KUALA LUMPUR – A special committee set up by the Malaysian Communications and Multimedia Commission (MCMC) is mulling implementing sweeping changes to address the rampant issue of online anonymity, citing its role in combating cybercrimes and online harm.
Online Harms and Information Security Committee Chairman Derek Fernandez calls for a paradigm shift in approach to ensure that individuals accessing network facilities can be readily identified, particularly when involved in criminal activities.
Fernandez has sounded a clarion call for a radical transformation in the way online identities are managed, aiming to curtail the pervasive issue of anonymity that facilitates cybercrimes and online harm.
“It is of course the duty of a government to protect its citizens from threats, both foreign and domestic, and that includes protecting them from cybersecurity threats,” he told Scoop when met recently.
“The current situation of cybersecurity threats taking place in the form of scams, the planting of malware, and hacking has necessitated a change in approach to how these problems are dealt with by a regulator.”
He said while combating cyberthreats was a shared responsibility, the average Malaysian consumer or subscriber to online services has limitations when it comes to being able to identify and combat scams, phishing sites, or malware.
These challenges are compounded by the proliferation of artificial intelligence, which can be abused to create deepfake audio and visual clips.
The latest example of this occurred in Hong Kong, when a multi-national company was scammed of HK$200 million (RM121.9 million) after an employee attended a video call with deepfake recreations of the company’s UK-based chief financial officer and other employees.
Fernandez said daily advances in deepfake technology and generative AI are making it difficult even for experts to distinguish between real and fake. Therefore, a cybersecurity approach based not just on technology or more resources is required.
This approach must also provide for fair allocation of risks between those who provide services and the public who use the services, especially where it involves financial payment applications or gateways.
“This requires a view, a policy, and a doctrine, where the consumer must be part of any cybersecurity framework,” he said.
In a comprehensive proposal, he outlined the dire consequences of unchecked anonymity, emphasising how it enables perpetrators to escape accountability for their malicious actions.
Fernandez underscored the critical need for a robust mechanism to identify individuals accessing network facilities, especially in the aftermath of criminal activities.
“Nearly all persons intending to commit a crime or engage in causing online harm do not wish to get caught and therefore want to remain anonymous,” Fernandez said in a whitepaper issued during the Regulators Roundtable ASIA 2024 conference, organised by the MCMC and International Institute of Communications recently.
To address this issue of anonymous users and scams, Fernandez proposes a multifaceted strategy, urging governments and stakeholders to consider a slew of measures.
On registration and regulation, he said all social media, Over-The-Top (OTT) platforms, and digital service providers must be registered and subject to relevant Malaysian laws governing network services. Fernandez advocates for licensing these platforms to ensure accountability.
For strict identity verification, he said individuals accessing network facilities must be registered with strong proof of identity, with legal responsibility falling on the service provider. Fernandez suggests improving registration processes, akin to SIM card or OTT platform service registration, to bolster identity authentication.
Fernandez also proposed global fines for breaches, calling for substantial fines, enforceable globally, against service providers or OTT platforms for serious breaches related to identification. Proposed fines should be proportional to global revenue.
Fernandez also recommended disallowing unsolicited digital communication without proper identification of the sender on any platform or service.
Furthermore, he called for immediate identity disclosure, where individuals receiving unsolicited communications are entitled to promptly obtain the identity of the sender from the service provider, necessitating technology modifications.
He added that there should be a Know Your Customer (KYC) policy where service providers, including e-commerce platforms, should adopt a stringent KYC policy, with legal liability imposed for fraud conducted by an anonymous seller due to weak identity verification procedures.
Fernandez said there should also be a central registry for anti-scam measures to retain deregistered phone numbers or roaming numbers, enabling effective anti-scam and anti-spam measures.
Platforms hosting fake news or defamatory content, he said, must be held liable for failing to provide the identity of the party posting the material to the person defamed.
Fernandez also stressed the importance of regional cooperation among regulators to make concealing identities challenging when accessing or using network facilities or services. – Scoop, February 14, 2024