SecurityLah - the Asian Cyber Security Show

Ep 5. Data Transparency & COVID-19 (MY) Part 2/3

February 22, 2021 SecurityLah Season 1 Episode 5
SecurityLah - the Asian Cyber Security Show
Ep 5. Data Transparency & COVID-19 (MY) Part 2/3
Show Notes Transcript

The discussion with KiniLabs (Aidila Razak) continues on COVID-19 and the data aspect of the pandemic, specifically on data transparency. 

SUMMARY KEYWORDS

people, data, transparency, stigmatization, singapore, malaysia, contact, granular data, release, pandemic, emergency ordinance, panic, number, government, test, feel, information, infected, suggestion, revealing

 

00:00

This was the second installment on a three part series, we speak to idealer Raza from kini labs regarding the state of COVID-19 pandemic and what's happening in Malaysia?

 

00:38

Welcome to security law podcast

 

00:48

do you feel in your opinion, there is the right level of transparency? Yeah. And can the data be more useful?

 

00:57

Is the right level of transparency? No. And can the data be useful? Yes. More useful, absolutely more useful. Yes. Transparency is really quite lacking. There's so many so much information which other countries provide as routine, which is not provided by the Malaysian government. For example, the most obvious one is the locations because it's still very much the thing shrouded in secrecy. The Ministry of Health said that, from the start, they didn't want to reveal locations because they were afraid of stigmatizing, stigmatizing the patients or even the businesses, etc. But recently, I think maybe a couple of weeks ago, they decided to start revealing at least the tama name or the Javelin like the road name. So some level of information but not exactly as transparent as some countries like Singapore, for example, where every I think it's real time, not sure whether it's real time or every day, at a certain time, there is a list, which, which shows like, Oh, where did people infected go to when they were in their infectious period, and the time that they went to that place so that people can actually see, I was there, but I was there at one o'clock, but this person was there too. So I don't have to worry about it. But if I was there at two o'clock, as well, and we were eating the same cafe, I might want to monitor my symptoms. And if I have symptoms, I might want to get checked, for example. So in that situation, citizens are empowered to make decisions for themselves instead of waiting for a contact tracer to call them which is the situation that we are in now, which is not effective at all, because our contact traces are completely overwhelmed. And recently, we reported that in slang, or the on average, about 6000, people who are close contacts are not contacted by the contact tracers everyday, because they just can't manage. And we're not somehow using my suggestion as well as we should. Meaning the Minister of Health and not the people people are scanning, but that data is not really used properly for some reason. So our actually publishes that data to the same level as Singapore. Every day at about 6pm. They release that data, where these people visited, where the infected persons visited and the time. And so far, there has been no complaints about stigmatization and so on. They just accept that this is what it is. And they actually take it as a sign of sincerity, I suppose by the businesses to come clean about this.

 

03:58

I hear what you're saying about the system being overwhelmed, right, there's not enough contact tracers to contact the people who are persons of interest in the infection, possible infection. But at the same time how Singapore is doing it. When I didn't, I was in two minds about it right? Because I'm, I'm just an outsider. I don't I'm not in Singapore. I'm not experiencing it myself. But from what I understand is that they actually give they have given tokens to each citizen, I think it's not compulsory. So at first they wanted to make it a bracelet that the person wears and is a proximity tracker and your works in a way that you that you mentioned right so they they will be informed if they had passed or in the they were in close contact with an infectious person infected person and the end is upon themselves. The onus is upon themselves to do the necessary but at the same time Um, there was a lot of like backlash from Singaporean citizens because there was the privacy concerns about it. They weren't they were concerned about their location being tracked, and so on so forth.

 

05:12

I mean, absolutely that that is a concern. But if you do it the throw it away that's not a privacy concern isn't it

 

05:20

doesn't have trackers on everyone like Singapore where they wear this, it's not a I think it's, it's a necklace or something that you wear on your neck. The throat doesn't have that, but throughout releases the information of where these people have visited. So every time someone is infected, less so now. But so, every time someone is affected, they are interviewed by by KKM to ask where did they go and who they met, they met in the infectious period. So kick em Hanson civilization. In the case of Strava, they are releasing the information one on a on their Facebook page every six o'clock. And then they are also contacting via my suggestion, the people who had who were in that place at that time. So if you had to scan the code at Watson's, for example, at one o'clock, and the person who was infected was also at Watson's at one o'clock, you will get a notice on my statute saying Oh, someone who's infected had was at Watson's at one o'clock when you were there. Please monitor your symptoms. So this is a way to do it without actually, you know, monitoring everyone as well like Singapore.

 

06:34

From what what I understand is like, Peninsula, Malaysia and Sehrawat have the same technology, which is the messenger app. But what Sir, what chooses to do with it is a few steps more. Yes, exactly. Okay.

