i-Witness

Flaws in the prepaid registration may spawn new security problems

January 16, 2006

There are several execution flaws to the Government’s directive to register all prepaid phone account clients, irrespective of new or existing ones, starting January 1. This is a follow-through of a 3-month pilot project in Penang and Malacca launched in the last quarter of 2005. At the nationwide level, a 6-month timeline is tied to the exercise, whereby the respective service providers must terminate the phone numbers if the users did not comply with the requirement.

There are three major issues involved. One: There is no legal framework pertaining to the guarantee of security and confidentiality of personal data, and the attorney power of the data custodian is not clearly defined. Two: Registration of user data is relegated to the retail/dealers level and there is no guarantee of quality of custodians of data in transit before the data is transmitted to the mobile operators. Three: Mobile operators are non-committal to a professional workflow while industry regulator, the MCMC, does not provide a clear guideline for operators to adhere.

Let’s take a look at the registration procedure. Recently, media reports said that the government and cellular operators were very satisfied with the cooperation of the public to the registration exercise. But the claim has been challenged, the validity of the statistics and information severely questioned.

The cellular operators have been accused of not being serious about carrying out the directive as they feared losing customers. This is evident in the loose registration procedure. It has been pointed out that prepaid card buyers only have to fill the registration form without having to give a copy of their identity card. Most cellular dealers do not to ask for the identity card for reference. Without verification, anyone can give false information.

According to Bernama, the operators admitted of receiving many enquiries about the matter from the public. They, however, said they were waiting for further instructions from the MCMC. What we heard from MCMC thus far is that this was not supposed to happen as it would frustrate the overall purpose of the registration exercise. How convenient in buck-passing. Didn’t the operators consult the MCMC on the registration procedure before the directive was announced?

Now, let’s look at the larger issue. In 2002, this column has discussed at the length the peril of the authority’s delay in passing the Personal Data Protection Act. Perhaps, it is timely to revisit this issue as we undertake the registration of prepaid cellular users as millions of people’s personal data are passing through the hands of untrained and unrestrained personnel.

Data attached to cellular phone accounts are critical by nature. Each entry will include a person’s name, his address, and his identification card numbers. These sets of personal data are then attached to specific phone numbers where call records can be traced. Frauds have happened before in the automobile hire-purchase industry when such personal data fell into the wrong hands. There is no guarantee that this cannot happen in the cellular industry.

This issue was highlighted in the US recently, albeit at an alarming scale. The sale of personal data and telephone calls record, obtained through sanctioned means or otherwise, has become a big money-spinning industry oblivious to the cellular users.

In early January, the Chicago Police Department issued a warning that dozens of online services – like locatecell.com operated by Tennessee-based Data Find Solutions Inc. -- are selling lists of phone calls made on mobile and land lines, raising security concerns among law enforcement and privacy experts. A Senator has called for legislation to criminalize phone record theft and use.

These online services might be skirting the law to obtain the phone lists. A common method for obtaining mobile phone records is "pretexting", which involves a data broker pretending to be a phone's owner and duping the phone company into providing the information. In some cases, telephone company insiders secretly sell customers' phone-call lists to online brokers, despite strict telephone company rules against such deals.

To test the clandestine service, the FBI paid Locatecell.com US$160 to buy the records for an agent's cell phone and received the list within three hours, the Chicago police bulletin said.

The Chicago Sun-Times did the same and Locatecell.com responded swiftly by emailing back a register of 78 telephone numbers recorded on a reporter’s call list, which included calls to law enforcement sources, story subjects and other Sun-Times reporters and editors.

In July last year, the Electronic Privacy Information Center (EPIC) filed a petition with the US Federal Communications Commission (FCC) seeking an end to the sale of telephone records. It has uncovered Locatecell.com as the company that sold the phone records of a Canadian official to a reporter with “no questions asked”. In other words, with digitisation, critical personal data could travel to foreign hands without your realising it.

So, can we establish that cellular phone numbers and their records are now the most powerful investigative tool? If that’s the case, isn’t it time we tightened the law by instituting the long-awaited Personal Data Protection Act before all hell breaks loose?

