ARTICLE #04::OSINT ANALYSIS

ReALCRaft Portal Exposes Sensitive Fishermen Data, Raising Major Privacy and Security Alarms

Dipti Yadav3 MIN READOPEN SOURCE

A government portal built to enhance maritime safety is exposing personal data of fishing vessel owners — putting livelihoods and national security at serious risk.

ReALCRaft Portal Exposes Sensitive Fishermen Data, Raising Major Privacy and Security Alarms - Section image

The ReALCRaft government portal, launched under the Pradhan Mantri Matsya Sampada Yojana (PMMSY) scheme for Indian fishing vessels, is leaking highly sensitive personal data of fishermen and their boats — information that should never be publicly accessible. This portal was designed to streamline the registration and monitoring of fishing vessels, but its flaws in data privacy need urgent attention.

The government’s plan to install transponders on every fishing vessel by the end of December this year, as part of a larger maritime safety and tracking initiative, appears to be a one-way objective, overlooking the numerous complications that arise with it. A centralized database undeniably makes it easier for authorities to monitor suspicious vessels, especially in cases where ships are seized for illegal activities such as drug trafficking or IUU (Illegal, Unreported, and Unregulated) fishing within the Exclusive Economic Zones (EEZs) of other nations. However, the problem lies in the excessive public access to this sensitive information, which should be reserved for authorized authorities only. While the transponder system will aid in tracking and ensuring maritime security, it must be complemented by robust privacy measures to avoid putting fishermen at risk.

A quick glance at Instagram reveals images of regional fishing vessels, with their registration numbers prominently displayed on their wooden hulls. These vessels originate from Indian coastal states like Andhra Pradesh, Kerala, and others. Due to their relatively small size, the International Maritime Organization (IMO) doesn’t assign these vessels an international numerical identifier. Instead, the flag nation issues a registration number, the format of which reveals the vessel’s state of origin.

Take, for example, a vessel from Andhra Pradesh. Searching for its registration number on the ReALCRaft portal reveals not only the name of the original owner but also their address. In addition, the engine number of the vessel is readily available. This level of transparency starkly contrasts with websites like MarineTraffic, which, while tracking the movement of ships, withholds crew details in order to safeguard their privacy and security.

ReALCRaft Portal Exposes Sensitive Fishermen Data, Raising Major Privacy and Security Alarms - Section image

The authorities should have focused on making the routes taken by fishing vessels public, rather than exposing detailed personal information. Public access to such information makes it easier for criminals to target the fishermen and their vessels. Cybercriminals could use this data to blackmail or intimidate fishermen into providing assistance, or even to target them during seizures or other enforcement actions. In such cases, the public eye naturally shifts to the crew operating the vessel, often implicating them unfairly.

Most of the fishing community, especially in coastal states, have limited or zero knowledge about the threats posed by digital data leaks. This makes them easy targets for cybercriminals. Furthermore, these fishermen likely don’t know how to formally request the removal of their personal data from the public domain or how to protect their privacy in the digital space.

While such data may be useful for OSINT (Open Source Intelligence) journalists and researchers working to combat illegal activities, its uncontrolled release raises serious concerns about privacy and security. Without adequate safeguards, this data leak violates basic principles of data protection and citizen rights.

An action-oriented approach is required here — one that goes beyond merely raising social awareness around scams and threats. The government must take immediate steps to safeguard citizens’ data and to address the inherent risks posed by this type of public exposure. This includes not just monitoring and enforcement but also implementing preventive measures and education for fishermen. Without these steps, the system will remain a significant threat to those it was supposed to protect.

To strengthen the overall security framework, state maritime boards could play a pivotal role in ensuring data privacy and security for fishermen. They should collaborate with national authorities to both enforce digital literacy programs and ensure that data protection protocols are followed. This would not only protect fishermen but also foster trust between the fishing community and the government.