Britain to probe identity leak of Indian visa seekers

By Prasun Sonwalkar


Support TwoCircles

London : A Channel 4 report that personal data of Indian citizens applying for British visa in India may have been compromised due to flaws in the online application system there has prompted an investigation here.

The report, broadcast Thursday evening, said that a security flaw in internet visa applications to the British High Commission in India meant the details of 50,000 people may have been freely available online. It was a potential treasure trove for identity thieves and terrorists, the report said.

Soon after the report was broadcast, the Conservative party criticised the government for what it called the "Indian visa fiasco", and alleged that it showed that the Labour government was incapable of running the identity card project that is expected to be rolled out in the near future.

Damien Green, shadow immigration minister, told IANS: "This is yet another IT shambles from the government with serious implications for security. These details could be used by terrorists to enter the country illegally.

"This government cannot even run a simple on-line visa application system without betraying all the sensitive information. What hope has it got of protecting the integrity of the National Identity Card Register which will hold dozens of pieces of sensitive information of every adult in the country?"

The Information Commissioner's Office is Britain's independent authority set up to promote access to official information and to protect personal information. The Channel 4 report said that because data privacy may have been compromised, the Information Commissioner is to launch an investigation.

According to the report, the personal details of thousands of people wanting to travel to Britain was online, unsecured and available to anyone who simply altered a website address. It added that 475,000 Indians applied for visas to come to Britain last year.

Nearly 50,000 of them applied online, including one Sanjib Mitra from Bangalore. In April last year, he had trouble with his application and in trying to sort things out discovered he could access all the other applications that had been made online.

Visa processing in India had been contracted out by the Foreign Office to a private Indian company, VFS Global, the report said, and added that in a blog last week, Mitra revealed how he had checked and found the loophole was still there.

He reportedly emailed the company last year but heard nothing. He emailed the British High Commission, who two months later replied that they would look into it. He then alerted an Internet journalist specialising in computer security.

The report said: "Indian online visa applications have now been suspended. And we can reveal the security breach is widening – online applications from Russia and Nigeria, run by the same company, have been suspended too."

In February, the Foreign Office had reportedly awarded VFS a five-year contract worth 190 million pounds for visa processing.

The Channel 4 report quoted the Foreign Office as stating: "This VFS system is used only to record the details of visa applicants applying online through VFS, and to allow those applicants to see how long it will take to have their passport returned. It is not connected to the secure UK government information system used to process the applications."

The report added that the online system had been running since 2003 and was known to have been compromised for at least a year with tens of thousands of personal details up for grabs.