Sunday Times (Used by permission)
by Sonia Ramachandran
• Vital to preserve evidence integrity
• #%$@?&! watch what you say online
The Internet doesn't give you the licence to shoot your "dirty" mouth off and get away with it, experts tell Sonia Ramachandran
YOU have your very own blog, an online journal where you
express your thoughts and emotions.
There is this sense of freedom, an impunity you feel in cyberspace, and you are quite liberal with the comments you post. Some comments are disturbing, some even personal, about your friends, acquaintances and family.
Perhaps you dish out more "severe" comments to your enemies.
But before you post "explosive" comments on your blog, cyberlaw expert Deepak Pillai warns: "Anything that is not allowed in the real world, in most cases, is also an offence in cyberspace."
This sense of impunity is also felt when you send a
provocative text message through your mobile phone.
"Cyberlaws extend to more than just computers. It extends to any device that has a computing function, including mobile phones," he says.
According to Deepak, who served on the Bar Council's Information Technology and Cyberlaws Committee for almost a decade, cyber crimes fall into several categories, and one is crime against computers.
"This means the crime is focused against computers. This would include unauthorised access to a computer, modification of information or data on a computer, or theft of information from a computer."
The second category is crimes perpetrated through the use of computers, says Deepak.
"Before the Internet age, crime was focused against the computer itself. But now, it's gone beyond that.
"The computer has become a tool in the execution of other crimes, particularly on the Internet and on networks."
It must be remembered, just because something is done in cyberspace does not mean the laws do not apply there.
"Yes, it's open and fast moving, and people have a sense of freedom online, but at the end of the day the law still applies."
Deepak says he is surprised and concerned by people's attitude online.
"People seem to think that there is no consequence to what they do online.
"They have no reservations about putting their entire life story online and they are surprised when they apply for a job and the prospective employer has already extracted all this data from the Internet.
So what is Deepak's advice?
"A statement you make online will be there for a long time because Internet search engines like Google will capture it and store it in their cache.
"So be careful what you post online, especially with the proliferation of Internet–enabled mobile phones."
Information technology lawyer Ravin Vello says the Computer Crimes Act 1997 deals with offences relating to the misuse of computers.
Section 211 of the Communications and Multimedia Act 1998 states that no content applications service provider, or other person using a content applications service, shall provide content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person.
When does something written on a blog become an offence?
"When it fulfils the legal requirements in order for it to constitute an offence.
"Defamation, for instance, is something you can sue someone for, whether it's done in a newspaper or on a blog," says Deepak.
"So the ingredients to establish defamation through a newspaper or a blog will be the same. It's just that you're dealing with different environments."
The laws against libel and slander apply to the Internet, says Deepak.
"But the thing is, if the server is not in Malaysia and the content is actually in a server in the United States, has it actually taken place in Malaysia? Does Malaysian law extend to it?
"Look at the 'Negarakuku' case (student Wee Meng Chee's parody of the national anthem which was interspersed with rap and allegedly derogatory lyrics posted on YouTube last year).
"Where was the singer when he made and uploaded the song? He was in Taiwan. Where was the song posted? YouTube. So where did the offence take place?
"That will be one of the first things you have to consider."
The Australian case of Dow Jones vs Gutnick was cited by Deepak as an example.
Gutnick, an Australian, sued Dow Jones & Co in Australia for publishing an article defamatory of him in one of its publications which has 550,000 Internet subscribers, of whom 1,700 are in Australia.
The High Court of Australia (the highest court in Australia) unanimously ruled that Gutnick could sue Dow Jones & Co for defamation in Australia despite the fact that Dow Jones' server was located in the United States.
Deepak points out that the Computer Crimes Act 1997 and the Communications and Multimedia Act 1998 provide that they apply to offences in Malaysia that are committed from abroad.
He also cites the landmark English case of Godfrey vs Demon Internet Limited.
The case concerns a defamatory statement made on an Internet Usenet discussion group hosted by Demon Internet, a major British Internet service provider.
