PETALING JAYA: The man behind the website designed to let users know whether their personal information was compromised by a recent data leak has lashed out at the authorities, accusing them of elitism after the site, sayakenahack.com, was blocked.
Tech blogger Keith Rozario said people had the right to know if their data had been leaked online.
“You might choose to ‘not know’, but that is a right you can choose to exercise. No one should be allowed to withhold that information from you,” he said in a blog post yesterday.
“Authorities can’t sit on the data for weeks without letting you know on any pretence.”
Rozario said such data was already freely available to hackers or “geeks” to download, as they were the only ones with the necessary skills.
“To ban sayakenahack is to say geeks and hackers can access the data – but not the average joe. It’s emphasising that normal people don’t deserve that knowledge while geeks and hackers do.
“This is elitism, and it’s wrong.”
Rozario’s website allowed users to key in their IC numbers to check if their personal data had been compromised.
In an interview with The Star, the IT expert said he had designed the site to “mask” the phone numbers, revealing only the first three and last two digits for users to verify.
He added however that once people determined whether their data had been compromised, there was not much they could do about it.
Sayakenahack.com was blocked by the Malaysian Communications and Multimedia Commission (MCMC) yesterday following a formal request from the Data Privacy Protection Department.
In his blog post, Rozario said he would be tearing down the database in three days’ time.
He slammed Lowyat.net, which had published the initial report on the data leak, for taking down the article at the request of MCMC, and for “siding” with the commission in its claim that “the sheer amount of information made available on the site could subject it to abuse”.
“They fail to mention that the ‘sheer amount of information’ is already made available, just not to common folks, but to geeks and hackers.
“Effectively, Lowyat is saying that it’s OK for geeks and hackers to have this data, but God forbid the average joe gets a hold of it.”
He also hit out at Lowyat’s editor, who told The Malaysian Insight the site was blocked “because it’s not right to manipulate the stolen data”.
“The word ‘manipulate’ is a dishonest choice. I mask the data, not manipulate it.
“No IT professional would ever confuse manipulation with masking. Manipulation carries a negative connotation, that implies I’m changing the data in some way. Masking though is the intentional removal of data, to protect its confidentiality.”
Rozario claimed that even the Election Commission (EC) website was marked as insecure by Google Chrome as it did not have transport layer security (TLS).
“What that means, is that when you search for your voting information on the website, the data is transferred in clear across the internet for anyone in the middle to see.
“It also means that your browser is not authenticating the site, and anyone can create a fake EC website and make it look identical.
“If you’re logged onto the EC website from a kopitiam WiFi, I can see the data you’re sending (and receiving) just by logging on the same WiFi.”
Adding that the internet itself was built “on a whole load of trust”, Rozario said: “Just saying, maybe sayakenahack isn’t a problem when the EC’s website is marked as insecure.
“Why doesn’t Lowyat complain about the ‘sheer amount of data’ on the EC’s website?”
Rozario said he was afraid that the next time he landed in Malaysia, he might end up in handcuffs at the back of a police car.
“But sometimes, you gotta do what’s right, and not just what’s ‘legally permissible’.”