By Shihar Aneez

COLOMBO – Sri Lanka has already taken measures to ensure the digital security of a unique identity card project funded by India, top officials who are directly involved in the project said.

The decision to award the tender to print digital ID cards for an Indian firm has raised concerns over data privacy of Sri Lankan citizens and protection of personal data.

“We have approval from the Parliament for the Data Protection Act. We are going to form the Data Protection Authority probably this month,” Technology Minister Kanaka Herath told reporters on Wednesday (6).

“We are also working on the CyberSecurity Act and it is to be finished by the end of this year,” he said when the media questioned the digital security measures the government authorities had taken on the unique ID.

India has already given an advance aid of 450 million Indian rupees to President Wickremesinghe’s government to fund its digital identity project, which aims to collect biographic and biometric information, including facial, iris, and fingerprint data.

The project is expected to store the personal data of every individual in a centralized system to issue identification cards as per the standards set by the International Civil Aviation Organization (ICAO), government officials have said, for effective and efficient delivery of government services, financial inclusion, and poverty reduction.

An Indo-Sri Lanka Joint Project Monitoring Committee (JPMC) has already been appointed to oversee the progress of the project.

Jayasiri Amarasena, a member of the technical evaluation committee for the Unique ID project and the former CEO of the country’s National Centre for Cyber Security Sri Lanka, CERT, said steps are in place to ensure digital security of the unique ID.

“In terms of security and data exfiltration, we have taken all the necessary measures. One thing is the data will not be in plain format. It will be in an encrypted format and that encryption is controlled by us,” Amarasena told reporters.

“Then the system is such that we have a perimeter defence where there will be no intrusion. It will not allow any intrusion. We will test for backdoors. So those technical measures will be in place to ensure the security of our own data and that cannot be breached by the country which is helping us or any other country.”

-economynext.com