Election Commission Of India Fixes Privacy Flaws Exposing Citizens' Data From Its RTI Portal

The Election Commission of India (ECI) has addressed issues in its Right to Information (RTI) portal. The portal allowed citizens to seek access to records of constitutional authorities and central government.

The vulnerabilities granted entry to RTI requests, enabling the retrieval of transaction receipts and officials' responses without the appropriate authentication of user logins.

The compromised data encompassed details such as the RTI filing date, posed questions, the applicant's name and mailing address, the applicant's poverty line status, and the RTI responses.

The bugs were fixed earlier this week following CERT-In’s intervention, after Security researcher Karan Saini flagged the same to the authorities, with the help of tech news portal, TechCrunch.

While Indian law does not classify RTI applications and responses as confidential, a 2014 ruling from the Kolkata High Court directed authorities to “hide such information and particularly from their website so that people at large would not know of the details”.