Posted by Jeff Ooi at 10:01 PM | Permalink | Comments (0) | TrackBacks (0)

A reflection over 2005… we need more People’s stories

January 1, 2006

Bill Gates and his wife Melinda, alongside Irish rocker Bono, have been jointly named "Persons of the Year 2005” by Time magazine for their charitable work and activism aimed at reducing global poverty and improving world health.

Interestingly, the honour, especially for Bill Gates, has nothing to do with personal computer and software that made him a legendary figure in information technology. Instead, the Gates are honoured for their philanthropic contributions via the Bill and Melinda Gates Foundation - the world's largest foundation, valued at US$29 billion, which spends almost the same amount each year as the World Health Organization (WHO).

Time said the Foundation has saved at least 700,000 lives in poor countries by investing in vaccination programmes, has donated computers and Internet access to 11,000 libraries, and has sponsored the biggest scholarship fund in history.

It’s a thought-provoking event as the honour bestowed on Gates is exactly twenty-three years after the PC, the device that created much of his personal fortune, was named Time’s "Person/Machine of the Year" in 1982.

The irony is, Gates would rather dispense his wealth through philanthropic activities than to allow his company to offer affordable copies of Microsoft Windows in the resource-impoverished developing countries targeted by his foundation. What does that tell us?

Time editor-at-large Nancy Gibbs wrote a tribute by saying that Gates was honoured for "being shrewd about doing good, for rewiring politics and re-engineering justice and then daring the rest of the world to follow”.

Paying tribute to the Irish singer, Time said Bono's campaign to make rich countries address the debt of poorer ones has had an equally impressive impact on the world. For the record, in 2005, ''Bono charmed and bullied and morally blackmailed the leaders of the world's richest countries into forgiving US$40 billion in debt owed by the poorest," the magazine said.

That says a lot for technology. The wealth and progressiveness it created for the world should be harnessed for the well-being of humanity. The world shall play the dual role of the benefactors and the ultimate beneficiaries of technological advancement. Gates and Bono have just shown us the ways, and challenged us to replicate them. I hope more corporate entities and individuals will join the fray.

On that note, as we usher in 2006, I suggest we spend some time to reflect on the year past and try to make sense of what lies ahead in the months to come.

First, the bad news. Global digital divide is here to stay. As evident from the various researches and reports presented during the World Summit on the Information Society in Tunis last November, the jarring gap between the info-rich and info-poor is widening into a chasm that can no longer be reconciled. This, not surprisingly, is closely tied to the North-South disparity that didn’t get addressed in the last millennium. Let’s brace ourselves with the surety that this disparity will only develop into new flash points of conflicts in the decades to come. Global unrests, perpetrated by inherent political alienations and economic imbalances, will take the form of complexities we have never experienced before in our civilisation. We really can’t figure out how it will be amicably resolved and this thought is very upsetting.

On the other hand, on the home ground, there have been several positive signs that should spur us on in the areas of market liberalisation and accessibility to affordable services. It is re-affirmed that healthy competition will provide attentive customer service and end-user lower cost. The most significant example is the cellular telephony.

The entry cost for a prepaid mobile account has dropped to RM8.50, compared to over RM200 a couple of years ago. In tandem with the three-corner competition among the incumbents, the floor for intra-network call charges has been lowered to 10 sen per minute, compared to some two years ago. The operators are not giving away their margin as the increased subscriber base provides them larger call traffic, precipitating in higher utilisation of the infrastructure.

Secondly, market focus has since shifted towards value creation, and users are rewarded, via free airtime and bonus credits, based on loyalty. This creates a mentality for customer relationship building and only operators who don’t buck up on CRM will lose out to their competitors. It’s basically a zero sum game as the user growth is tapering off towards a plateau after years of runaway expansion. The curve overcast everybody in a fair game.

It is hope that this phenomenon of fair competition, innovative customer-engaging marketing strategies experienced in the cellular market will be replicated upon in other convergent industries, like broadband and satellite TV services. The regulator just needs to give them a push to make things happen.

Posted by Jeff Ooi at 10:04 PM | Permalink | Comments (0) | TrackBacks (0)