©New
Sunday Times (Used by permission)
by Sonia Ramachandran
• Vital to preserve evidence integrity
• #%$@?&! watch what you say online
The Internet doesn't give you the licence to shoot your "dirty" mouth off and
get away with it, experts tell Sonia Ramachandran
YOU have your very own blog, an online journal where you
express your thoughts and emotions.
There is this sense of freedom, an impunity you feel in cyberspace, and you are
quite liberal with the comments you post. Some comments are disturbing, some
even personal, about your friends, acquaintances and family.
Perhaps you dish out more "severe" comments to your enemies.
But before you post "explosive" comments on your blog, cyberlaw expert Deepak
Pillai warns: "Anything that is not allowed in the real world, in most cases, is
also an offence in cyberspace."
This sense of impunity is also felt when you send a
provocative text message through your mobile phone.
"Cyberlaws extend to more than just computers. It extends to any device that has
a computing function, including mobile phones," he says.
According to Deepak, who served on the Bar Council's Information Technology and
Cyberlaws Committee for almost a decade, cyber crimes fall into several
categories, and one is crime against computers.
"This means the crime is focused against computers. This would include
unauthorised access to a computer, modification of information or data on a
computer, or theft of information from a computer."
The second category is crimes perpetrated through the use of computers, says
Deepak.
"Before the Internet age, crime was focused against the computer itself. But
now, it's gone beyond that.
"The computer has become a tool in the execution of other crimes, particularly
on the Internet and on networks."
It must be remembered, just because something is done in cyberspace does not
mean the laws do not apply there.
"Yes, it's open and fast moving, and people have a sense of freedom online, but
at the end of the day the law still applies."
Deepak says he is surprised and concerned by people's attitude online.
"People seem to think that there is no consequence to what they do online.
"They have no reservations about putting their entire life story online and they
are surprised when they apply for a job and the prospective employer has already
extracted all this data from the Internet.
So what is Deepak's advice?
"A statement you make online will be there for a long time because Internet
search engines like Google will capture it and store it in their cache.
"So be careful what you post online, especially with the proliferation of
Internet–enabled mobile phones."
Information technology lawyer Ravin Vello says the Computer Crimes Act 1997
deals with offences relating to the misuse of computers.
Section 211 of the Communications and Multimedia Act 1998 states that no content
applications service provider, or other person using a content applications
service, shall provide content which is indecent, obscene, false, menacing, or
offensive in character with intent to annoy, abuse, threaten or harass any
person.
When does something written on a blog become an offence?
"When it fulfils the legal requirements in order for it to constitute an
offence.
"Defamation, for instance, is something you can sue someone for, whether it's
done in a newspaper or on a blog," says Deepak.
"So the ingredients to establish defamation through a newspaper or a blog will
be the same. It's just that you're dealing with different environments."
The laws against libel and slander apply to the Internet, says Deepak.
"But the thing is, if the server is not in Malaysia and the content is actually
in a server in the United States, has it actually taken place in Malaysia? Does
Malaysian law extend to it?
"Look at the 'Negarakuku' case (student Wee Meng Chee's parody of the
national anthem which was interspersed with rap and allegedly derogatory lyrics
posted on YouTube last year).
"Where was the singer when he made and uploaded the song? He was in Taiwan.
Where was the song posted? YouTube. So where did the offence take place?
"That will be one of the first things you have to consider."
The Australian case of Dow Jones vs Gutnick was cited by Deepak as an example.
Gutnick, an Australian, sued Dow Jones & Co in Australia for publishing an
article defamatory of him in one of its publications which has 550,000 Internet
subscribers, of whom 1,700 are in Australia.
The High Court of Australia (the highest court in Australia) unanimously ruled
that Gutnick could sue Dow Jones & Co for defamation in Australia despite the
fact that Dow Jones' server was located in the United States.
Deepak points out that the Computer Crimes Act 1997 and the Communications and
Multimedia Act 1998 provide that they apply to offences in Malaysia that are
committed from abroad.
He also cites the landmark English case of Godfrey vs Demon Internet Limited.
The case concerns a defamatory statement made on an Internet Usenet discussion
group hosted by Demon Internet, a major British Internet service provider.
