Security audit team mentions that this system is not in the interest of govt or the people
KATHMANDU, March 27: The Department of Information Technology (DoIT) has submitted a report to Prime Minister Pushpa Kamal Dahal, pointing out the flaws in the electronic driving license and vehicle registration system of the Department of Transport Management (DoTM).
The security audit team led by Director General of the Department of Information Technology (DoIT) Prem Sharan Shrestha submitted the report to the Prime Minister saying that the system is flawed. The audit was initiated by the government following the discovery of over 100,000 fake licenses.
The "Technical Security Audit" conducted over a two-month period revealed alarming vulnerabilities, including the potential theft of Nepali citizens' biometric details through system hacking, as disclosed by a reliable source at the Prime Minister's Office. "Most of the reports compiled in three separate volumes contain technical intricacies," added the source.
The Prime Minister's Office made a secretary-level decision, based on the audit findings from the source code, that the existing license issuance system does not serve the best interests of Nepal, its government, or its citizens. Following the revelation of illegal license distribution within the DoTM, a "Technical Security Audit" was initiated, with the DoTM providing access to the source code. Under the leadership of Director General Prem Sharan Shrestha, a security audit team was formed by the DoIT.
DoTM announces resumption of electronic license system
The same team took the source code of the DoTM and conducted a security audit. Expressing concerns over the susceptibility of the current system to illegal license issuance, the DoIT has urged the government to adopt an alternative solution. Given that the electronic driving license and vehicle registration system were developed by a company based in Madras, India, the DoIT has recommended exploring alternative systems instead.
As the source code provided by the Madras-based company is outdated, the DoTM has requested a new code. A team, including IT advisor Prakash Rayamajhi, a representative from the DoIT stationed at the Prime Minister's Office, a computer engineer from the Information Technology Section at the DoTM, and Prakash Rayamajhi, conducted a comprehensive "Technical Security Audit" based on the source code provided by the DoTM.
The Prime Minister's Office has taken a keen interest in addressing the issue of over 100,000 illegal licenses being issued, with only 28,000 licenses officially registered. Only 28,000 driving license numbers issued by the Transport Management Office have been documented, indicating discrepancies in license issuance procedures.
During the investigation spanning from mid-August 2015 to mid-August 2023, it was discovered that over 100,000 illegal licenses had been issued. Following the enactment of the Constitution of Nepal in 2072 BS, transport offices responsible for written and trial tests for licenses fall under provincial jurisdiction.
An investigation into the distribution of illegal licenses was conducted by the DoIT, headed by Mukesh Regmi, IT head of the department. The inquiry committee, comprising CIB's DSP Dr Tapan Dahal, Department Computer Engineer Arjun Adhikari, and Bodhraj Baral, raised questions regarding the irregularities in license distribution within the DoTM.
The report of the inquiry committee led by the IT Director Regmi questioned the role of the then Directors General of the DoTM as well as two Information Technology Directors and five engineers in the illegal license issuance. The inquiry committee interrogated all the technical staff working in the information technology wing of the DoTM in the past.
Over the past decade, investigations have been conducted following revelations that 120,000 service users from 35 transport offices across the country were issued licenses without undergoing written or trial tests. Subsequently, an inquiry revealed that driving licenses were issued through manipulation of the "Electronic Driving License" system, disregarding legal provisions outlined in the Vehicle and Transport Management Act and Regulations.
The contract for the Electronic Driving License and Vehicle Registration System was awarded in 2013 and its implementation took place from 2016.