WITH the easing of restrictions, those who have been fully vaccinated are now able to enjoy certain social activities such as dining out. This has led to some unvaccinated individuals resorting to fraudulent measures to gain access to these perks.
Two weeks ago, The Star reported on private clinics rejecting requests from anti-vaxxers offering up to RM1,000 for fake vaccination certificates. Other unscrupulous parties forge vaccination certificates, steal others’ certificates, or ask friends to “lend” them their vaccination statuses to gain access to premises.
Among the advice given to Malaysians to protect their data is not to share copies of their vaccination certificate with anyone or to allow anyone else to access their MySejahtera account. Premise owners, meanwhile, are advised to be observant as patrons present their MySejahtera digital vaccination certificate, to ensure that it is a live app and not a screengrab of others’ certificates.
A crime of impersonation
Consumers especially should be aware of the law in data protection, and know that sharing your vaccination certificate for others to use is illegal and carries high risk, says data protection law specialist Dr Sonny Zulhuda.
If a copy of your vaccination certificate was stolen and used by dishonest individuals, then you are a victim of identity theft. However, if you intentionally share it with someone else, then you may be an accomplice, says Dr Sonny, who is based in the International Islamic University Malaysia’s (IIUM) law faculty.
“You may think that you are helping your friends to dine outside, but you are actually putting your friend and others in danger,” says Dr. Sonny, as both the unvaccinated person, and those who come in contact with the unvaccinated person are now at higher risk of exposure to Covid-19.
Furthermore, if a vaccinated person lends their MySejahtera account to an unvaccinated person to use, and the unvaccinated person becomes a casual or close contact to a positive case when using the account, then the original owner of the MySejahtera account will be the one whose status will be flagged and turn red on the app.
“If your friend borrows your MySejahtera account and visits an infected area, you will be the one who has to comply with isolation and quarantine regulations as it will be reflected in your MySejahtera account. Do you want to end up like that if you didn’t even go to the location?” Dr. Sonny asks.
Dr. Sonny explains that if a vaccinated person allows an unvaccinated person to use their digital certificate, it is not identity theft as no data was stolen. However, it is a case of misusing technology and may constitute fraud.
“Both these individuals are partners in crime. Legally speaking, this is an offense of cheating by personation under Section 416 of the Penal Code. If you took someone else’s vaccination certificate, then you have committed the crime of impersonation. If you allowed another person to use your vaccination certificate to visit a premise claiming that he or she was you, then you have become an accomplice, abetting someone else to commit an offense. Both can be prosecuted under the law,” Dr. Sonny explains.
Meanwhile, the police have said that forging digital vaccination certificates is a serious offense under Section 22(d) of the Prevention and Control of Infectious Diseases Act for giving false information, and is punishable with a maximum seven-year jail term and RM100,000 fine.
Identity theft and misuse of identities will always follow the latest technology. Because of this, governments cannot work alone to curb the problem.
“Simply coming up with rules will not really work because this requires the involvement of industries, technology players, and consumers themselves,” says Dr. Sonny.
“The government cannot stop at saying that premise owners should check patrons’ digital certificates. That is not enough, and a law is only as good as how it is implemented. The government should go further and check how standard operating procedures (SOPs) are being practiced. This is when we will hear of unvaccinated people using others’ mobile phones to enter premises, using others’ MySejahtera accounts, or using screengrabs of others’ digital vaccination certificates,” he says.
Apart from checking on the implementation of SOPs, the government can also publish guidelines and update them accordingly. Simplifying the guidelines to “do’s and don’t” as what was done in the early stages of the movement control order will also make it easier for the public and businesses owners to understand, says Dr Sonny.
“This pandemic represents an extraordinary situation. People will say that it is a hassle to be so strict on guidelines and SOPs, but to me personally, we have seen the risks. This is a necessary hassle. We have all been through isolation, and now that we are given some leeway, it requires everyone’s cooperation to keep Covid-19 in check,” he says.
Protect personal data
The Department of Personal Data Protection (JPDP) explains that because the Covid-19 vaccination certificate contains the two most important personal data of any Malaysians, their names and Identification card number, protection of this identifiable personal data from unauthorized processing is of utmost importance.
“Moreover, the Government’s intention of having proof of vaccination to ensure herd immunity is achieved and the sectors are safe to be opened again could be jeopardized if the digital certificate is exposed or disclosed, which may lead to illegal printing and selling,” JPDP said in an email reply.
“JPDP would like to advise Malaysians to protect their digital vaccination certificate by following the simple rule of not posting pictures of the certificates on social media. The unintentional disclosure of the certificate can lead to identity theft as they carry important personal data,” it adds.