by Brian Hioe

Photo Credit: Solomon203/WikiCommons/CC BY-SA 3.0

THERE HAS BEEN pushback from politicians and civil society groups regarding a purported leak of household registration information for almost all Taiwanese citizens. News of the purported leak broke last month.

The dataset was for household registration for 23.57 million pieces of information on household registration, apparently stolen from the Ministry of the Interior’s Department of Household Registration, and was for sale on the BreachedForum website. The same account offering this dataset for sale was also selling 28.11 million pieces of information from the Bureau of Labor Insurance and 1.68 million pieces of stock exchange information.

To prove that the information is genuine, the dataset offered a sample of 200,000 entries. This purports to include information on the residences of government officials such as vice president William Lai, National Security Council Wellington Koo, and Minister of Economic Affairs Wang Mei-hua.

The Ministry of the Interior (MOI) has denied that the household registration is accurate, claiming that the data is outdated. Some of the information seems to show a dating system that is no longer used.

An apparent whistleblower hacker that went with the information to the Taiwan People News stated that some of the information is from when Taiwan’s entire national database was leaked onto the Dark Web in May 2020 by the hacker Toogod, which was supposedly from 2019. Some of the information in the database about the residences of government officials does seem to be outdated, but other information does seem to correspond with more recent information.

Government buildings housing the Ministry of the Interior. Photo credit: Chongkian/WikiCommons/CC BY-SA 3.0

The MOI has been accused of trying to deflect blame for the leak or being unaware of it entirely. Among those critical of the government response have been the NPP and KMT, with criticism of the government for inaction in failing to remove this information from the Internet.

The data could potentially be used for scams targeting citizens, stalking, harassment, and kidnapping, or weaponized against the Taiwanese public. The information likely also would prove valuable for the Chinese government in knowing the location of significant individuals–possibly for surveillance or other actions–or for big data analysis of Taiwanese society as a whole.

Subsequently, there has also been a police investigation into government workers at the National Health Insurance system who could have been responsible for earlier leaks dating back to 2009, with workers questioned over records they retained or overseas accounts that they have been found to have. The issue of data leaks in Taiwan may be more common than previously thought. Yeh Feng-ming, the now retired chief secretary of the National Health Insurance Administration (NHIA), was found to have over 1 billion NT in overseas accounts, with it suspected that he and other NHIA workers may have sold this information to China.

It is to be seen what the response from the Tsai administration will be going forward. Indeed, the issue may prove an early test of the newly minted Ministry of Digital Affairs (MODA) under Audrey Tang. Before the formation of the MODA, Tang served as the public face for much of the Tsai administration’s digital efforts, but was a minister without portfolio. With a ministry, in theory, this should provide an upgrade for the government’s attempts at digital transition.

But the issue may prove a difficult one for the MODA. Namely, it was always a question as to how much the MODA would be allowed to handle matters concerning national security, when it came to digital security that affects more than just civilian matters, rather than serving primarily as a body to encourage digital innovation. Likewise, the issue of the leak would inherently be caught between different government ministries–historically something that leads to territorialism between different agencies, as well as an inability to resolve conflicting imperatives between government ministries.

Indeed, despite Taiwan’s reputation as a technologically advanced nation, key aspects of infrastructure often lag behind the digital age. One notes, for example, how power blackouts that affected significant swaths of the nation were caused in the past by switches that were accidentally hit by technicians.

Nevertheless, it is also possible that the issue will simply be swept under the rug. Namely, the issue has not been widely reported on, despite how rare it is that the database of an entire country is leaked online or sold. Calls for accountability were scarce after the Toogod leak, in the absence of sufficient reporting, and this may also occur this time around.

No more articles