BRTA Breakdown: Bureau Battles Bottleneck as Indian Vendor Lock Halts Smart Card Printing

The Bangladesh Road Transport Authority (BRTA) has failed to distribute over one million smart driving licenses due to a shortage of cards and persistent printing complications. Despite daily applications, the agency has been unable to issue new smart licenses this year. A decade after the service’s introduction, it has now been revealed that BRTA never had full control over its license database or server—those remained entirely in the hands of contractors.

Even more startling, officials discovered that printing smart cards required final authorization from Madras, India, where a vendor remotely controlled the printing system.

Faced with this alarming situation, BRTA sought assistance from the ICT Division, which successfully restored access to the database and server in October. ICT engineers unearthed an even more disturbing fact: BRTA not only lacked access to driver and vehicle owner data, but the local contractor in Bangladesh also could not print smart cards independently.

The middleware software used in the process was dependent on the Indian firm Madras Security Printers, which was previously found to have engaged in data breaches involving citizens’ personal information.

The restoration work was led by Anwar Parvez, System Analyst at BRTA, and Susmit Asif, Policy Analyst at the ICT Division. Asif explained that three entities—Madras Security Printers, CNS, and Tiger IT—were involved in the card printing process, with Tiger IT effectively monopolizing the system. “When we investigated, we found the entire setup was crippled by vendor lock. We then re-established BRTA officials’ control over the source code and data server,” he said.

He added, “Even when the printer was right next door, it wouldn’t print after receiving a command. So, we created an APK to resolve the issue. Printing has resumed, but it’s still slow. BRTA hasn’t yet procured blank cards, so full-scale printing hasn’t started. We’re also repairing old printers to increase capacity.”

The ICT Division’s engineering team, working with BRTA’s technical unit, resolved the issue on October 14 by creating a custom application to bypass the restrictions. However, due to the ongoing shortage of blank cards, printing remains limited to emergency licenses only.

Just two days later, on October 16, the National Identity Registration Wing reported a temporary suspension of smart NID card printing due to software complications—though that issue was later resolved, confirmed Muhammad Ashraf Hossain, the NID system administrator.

Interestingly, Tiger IT appeared again as a vendor in that case, too. Both incidents highlight severe vendor dependency, flaws in the application layer, and a lack of technical capacity within government agencies.

Experts are now calling for mandatory IT audits and local certification before using third-party software in state-run citizen services.

Mohammad Masudur Rahman, Chief Technical Adviser at a2i, emphasized: “Regular IT audits are essential for all software. Software quality testing, certification, vulnerability assessment, and penetration testing (VAPT) must be made mandatory through certified firms. Paid testing tools ensure better quality and proactive risk mitigation.”

BRTA first launched electronic chip-based smart card licenses in 2011, facing little trouble in the first five years. Problems began after Tiger IT, initially involved in the project, was reappointed in 2018 to handle card supply. The situation worsened after the World Bank blacklisted Tiger IT in 2019, prompting BRTA to cancel its contract.

Despite appointing new contractors through tenders, Tiger IT delayed the handover of the database and server control until June 2021, leaving nearly 1.25 million license applications pending.

The crisis escalated when Madras Security Printers, responsible for printing, withdrew while retaining technical control—bringing the entire system to a halt until the ICT Division’s intervention.

Faiz Ahmad Taiyeb, Special Assistant to the Chief Adviser on Post, Telecommunication, and ICT, told reporters:
“When BRTA’s smart card printing stopped, the Adviser on Roads and Bridges, Fawzul Kabir Khan, requested my help. I referred the issue to the BCC team, and what they found was truly shocking. To print driving licenses in Bangladesh, approval had to come from Madras, India. Our engineers have now fixed that. But it’s unacceptable that we ever needed authorization from another country to print our own citizens’ data. This violates every standard of personal data security. That’s exactly why we’ve prioritized personal data protection and included platform liability in the new law.”