Topics
former
AI
Amazon
Image Credits:Jagmeet Singh / TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Jagmeet Singh / TechCrunch
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
computer hardware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
societal
Space
Startups
TikTok
transport
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
TV
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
India ’s federal election commission has fixed flaws on its internet site that reveal data related to citizen ’ requests for information have-to doe with to their voting eligibility position , local political campaigner and parties , and technical detail about electronic voting machine . India is head for its next cosmopolitan election , expected between April and May , to elect the members of its parliament ’s lower house who will take shape the novel authorities .
The Election Commission of India fixed the bugs in its rightfulness to Information ( RTI ) portal , which set aside citizen to call for access to disc of constitutional federal agency , as well as state and central government institutions and individual organizations receiving substantial cash in hand from the Amerind government .
The bugs appropriate access to the RTI requests , download transaction receipts and reaction shared by the officials without properly authenticating exploiter logins .
Some of the exposed data point let in the RTI filing particular date , the questions asked , the applicant ’s name and mailing address , the applier ’s poverty line status and RTI response .
Security researcher Karan Saini found the bug in February and ask TechCrunch to help reveal them to the bureau after the Election Commission , the Indian Computer Emergency Response Team ( CERT - In ) and the National Critical Information Infrastructure Protection Center did not ab initio reply to his requests to secure them . The bugs were set earlier this week following CERT - In ’s treatment .
“ CERT - In has been coordinate the return with the concerned authority . of late , CERT - In has been inform by the concerned office that the report exposure has been fix , ” the Indian cybersecurity authority said in an email to TechCrunch on Tuesday .
The office also confirm the fix to the researcher .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Even though the RTI applications and responses are not confidential by Indian law , ajudgment(PDF ) by the Kolkata High Court in 2014 ordered authorities take RTI applicants ’ personal information “ to hide such information and particularly from their website so that people at gravid would not have a go at it of the detail . ”
By default , the Election Commission ’s RTI hepatic portal vein does not ply admission to individual RTI app and response without logging in , which think international access to the datum and its ability to be scraped — because it is accessible without a login — made the flaw a privacy issue .
The Election Commission of India did not respond to a request for comment .
