The US journalist who discovered that data belonging to thousands of travellers’ who visited Jamaica in the past year was left exposed on an Amazon server, said he was left stunned by the government’s response to his article.
Tech Crunch journalist Zack Whittaker in a Twitter thread on Sunday (February 21) slammed the government for not taking responsibility and attempting to “point fingers at everyone other than itself”.
“The Jamaican government has also launched a criminal investigation into the incident. Instead of restoring trust and being transparent, the inquiry now appears to be on me, the journalist who reported the security lapse to the Jamaican authorities in the first place,” tweeted Whittaker.
Whittaker criticized the government’s action, noting that such an approach to these matters would work against “good-faith hackers” among other cybersecurity professionals, who would never again report a security issue or breach.
The Security Editor took specific aim at Minister without portfolio in the Ministry of National Security, Matthew Samuda.
“This comment from @matthewsamuda is troubling as it portrays Jamaica as hostile to journalists, and good-faith hackers and security researchers, whose jobs it is to find and help get security issues fixed,” said Whittaker who took a screenshot of a Jamaica Gleaner article, which quotes Samuda as saying Whittaker may have breached the local Cybercrimes Act.
“If the Jamaican government prosecutes someone for accessing *public* data, you can’t expect good-faith hackers, security researchers, or cybersecurity professionals to ever report a security issue or breach ever again. You can’t have it both ways, @matthewsamuda,” added Whittaker.
Whittaker further explained that the data, based on the way it was stored, was in the public domain with anyone having the authority to access it.
The journalist as he further attempted to make his point shared a screenshot of the database which he describes as ” exposed and public”.
Whittaker also used the occasion to slam the creators of the JamCOVID-19 website and app noting that their response to the issue has been unsatisfactory.
“New: In the latest #JamCOVID development, the Amber Group broke its silence to say absolutely nothing of value, and the Jamaican government continues to point fingers at everyone other than itself,” tweeted Whittaker.
“Amber Group’s @dushyant108(whose tweets are now protected — unlike the cloud server, which wasn’t) said: “We are working together with the Government of Jamaica and independent entities to investigate the cause of this occurrence,” added.
Whittaker in his Tech Crunch article entitled, “Jamaica’s immigration website exposed thousands of travelers’ data” revealed that thousands of traveller data uploaded on Jamaica’s JamCOVID-19 website and app was left exposed on Amazon server.
The website and app is a tool launched by the Jamaican Government and is required to be used by all arriving in the island; immigration documents and COVID-19 test results are uploaded to the application.
The Den reached out to Minister Matthew Samuda who noted that he would not be commenting on the matter.
