DAP has exposed a startling government ploy to retrieve public user information under the pretext of a 2013 directive to block mobile access devices.

Is the government conducting “mass surveillance” on mobile phone users through the Communications and Multimedia Act, asked Pasir Bedamar State Assemblyman Terence Naidu in a joint statement with Dyana Sofya yesterday. The duo asked the government to immediately withdraw the directive which could lead to unconstitutional breach of privacy.

Direction 1 of the Communications and Multimedia Act of 2013, he said, allowed the transferring of user data from private telecommunication services into the hands of the government, “for such other lawful purposes as deemed necessary by the Commission” as stated in paragraph 24 of the directive by the Malaysian Communications and Multimedia Commission (MCMC).

When contacted today, Terence Naidu explained that the telecommunications service providers are tasked to provide user information to government appointed Nuemera Malaysia Sdn. Bhd. to build operate and manage the nationwide blocking service under the directive.

The user data in question includes their Identification Card Number, billing address, IMEI number (International Mobile Equipment Identity), Subscriber Identity Module (SIM) number, International Mobile Subscriber Identity (IMSI) number, and any other relevant information notified by the commission.

Terence Naidu also pointed out that by using advanced analytics tools, Cellular Network Interception System (Surveillance Blackbox) and making use of the IMEI/SIM/IMSI number received from the cellular network operators, and tying this to customer name and NRID number, every mobile phone customer can now be tracked or targeted for surveillance.

In essence, Naidu said that this gives the ability to intercept every mobile phone customer’s voice, data and SMS contents. He said this would allow MCMC to “spy” on the public, adding that any behavioral changes by every customers such as swapping SIM cards, changing devices and changing of address, can be tracked by the MCMC via the Malaysian Central Equipment Identity Register (MCEIR).

“This means that MCMC/MCEIR can now create a real-time profile of Malaysia’s entire 45 million mobile phone customers with relevant analytics tools,” he adds that the MCMC, having the power to declare information such as email addresses, geo-location information of subscribers and IP addresses “anytime it wishes” via the 2013 directive, creates opportunities for abuse.

“When you take away a person’s privacy, you are taking away his or her dignity,opening the door to financial fraud and blackmail,” he adds.

Illegal to carry out mass surveillance

The Pasir Bedamar State rep, who is a lawyer by profession, also opposes the directive on grounds that it is illegal to carry out mass surveillance without due process and without any basis of suspicion for wrongdoing.

“This goes against the concept of ‘innocent till proven guilty,” that the “lawful interception” provided by the directive for purposes deemed necessary by the Commission provides wide discretionary powers to the government body.

He pointed at existing laws which already allow the interception of information in the event of a public security threat. These are the Section 116 C, Criminal Procedure Code, Section 27 A, Dangerous Drugs Act 1952, 3. Section 11, Kidnapping Act 1961, Section 43, Malaysian Anti-Corruption Commission Act 2009, and the Section 6, Security Offences (Special Measures) Act 2012.

“Since we already have 5 Acts covering lawful interception, there is no real need to impose another law which will be open to abuse, especially when it involves mass surveillance without due process and without any basis of suspicion for wrongdoing,” explaining that information, under the existing laws could only be obtained by enforcement agencies. However, the MCMC directive states that user information can be accessed at the discretion of the Commission, he added.

Telco providers paying Nuemera 

The cellular blocking service that the federal government saw fit to offer as a means to prevent theft, shifts the duty of telecommunication service providers to Nuemera Malaysia Sdn Bhd, which would receive a fee of RM 1.50 per annum for each active end user.

“Why are service providers required to pay such an amount of money to MCMC?” Terence urged MCMC to disclose information on the company for the public.

“We call on MCMC for greater transparency; to provide sound explanation and justification for “lawful interception” and the mechanism behind the implementation of PCBS,” he added. -The Rocket