This has baffled citizens as the BDA is a premier government regulatory body in India’s tech capital of Bengaluru. It also accepts payment for a few services, including different types of approvals, from residential, commercial and office establishments as well as potential investors.
The website shows that its connection is insecure as soon as one tries to open it, and asks users to head back to safety. “This means all others visiting the website using the same network will be able to see the information you are entering into the site to pay taxes,” said Anand Prakash, chief executive at Pingsafe AI.
A white-hat hacker Prakash said the BDA may have rendered its website vulnerable to security mis-configuration leading to data exposure on local networks by not renewing the SSL (Secure Sockets Layer) certificate. “An SSL certificate encrypts your private information, and protects it from being accessed by others,” he added.
Additional chief secretary (e-governance) Rajeev Chawla said: “We in the government always use encrypted communication protocol https, and it is important that government organisations should stick to this. I am not aware whether the BDA is doing it, but I will look into it.” The BDA did not respond to an email seeking comments.
The website is getting a lot of traffic after it reopened its property tax window after closing it for some time due to the Covid-19 pandemic and also because the site was being relaunched. A number of citizens also have tax dues from previous years.
There are about 1.03 lakh properties that come under the BDA layouts. “Property tax-paid receipt is an important document for getting a bank loan against the property or for purposes of registration if one is selling his plot,” a government official explained.