New MyKad Proposal Carries Data Breach Risk

The Home Ministry's proposal to roll out a new generation MyKad with biometrics has sparked concerns over the potential for data breaches. The proposed enhancements, announced in Parliament last week by Deputy Home Minister Datuk Seri Dr Shamsul Anuar Nasarah, would include 10 fingerprints, facial and iris biometrics.

While the addition of more biometric identifiers is expected to enhance accuracy and security in identity management, experts have warned that it also raises significant risks. "Biometric information is sensitive and immutable, unlike other identifiers," said Deepak Pillai, a data protection expert. "Once compromised, it cannot be replaced or reissued, which means the consequences of a breach could be permanent."

The proposal has also been met with criticism over its potential impact on national security. Criminologist Datuk P. Sundramoorthy of Universiti Sains Malaysia warned that the centralized database containing millions of fingerprints and iris scans would be a "goldmine for hackers" if breached.

Raymon Ram, certified fraud examiner and president of Transparency International Malaysia, echoed these concerns, stating that concentrating multiple biometric identifiers in a single system significantly increases its risk as a target. He emphasized the need for strict cybersecurity standards, legal safeguards, and independent oversight mechanisms to mitigate this risk.

On the use of Jawi script on physical and digital identity cards, experts were divided. While some saw it as a way to reduce forgery and promote cultural identity, others argued that it would not enhance security. "True security comes from chips, encryption, holograms, and biometric verification, and not script complexity," said Raymon.

Former National Anti-Financial Crime Centre chief executive Datuk Seri Mustafar Ali emphasized the importance of beefing up systemic weaknesses to ensure that the enhanced MyKad is sustainable and effective. "Strict oversight of data management must never be compromised to ensure the upgraded card's success."

Despite these concerns, some experts saw potential benefits in the proposal. Data protection expert Deepak Pillai noted that such approaches are increasingly recognized as international best practice in identity management.

As the proposal moves forward, it is clear that there are significant risks and challenges associated with its implementation. It remains to be seen whether the authorities can balance security concerns with the need for convenience and efficiency in identity management.