“Propensities and principles must be reconciled by some means.”― Charlotte Brontë, 'Jane Eyre'
As anyone at Malaysiakini would tell you, I am the least computer savvy person in Malaysia. This is why the recent UM website hack is terrifying to me. Any hack is terrifying to me. The most troubling aspect of any hack is the invasion of privacy. This pales in comparison to the despondency and lack of trust which settles in after you have been through the wringer attempting to rectify the situation.
If you are like me, someone who has very little knowledge of how these things work, the loss of privacy and the subsequent scramble to “protect” whatever information is out there, the bureaucratic hassle of setting things in order becomes an ordeal. It is much worse if you are older and have to rely on more tech savvy people to help you navigate the aftermath of your personal information getting out there.
There are a couple of issues I want to unpack about this hack on UM. Over the years writing for Malaysiakini I have made friends with numerous people who consider hacking a form of activism or a business endeavor. They send me articles on ethics, famous hacks and, most interesting for me, chat group conversation about the various communities who sometimes have agendas, but more often believe in some form of anarchy.
Over the years, I have had offers to dox people who contribute in the comment section because the comments were deemed racist or blatant lies. I have always emphatically said no.
It may not be in the same category, but why would I want to put anyone through that? It never fails to amaze me that people who claim to believe in free speech (and anarchy) are willing to sanction those practicing it (often irresponsibly and cowardly), most often under the cover of anonymity.
When the hack was first announced, the number of emails I received from people who were gleeful that UM got hacked troubled me. I have no idea why they would think that a data dump of personal information from academic and non-academic staff would be something to be celebrated.
If you have an issue with the way how activist Wong Yan Ke (above) was treated, why does this translate to a feeling of schadenfreude for people who have no dog in this fight? If you are angry with the vice chancellor who made racists remarks, why treat the staff as collateral damage? If you think that Universiti Malaya’s security measures are a joke, why punish the people who work there or use the system?
A couple of comments made to the media reflecting the underlying anxiety of students and staff about the hack, are worth considering.
"This is not the right way and platform to express their feelings. Why affect other innocent students and the operating system of the university?"
"I think it's acceptable for this unknown party to hack the UM E-pay portal as a protest. But that's if they do not take any advantage of the students' financial data.”
Apparently, before the hack, there were WhatsApp messages warning students and staff not to use the system because it was infected with malware. The messages I assume were meant to mitigate the damage done, but present a whole new set of problems.
It is not inconceivable that people would start spreading hoax messages just to disrupt the usage of systems which are targeted for political or personal reasons. Also it is much like dropping leaflets in a community before you bomb the hell out of it. Pointless and an insincere attempt at empathy.
There is making a statement with your hack, and then there is malicious intent. Some would claim that the two are not mutually exclusive, but I think it can be. MrX, the hacker(s), who made the run on UM, said that they were not to blame, but UM for not prioritizing security.
If they had just hacked the site and made it known that UM security was a joke, this at least would have some sort of utilitarian value that could be justified. Instead, the hackers released the personal information of staff, including bank account information and pay slips, which is mala fide.
In other words, they wanted to hurt people and not just demonstrate that security was a joke. What is worse is that they claim to be on the side of UM students. Is there some form of monolithic perspective when it comes to the “situation” in UM?
Friends who work there claim that there are issues that the “management” has been avoiding for years, but the question remains, how leaking the personal information of staff helps the situation. I would argue that what this has done is make the situation worse.
I have also received numerous emails from people who were affected by this hack and the steps they had to take to rectify the situation. Reading about their problems is an exercise in blood pressure control. I would not know what to do, if I were in their position.
Many are afraid of identity theft and are paranoid if money in their bank accounts would still be there. I know a couple of people who have been compulsively checking their accounts at the ATM, and then wondering if their pin numbers have also been hacked. Paranoia sets in quickly, which I suppose is the intent of people who engage in such hacks.
Wong Yan Ke disavows the actions of the hackers, but says: “(However) This shows that people are against what the university had done.”
Here is the problem. The university staff did not do anything. I get that it easier to make the case that the whole institution is to blame instead of focusing on just the VC. Indeed, I assume that Wong’s act of protest was against the VC and not the entire staff of UM.
Furthermore, when Wong says: “What we need to highlight here is not whether they are supporting me or not, but we need to highlight that there is a breach of security, which means the security of our (UM) website is prone to risks,” is disingenuous.
If the hackers had just hacked the system without the data dump of personal information, then the only thing we should be concerned about is how UM’s security is wanting. However, what these hackers did was dump the personal info of staff, and in the process caused distress to many people who do not have a dog in this fight beyond working to support their families by working for UM. The hackers claim they did this in solidarity with UM students.
The nuance of the hack and the harm it caused people should be what any activists who claim to rely on first principles should be concerned about, and not gaining political mileage from the hack while disavowing it.
If activism has mala fide consequences, or the perception is that it is acceptable to have collateral damage while making a point, how does this sort of activism serve the rakyat? It is like protesters damaging public or private property and then claiming “forget about all that and think of the greater “good”.
To quote Omar (from the TV series 'The Wire') the bandit who stole from drug dealers: “A man gotta have a code.”
S THAYAPARAN is Commander (Rtd) of the Royal Malaysian Navy. A retired barrister-at-law, he is one of the founding members of Persatuan Patriot Kebangsaan. - Mkini
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.