"Someone had posted messages pretending to be Godfrey, and these messages were
of such a nature that they were defamatory to Godfrey's character.
"He brought it to the attention of Demon Internet, who hosted the discussion
group, and asked them to delete the forged messages, but they chose not do
anything.
"The court found Demon Internet liable."
Can a person be forced to reveal the source of his information posted on the
blog?
"A person could be ordered or compelled to do so by a court order," says Ravin.
This procedure is called the Norwich Pharmacal proceedings.
"This came from the case of Norwich Pharmacal where the (British) House of Lords
held that in certain circumstances an independent action for discovery may be
brought to obtain information on the identity of the wrongdoer."
Another procedure is the Anton Pillar Order, says Ravin.
"This is where seizure of a computer may be allowed for investigations to locate
electronic evidence that may be useful in locating sources of information."
The Anton Pillar in information technology–related cases is used especially for
the preservation of electronic evidence found in a defendant's computer or
within an organisation's network.
In such cases, the extraction, preservation and presentation of electronic
evidence by computer forensic experts is of great importance when prosecuting in
court.
"Sources here could mean Internet protocol addresses which may be useful in
tracking someone who has posted information," says Ravin.
"This order can be termed 'indirect forcing' as the application for it is made
without the knowledge of the person it is intended against."
But would preventing a person from expressing himself in any way he chooses
amount to censorship?
Wouldn't this be against the Multimedia Super Corridor (MSC) Bill of Guarantees
issued by the government which, among others, provides there will be no
censorship of the Internet?
"The Bill of Guarantees is a list of promises given by the government in order
to promote the MSC and some of it, for instance the non–censorship of the
Internet, has been enshrined in our laws as well," says Deepak.
"But what does 'no censorship' mean in the first place? Some people think it
means that the laws don't apply to the Internet and anything goes.
"Others, including myself, think it means that Internet content won't be
filtered, but if the content breaks the law, then the necessary legal action can
be taken.
"So which is it? I think that is one of the key issues that law enforcement
agencies, especially those who are on the policy end, have to deal with."
Ravin says just because the government does not censor publications on the
Internet did not mean a person could not be liable for information published
which is false or meant to ridicule another person.
"There must be limitations. If not, there won't be rule of law."
Deepak says Section 3(3) of the Communications and Multimedia Act 1998 states
that nothing in the Act authorises censorship. But what amounts to "censorship"
itself is not defined.
"If I was in a law enforcement agency, what action would I take when I have
complaints of offensive content being accessed or being posted on the Internet,
and I have to deal with this particular section?
"From a policy perspective, there are several approaches. One is reactive, where
action is taken after an offence has occurred and been reported. The other is
preventive, like China's, where content is filtered right from the start."
Another important section is Section 263 (1) and (2) of the act which provides
that a licensee shall use his "best endeavour" to ensure that the services he
provides are not used for the commission of any offence under any law of
Malaysia.
Upon the request of the Malaysian Communications and Multimedia Commission or
any other authority, the licensee also has to assist, as far as is necessary, in
preventing the commissioning of, or attempted commissioning of an offence.
"A licensee is someone like an Internet service provider. So he shall not filter
content because censorship is not permitted.
"But if it comes through and he notices, or it is brought to his attention that
the content is an offence under the laws of this country, under Section 263 (1)
he has to use his best endeavours to stop it.
"Which in the case of websites is to actually block access. So is blocking
censoring?
"I think it is arguable, as it is against the law, you are allowing the offence
to continue if you don't block it off.
"But to prevent something from coming through, isn't that censorship?"
Illegal Internet action
• Downloading pirated content like movies and music.
• Online gambling.
• Connecting to the wireless networks of others without permission.
Do’s and don’t’s of blogging
• Do not post anything on your blog which you would not publish or say
in the physical world.
• Do not assume that you are anonymous on the Internet.
• Do not assume that blog providers will not give your information to law
enforcement agencies— read the terms and conditions.
• Do not use copyrighted materials (eg. pictures, videos) of others on
your blog without permission.
