《TAIPEI TIMES》 Taipei domain security is questioned

CHINESE HOST? A review of Web information raised questions about the security of the Taipeipass app, but the city said there was no risk of personal data being leaked

By Cheng Ming-hsiang and Jonathan Chin / Staff reporter, with staff writer

請繼續往下閱讀...

The Taipei City Government yesterday began relocating the .taipei domain to allay data security fears after reports that a subcontractor had used Chinese servers to host Web sites using the suffix.

In a post on Facebook that was later deleted, a man surnamed Chuang （莊） wrote that a host checker traced ownership of the .taipei domain to “Alibaba （China） Technology Co Ltd.”

The city might have compromised the personal data of residents who used online municipal services, including the Taipeipass （台北通） mobile app, Chuang wrote.

The Taipei Department of Information Technology said that a subcontractor — which it did not name — had used Alibaba, but added that private data is stored separately on secure servers.

The .taipei Web site provides information about applying to use the domain name and navigating the system, the department said.

Online registrations and other operations are conducted using servers in the US, it said.

No private data could be gleaned from the .taipei Web site, it said, adding that the Taipeipass app is hosted on a city government server, which is entirely separate from the .taipei Web site.

The subcontractor signed an agreement that it would not have Chinese nationals among the staff on the project, and would not use devices made by Chinese companies or China-based technology services, the department said.

The subcontractor has been told to move the Web site to a different server and the city would investigate whether there was any breach of contract and impose penalties as stipulated, it said.

However, it denied that the issue affected its Taipeipass app.

“The city condemns people who spread false information about Taipeipass to score political points,” it said.

Separately, Democratic Progressive Party （DPP） Taipei City Councilor Hsu Shu-hua （許淑華） said that the maximum fine for such a breach was too small.

The sanction for a breach of contract by using Chinese devices or services is no more than NT$50,000, which is more likely to embolden those who would threaten Taiwan’s national security than deter them, Hsu said.

DDP Taipei City Councilor Chen E-jun （陳怡君） said that the city government’s carelessness handed Beijing “open sesame” access to data.

A task force should be created to conduct a security review of the city’s apps, Chen said.

Additional reporting by Yang Hsin-hui

新聞來源：TAIPEI TIMES