‘New MyKad proposal carries data breach risk’

By CHARLES RAMENDRAN

PETALING JAYA: The Home Ministry’s proposal to roll out a new generation MyKad with biometrics may boost security, but experts have raised concerns that it could create deeper systemic weaknesses.

Under proposed enhancements, which were announced in Parliament last week by Deputy Home Minister Datuk Seri Dr Shamsul Anuar Nasarah, the new MyKad would carry 10 fingerprints, facial and iris biometrics.

The National Registration Department, when contacted, said it is studying and fine-tuning the proposal by the Home Ministry.

Data protection expert Deepak Pillai said having additional biometric identifiers will enhance accuracy and security in identity management.

“Such approaches are increasingly recognised as international best practice in identity management,” he said.

However, he said it also raises risks as biometric information is sensitive and unlike other identifiers, it is immutable.

“Once it is compromised, it cannot be replaced or reissued. The compromise of such data in a breach would have permanent consequences for affected individuals, and increase the potential harm of unauthorised access or misuse.

“These risks are particularly acute in light of the numerous reports of alleged data breaches involving government departments and ministries in recent years.

“Hence, the need for robust cybersecurity safeguards and stringent governance control should be emphasised,” he said.

A lawmaker, Tumpat MP Datuk Mumtaz Md Nawi, had also proposed a unique cultural and digital integration to the MyKad by including Jawi script to reduce forgery.

On such a suggestion to include the Jawi script on physical and digital identity cards, Deepak said while it may carry symbolic significance, he doubts that it can enhance security.

“Skilled counterfeiters would be able to reproduce these scripts with relative ease once they have access to reference samples,” he said.

Criminologist Datuk P. Sundramoorthy of Universiti Sains Malaysia said the proposed overhaul of the MyKad system through the National Registration (Amendment) Bill is a bold step towards tighter security.

However, he said that while the amendment may strengthen national security, it must go hand in hand with strict oversight, independent audits and transparency.

Otherwise, he said, the move to enhance security for the country might just leave its citizens exposed to security breaches.

“While the technology promises greater safety, the risks cannot be dismissed.

“A centralised database containing millions of fingerprints and iris scans is a goldmine for hackers and a nightmare if breached.

“Without watertight data governance, Malaysians could be trading convenience for vulnerability,” he added.

Certified fraud examiner Raymon Ram said concentrating multiple biometric identifiers in a single system significantly increases its risk as a target.

He said when breached, it can have catastrophic impacts.

“As leaked biometrics cannot be replaced, it may create lifelong vulnerability for affected individuals,” he said.

“Beyond hacking, there are concerns about surveillance and ‘function creep’, where data collected for identity purposes may later be repurposed for monitoring or tracking without consent.

“To address this, the authorities will need the strictest possible cybersecurity standards, legal safeguards, and independent oversight mechanisms,” said Raymon, who is also Transparency International Malaysia president.

On the use of Jawi script, he said it may help standardise the representation of Malay names across documents and hold symbolic value for Malaysia’s cultural identity.

He said that while some may argue that Jawi letters are less prone to manipulation compared with Roman script, in practice, modern forgers are undeterred by alphabet choice.

“True security comes from chips, encryption, holograms and biometric verification, and not script complexity,” he added.

Former National Anti-Financial Crime Centre chief executive Datuk Seri Mustafar Ali emphasised beefing up systemic weaknesses to ensure enhancement is sustainable and effective.

“The move will undoubtedly boost security of the national identification card but tackling data breaches at their root is critical.

“Strict oversight of data management must never be compromised to ensure the upgraded card’s success,” said Mustafar, who is also former Immigration Department director-general.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
MyKad , biometrics , cybersecurity , data breach , Jawi script , national security , surveillance , data governance , identity management , systemic weaknesses

Next In Nation
Immigration detains 139 foreigners in KL anti-vice raids
MetMalaysia issues two-day continuous rain alert for Johor and Sarawak
Rafizi alleges MACC detained PKR members not aligned to top leadership in lead-up to party polls
Malaysia seeks deeper tourism ties with Bangladesh, says envoy
Allocation for tax refunds increased to RM4bil to expedite payments to taxpayers
Anwar launches enhanced insurance scheme for low-income households
Bomba on alert as king tide raises flood risk in Pontian coastal areas
Anwar to donate all royalties from his new book to fund education for underprivileged students
Higher e-invoicing threshold to benefit 200,000 businesses, says SME association
Sabah to revamp GLCs for stronger governance and SMJ 2.0 goals, says Hajiji

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.