Driving Centers in Nepal: Unintentional Contributors to Security Challenges

sushil phuyal
4 min readNov 10, 2023

--

A data dump refers to the bulk transfer of data from one system to another, often involving the extraction and storage of a large amount of information in a single operation. In the context of Nepalese cyberspace, a data dump could occur in various scenarios, such as a security breach or a cyberattack on government or private databases. Nepal, like many other countries, faces challenges in securing its digital infrastructure against cyber threats. A data dump in the Nepalese cyber space could result in the unauthorized disclosure of sensitive information, potentially compromising the privacy and security of individuals, businesses, or government entities.

The Electronic Transactions Act, 2063 (2008) (ETA) serves as Nepal’s primary legislation governing electronic transactions and cybercrime. Despite lacking a dedicated section on data breach and privacy, the ETA incorporates relevant provisions to address these concerns. Section 44 prohibits unauthorized access, destruction, or alteration of computer source code, potentially prosecuting those breaching data systems. Section 45 prohibits unauthorized access to computer systems, databases, and networks, applicable to data breaches. Section 46 criminalizes damage to computer systems, addressing cyberattacks causing harm to data systems. General provisions like Section 47 prohibit the publication of morally objectionable material online. The ETA empowers the government to investigate cybercrimes, as seen in Section 51 granting the Controller access to relevant materials.

In the context of Nepal, an emerging security challenge in police and intelligence investigations is the inadvertent contribution of driving centers. Many of these centers, in their promotional activities, are posting results containing personal information on their social media platforms without considering the potential consequences. This practice poses a significant threat to individuals’ privacy and becomes a hurdle in police and intelligence operations. In the age of increasing cybercrime, law enforcement heavily relies on KYC (Know Your Customer) documents associated with SIM cards and bank accounts to track down suspects. However, the indiscriminate sharing of personal data by driving centers complicates this process, potentially leading to the misuse of sensitive information. As part of the broader issue, it emphasizes the need for regulatory measures and awareness campaigns to ensure responsible data handling by institutions that deal with personal information. As you can see below of a demo data I found from one of the driving center:

The example I’ve provided, involving the posting of a passout paper for a driving license on social media platforms, is indeed a concerning manifestation of digital harm. The inclusion of personal details such as citizenship information and date of birth in such images poses a serious threat to individuals’ privacy and security. Furthermore, the additional instance of posting images of a license paper containing an address, coupled with displays of valuable items like gold ornaments, introduces the risk of physical harm to the person involved. This kind of online behavior not only jeopardizes personal safety but also underscores the potential for misuse of sensitive information by malicious actors. It emphasizes the urgent need for driving centers and other institutions handling personal data to adopt stringent data protection measures and for authorities to implement and enforce regulations that deter such irresponsible sharing of sensitive information.

talking about challenge on investigation, one can use that data in the portal of government to fetch the information of an individual from https://applydl.dotm.gov.np/license-check

after filling the information in the portal:

It contains the legal document of a person, which could aid criminals in cybercrime attempts and identity theft. The major issue impacting security investigations in Nepal is identity theft.

Lets fight against cyber crime together, Jay Nepal.

--

--

sushil phuyal
sushil phuyal

Written by sushil phuyal

a weird guy who loves everything between security and internet

Responses (1)