The Democratic Alliance (DA) wants transport minister Jeff Radebe and his director-general, Mpumi Mpofu, to revisit Parliament to be grilled on eNatis' security flaws.
A failed attempt to gag the Afrikaans newspaper Beeld in the Pretoria High Court revealed the auditor general (AG) had expressed concern over the system's security measures.
It was noted it was possible to hack into eNatis, people could log on as administrator without needing to provide a password, documents on the system were not secured and files could be circulated without obstacle or without protection.
Accountability sought
DA transport spokesman Stuart Farrow says he will this week ask the chairman of the Standing Committee on Public Accounts to call Radebe and Mpofu to "urgently account" for the department's failure to bring three AG audit reports, that warn of "the significant risks inherent to eNatis, to the attention of the minister of transport".
Farrow adds there appears to have been a "fundamental breakdown in the lines of communication in the Department of Transport. Officials from Radebe's own department requested the audit reports from the AG and then failed to bring the reports, and their very important content, to the attention of the minister. The minister and his officials must now explain how this could have happened."
He says the conduct amounted to "a blatant disregard" for the AG. "The reality of this grave neglect is that the minister might have acted differently had he been aware of the content of the audit reports. SA may have been spared most of the chaos it currently experiences in its licensing industry."
Tasima's contract
Meanwhile, Tasima, the vendor that developed eNatis, will continue to run the system "indefinitely" until the implementation of the transfer management plan set out in the contract between the company and the transport department.
A change note to the contract reads that the agreement "shall continue for an initial period of five years, whereafter the agreement shall continue indefinitely until the implementation of the transfer management plan as set out in... the agreement, whereafter the agreement shall expire, provided that should the project be extended due to excusable delay or pursuant to the change control procedure."
More security woes
In other developments, more ITWeb readers have found security lapses in the eNatis protocol. One wrote: "I decided to register and see what I could find on the eNatis site; to my surprise I found the [Confidential - Signed Natis security policy] under downloads. That is gold to people who want to break in, and possibly circumvent eNatis systems and facilities. The eNatis guys seem to know nothing about security, which frankly is scary!"
However, Tasima says eNatis cannot be accessed unless a valid user ID and password combination is provided from an authorised workstation.
"In addition, all users have to sign a confidentiality agreement prior to being issued with login credentials on the eNatis. Security access is not controlled from the workstation-side, and the security policy and passwords used to gain access to the remote workstation is irrelevant in gaining access to eNatis.
"eNatis runs on central architecture and access to the system is controlled centrally by making use, among others, of data encryption, security certificates, firewalls, password control and detailed transaction audit trails on a user level."
Transaction stats
Tasima has, meanwhile, released new statistics on its Web site.
It says last month saw a total of 12 887 111 transactions performed - 61 323 learner and 166 790 driving licences were issued, while 87 923 new vehicles were "introduced" to the system, 883 764 licences renewed and 298 074 motor vehicles registered.
"The total number of user transactions for May is 8 738 872 and the total number of interface transactions is 4 148 239."
Related stories:
Tasima, eNatis contract extended
Security fears hit eNatis
DA demands eNatis report
DA slams Radebe's eNatis 'spin'
Eskom blamed for latest eNatis woes
BCX to rescue eNatis
Share