Tasima chief executive Tebogo Mphuti refutes claims his system has been hacked in this exclusive interview with BusinessLIVE.
Tasima operates the electronic National Transport Information System (eNaTIS), which manages SA’s driver and vehicle permit system.
He challenges all hackers to try and hack the system and bring him proof because he says it has never been done and never will be done in the future.
See the video Clip here
Tasima operates eNaTIS, which manages SA's driver and vehicle permit system, which ran into significant downtime and information error problems in 2007, with its website reportedly being hacked at the time.
A story appeared in July 2011 which said cyber criminals suspected of recently hacking into the system have been arrested. The mastermind allegedly had a laptop with an eNaTIS database and the capability to produce vehicle license discs, the report said.
Legal experts said last week that breaches of privacy legislation were on the rise, with calls mounting for any organisation wanting personal information to justify that need.
A report at the end of last year said government had launched a massive investigation into more than 50 vehicle testing stations which had issued over 20,000 fraudulent roadworthy certificates.
According to ArriveAlive some of these "death traps" (unroadworthy vehicles), which account for 80% of all road accidents each year - included a minibus with its dashboard held together with hangers, window frames held together with screwdrivers and rusted floorboards.
However, the probe was triggered by a dossier given to Minister of Transport S'bu Ndebele by a group of whistle-blowers from the National Vehicle Testing Association and eNatis itself.
The dossier, which listed questionable vehicle testing stations in KwaZulu-Natal, Gauteng, Limpopo, Mpumalanga and Eastern Cape, states that more than 20,000 "death traps" were given official roadworthy certificates, without even being tested.
At a Cliffe Decker Hofmeyr seminar last week, director of employment Faan Coetzee said serious debates were arising around records obtained by tracking the movement of people when using mobile phones, while the eNatis electronic vehicle registration system in SA - which led to thousands of people being turned away from vehicle testing centres in 2007 due to persistent system downtime - have raised serious questions about confidentiality.
Claims doing the rounds have included that no passwords were needed to enter the system as an administrator and documents were not secure as they could be circulated without protection. The issue was not helped by a sudden eruption of incorrect driving license information soon after the system was implemented - which the transport department refuted, saying it was not due to the electronic system, but due to human error.
This was where Mphuti got hot under the collar - he denied the data system has ever been hacked into and was keen to "address this misperception". In 2007 the website was hacked into if reports are to be believed, but not the data centre, and Mphuti is not aware of any hacking into the website or data centre since.
He explained that while 4,000 PCs were linked to the system around the country, a separate password control was needed to access the data centre, which was controlled internally. "It is not possible to get into it," he said.
He said the issue needed to be looked at from where potential vulnerabilities may lie - but these were external to his realm. One such area could be with the metropolitan police departments when they called on data for traffic violations. There was little control over what happened to the information when it was given over to other parties in the process of capturing data for fines, as three external suppliers manage it, meaning it was possible that they could get hold of the data.
Information was also given to banks for vehicle financing purposes, but Mphuti said his business first verifies that someone had been financed before dispensing any information, and then they also didn't give out personal details off their system.
He said it was important to distinguish between forging a license disc and cloning a license plate, as cloning of a license plate could be done fairly simply, but not so with a license disc, which has high security features [which cannot therefore be disclosed] but which law enforcement officers apparently know about.
Tasima was formed in 2002 to create, effectively manage and refine the eNaTiS project on behalf of the National Department of Transport and the nine provinces. December 2009 brought structural changes and streamlining to Tasima when arivia.kom (the state-owned IT company formed out of the merger of the IT businesses of Eskom, Transnet and Denel) sold its shareholding to Thuthukani Information Technology Services (Pty) Ltd and Webcom Consulting (Pty) Ltd, both of whom had been involved in the eNaTiS project right from the start.
Mphuti said restructuring resulted in an improved, unified company structure and Tasima, ISO 9001:2000 certified for its quality management system, was now actively pursuing road-traffic-management-related projects on the continent and beyond.
The system was handed over to Namibia by the Department of Transport earlier this year in a further attempt to weed out car theft, track hijacked vehicles and fight cross-border crimes. Mputhi said plans were afoot to provide the software in Lesotho and Mozambique as well, which would improve recovery and hopefully reduce theft across SADC. It was not yet known if there was any revenue to be gained, but at the time it looked more like a government initiative across SADC.
Another positive development, which Mputhi hoped would come to fruition in September or October this year was to provide for the renewal of licenses online off the eNaTIS website.
Mphuti says this was nearing completion as the payment system via the banks was currently being tested. He said the aim was to take people out of queues and make the process more user friendly.
Mphuti felt Tasima was an example of a "classic public-private partnership" that was working. He noted the benefits of the streamlined system, which could now handle nine million vehicles from the five to six million registered vehicles in 2007, without capacity or apparent cost constraints.
In 2008 it emerged that the cost of the system had doubled to 600 million rand from an initial 354 million rand, with some reports claiming this money had been "lost" due to the problems and the potential need for a new partner to be found. Mphuti was not keen to discuss costs as they they were variable depending on the demands and growth, but provinces currently made around 1.7 billion rand off license fees alone in a clear indication the system was starting to pay for itself despite the early hiccups and hacking problems.
Let's hope the cyber crooks remain in the dark on this particular system as it contains the valuable personal information of South Africans earning an honest living.
That doesn't mean they won't keep trying. Hackers recently gained access at Sony, Citibank, the IMF and others. The UK government in 2007 famously lost a computer disc containing the child benefit records of more than 25 million people.
