‘Collection of metadata poses risks'

PETALING JAYA: Like puzzle pieces scattered across a table, bits of digital data may appear meaningless on their own.
But with enough time, as well as location and behavioural clues, a recognisable picture can emerge.
That is the concern raised by cybersecurity experts over a government initiative to collect anonymised mobile phone data.
The Mobile Phone Data (MPD) programme, introduced by the Malaysian Communications and Multimedia Commission (MCMC), is intended to support public policy, particularly in tourism and infrastructure planning.
Although authorities have emphasised that the data excludes names and identification numbers, experts warn that by combining the anonymous data with other metadata such as tower location, timestamps and user behaviour, it could still expose individuals to reidentification and cyber threats.
According to AI Society president Dr Azree Shahrel Ahmad Nazri, even coarse location data such as cell tower logs can be used to build a person's detailed behavioural profile.
'From just a few days of movement data, researchers can predict who you are with over 90% accuracy,' he claimed when contacted.
'This is why metadata is not truly anonymous.'
MCMC, in a media briefing last week, clarified that IMEI numbers and SIM card IDs were not among the data fields requested.
However, Azree Shahrel cautioned that even without those identifiers, centralising metadata still poses significant cybersecurity risks.
He also warned that such repositories could become high-value targets for hackers, cybercriminals or foreign actors.
'If breached, this data could form a detailed map of user routines, enabling highly targeted attacks or surveillance,' he said.
He suggested that persistent identifiers, such as anonymised mobile numbers, be replaced with session-based tags, and that precise timestamps be aggregated to reduce the risk of tracking individuals.
Universiti Malaysia Sarawak lecturer Chuah Kee Man echoed those concerns, pointing out that the MPD does not currently violate the Personal Data Protection Act 2010 (PDPA), as anonymised metadata and government agencies fall outside its scope.
However, he argued that this legal blind spot still raises red flags.
'The collection is occurring without the public's explicit consent or even knowledge.
'And while it may not breach the PDPA directly, it creates ethical and legal issues surrounding the erosion of privacy rights,' he said.
He warned that once data is stored at this scale, it could potentially be used for political profiling, social control or surveillance.
'The integrity of how this data is used relies entirely on those managing it – both now and in the future,' he said.
He called for a shift in approach, including the principle of data minimisation, where only essential data is collected, and for the implementation of informed consent policies.
'If the government insists on collecting such data, it must demonstrate a clear need and adopt every possible measure to protect users,' he said.
Cybersecurity specialist Fong Choong Fook said public concern about the MPD programme is not unfounded, especially given previous data breaches involving government-linked agencies.
'One of the most notable cases was in 2017, when the personal data of 46 million Malaysians was leaked after the MCMC outsourced work to a contractor.
'Incidents like these continue to shape public scepticism,' he said.
The massive data breach in 2017, believed to affect almost the entire population of Malaysia, included lists of mobile phone numbers, identity card numbers, home addresses and SIM card data of 46.2 million customers from multiple mobile phone and mobile virtual network operators.
'Take note that the PDPA does not apply to MCMC. This means that if a data leak were to occur, MCMC would not be held liable,' he said, highlighting a gap in accountability.
Fong urged the government to be transparent about the anonymisation process and to release a clear set of guidelines outlining how the data is managed, what safeguards are in place and how privacy is protected.
'There should be a publicly accessible framework, or at least a white paper that can be scrutinised by independent experts.
'We cannot continue operating in a black box,' he said.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