 

06:52

How the second question you said was, Can data be more useful? Even the way they present data, I believe, yes, can be more useful. So right now, they are releasing information of trends in cases by Mukim. But I mean, how many people know which Mukim they live in to be honest? The you know, do you live in Hulu Langat or do you live in Goomba? King, if you are in Ampang, for example. Not many people know that it's just very strange that they had they had to resort to this but I also feel that this is kind of a legacy thing where they have used this borders for the baton casiotone degree or Pooja certain degree, have used his bodies since time since independence, I suppose or even before that, and they've just released data based on that. You would have locations in Bukit Bintang announced as under Lembah Pantai for example, because under the what you call medical care, Botanicus Yeah, 10 bodies, Bukit Bintang, Xander, Lembah, Pantai. But then if you're a resident of the map, and you see like, suddenly 200 cases in one day, you will feel really concerned thinking that it's one of your neighbors or what but it's actually a construction site in bookkeeping is quite far. And you probably didn't have any contact with them at all.

 

08:24

Yeah, I agree to that. You see, because what I've heard, I've heard contrasting views from people surrounding me. One group of people seem to think that one reason why we're not as effective as we could have been, is because we were not stringent enough. Like some friends of mine in another country, what they do, what they have in their country is they put the entire town under lockdown, and then they test everyone in a regular interval interval. Okay. And that's how they essentially managed to curb the spread of the disease, while on the other hand in Malaysia itself. Number one, because even though initially, we have a number of contact tracing apps, and then subsequently, we consolidated to my suggestion, but the uptake rate is not recorded. And it's while it's gaining momentum now, but it's very slow. Okay. In a report that I read earlier on back in November, it is said that 17%, somewhat, okay of effective detection from the app itself, which means there are many others that come from other sources. Actually, May

 

09:38

I interject on that, that report, I think, wasn't very clear. That was

 

09:45

that was from a parliament reply. And the they were referring to the self self assessment tool, not exactly the scanning. So meaning that percentage of People who have done your self assessment tool in the My suggestion were detected by that tool. So not from the scanning tool. So the number is actually quite a bit higher than that, but I don't recall, much.

 

10:13

Like what you hear so far, make sure you never miss a show by clicking the subscribe button now. This podcast is made possible by listeners like you. Thank you for your support. Now, back to the show.

 

10:30

Well, that's good to have that clarified. So it means what for people like us, general public, we read and then we depend on what we read, even though they come from some reputable sources, but not many people can go on to further research into it and read up or Google things like that. But do you? What are your thoughts on this? Do you think that if the authority but to go deeper in the level of specificity, specificity, then it actually creates a lot of stigmatization and panic, unnecessary panic among the senior citizens here, and therefore, at this point in time, the transparency level would have served up purpose. Firstly,

 

11:15

I really wanted to counter this idea that if we provide information, we create stigma and panic, I feel that secrecy breeds stigmatization, when you prove, put out more information, and it's put out routinely desensitized, so people don't see it as something that's scary, or whatever they see as a way to, to, to regulate how they live or make decisions, but they wouldn't be stigmatized by it, because it's so routine, you get this every day. So what if Watson's today has a case, seven days ago, he also had a case I visited there, and nothing happened to me, you know, because otherwise, if it's secret, you would think that is so dangerous and scary, then it becomes stigmatizing people panic. And I mean, I really think that we should look at the examples of Singapore, even Thailand, who releases information routinely, and there's no massive panic or hysteria there. In terms of, as you said, as stringent testing, the Ministry of Health actually did that exact way. That's actually how they, what that's the policy that they call the call for. Whenever there's a massive, massive outbreak in a localized area, they will lock it down and test. That has been the strategy since day one. But now, I think they're kind of a bit overwhelmed. And they can't really do that strategy anymore. We saw that strategy play out, effectively, in Kedah, when there was the sea, Bangkok Sivaganga cluster, which kind of caught our hand, especially in the Colorado area. So that area was locked down and people were tested. And finally, I think that it even up to maybe, let's say December, that area was still relatively untouched by the third wave. Sorry, for the third wave, isn't it? Let me check again. How many waves you've had? Yes. Is that okay?

 

13:31

By finding a balance is very hard here. Either way, I think you will always hear some feedbacks from people who seem to disagree with what I've done, and how we could have done better on hindsight. Yes, absolutely.

 

13:45

I mean, obviously, the last time the world experienced something like this was a century ago, and things are so different. Now compared to then so everyone's kind of learning how to do it better. But I feel like if we see how other countries are doing it, and it's proven that they really better why are we so resistant to adopt it?