Cyber crimes: Vital to preserve evidence integrity
TO investigate a cybercrime effectively, other than identifying the person
involved in the commissioning of the cybercrime, the evidence to prove the crime
needs to be secured in such a way that its integrity is preserved.
If the integrity of the evidence is compromised, the evidence
could be thrown out by the court.
"In cybercrime, one of the most important things are the computer logs," says
lawyer Deepak Pillai.
"So, when a computer has been used in the commissioning of a crime, and someone
switches it on before the investigator comes on the scene, the integrity of the
evidence could have been compromised as the very act of switching it on changes
the logs of the computer.
"So, are victims of the cybercrime aware they are not supposed to do anything
which affects the integrity of the evidence?
"There is also the question of how long this evidence has to
be preserved before being presented in court and how it should be preserved."
Deepak says while there is awareness of cybercrimes among the enforcement
agencies, IT departments and general computer users, the depth of that awareness
could be increased.
"We could do with more education and resources in tackling this area."
Lawyer Ravin Vello says the cybercrime phenomenon is a serious problem in
Malaysia and the world over.
"In Malaysia, we lack the awareness on many levels. In every organisation,
whether big or small, cybercrimes can take place at the employee, management and
even the board of directors level.
"In fact, on many occasions cybercrime is assisted by innocent people due to
their lack of understanding on how such crimes occur."
He says email policies in companies should also extend to network communication
services such as messenger services.
"Many of these services allow messages to be sent over the Internet
instantaneously. Here, defamatory comments may be exchanged as well.
"Many companies do not take heed of the fact that sensitive information is being
sold or given out freely to their competitors daily.
"Can you imagine the level of losses suffered over the years by an organisation?"
Ravin suggests government departments and organisations implement computer crime
infrastructure to educate employees and to increase awareness on how serious
such offences could be.
Who do you call if there is a cybercrime?
"If it involves content or activities on a network, you should call the
Malaysian Communications and Multimedia Commission," says Deepak.
"If you want to trace something or require technical assistance, then you should
go to CyberSecurity Malaysia.
"If the matter is criminal in nature, then you have to go to the cybercrimes
unit of the police."
Cyber crimes: #%$@?&! watch what you say online
ACCORDING to Black's Law Dictionary, "Censorship" is to "officially inspect
(especially a book or film) and delete material considered offensive".
Communications and Multimedia Act 1998
Section 3(3): Nothing in this Act shall be construed as permitting the
censorship of the Internet.
Section 4: Territorial and extra–territorial application.
(1) This Act and its subsidiary legislation apply both within and outside
Malaysia.
(2) Notwithstanding subsection (1), this Act and its
subsidiary legislation shall apply to any person beyond the geographical limits
of Malaysia and her territorial waters if such person:
(a) is a licensee under this Act; or
(b) provides relevant facilities or services under this Act in a place within
Malaysia.
Section 211: Prohibition on provision of offensive content.
(1) No content applications service provider, or other person using a content
applications service, shall provide content which is indecent, obscene, false,
menacing, or offensive in character with intent to annoy, abuse, threaten or
harass any person.
Section 263: General duty of licensees.
(1) A licensee shall use his best endeavour to prevent the network facilities
that he owns or provides or the network service, applications service or content
applications service that he provides from being used in, or in relation to, the
commission of any offence under any law of Malaysia.
(2) A licensee shall, upon written request by the Commission or any other
authority, assist the Commission or other authority as far as reasonably
necessary in preventing the commission or attempted commission of an offence
under any written law of Malaysia or otherwise in enforcing the laws of
Malaysia, including, but not limited to, the protection of the public revenue
and preservation of national security.
Computer Crimes Act 1997
Section 9: Territorial scope of offences under this Act.
(1) The provisions of this Act shall, in relation to any person, whatever his
nationality or citizenship, have effect outside as well as within Malaysia, and
where an offence under this Act is committed by any person in any place outside
Malaysia, he may be dealt with in respect of such offence as if it was committed
at any place within Malaysia.
(2) For the purposes of subsection (1), this Act shall apply if, for the offence
in question, the computer, program or data was in Malaysia or capable of being
connected to or sent to or used by or with a computer in Malaysia at the
material time.