Sunday, February 4, 2018

Personally Identifiable Information - Free of Cost. Wanna know how?


Recently, one of my friends told me about an application (mobile app) which could easily fetch a lot of details about a vehicle and its owner. I was quite intrigued and decided to check this app out. When I logged onto the Google Play store, I found that there was not just one app but multiple apps which are offering anyone’s details free of cost to everyone in this world.

Well, the first one of them is “RTO: Vahan Vehicle Registration”. It is quite simple. You just need to enter the vehicle’s number and voila, you get a trove of data. The app claims to provide you the following details - Owner Name, Address, Age, Engine Number, Chassis Number, Vehicle Registration Date, Vehicle Registration City, Type, Model, City, and State. The second one is “RTO Vehicle Information”. It also offers same details free of cost to you.

These apps only work for vehicle registration in India. 

Screenshots of the apps - courtesy Play Store:


      



While the free service is appreciated, there is no need to offer somebody’s privacy and personal details on a silver platter to anyone in the world. Consider the following cases (hypothetical) in ways by which the data can be misused:

Case 1: Address Misuse

Consider a lady traveling in her own car to the office every day. She uses her personal vehicle to make this trip. A person who would like to know as to where she lives would just need to note down her car details and the application does the rest. 
That can be further misused in several ways.

Case2: Data Collection by Insurance Agents

We receive multiple calls of loan offerings, insurance offerings etc. every day. These apps can easily be used by insurance agents to contact the owners offering insurance offers based on the vehicle registration details. 

 A lot of this information may be classified as Personally identifiable information (PII) which these apps are providing to unauthorized users across the world.

Although these apps claim to provide several benefits yet these apps have a lot of privacy concerns. In my opinion, such services should be limited to the law enforcement authorities or some specific stakeholders only.

The issue is not just limited to such applications on the play store. There are a lot of websites which ask you to provide a lot of information before you can download anything from their website. Yes, in those cases, it is not displaying your data as these apps are showing, however, if those websites do not put in requisite controls to protect that data, the issue at hand remains the same.

What do you think of this? Is this debate on PII sharing and privacy valid basis the information shared above?

Would love to hear if you have found similar apps or websites which gather or showcase the PII.

No comments: