Sat 1 Sep 2007
e-Government in Kuwait
Posted by Bashar under Kuwait, Privacy, Reviews, Security, Technology
Kuwait has been promoting the e-Government at least since I was in college. How every thing is going to be electronic, and how the services will be all available online. In the past few years, several advancements have been made. In the MOI, you can view your speeding tickets and pay them online, see passport status, driving license, see if you have any travel prevention, gun license. In terms of jobs, and through the Civil Service Commission, you can apply for government jobs online, see the vacancies and specify your desires as well. You can request a sick leave, go to Dr. next day and he will print and fill the form. No need to consult your job location first. This is really great, and we definitely want more of it, BUT…
Online services is something that needs planning, stable implementation and rounds and rounds of testing. The way I see it, Government seems to have cut things short and ignored some critical parts. To begin with, we have the privacy and security of the systems. How can a person authenticate him self as the specific individual who is allowed to see the data, and how can we make sure no intruder or outsider gets also access to this data. The way it’s done right now is mostly depending on the person’s Civil ID number. We all know that this kind of information is not confidential. It’s something that identifies you, but it does not authenticate who you are. For example, the guy in the bank has access to thousands of Civil IDs. I was working in Kuwait University and I had access to hundreds of thousands as well. My employer has that kind of information. Many people just have it. It’s not something I can hide from the world. So imagine that by knowing my Civil ID number, you can see if I have speeding tickets, if I have gun license, my passport information, who I am ensuring, and lots of more information. It actually happened to me once as well. My uncle told my father you have a speeding ticket. Why should they know that? Maybe I don’t want them to know it.
Say this is not enough? The MOI it self posted sometime back with a flashy sign an excel sheet with the full list of eligible voters with their civil ID. So pick your name from here and paste it there. It’s that simple! This is in regard of the MOI. For the Civil Service Commission, it gets even worse. Someone could be driving your future without you knowing it. You must sign there to specify your jobs. The only authentication again is your Civil ID. Provide it and you are good to go. Then you can see your information, available vacancies for you, and alter the jobs you want to apply for. Most these windows open inside an IFRAME. Open the IFRAME it self in a new window and you will see this:
My first program example “Hello World”. For non-programmers, Hello World tends always to be the first program you write. Just a dummy program to print this message. It seems the programmers were in a rush and just left the title as it is. Now as for the security, let’s say that soon the authentication model is changed, and a password is applied. Does that mean we are safe? Not without a thorough testing and revamp of the current security model implementation, No. You know why? Because if you open one of the IFRAME windows in a new screen, you will see this is the URL:
http://www.csc.net.kw:8888/csc/SpecialNeed.jsp?kk=13&cv_id=<civil_id>
Where <civil_id> is your civil ID number. Change it to any other person number and you got it. So it’s a matter of passing parameter only. This is one of the oldest tricks in the book. I can’t say now they missed it because Civil ID is already the mechanism of authentication so it’s the same thing anyways. But at least make it not that obvious and a bit future ready.
Again, as I said before, things are moving forward. I just knew you can pay your speeding tickets online. Something many people would like to do. However I don’t see it moving in the right way. Specialists must be following up with the implementation and ensuring the security and integrity of the data. The ultimate solution in hope for is one secured login credential for all government services and sites. Not a walk in the park I know. But unless this security issue is addressed right now, more and more services will come and reside on the existing weak model implementation.
Popularity: 66% [?]
September 1st, 2007 at 1:15 pm
eesh :( They certainly didn’t spend much time on planning this.
Honestly though, what did you expect from governments? They probably had a huge budget for this, chose the cheapest solution from an unknown company (which had a was6a and a stake), ate the rest of the budget and lord knows what else.
I’m completely disillusioned with our government. The amount of incompetency there is astounding. It’s either that, or they simply don’t care.
To whoever proposed this e-Gov, I tip my hat to you, bas rabe3na mo awadem :(
Also, WHY do they think Flash introductions are cool!? Hell, why are they using flash menus? Is this like a one shot design where it will never be updated or something?
Man, we need to form up a Kuwaiti geek squad and shape these guys up. That actually doesn’t sound like a bad idea right now. There’s plenty of talent from the blogs I see, this one included.
September 1st, 2007 at 1:20 pm
Bojacoob: I am flattered by your complement. I disagree with one thing in your comment. cheapest. If you haven’t been in government l me tell you, they so often pay BIG AMOUNTS which is why companies strive to win their contracts. Delivery is something different, and YES ofcourse wasta decides :)
Forming up Kuwait geek team. I’ll have to say, I didn’t expect to find that many geek blogs in Kuwait. Yours was one of the first, and they do exist! Problem is the politics and government nature, not the technical skill I’d say.
September 1st, 2007 at 1:23 pm
I really have no clue what goes on in there, you may be right, I don’t know :(
I’d certainly love to do something about it. Maybe at least counseling, telling those guys the site is a threat to all mankind.
September 1st, 2007 at 2:24 pm
Bojacob: Perhaps trying to discuss it here would attract their attention. Problem is government doesn’t do counseling with individuals as I know.
September 1st, 2007 at 6:20 pm
There are a lot of things that are holding eGovernment projects back including non technical legal issues like Digital signature ..
also when eGovernment technical consultants meet ministries to design and plan the automation of their services, they suffer the fact that they do not have a clear process to be automated in the first place ..
-
@bojacob:
about that flash intro’s they are not compatible with the lowest levels of useabelity that should be implemented in any website , let alone an official government website !!
September 1st, 2007 at 6:28 pm
MrMMM: Very true what you say. But the problem is, I don’t see them caring about legal issues at all! Where is the authentication?
About the flash, I forgot to comment on it. Many government sites use rich heavy flash to WOW people as if it is the whole idea behind it. Forgetting this is only extra load on our slow bandwidth. You put flash for homepage to impress your friends. When you have new service you want to WOW people. Real estate huge projects. Not ministry site. They way they work I believe is, you have a PC. You have no task to do. You do some flashy or small web application. manager is happy. Launch it!