PETALING JAYA: PKR’s Fahmi Fadzil has called on communications and multimedia minister Annuar Musa to explain a written answer his ministry gave to a parliamentary question the Lembah Pantai MP posed three years ago after new evidence surfaced casting doubt on the truthfulness of the answer given.
Describing the development as “startling”, Fahmi said: “It calls into question whether there was some kind of attempt to mislead the house or (whether) it was an answer on what had been investigated up to that point.”
The question posed related to Malaysia’s biggest data breach incident involving 46 million mobile phone numbers, which sparked widespread public and media interest over the efficacy of personal data protection in place.
Based on information available at the time, Fahmi had asked the minister to explain how the contractor managing the Public Cellular Blocking Service (PCBS) for the Malaysian Communications and Multimedia Commission (MCMC) could fail to protect the personal data of so many subscribers. He also asked what actions the ministry had taken against the contractor.
In a written reply issued in October 2019, the ministry told the Dewan Rakyat that action had been taken against Nuemera (M) Sdn Bhd following an investigation by MCMC, the personal data protection department and the police.
The statement added that the “investigation papers have been completed and sent to the Attorney-General’s Chambers for action”.
The Dewan Rakyat was also informed that “following the investigation, on Jan 26, 2018, MCMC had suspended Nuemera’s appointment as it was found that the company breached basic provisions in the contract between MCMC and Nuemera”.
In addition, the statement said, MCMC had informed Nuemera it will not be renewing the PCBS agreement for an additional term of five years which the contract provided for.
New information, however, suggests Nuemera may not be responsible for the data leak.
In a letter from Bukit Aman’s commercial crime investigation department (CCID) to Nuemera’s lawyers dated April 26, 2018 – more than a year prior to the answer in Parliament – police confirmed that investigations revealed no evidence linking Nuemera or any of its staff with the leak or the sale of the data.
“The minister is in a position to perhaps give some explanation on this,” Fahmi said, adding that the police should also confirm or deny whether investigations are ongoing.
Sources tell FMT that by May 2018, the CCID had officially informed MCMC’s chief operating officer that the police had not been able to identify any suspect in the case and that no further action was contemplated unless new information was obtained.
In another letter dated Aug 2, 2019, the CCID informed MCMC that the Attorney-General’s Chambers did not intend to prosecute anyone in relation to the incident.
The three letters appear to contradict the ministry’s statement in Parliament holding Nuemera accountable for the data breach.
Built and managed by Nuemera, the PCBS was intended to protect the public by disabling the operation of lost or stolen mobile handsets across all Malaysian networks, even if their SIM cards were changed.
Modelled on a similar system in the UK, the PCBS is meant to remove the incentive to steal phones, reduce street crime and to provide law enforcement authorities with important crime analytics.
Last month, FMT reported that investigations had resumed following the discovery of new digital forensic evidence which suggested that an individual had made false statements under oath.
In arbitration proceedings brought against MCMC for wrongful termination and other relief, Nuemera secured an order that a laptop computer kept by MCMC be subjected to a digital forensic examination. FMT understands that no such examination had been conducted on the device previously.
The results were said to contradict sworn testimony by a key witness who was MCMC’s official custodian of the laptop during investigations. The laptop was meant to be kept securely by MCMC.
Belonging to Nuemera, the laptop is said to have been configured with security credentials and software which allows it to securely connect to the PCBS infrastructure.
Current investigations are believed to be centred on its use and safe storage after digital forensic experts found evidence which raised doubts about the explanation given by the witness previously.
The witness is also believed to have been involved in the preparation of internal investigation reports on the data leak incident which led to Nuemera’s suspension and the termination of its contract with MCMC.
Nuemera has since commenced arbitration proceedings against MCMC in relation to the dispute.
Contacted by FMT for an earlier story, MCMC declined to comment, citing the confidential nature of the arbitration proceedings.
Nuemera has declined to comment on this story. - FMT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.