 

14:10

So back to the question on data transparency, Malaysia has taken a drastic step to make sure that they use emergency ordinance to put in additional measures to combat COVID-19. I'll take my example from my corporate world experience. We used to publish numbers for example, how many machines are infected by a computer virus or malware happens is we present the numbers and if the numbers do get challenged, we then present the raw data and tell you based on the logs that we have on X number of systems. This is how we derive this number. This is why this number is high or medium or low. So it gives the audience or the management perspective on how the number As derived, whether it is accurate or not. And there's an opportunity to challenge that data and actually substantiate that data. In Malaysia, if you look at it from a very simplistic terms, we have one source of data that's publishing. These are the numbers. So I Person A, saying, the total number of cases is blah. And practically today, there's no way of anyone validating that. So it's more of a person saying the particular data. And this data supports the legal framework, or justification of why the country is putting in measures such as the emergency ordinance. So this affects the day to day life of every average Malaysian. So, in your view, how do you see this?

 

15:59

I see what you're saying. But at the same time, I also feel like, there's no way to have alternate sources of data because all this is collected in one place unless you want to have a duplicated system where another CPIC, for example, collects the data from various sources as well. But at the same time, I feel that more granular data should be released in a way that is more acceptable is even something as basic as CSV, I mean, not not jpg files, which cannot be read by machines. It could be more granular, and it could be shared with more people. We know that KTM had, for some reason, decided not to share this granular data with slang or task force for COVID. So they are unable to provide support at community level. So for example, the slammer taskforce had been rolling out free tests in places where they saw they predicted we're going to have localized outbreaks. So without the information that the granular data that was coming from KTM, they would not, we're not able to do that kind of prediction. So I feel like it's okay, if there was only one source collect collecting is because it's a, it's, it's a lot of work collecting it. And if there is another organization doing it, then great, but right now, there's only one organization, she says, if you are seeing and pay the amount of data that comes through them, it's a lot. And it's okay that they are the only source but they should be able to release data in a more granularly level in a way that is where it's possible for people to use it to do analysis and to actually see whether the conclusions are the same. The ministries, Director General said that they don't really use granular data because they don't want there to be confusion when there is different interpretations of the data. I find quite strange, because if the data says that, then all interpretation should be valid and should be discussed. I

 

18:31

completely agree with you. And that's the point that I'm actually leading to, if the data were public, say for example, if the raw data was made available, we have so much of talents, even profits here who's a data scientist, she would be able to even tell you where the issues are, where the outliers are, whether there's a new clusters gonna break, we can run simulations, we can run tests, we can bake Make, make better use of the data KKM, or CPRC, may not have all the experts that they should have. And this is where I feel that crowdsourcing and having the data out, makes more sense, because you have more many eyes looking at the data rather than just one split set of people looking at it. And it also promotes the fact that for example, if you're publishing a number by get the confidence on that number, which means I can now go back, put all the formulas into place, derive that original number and say, hey, look, today's case is x. Based on my calculation, it's also x, so grieves, more confidence to the government on how they're handling that the whole pandemic situation and the level of transparency that they provide to the public, which gives them more confidence in return. And also may also help using crowdsourcing where you get more people looking at the data, you might spot some things that the government may not see. And that could help us to stem this pandemic or shorten the curve, which would help everyone in return. Sure.

 

20:10

But I think it really stems down to the fact that we do not have a tradition of data transparency, we don't even have a Freedom of Information, legislation. We don't really practice sharing data. This is not something that is natural to the government, or even the Health

 

20:33

Minister, do you see this as a trend that's only prevalent in Asia? Because when I look at things, for example, I look purely from the cybersecurity aspect, I look at things like for example, breach notification, large organizations, even cybersecurity organizations lifting their hand and say, look, we've been hacked, and we're coming clean on all these matters. Is this something to do with culture? Or is it because there's a lack of governance framework around how things are done?

 

21:04

They kind of related and so there will not be any framework if the culture does not really appreciate or what or, you know, if there's no culture of transparency, then there wouldn't be any government framework. I don't know if there's an Asian thing, because there are other maybe Eastern European countries or even African countries also facing this kind of issue. So transparency issues, I don't think it's an Asian thing, per se. Ultimately, we just need to understand that data is meant to be free. It's not meant to be hidden and controlled by anyone,

 

21:45

if we were to give government a chance to actually make things better. And based on whatever data that's given so far, in your opinion, what additional data that the government can and should provide, to enable people like you me prof to actually look at the data and present a view where it's much more concise, gives us enough depth without revealing personal information, and giving us a chance to look at this whole pandemic from a data perspective, rather than just a holistic number.

 

22:33

Thanks for joining us this week on security lab. Make sure to visit our website at security lab dot Asia, where you can subscribe to the show in iTunes, Spotify, or via RSS, so you'll never miss the show.