"Someone had posted messages pretending to be Godfrey, and these messages were of such a nature that they were defamatory to Godfrey's character.
"He brought it to the attention of Demon Internet, who hosted the discussion group, and asked them to delete the forged messages, but they chose not do anything.
"The court found Demon Internet liable."
Can a person be forced to reveal the source of his information posted on the blog?
"A person could be ordered or compelled to do so by a court order," says Ravin.
This procedure is called the Norwich Pharmacal proceedings.
"This came from the case of Norwich Pharmacal where the (British) House of Lords held that in certain circumstances an independent action for discovery may be brought to obtain information on the identity of the wrongdoer."
Another procedure is the Anton Pillar Order, says Ravin.
"This is where seizure of a computer may be allowed for investigations to locate electronic evidence that may be useful in locating sources of information."
The Anton Pillar in information technology–related cases is used especially for the preservation of electronic evidence found in a defendant's computer or within an organisation's network.
In such cases, the extraction, preservation and presentation of electronic evidence by computer forensic experts is of great importance when prosecuting in court.
"Sources here could mean Internet protocol addresses which may be useful in tracking someone who has posted information," says Ravin.
"This order can be termed 'indirect forcing' as the application for it is made without the knowledge of the person it is intended against."
But would preventing a person from expressing himself in any way he chooses amount to censorship?
Wouldn't this be against the Multimedia Super Corridor (MSC) Bill of Guarantees issued by the government which, among others, provides there will be no censorship of the Internet?
"The Bill of Guarantees is a list of promises given by the government in order to promote the MSC and some of it, for instance the non–censorship of the Internet, has been enshrined in our laws as well," says Deepak.
"But what does 'no censorship' mean in the first place? Some people think it means that the laws don't apply to the Internet and anything goes.
"Others, including myself, think it means that Internet content won't be filtered, but if the content breaks the law, then the necessary legal action can be taken.
"So which is it? I think that is one of the key issues that law enforcement agencies, especially those who are on the policy end, have to deal with."
Ravin says just because the government does not censor publications on the Internet did not mean a person could not be liable for information published which is false or meant to ridicule another person.
"There must be limitations. If not, there won't be rule of law."
Deepak says Section 3(3) of the Communications and Multimedia Act 1998 states that nothing in the Act authorises censorship. But what amounts to "censorship" itself is not defined.
"If I was in a law enforcement agency, what action would I take when I have complaints of offensive content being accessed or being posted on the Internet, and I have to deal with this particular section?
"From a policy perspective, there are several approaches. One is reactive, where action is taken after an offence has occurred and been reported. The other is preventive, like China's, where content is filtered right from the start."
Another important section is Section 263 (1) and (2) of the act which provides that a licensee shall use his "best endeavour" to ensure that the services he provides are not used for the commission of any offence under any law of Malaysia.
Upon the request of the Malaysian Communications and Multimedia Commission or any other authority, the licensee also has to assist, as far as is necessary, in preventing the commissioning of, or attempted commissioning of an offence.
"A licensee is someone like an Internet service provider. So he shall not filter content because censorship is not permitted.
"But if it comes through and he notices, or it is brought to his attention that the content is an offence under the laws of this country, under Section 263 (1) he has to use his best endeavours to stop it.
"Which in the case of websites is to actually block access. So is blocking censoring?
"I think it is arguable, as it is against the law, you are allowing the offence to continue if you don't block it off.
"But to prevent something from coming through, isn't that censorship?"
Illegal Internet action
• Downloading pirated content like movies and music.
• Online gambling.
• Connecting to the wireless networks of others without permission.
Do’s and don’t’s of blogging
• Do not post anything on your blog which you would not publish or say
in the physical world.
• Do not assume that you are anonymous on the Internet.
• Do not assume that blog providers will not give your information to law
enforcement agencies— read the terms and conditions.
• Do not use copyrighted materials (eg. pictures, videos) of others on
your blog without permission.
