*eGov users receive texts from Russia
*Are Government’s explanations reassuring
*How much personal detail are accessible by Russia
*Being forced to register with e-Gov to file Income Tax returns worsens matters
*Does the use of a UK company cause concern also
*Are Government reassurances about Russia sufficient
*Income Tax Returns must be filed online making e-Gov registration compulsory for taxpayers
*Requirement can criminalise taxpayers
*Information Technology challenged people discriminated against
*Data breaches and hacking are possible
*Limiting choice is anti-democratic *Use of a single database for personal information should be discarded
*GDPR laws offer protection, but unlikely in Russia
RUSSIA HAS OUR DETAILS?
The receipt by eGov users of texts from Russian telephone numbers is worrying. It is a worry that the explanation from Government does not fully ease. Government claims that no risk exists to either personal data/details or government systems, all of which must be provided to set up an e-Gov online account.
The explanation seems odd because for anyone to receive the Russian text, that person’s number must be known by the Russian sender. The end conclusion can only be that, at least, that piece of personal data is known in Russia, so what more is known there?
Russia causes greater concern right now because of the war with the Ukraine, the support of the UK and Gibraltar for the Ukraine, existing sanctions, and god forbid any potential escalation against the UK and Gibraltar.
In addition, Vijay Kumar in a letter to the Chronicle expresses fears that people are being forced now to register with e-Gov as it is the only way to file an Income Tax Return. Those Returns contain much personal financial information.
CONCERNS ARISE WITH UK COMPANY ALSO
However, some concerns extend to the explanation that the Government uses a UK-based company as an SMS gateway provider of eGov notifications to users. They are concerns that the government should allay with adequate explanations of safeguards that are in place.
How much personal information does that company have?
Is it just the phone number to which notifications are sent?
Does that UK company have access to more personal information than just a mobile number?
Is the protection given in law to individuals subject to enforcement in the UK only at individual cost?
Are the legal requirements in GDPR law strictly applied considering cross-border considerations?
RUSSIAN NUMBERS EXPECTED NOT TO BE REPEATED AND “NO RISK”
The Government have said now that the UK service provider has been informed of Gibraltar’s position over Russia and that it does “not expect to see nay repetition of the use of these [Russian] numbers.” The reassurance does not include any confirmation that services in Russia will not be used.
The Government offer the bland assurance that, “There is not and has not been any increased risk by virtue of the use of those numbers.” One supposes that people will be satisfied with that assurance, just as they have been by so many other assurances on so many other subjects from this Government.
INCOME TAX RETURNS
We get also the very valid points about e-Gov made by Vijay Kumar in his letter published in the Chronicle on the 27th July 2022.
In summary, with apologies for inaccuracies, those are:
All taxpayers are required to submit Income Tax Returns online (one should recall those returns contain the most private of personal financial information).
No exemptions are permitted, so senior citizens, or technologically challenged individuals are ignored.
To submit that return one must register with e-Gov, which registration insists on ALL one’s identity to be placed into a giant database in the hands of the government. That includes “verified” (which is where the Russian text came in) email address, mobile number, ID card and a passport photo.
Additionally, a request then came to upload a selfie holding one’s ID card close to one’s face. It is the best information necessary to fake an identity, which renders a central register so flawed.
Data breaches, protocol mishaps and other examples of catastrophic data security failures litter history.
Only a brave government would declare itself fully secure against hacking.
The e-Gov central identity database is unnecessary and bad considering today’s technology which permits transactions between separate databases to be authenticated, as indeed banks do.
Errors cannot be questioned, or details amended.
No alternative option is offered for Income Tax Returns, like visiting a counter at the Income Tax Office, which assists those unable or not capable of using the online services.
Democracy is enhanced by choice, limiting choice, as is the case for Income Tax Returns (for now), “is a thoughtless and unwarranted erosion of our civil liberties.”
The penalty for not submitting an Income Tax return is a criminal offence, resulting in anyone objecting to giving all personal details to e-Gov being criminalised.
An alternative route should be made available for submission of Income Tax Returns both online and physically, thereby restoring the right of choice in accessing public services.
Longer term the use of a single database for personal information should be reviewed and discarded.
WORRY CAUSED TO THE LESS KNOWLEDGEABLE IN INFORMATION TECHNOLOGY
There are many of us who do not reach the level of knowledge that younger people have when information technology is involved. Reading news like that published in the Chronicle increases anxiety about the security of how that information is held, especially if third party countries like Russia (especially right now) are involved.
It may well be that GDPR laws offer protection in Gibraltar and cross-border between Gibraltar and the UK, and between both and the EU, but the complexity of that protection is little understood except by the experts. The likelihood of any such protection existing with Russia seems remote.
All input from knowledgeable people is welcome.