CHENNAI: The lack of any user authentication on the Greater Chennai Corporation’s (GCC) online portal for downloading birth and death certificates, which practically permits anyone to download the certificates of anyone else, has raised concerns about data privacy, misuse and vulnerability for targeted cyber attacks.
The online system, ever since its introduction in 2008, has allowed unrestricted access to birth and death certificates by simply entering the date and gender, without requiring a name, mobile number, OTP, or any other unique identification. The system then lists the certificates of every person matching the date and gender that can be downloaded.
Strangely, the Captcha used in the portal, a first-level defence to prevent automated bots from using any online system, is also ineffective in this case, as it is in a machine-readable text format that can be copied.
According to GCC’s online data, as of 2017, over 1.24 crore birth certificates and 31.23 lakh death certificates have been downloaded from the portal.
An Indian citizen living in Singapore, who recently tried to download her birth certificate, said she was shocked by the complete lack of security measures. She added anyone with a rudimentary knowledge can use AI tools to write code that can download these records en masse. She wondered whether the government has studied the ways in which this could be misused.
Responding to the concerns, a GCC official from the IT Cell told TNIE, “The system was built following the government order and the rules framed under the relevant Act (Registration of Birth and Deaths Act)”. The person contended that these rules did not impose restriction on anyone to access the certificates of anyone else. “If we add mandatory fields like registration number or even OTP, it could make the portal less user-friendly, especially for people unfamiliar with the details,” the person added.
Sathish Galley, a resident of Sholinganallur, added, “If these documents are misused, there is currently no accountability. The corporation must take responsibility and ensure our private data is safeguarded.”
“There are real risks of misuse, especially with death certificates, which could be exploited in illegal land registration cases. At least a basic OTP-based mobile authentication would enhance security,” C M Ramesh (70), a resident of Mathur, told TNIE.
GCC commissioner J Kumaragurubaran assured the civic body will work on enhancing the security on the portal. “At the least, a login system with user ID and password will be introduced, so that misuse can be traced through IP addresses,” he added.