Dear government, what are you doing with my data? | Opinion

APRIL 13 — The other day I randomly Googled someone because the person’s name was unusually long even by Malaysian standards.

In one Google search, I found out that said person had a sister, her age and the fact that she was a newly added name to the voter rolls as well as the first few digits of her IC and her house number.

This was all information I was not looking for nor was it anything that should be randomly accessible via a Google search.

More poking around and some tips from friends revealed that all this information was downloadable in PDF format from the Suruhanjaya Pilihan Raya (SPR) website.

If you meet certain criteria, you can buy said PDFs with the parts that were truncated (IC numbers) unobfuscated.

My reaction to this discovery was simply, “What the hell.”

I’m old enough to remember the days when everyone had a copy of the Yellow Pages — a huge directory of phone numbers of everyone with a landline. 

Want to look up your childhood crush? Not a problem. Feel like crank-calling your ex-boss? Look it up.

Now, the reaction to unknown people calling your number is either, oh it’s a telemarketer or “Who gave you my number?”

This is the age where information is power and too much of your personal data floating around opens you up to scams or spam.

Humans tend to be very predictable creatures. They happily share information online that is also used as password hints for their online accounts without a second thought.

As hackers will tell you, a lot of big hacks aren’t necessarily achieved just by a few keystrokes by elite programmers or some scary virus — it’s by social engineering.

Hackers and scammers aren’t smarter than the average person; they just know how people think and work. 

Some offices for instance give no thought to even basic PC security, with sticky notes of passwords stuck right onto computer monitors or tucked into a desk drawer just because a user is “forgetful.”

This lackadaisical approach to the very basic level of security — passwords — is easily exploited.

On Facebook, data mining happens in insidious manners — usually with apps and games that cheerfully collect personal information from users who think they’re just answering a harmless “which breed of cat are you” quiz.

Humans tend to be very predictable creatures. They happily share information online that is also used as password hints for their online accounts without a second thought.

I had a friend who thought she was being smart by writing down the sequence of her password (a combination of birthdates) around a photograph.

Her bank account was easily cleaned out when she lost her wallet as it was very easy to match the birthdate on her IC to the number sequence on the photograph.

I think we need to stop assuming that all people who get scammed are greedy or stupid. In the case of loan scams, I imagine that there are many people who are desperate enough not to think straight. 

We are also a people easily cowed by authority. If someone claiming to be from Bukit Aman or LHDN were to call you up and threaten you, many Malaysians by instinct would grovel.

It wasn’t that long ago that getting threatening phone calls from authorities was a real thing.

Another anecdote to share: a friend had been under surveillance from Special Branch for years to the point he was too afraid to own a mobile phone as he did not want his movements being tracked.

Yet one day, he got a call at a number hardly anyone had access to, just a subtle warning that there were still people keeping tabs on him. 

Can you blame Malaysians then, for being easily frightened by ominous callers?

No matter how much education about scams there might be in the media and the somewhat half-hearted texts from banks, I think banks and other financial institutions need to employ more aggressive safeguards.

Large transfers of a certain amount need to be flagged, and no matter how busy a bank, the transactions shouldn’t be allowed to immediately go through without more verification than a PIN number.

We have controls and alerts for money laundering, but why do we not have similar safeguards in place to make it harder for scams to happen?

At the same time we really need to address the root of the matter — the protection of personal data.

The current laws are not enough, nor are the institutional safeguards. While it’s true that the Malaysian banking system offers a lot more convenience than the US, where people still write cheques for things like rent and groceries, that convenience must not be bought for the price of suffering.

Leaving the safety of our personal data solely to the realm of personal responsibility is not right; governments and institutions, public and private, need to do more to make this information age a safer one for all. 

Forget the Metaverse, we deserve a safer digital experience in the present and not some distant, virtual future or we risk being at the mercy of the crueler and more tech-savvy who should not be keeping our data as digital hostages.

This is the personal opinion of the columnist.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *