Analysis: Malaysia’s botched web rerouting plan shows it must be more transparent, ‘better prepared’ on new internet policies
As Malaysia U-turns on a move to reroute web traffic aimed at blocking access to harmful websites, analysts say the government risks hurting its credibility in its hasty efforts to make the internet safer.
KUALA LUMPUR: Public backlash that forced Malaysia to abandon its haphazard execution of a technical move aimed at blocking harmful websites shows the government needs to be more transparent in its efforts to regulate the internet, analysts said.
Before the Malaysian government had made any public statement on the move, social media posts in the past month detailed how authorities had started to implement a plan for local internet service providers (ISP) to reroute web traffic through their own domain name system (DNS) servers, triggering widespread criticism.
Netizens and even some government politicians had raised concerns that the move - which comes as authorities push on with a plan to further regulate Big Tech and social media in the country - signalled growing online censorship and could jeopardise Malaysia’s digital economy.
DNS is a system that translates domain names into numerical addresses used by computers to locate websites on the internet.
While local ISPs often operate their own DNS servers, some web users use public DNS servers, such as those provided by Google or Cloudflare, to gain faster internet speeds or as a method to access websites blocked on local ISPs.
Under the government’s now-suspended plan, which was supposed to fully take effect from Sep 30, user requests from such third-party DNS servers will be redirected to those operated by Malaysian ISPs. This means users will not be able to access blocked websites using the DNS method.
Analysts told CNA that this method is used in countries like India and Indonesia as a more effective and centralised way of controlling internet access, as opposed to more conventional content filtering by ISPs.
Beyond that, some netizens had complained that Malaysia’s move had also blocked access to legitimate websites. For instance, the Galen Centre for Health and Social Policy - a health think tank based in Kuala Lumpur - said the move had caused problems with its website.
“DRACONIAN” POLICY
The Sinar Project, a Malaysia-based internet watchdog group, was the first to publicly flag the government’s DNS rerouting move on Aug 6, citing how this method was used to block access to the websites of a controversial political blogger and a gay dating application.
A month later on Sep 7, the Malaysian Communications and Multimedia Commission (MCMC) tried to address some of the backlash that ensued, insisting in a statement that the move was only aimed at blocking harmful websites, and urging users to report to ISPs if they had issues accessing legitimate ones.
In its statement explaining the government’s move, the commission said that it was aimed at protecting vulnerable groups from malicious or harmful content, adding that it had blocked 24,277 websites between 2018 and Aug 1, 2024 to protect users' safety.
But as the criticism continued, with two Selangor state politicians from Prime Minister Anwar Ibrahim’s ruling coalition respectively calling the move “censorship” and “draconian”, the government decided to back down.
On Sep 8, Communications Minister Fahmi Fadzil wrote on X - formerly known as Twitter - that he had directed MCMC not to proceed with the move. This was based on public feedback given during MCMC’s engagement sessions, he said.
Still, Mr Fahmi stressed that the commission would continue to engage all stakeholders to gather their feedback on achieving a “safer internet”.
Mr Numan Afifi, a program officer with Sinar Project, told CNA that the government's plan risked taking away user autonomy, privacy and security by allowing it to control what users can access online without their knowledge or consent.
“There was no consultation or transparency, which made it even more problematic. This kind of heavy-handed censorship is why the authorities likely had to backtrack - the backlash and disruptions it caused were significant,” he said.
Dr Shafizan Mohamed, a communications lecturer at the International Islamic University Malaysia (IIUM), believes that the authorities backed down because they realised they did not know how to “effectively implement” the move.
“The government needs to be more cautious and better prepared when they want to introduce new rules or restrictions, especially when attempting to monitor the internet,” she told CNA.
“Sudden and abrupt control or regulations of the internet without a clear vision or direction can damage the country's digital ecosystem as well as the government's credibility. And it makes the government appear reactive and uncertain in its policy making.”
INTERNET SOVEREIGNTY
The Malaysian government had indeed appeared certain when trying to dispel “misinformation” that spread about its DNS plan, as stated in MCMC’s Sep 7 statement.
The commission said it was inaccurate that the move amounted to a blanket ban, pointing to how it only targeted websites that hosted malicious content, like online gambling, pornography, copyright infringements and scams.
Moreover, any websites that believe they have been unfairly targeted or affected may file an appeal through established channels, like the Appeals Tribunal established by MCMC and chaired by a High Court judge, it said.
“It has been falsely claimed that the measure undertaken by MCMC is a draconian measure. We reiterate that Malaysia’s implementation is for the protection of vulnerable groups from harmful online content,” MCMC added.
Dr Shafizan acknowledged that the move was part of Malaysia’s broader goal of exerting its “internet sovereignty”, used to describe how many governments are trying to challenge the “western ideals” of a free and open internet.
“These governments mostly argue for the right to impose specific rules and regulations that shape the internet in a way that aligns with their cultural and societal values,” the communications lecturer said.
She noted that Malaysia might have opted for DNS redirection as a “less obvious” way of blocking access to certain websites, in that users trying to access these websites could have gotten a loading error instead of a censorship notice.
“From a liberal democratic perspective, it can be considered draconian because it allows the government to dictate what the public can and cannot access, infringing the basic rights of freedom of speech and information,” Dr Shafizan added.
“The government can effectively filter and block content, which enables them to shape public opinion by managing the information available to citizens.”
PRIVACY AND SECURITY
Project Sinar’s Mr Numan said Indonesia employs a similar method to block websites, especially those related to political dissent or content deemed inappropriate.
Indonesian ISPs intercept user queries and either redirect them to a block notification page or simply return no result, making the content inaccessible, he said.
While the technical methods used by different countries might vary slightly, they all have the same goal of disrupting free access to information, Mr Numan said.
“These blocks, whether through DNS hijacking or other techniques, can cause widespread disruption to legitimate online services, as seen in cases where major platforms and services like YouTube and GitHub have been blocked in Indonesia and India,” he said.
Mr Numan highlighted that DNS rerouting could also impact user privacy as it allows ISPs and governments to intercept and log users' DNS queries, exposing their browsing activity and the websites they attempt to access.
“In addition, security risks arise from DNS tampering. Redirecting users to unauthorised or fake websites can lead to exposure to malicious sites designed to steal personal data or spread malware,” he added.
“This disruption of the integrity of DNS can lead to a breakdown in trust between users and the internet infrastructure they rely on.”
VPN WON’T BE BANNED
One internet user told CNA he is losing trust in how the government is handling moves to make the internet safer, calling the abandoned DNS plan “another short cut policy” it was trying to implement in haste.
Mr Khairi Zulfadhli, head of digital at a Malaysian search engine optimisation consultancy, said he found out about the move through social media after his clients who used Cloudflare servers experienced disruptions.
“One thing that made me very disappointed is that they (MCMC) left it to ISPs to implement the order without any guidelines, no stakeholder engagement, no manual, no discussion at all. Then, they tried to blame ISPs when (problems) happened,” he said.
Mr Khairi was giving his observations from attending an MCMC engagement session on Sep 9, which the authority said was held to correct perceptions and gather expert feedback on the DNS issue following the policy U-turn.
Another online account of the engagement session also indicated that authorities had tried to pin the blame on execution by the ISPs instead of the policy itself.
“Chief complaint: ISPs' tech teams did not know how to implement what was expected of them & botched it up,” wrote the Galen Centre’s head Azrul Mohd Khalib on X. Mr Azrul had also attended the roughly one-hour session.
Mr Khairi told CNA that authorities at the engagement session had argued that the DNS rerouting was aimed at preventing users from accessing online gambling and pornography.
However, authorities could not give a clear answer when asked if online advertisements for Malaysia’s only casino in Genting were legal, he said, adding that discussions took on a religious overtone when it came to using virtual private networks (VPN) to access “illegal content” like pornography.
From his attendance at the session, Mr Azrul wrote that authorities will not block the use of VPNs, another method of accessing restricted websites.
This is even as they admitted previous censorship efforts were “ineffective”, failing to prevent Malaysia from becoming a country with one of the highest “porn traffic” in the region.
Mr Khairi feels “relieved” that the government had decided not to proceed with DNS rerouting, although he said he remains on “high alert” for any potential further moves.
“The government doesn’t know what it is doing. Non-technical people are trying to bulldoze technical policies at the higher level,” he said.
The Communications Minister Mr Fahmi told reporters on Sep 11 that the government has no intention of pursuing DNS rerouting, although he reiterated that the priority was still to make the internet safer for children.
TRUST DEFICIT
Irrespective of the government’s next moves, Dr Shafizan of IIUM urged authorities to approach internet governance with a more thoughtful and transparent strategy.
“If they are unable to do so, it could result in them being seen as overreaching, or even incapable of managing such a dynamic and essential part of modern life,” she said.
“You don’t want to erode the public's confidence in the government's ability to effectively govern in this digital age.”
Instead of immediately making hard moves like DNS rerouting, the government should focus on “fundamentals” like fostering digitally-literate Malaysian internet users, and work with tech companies and ISPs to improve cybersecurity, she suggested.
When it comes to blocking websites, Project Sinar’s Mr Numan said MCMC should provide clear policies and a list of recommended blocked websites by category to ensure the public understands the reasoning and prevent overreach.
The need for transparency and consultation is even more critical given the “trust deficit” between MCMC and the Malaysian public, largely due to past instances of blocking websites with political criticism, he said.
For example, Mr Numan cited how reports on the 1Malaysia Development Berhad (1MDB) multibillion dollar scandal had been censored by the Barisan Nasional government before it blew up and contributed to the fall of the once-dominant coalition.
“The government’s use of internet censorship in those politically charged moments has damaged its credibility, making it even more important for MCMC to adopt open and transparent procedures when enforcing internet control measures,” he added.
“Without this, any move to block websites will be viewed with suspicion and potentially as an attempt to stifle dissent rather than protect public safety.”