The Election Commission (EC) website where voters can check their voting constituency and polling station by entering their MyKad number is not secure, tech blogger Keith Rozario said. The creator of sayakenahack.com, aimed at helping victims of a massive data breach to find out if they were affected, said in a blog post that the EC site was marked as “insecure by Google Chrome because it doesn’t even have TLS”. TLS or Transport Layer Security is meant to ensure privacy and data integrity between two communicating computer applications. In the case of a voter checking their status on the EC website, TLS would ensure that data travelling between the voter’s browser and the EC on a WiFi or data connection used would be encrypted. Without TLS, he said that someone searching for their voting information on the EC website could have their data “transferred in clear across the internet for anyone in the middle to see”.
“It also means that your browser is not authenticating the site, and anyone can create a fake (EC) website and make it look identical.
“If you’re logged onto the (EC) website from a kopitiam WiFi, I can see the data you’re sending (and receiving) just by logging on the same WiFi,” he said.
Rozario was defending the security of sayakenahack.com, which has been blocked by the Malaysian Communications and Multimedia Commission on grounds that it violated the Personal Data Protection Act, under which it is an offence to disclose private information without the consent of users through any platform.