, like live location etc.
The website has a message saying, it is under update and will be available shortly. Only time would tell how the update would look like.
I have reached out to more people to know more information that was collected, I will update the post as it goes on.
Read more about how we owned the COVID Tracker – https://github.com/rukshn/rukshn.github.io/blob/master/archives/easter/egg.md