PETALING JAYA: Public concern over the robustness and security of the MyJPJ app in displaying the digital road tax and driving licence is valid, says a cybersecurity expert.
Fong Choong Fook, executive chairman of LGMS Bhd, a specialist cybersecurity testing firm, said this is especially so after a series of massive data leaks involving the government were exposed last year.
“So it’s a natural reaction by the public to be concerned that the government may not have proper procedures to protect personal data,” he said when contacted yesterday.
He was commenting on the move by the Transport Ministry to digitise the Road Transport Department’s (JPJ) services via MyJPJ.
Former transport minister Datuk Seri Dr Wee Ka Siong had raised concerns that the data of 33 million Malaysians, including 16 million licences, could be at risk due to poor security features in the MyJPJ app.
Dr Wee said this is because one’s details could be retrieved by simply keying in the MyKad number.
Fong said that aside from the risks of data leaks, another potential concern is that the data could be used by criminals.
“Because now we are so digitised, and we have our vehicle details and everything online, if this data is not protected properly, it can be used by criminals to do very accurate profiling on us.
“Based on this, they can also do a financial profile on people, such as on the individuals who own many luxury cars. The data can provide deep insights for criminals,” said Fong, who added that data modification is another risk.
“When everything is going online, the risk of data manipulation is going to be there,” he said as he urged the government to spend a lot more effort on proper security before rolling out any large-scale projects.
“Before rushing to roll out a project at the national level, spend a significant amount of effort assessing the security and risks, as well as implementing controls,” he advised.
Fong reiterated that the government should also do more intensive testing and assessments beforehand.
Malaysians Against Rape, Assault and Snatch Theft founder Dave Avran said while digitalising drivers’ licenses and road tax was a step in the right direction, the implementation needs to be well thought out first.
“The fact that on the day they announced the move itself, the Road Transport Department website crashed showed that it was done in a rush. It seemed like they rolled out the system without adequate preparation on the backend,” he said when contacted.
Dave said that while digitalisation is the way forward, the process must be robust.
He added that it also seemed like the whole system was rushed when Transport Minister Anthony Loke said initially that motorists must keep a digital copy of the road tax of the vehicle they are driving and later stated that enforcement officers can verify vehicle road tax via their system.
“Those implementing such things need to put themselves in the drivers’ shoes and see what can go wrong.
“For example, when a vehicle owner lets someone else drive his car and it gets stopped at a roadblock, is the Transport Ministry sure that all law enforcement personnel will not insist that the motorist has a copy of the road tax on their mobile phone?” said Dave, who added that the burden of proof must fall on law enforcement agencies and not on motorists.
“Law enforcement personnel must also be briefed so that no motorists are penalised or given trouble for not having a copy of their road tax,” he said.
Meanwhile, the Transport Ministry reaffirmed its commitment to driving digitalisation, with Loke saying he is appreciative Dr Wee’s concern over the security features of MyJPJ.
“I’m thankful that the former transport minister has expressed his concern.
“All remarks will be taken into account and improved on.
“The ministry will continue to solidify its digitalisation agenda, and we will improve any weaknesses,” he told reporters after the launch of the MyRailLife KTM Komuter pass yesterday.