New Straits Times

9 hours ago

• New Straits Times

[UPDATED] NSTP shines with 13 wins at MPI-Petronas Journalism Awards

KUALA LUMPUR: The New Straits Times Press (NSTP) group took home 13 accolades across various categories at the MPI-Petronas Malaysian Journalism Awards 2024 tonight. The wins were split among NSTP's titles, with four awards going to the New Straits Times (NST), six to Harian Metro (HM), and three to Berita Harian (BH). Harian Metro was the night's highlight, clinching the country's most coveted journalism honour, the Kajai Award. NST's Leslie Andres secured silver in the Best Column Writing category for pieces including 'UN veto power is main obstacle to world peace', 'Mindset shift must accompany any rule change', and 'Western singers skipping Malaysia due to those kicking up a fuss'. In the Best Investigative Journalism category, Aliza Shah from NST won the silver award for her impactful report titled 'Children forced into local pornographic content'. The report highlighted the disturbing rise of child sexual abuse material (CSAM) online, which fuelled the underground industry. Sexual predators were not just grooming children online, they were also found to have abducted their victims, recorded and sold such content. The authorities conducted large-scale operations code-named Op Pedo Bersepadu PDRM-MCMC, which led to the arrest of 13 suspects and seizure of 40,000 CSAM and pornographic content. In video journalism, NST received bronze in both the Best Video Documentary and Best Video Talk Show categories. The documentary was produced by Aliza Shah, Iylia Marsya Iskandar, Khairus Ramli, and Amalina Kamal, while the talk show was helmed by Siti Nur Amalina Kamal, Hazween Syarina Md Hassan, Farrah Ain Jasmine Jasman, and Shahrul Redzuan Zulkifli. The ceremony saw over a thousand guests from across the media industry, including editors, reporters and corporate representatives, gather to celebrate excellence in Malaysian journalism. This year's awards attracted 549 entries from 58 media organisations, with honours handed out across 23 categories. The night also marked the launch of MPI's first-ever journalism e-journal by Higher Education Minister Datuk Seri Dr Zambry Abdul Kadir.

Barnama

13 hours ago

• Barnama

Malaysia To Host GSMA M360 ASEAN From 2026 To 2028

GENERAL KUALA LUMPUR, June 20 (Bernama) -- Malaysia will host the GSMA M360 ASEAN event series from 2026 to 2028 under a multi-year strategic partnership signed between the Global System for Mobile Communications Association (GSMA) and the Malaysian Communications and Multimedia Commission (MCMC). The agreement, signed yesterday at the Mobile World Congress (MWC25) in Shanghai, names Malaysia as the official host nation for the M360 ASEAN series, with the inaugural edition to be held in Kuala Lumpur in September 2026. The collaboration marks a major step in positioning Malaysia as a regional hub for digital policy dialogue, industry innovation, and cross-border cooperation in Southeast Asia. MCMC Executive Chairman Tan Sri Mohamad Salim Fateh Din said the partnership is a long-term strategic investment in regional leadership. "Malaysia is committed to being a convening platform for high-impact conversations on the future of connectivity. M360 ASEAN will be a space where policy meets innovation, and regional priorities find global resonance," he said in a statement. The M360 ASEAN event is expected to bring together leaders from both the public and private sectors across Asia and beyond, focusing on key digital economy issues such as 5G evolution, connectivity, cybersecurity, and digital inclusion. Meanwhile, in the same statement, GSMA Chief Regulatory Officer John Giusti said the hosting of M360 ASEAN and this year's Digital Nation Summit reflects Malaysia's strong commitment to ASEAN's digital ambitions. "Hosting both this year's Digital Nation Summit and next year's M360 ASEAN in Malaysia underscores our strong support for the region's 2045 vision. "By bringing together governments, mobile operators, and technology innovators, we aim to accelerate collaboration, investment, and inclusive connectivity across all ASEAN countries, laying the foundation for a more resilient and people-centred digital future. We're excited to launch the inaugural M360 ASEAN in Kuala Lumpur in 2026!" he said.

Malay Mail

14 hours ago

• Malay Mail

Securities Commission intensifies crackdown on scams, adds 59 to investor alert list in just the first quarter of 2025

KUANTAN, June 20 — The Securities Commission Malaysia (SC) added 59 names to its Investor Alert List in the first quarter (1Q) of this year, said chairman Datuk Mohammad Faiz Azmi. He said this move is part of ongoing efforts to combat the increasingly rampant scams, alongside blocking fraudulent websites and social media pages. 'In 2024, we added 273 names to the Alert List, and in the 1Q this year, we added another 59,' he said during his opening remarks at the launch of the Bersama InvestSmart@Pahang 2025 programme. The event was officiated by Pahang Investment, Industrial Development, Science, Technology and Innovation Committee chairman Datuk Mohamad Nizar Mohamad Najib. Mohammad Faiz added that the SC also collaborates closely with the Malaysian Communications and Multimedia Commission (MCMC) to block these deceptive sites. 'Last year, we blocked 153 websites and 261 social media pages. In the 1Q, we blocked 29 websites and 91 social media pages. These numbers show how much illicit activity we are fighting daily,' he said. As of May 2025, he said, the SC had received 1,218 complaints and enquiries about scams. Mohammad Faiz also reminded the public to be cautious of scams that claim to be Shariah compliant, using religious sentiment to gain trust. Bersama InvestSmart@Pahang 2025 is a three day programme starting today, bringing together government officials, capital market industry players, and regulators under one roof as part of the SC's investor outreach initiative. More than 40 exhibitors are participating in the event, themed 'Bijak Labur, Hidup Makmur'. — Bernama