The capture, and processing of Online E-Government transactions, especially for applications of a sensitive National Security nature, needs to governed with strict Information Security assurance practice. One example of an E-Government transaction of a sensitive Security nature, is the Nigerian National Passport. The URL of the Nigerian E-Government Web Site is located at https://portal.immigration.gov.ng. Surprisingly, the WHOIS information for the URL revealed that Nigerian Passport Application Information are being hosted on by Rackspace.com Ltd, located in San Antonio, Texas.
The implication of this is that; a National passport Application Information acquisition System is being hosted at a Commercial Web Hosting company of a Foreign Country. Essentially, hosting Nigerian sensitive data on systems in Texas does not provide an effective Information Assurance model.
Not only are sensitive personal Information of Nigerian citizens being processed by Servers hosted by Rackspace.com. Also, since the Nigerian Web Site allows the processing of “Official Passports”, Passport Information belonging to High Level Nigerian Government official are also being stored at Servers hosted by Rackspace.com.
Potentially, passport Information belonging to the Nigerian President, Nigerian Secret Services, and other sensitive government personnel are all accessible by employees of Rackspace.com.
Another issue besides the fact that the Nigerian Passport Application System does not have any way of validating the identity of the Passport applicant online, (the system allows anyone to apply), is that the E-Payment method for processing the Passport Application uses the Google Credit Card Payment System. Not only are personal identity Information stored in Texas, Credit card Transaction Information are also being processed by Google.
The national security implications of the Nigerian Immigration passport processing System are without a doubt left to the mercy of American Systems. There are fundamental E-government data security questions regarding how data is stored, processed, and distributed.
---
Autor(en)/Author(s): Femi Oyesanya
Quelle/Source: NgEX, 15.09.2008