Part II: why the CPB is still a bad idea

I got a comment from an ex-intern of mine about the CPB and why it does not apply to all tech workers but only to those wanting to work on CNII (critical national information infrastructure) projects.

The thing is, Malaysia being as small as it is, IT companies may eventually find themselves working for or with a government-linked agency. There is no specific definition of what agency or department that is or is not deemed CNI.

Does this make things better? Not really. The bill is still poorly worded, very misleading and the worst case scenario still applies: if a fresh grad, non-tech certified and not registered, emails an idea to a friend about upgrading a government service, it is still TECHNICALLY against the law.


1. To bid for a contract, instead of going through one layer of bureaucracy, you add even more layers. You have to pay annual fee, get tested and adhere to some vague standard to be judged qualifed to work on government or CNNI-related projects. In other words, it’s a rather fancy way to legalise paying duit kopi.

2. The CPB board is minister-appointed. What’s to stop the MOSTI minister from appointing a crony?

3. Registered professionals not being able to practise outside their declared proficiency. Hello, IT people pick up skills as and when they go along. So everytime a professional learns a new skill, he/she needs to take another exam or show another certification to prove their competence? It doesn’t work that way, bub.

4. An agency to define what IT professionals are should be independent of the government. Self-regulation! The government has no right to declare that, say, a Microsoft-certified fresh grad is a professional while a self-taught Linux hack with no formal degree or certs isn’t. IT professionals should be judged by their peers and not have the government try to MAKE MONEY out of “certifying” IT professionals.

So my verdict? The bill is still an act of bodohness. But I’ll let my former intern Will have his say. You may or may not agree with either of our point of views but freedom of expression is important.

Hey former boss (referring to Erna :P )

TLDR: The only thing that really changes with this Act is that critical government services will now only be serviced by an exclusive club which restricts membership according to formal qualifications (and/or extensive proof of experience). Rest of IT not affected.

After speaking with one of the proponents of the bill, and re-reading the Bill – it turns out that this has been a huge misunderstanding. If you read it carefully, you will find that only “CNII” (Critical National Information Infrastructure) services requires one to be registered. I.e., if you’re in the IT industry, and you don’t provide IT services for the government in critical areas, you don’t need to even be aware of the existence of this act.

There are only two places in the document which talks about restrictions to non-registered persons. One says that non-registered persons shall not render the services of a registered person. The other says that only registered persons can render services for CNII related stuff.

The only remaining issue is less major – i.e. that the academics require that the word ‘professional’ to be reserved for those with formal qualifications / training or extensive proof of experience. Considering that this doesn’t affect freedoms in any major way, I’m fine with it.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.