Cyber crimes: Vital to preserve evidence integrity
TO investigate a cybercrime effectively, other than identifying the person involved in the commissioning of the cybercrime, the evidence to prove the crime needs to be secured in such a way that its integrity is preserved.
If the integrity of the evidence is compromised, the evidence
could be thrown out by the court.
"In cybercrime, one of the most important things are the computer logs," says lawyer Deepak Pillai.
"So, when a computer has been used in the commissioning of a crime, and someone switches it on before the investigator comes on the scene, the integrity of the evidence could have been compromised as the very act of switching it on changes the logs of the computer.
"So, are victims of the cybercrime aware they are not supposed to do anything which affects the integrity of the evidence?
"There is also the question of how long this evidence has to
be preserved before being presented in court and how it should be preserved."
Deepak says while there is awareness of cybercrimes among the enforcement agencies, IT departments and general computer users, the depth of that awareness could be increased.
"We could do with more education and resources in tackling this area."
Lawyer Ravin Vello says the cybercrime phenomenon is a serious problem in Malaysia and the world over.
"In Malaysia, we lack the awareness on many levels. In every organisation, whether big or small, cybercrimes can take place at the employee, management and even the board of directors level.
"In fact, on many occasions cybercrime is assisted by innocent people due to their lack of understanding on how such crimes occur."
He says email policies in companies should also extend to network communication services such as messenger services.
"Many of these services allow messages to be sent over the Internet instantaneously. Here, defamatory comments may be exchanged as well.
"Many companies do not take heed of the fact that sensitive information is being sold or given out freely to their competitors daily.
"Can you imagine the level of losses suffered over the years by an organisation?"
Ravin suggests government departments and organisations implement computer crime infrastructure to educate employees and to increase awareness on how serious such offences could be.
Who do you call if there is a cybercrime?
"If it involves content or activities on a network, you should call the Malaysian Communications and Multimedia Commission," says Deepak.
"If you want to trace something or require technical assistance, then you should go to CyberSecurity Malaysia.
"If the matter is criminal in nature, then you have to go to the cybercrimes unit of the police."
Cyber crimes: #%$@?&! watch what you say online
ACCORDING to Black's Law Dictionary, "Censorship" is to "officially inspect (especially a book or film) and delete material considered offensive".
Communications and Multimedia Act 1998
Section 3(3): Nothing in this Act shall be construed as permitting the censorship of the Internet.
Section 4: Territorial and extra–territorial application.
(1) This Act and its subsidiary legislation apply both within and outside Malaysia.
(2) Notwithstanding subsection (1), this Act and its
subsidiary legislation shall apply to any person beyond the geographical limits
of Malaysia and her territorial waters if such person:
(a) is a licensee under this Act; or
(b) provides relevant facilities or services under this Act in a place within Malaysia.
Section 211: Prohibition on provision of offensive content.
(1) No content applications service provider, or other person using a content applications service, shall provide content which is indecent, obscene, false, menacing, or offensive in character with intent to annoy, abuse, threaten or harass any person.
Section 263: General duty of licensees.
(1) A licensee shall use his best endeavour to prevent the network facilities that he owns or provides or the network service, applications service or content applications service that he provides from being used in, or in relation to, the commission of any offence under any law of Malaysia.
(2) A licensee shall, upon written request by the Commission or any other authority, assist the Commission or other authority as far as reasonably necessary in preventing the commission or attempted commission of an offence under any written law of Malaysia or otherwise in enforcing the laws of Malaysia, including, but not limited to, the protection of the public revenue and preservation of national security.
Computer Crimes Act 1997
Section 9: Territorial scope of offences under this Act.
(1) The provisions of this Act shall, in relation to any person, whatever his nationality or citizenship, have effect outside as well as within Malaysia, and where an offence under this Act is committed by any person in any place outside Malaysia, he may be dealt with in respect of such offence as if it was committed at any place within Malaysia.
(2) For the purposes of subsection (1), this Act shall apply if, for the offence in question, the computer, program or data was in Malaysia or capable of being connected to or sent to or used by or with a computer in Malaysia at the material time.