Last night while chatting with some folks someone tossed, "you know MNIC website is in UK". I smiled (^^,) ...
Is www.mnic.mu really outside Mauritius?
Let's find it. How? Internet provides a myriad tools that could come handy when looking for information. I'm going to use a visual trace tool provided by www.yougetsignal.com.
The Visual Trace Tool resides in Switzerland and that's why the map will show beginning of a black line (see point #4) from somewhere within the Switzerland area. It should then end (see point #10) at the point/country where the website is located. Oops! It does not end up in Mauritius. That's the United Kingdom. Hey wait! Isn't MNIC.mu a property of the Government of Mauritius? Shouldn't it be on the local servers where all government services are running?
Okies, we now know the MNIC website is in UK, let's find out which company is hosting the website. For this we shall use another online service which is simply called www.whoishostingthis.com.
It's now confirmed that the MNIC website is outside the Mauritian territory, residing on a server located in the UK, which is owned by a company named eUKhost.
This again casts doubts over who designed the website & who manages it. If the website was done & managed by the officials working under the MNIS Project, shouldn't it be running on government owned servers, which are in Mauritius? Well, doubts... doubts! It maybe the website project was awarded to a third party but there wasn't any such announcement anywhere. Thinking of the cost of the MNIS Project, I wonder if the MNIC website had a budget of its own.
I should remind that this website has exposed serious privacy concerns with the use of Google Drive (cloud service), which I believe in "high security" environments shouldn't be allowed. It also revealed multiple design flaws that still lurk the website, without forgetting the database that was left exploitable (oh, it was fixed yesterday without any notice).
So far, I didn't talk about the MNIS (Mauritius National Identity Scheme) Project because as I mentioned earlier I don't know about its infrastructure, its technicalities, its governance and its hosting environment. The only assurance that has been given to citizens is that it is Highly Secured. We have already seen the security of a child project (MNIC website) under the MNIS campaign. No security audit (if any were made) concerning the MNIS infrastructure were made public, as far as I know.
Watching all these I turned towards the Data Protection Office if anything were made available there. I clicked on the News tab and #facepalm, yet another piece of broken code.
Their mission statement is interesting however, it reads as follows:
A few days ago PMO released a communiqué in relation to the recent revelations. I checked the PMO website to find more information about the communiqué. Oops! It's not there. It seems like the communiqué was sent only to MBC. It should have been first published on the pmo.gov.mu website, which is the official channel of the Prime Minister's Office. Otherwise, what's the use of a Rs 50M eGovernment Portal when you don't even use it.