Suspend Padu until security flaws are fixed, says ex-deputy minister Ong Kian Ming

Twentytwo13
·4-min read
Suspend Padu until security flaws are fixed, says ex-deputy minister Ong Kian Ming
"Suspend Padu until security flaws are fixed, says ex-deputy minister Ong Kian Ming"

A former Malaysian lawmaker takes issue with the just-launched Central Database Hub (Padu), saying it should be suspended until its flaws are fixed.

Former Investment, Trade, and Industry deputy minister, Ong Kian Ming, who is also a former DAP MP, had raised eyebrows following his series of posts on X (formerly known as Twitter) yesterday - barely hours after Padu was launched by Prime Minister Datuk Seri Anwar Ibrahim.

Padu is a comprehensive database established by the government to date that contains individual and household profiles encompassing citizens and permanent residents in Malaysia. The system is said to pave the way towards a fairer distribution of targeted subsidies for Malaysians in need.

Economy minister Rafizi Ramli had yesterday said the team that developed the Padu system had looked at data security, including user experience. He also said that the electronic Know-Your-Customer (e-KYC) system would prevent people from registering with another person's information.

Ong, had in a statement issued at 5.24am today, listed down his concerns. Below is his statement in full:

"I take no joy in writing this statement. I wanted Padu to be successfully launched, because the intended purpose of this database was for the rollout of more targeted subsidies including for the withdrawal of the non-targeted petrol subsidy to be placed by a targeted subsidy mechanism. Sadly, the Padu database, as it stands, will not be useful in achieving this objective.

Firstly, those who are currently receiving government aid such as Bantuan Tunai Rahmah (BTR) but are not eligible because they have other non-taxed income such as rental income from houses and land they own will not be the accurate information in Padu. (See Figure 1 below)

<em>Figure 1: Income-related information to be filled in via the PADU database</em>
Figure 1: Income-related information to be filled in via the PADU database

Secondly, some users including myself are wondering why so many of these columns are not filled given that Padu is supposed to have consolidated data from several ministries and agencies including the Inland Revenue Board, Employees Provident Fund, Social Security Organisation, National Registration Department, and the Implementation Coordination Unit, just to name a few.

Rafizi's reply, via Twitter was that this information was not displayed because of security concerns over possible hacking into Padu's servers. But if some of this information is already available via government ministries and agencies, why does Padu need the user to fill up this information?

What if the information supplied is not the same as what is found in Padu's database? How does Padu verify the other information which is supplied by the user such as rental income from land or property? With so many additional fields to fill in, many users would choose the option of not filling up these fields or filling them up with inaccurate information so that they remain eligible to receive government subsidies!

Thirdly, there is a major security issue with the registration of Padu whereby if you have the identity card number and the postcode associated with the identity card address of a user, you can register for the Padu account for that person, without having to go through the e-KYC process. I did this with the identity address and postcode of four of my DAP colleagues who are ministers or deputy ministers namely (Hannah) Yeoh Tseow Suan, (Steven) Sim Chee Keong, Liew Chin Tong and Teo Nie Ching. (See Figure 2 below)

<em>Figure 2: Ong registers Padu accounts for several Cabinet ministers without going through the e-KYC verification.</em>
Figure 2: Ong registers Padu accounts for several Cabinet ministers without going through the e-KYC verification.

I was also able to change some of the details for the academic qualifications and occupation of (Hannah) Yeow Tseow Suan without having to go through the e-KYC verification.

Where does this leave us? I would strongly recommend that the cabinet make a collective decision to suspend the registration of Padu users until the security issues can be solved.

The system should be properly stress test before it is rolled out again. Users who have registered but have not undergone the e-KYC verification should be asked to register again after the security issues have been resolved.

The number of fields of information should be decreased. Once the security features are in place, the information that can be pulled from other agencies and ministries should be pre-filled as much as possible. The user should have a mechanism where he or she can make a report if the information provided is not accurate. IT and cybersecurity experts should be called in to provide value-added inputs that can be used to improve the design of the Padu system.

I hope that my former colleagues in the cabinet will not see this as a move to undermine their governing objectives. In highlighting these flaws in the Padu system, I hope that they can be quickly rectified before the next parliamentary sitting so that the opposition parties in Perikatan Nasional will not have the opportunity to make this into a point of political debate.

I wish for the Madani government under Anwar to succeed and I hope that my actions in revealing the gaps in the Padu registration system will be understood as such."

The post Suspend Padu until security flaws are fixed, says ex-deputy minister Ong Kian Ming appeared first on Twentytwo13.

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories