ASSIGNMENT QUESTION UYL2612- CYBERLAW PROJECT 1 (group assessment-20%) With reference to relevant legislations and cases, critically identify the issues arising on authentication in E-commerce and its possible legal remedies/solutions. You are required to include at least one (1) issue on electronic evidence as part of the discussion. PLEASE TAKE NOTE: ∙ Students are required to form an assignment group of 5 members each (WITHIN TUTORIAL GROUP) by filling out the google link previously provided. ∙ Please note it is the students' duty to make sure that their name is not omitted by the Group Leader. ∙ One consultation will be allowed for this assignment. Do register your group in the link provided later. ∙ 1.5 spacing, Times New Roman, font size 12. ∙ Contents can be up to 15 pages (excluding table of content and bibliography) ∙ The introduction must not be more than 300 words. ∙ All facts of cases, laws, sections, quotations MUST be typed in BOLD. This will indicate to the lecturers the extent of literature that you have used in your assignment and to detect tendency on copy and paste method. ∙ Kindly use APA 7th edition for citation. ∙ File name submitted will be name based on your tutorial class followed by group number (example: T1_1, T3_2, etc.). PDF format. ∙ Kindly submit via Google Classroom as it will be run through TURNITIN system. Similar index rating must be <15% on TURNITIN or IT WILL BE 0 GROUP MARK. ∙ Late submission will not be entertained. DATELINE: WEEK 9, TUESDAY (1/3/2022), BEFORE 6PM QUESTION 2 (presentation-10%) Prepare a group presentation based on your outcome for assignment question. PLEASE TAKE NOTE: ∙ Students are required to record 10-15 minutes group presentation (which will be assess individually) and to be submitted via GC. You may use any apps/software as long as you produce 1 video per group. ∙ Students are required to prepare slides for the presentation. One (1) slide per student (excluding title). ∙ Office attire. ∙ Kindly submit the slide and video via GC- File name submitted will be name based on your tutorial class followed by group number (example: T1_1, T3_2, etc.). PDF format for the slides. ∙ Late submission will not be entertained. DATELINE: WEEK 9, TUESDAY (1/3/2022), BEFORE 6PM Video 1. One video only 2. 15 minutes (each person have 3 minutes) 3. Put slides submitted to eric Members give slide points by 18/2/2022 Friday (Week 7) a. Each person one slide 4. Office attire 5. To be submitted to How Chin in between 18-20/2/2022 6. Video must be horizontal Essay 1. 15 pages: 3 pages each (including Vic and Iryani intros and conculs) 2. No plagiarism please, Nurin will check turnitin after you guys submitted your parts. 3. Format a. Intro (300 words) a. 1.5 spacing, Times New Roman, font size 12 b. APA 7th edition for citation c. Cases, laws, sections, quotations MUST be typed in BOLD 2. Dateline: 16/2/2022 Wednesday morning if possible (Week 7) Final 1. 2. 3. 4. 5. PDF Format Table of content Bibliography page File name (T11_1) Turnitin (less than 15%) OUTLINE With reference to relevant legislations and cases, critically identify the issues arising on authentication in E-commerce and its possible legal remedies/solutions. You are required to include at least one (1) issue on electronic evidence as part of the discussion. file:///C:/Users/Hp/Downloads/953460.953496.pdf WRITTEN PROJECT Each provides legal solutions or remedies Issue 1 + Introduction (Impersonation) (Vic) Issue 2 - Leader (False information) (Nurin) Issue 3 - Video compiler (unauthorized payment) (How Chin) Issue 4 + Conclusion (Authentication of the anonymous parties to the transaction) (Iryani) Issue 5 - Electronic evidence (compile slides points)(design the slide) Eric (Vic) INTRODUCTION (not more than 300 words) definition ● Online marketplaces such as the Internet, both buyers and sellers face high levels of uncertainty. ● Concerns: security, authentication, fraud and risk of loss cited as among the most significant barriers to the growth of e-commerce. ● Various views on online authentication. Such as, “ the identification of one party to another” ● “A core set of activities used to verify the quality and features of a product offered, the authenticity of the trading parties, and monitor conformance to the contract or agreement among parties” CONTENT Seller 1. Impersonation attack (pretending to be someone else) Issues on user impersonations in the online market a. example carousel, sell duck product but you are not a duck agent but the customer b. c. d. e. believe that you are an a duck agent. Pretend to be the legal participants for both parties Seller (Person C) is impersonated by person A (Third party) , person B (buyer) pays person A, instead of Person C. Person C sells to Person B but delivers it to Person A because Person A impersonates. i. Digital Signatures Act - S.2 - Asymmetric Cryptography. .(one public key and one private key -- to encrypt and decrypt a message and protect it from unauthorized access or use.) ( 2 participants only (Sender) & (Receiver), each have their own key to encrypt and decrypt the message using their key) ii. Penal Code - S.417( Punishment for impersonation) Problems with third party (agent) fake agent or not trustworthy agent f. Cases: I. Zschimmer & Schwarz GMBH & Co. KG Chemische Fabriken v Persons Unknown and Mohammad Azuwan bin Othman (t/a Premier Outlook Services) II. CMOC Sales & Marketing Limited v Persons Unknown [2018] EWHC 2230 (Comm) Solutions a. Cybersecurity protection ● Mitigate activities & to minimise the reach and effectiveness of any cyber threat ● Ex: Fraudwatch b. Penal Code Act 574 ● S 416 of PC ( Phishing) ● S 420 of PC ( Cheating and dishonestly inducing delivery of property) c. Computer Crimes Act 1997 ● S 4(1) of CCA 1997 ( Offense involving fraudulent act) (Nurin) Issue on the authentication in terms of product 2. False information in regards to the goods or services. (Mainly on Product) a. Not authentication of parties but authentication of products, goods and services. b. Sells or distributes product falsely characterizes, mislabels the content, character, origin or utility of the product i. S.8 of CPA 1999 - (leading a consumer into error) ii. S.9 of CPA 1999 - Misleading conduct iii. S.10 of CPA 1999 - False and misleading iv. S.20(1) of DSASA - content of advertisement in mails order sales c. The originality of product i. Counterfeit product (dealing with counterfeit products i.e. not authentic & inaccurate information) ii. Price Control (Labeling by Manufacturers, Importers, Producers or Wholesalers) Order 1980 1. S.13 of Price Control Act 121 http://www.commonlii.org/my/legis/consol_act/pca19461973232/ a. mandatory for goods to carry details of the manufacturer, importer, wholesaler, and producer (details on counterfeit goods are normally fictitious or inaccurate) iii. A & M Beauty Wellness Sdn Bhd v Shopee Mobile Malaysia Sdn Bhd (Berniaga sebagai Shopee Malaysia) [2021] MLJU 65 d. The quality of the products i. S.32 of CPA 1999 - acceptable quality ii. Product defects (S.3 of CPA 1999) iii. Consumer Protection Act 1999 https://aseanconsumer.org/file/pdf_file/CONSUMER%20PROTECTION %20ACT%201999%20AMENDMENT%202019%20.pdf 1. CPA applies in respect of all goods and services including trade transactions in electronic commerce. iv. Electronic Commerce Act 2006 (see first) https://aseanconsumer.org/file/post_image/Act%20658%20%20Electronic%20Commerce%20Act%202006.pdf Solutions a. Trade Description Act 2011 (dealing with counterfeits) v. the details and information provided about a product or service to help consumers vi. understand what they are buying. ( false trade description to goods may lead to criminal offense) S.5 of TDA 2011 - Prohibition of false trade description https://www.jetro.go.jp/ext_images/world/asia/my/ip/pdf/tradedescription2011_e n.pdf a. Consumer Protection Act 1999 i. S.42 of CPA 1999 - Refund b. Direct Sales and Anti-Pyramid Scheme Act 1993 https://www.kpdnhep.gov.my/images/dokumen/awam/perundangan/AktaBI/7-bi-DirectSales-and-Anti-Pyramid-Scheme-Act-1993-reprint-2013.pdf i. Mail order - buying of goods or services by mail delivery. The buyer places an order for the desired products with the merchant through some remote methods. ii. S.19A of DSASA - sales through electronic transaction iii. S.22 of DSASA - Goods to be available for inspections (Nurin’s research part) ● https://asklegal.my/p/misleading-advertisement-mere-puff-contract-malaysia ● https://www.stimmel-law.com/en/articles/false-advertising-or-labeling-rights-andremedies ● https://iclg.com/practice-areas/product-liability-laws-and-regulations/malaysia ● ● ● ● ● https://www.qliktag.com/product-authentication-2/ https://drivesustainability.org/wp-content/uploads/2019/06/Malaysia_LegislationSummary_final.pdf https://www.authenticvision.com/fake-goods-real-news-how-criminal-organizations-areplundering-half-a-trillion-dollars-from-africa-through-counterfeiting/ https://www.shearndelamore.com/wp-content/uploads/2017/06/World-TrademarkReview-Anti-Counterfeiting-2014.pdf https://core.ac.uk/download/pdf/234625012.pdf (How Chin) 3.Unauthorized payment/Non-Repudiation - pay using stolen or lost card Issue: The unauthorized/illegal transaction by the third parties while using e-commerce payment system. Introduction: Personal Data Protection -Duty of Data User - S.6-S.12 Computer Crimes Act -Unauthorized, S.3,S.4,S.5 Body Paragraph 1 Topic sentence: Unauthorized use of credit card/debit card Detail 1: transaction involving the charging of expenses/purchase of goods and services without the consent of the cardholder Detail 2: the fraudster will advise victim to lodge a report with Bank Negara Malaysia's "Unit Kad Kredit Palsu” Solutions: -Do not respond to SMS or call from unknown person -Be skeptical -In case an arrangement has been made, keep copies of all the communication records and documentation Body paragraph 2 Topic sentence: E-wallet fraud/Mobile payment scams Detail 1: Preferred option for consumers across all demographics to pay for the goods and services they need Detail 2: Types of scams related to authentication issue: Social contest scams -scammers will use social media platforms to launch a fake contest -scammers require the supposed winners to pay a fee to verify their account and receive their prize money Detail 3: Fraudulent payment scams -scammers use stolen credit cards to make fraudulent payments across a variety of platforms -convince the sellers to send an item prior to making the payment Detail 4: Overpayment scams -Sellers may receive a fake e-mail that says they were inadvertently overpaid for the item they listed Detail 5: Fraudulent customer service scams -a target may receive a call from the customer service department of a popular mobile payment app -this app or program is some sort of malicious software designed to give them control of your phone and subsequently, your digital wallet. Solutions: -Avoid making mobile payments over public Wi-Fi -Only make peer-to-peer payments with people you know -Create unique, secure passwords and safely store it -Learn to spot and avoid phishing and SMShing (or Smishing) -Never ever give out sensitive information Body paragraph 3 Topic sentence: Online banking transfer scams Detail 1: Identity theft -a hacker can spy on the bank database with the aim of stealing several accounts’ identity Detail 2: Banking account takeovers -The criminal accesses an individual’s account and alters information about it Detail 3: Credential stuffing -targeted to obtain banking customers’ personal information -hackers can gain unauthorized access to customer’s accounts. Detail 4: Spoofing -cybercriminals mimic a bank’s website URL with a new website that looks very similar to its website Solutions: -Multi-factor authentication -End-to-End Encryption -Secure code and architecture -Enable real-time alerts -Educate customers about security 4. (Iryani) Authentication of the anonymous parties to the transaction a) The problem of identifying the anonymous -Many ways to hide one’s identity -Harder to find the criminal if they are using a big online platform b) The problem of authentication of electronic evidence - Information in the internet that is going around can be easily forged and modified -S.90A (2) of the Evidence Act 1950 -Bank Bumiputra Malaysia Berhad v Emas Bestari Sdn Bhd c) Challenges faced because of the anonymous users -During online transaction or online agreement, this anonymous user could use a stolen credit card to perform the transaction -Challenge of attribution: S.17 of Electronic Commerce Act -Identifying the electronic signature: S.9 of the ECA 2006 -False and misleading product, S.10 of Consumer Protection Act 1999 d) Consumer’s rights -Freedom to impose the term, Comb v Paypal -Guarantee of quality of the product, S.32 of CPA -Consumer Protection to get redress, S.39 of CPA e) Punishments -S.419 of PC: for an imprisonment which may extend to seven years or with a fine or with both. Apart from the legal initiatives, consumers can also install anti-viruses like Kapersky or Firewall to ensure that their computer is safe from any viruses that may lead to unauthorized access -S.137 of CPA, any person who submit false information in any application, liable to a fine not exceeding two thousand ringgits or to imprisonment not exceeding six months or to both solutions: -The existing legislations should be updated to reflect to a new dimension of crimes -More severe and deterrent sentences should be imposed -Provide new acts that can cope with the advancement of computer misuse activities (Eric) Issues on Electronic Evidence Electronic evidence - information transmitted in digital form for investigation 1. Issue = Authentication of information/evidence a. Identity Management Challenge i. Who is the Author of the Records? ii. Courts look for ways to tie the author to the digital information offered into evidence. iii. Whether a message, document, video, or photo was included in an email or posted on a website, it is important for the proponent to provide testimony about who the author is. b. Reliability i. Is the Computer Program that generated the Records Reliable? Was the output of the computer what it purported to be? c. Alteration i. evidence is not certain, can be changed d. Incompleteness i. Is the evidence the entire record or conversation ii. United States v Jackson, 2007 WL 1381772 (D. Neb. 2007) 2. Solution = Admissibility of Electronic Evidence/Current Malaysian Practice a. Define Hearsay i. General Rule of Hearsay 1. S.60 of Evidence Act 1950 ii. Electronic Evidence as exception to General Rule of Hearsay 1. S.90A , S.90B, S.90C of Evidence Act 1950. a. Element 1: Computer in Course of Ordinary Use i. Gnanasegaran a/l Perarajasigam v PP 1. By certificate (S.90A(2)); or 2. Calling maker (S.90A(3)(a)) ii. PB Securities S/B v Justin Ong Kian Kuok & Anor KL HC 1. By certificate iii. Public Prosecutor v Hanafi Mat Hassan 1. X need certificate = The presumption in S.90A(6) was sufficient + Oral Evidence b. Element 2: Computer = good working order + operated properly i. S.90A(4) of EA ii. SRT Building System Sdn Bhd v Andrew Gregory Swell and Anor iii. The implication of admissibility of Hearsay evidence of Electronic Evidence in the face of authentication issues. 1. Preconditions to admissibility of electronic ensure: a. Computer-generated documents are admissible in the courts without having to call the original maker of the documents to testify as to the contents of the documents. (Ensure legal weight of documents by certificate/testification of maker) b. Eliminate the admissibility of unreliable evidence/evidence that has been altered/that are incomplete. i. Azilah Hadri & Anor v. PP 1. Ratio - A person cannot be convicted if the chain of evidence [was] not complete. Improvements Adopt Guidelines in accepting electronic evidence such as the UK ACPO guidelines, to better ensure authentication and integrity of evidence. Issue = identification and proving of the identity of an anonymous person involved in publication through the internet. Solution 1. S.114A of Evidence Act 1950 2. Eg: proves that Mr. X has used the computer a. This is a presumption of guilt in law. i. Whoever writes something/publishes, it will be presumed that it is the person who wrote it. 1. Eg: Someone uses Starbucks network system and writes a defamatory statement on social media. Digital forensics experts trace back to Starbucks. 2. Strabucks will be held to be the one who made the comment. It is unfair. Hence, public wifi now requires registration of personal details before having to use their network system. 3. Network service provider is found in Section 6 of the CMA 1998. Means a person who provides network services. b. Implication i. With the operation of section 114, a plaintiff in a similar situation could now directly seek redress against the web site hosts. The onus would be on the defendants to use their resources to identify the bloggers of the offensive postings and join them in the proceedings and prove that they are not the publishers. 1. Stemlife Bhd v Bristol-Myers Squibb - (Still limited to publishers) Improvements Educate ISP on their liabilities in issues of publication through the internet. Educate ISP to pre-requisite identification prior to use of public internet/Possibly create legal requirement of identification prior to use of public internet Sources ADMISSIBILITY AND AUTHENTICITY OF ELECTRONIC ...http://www.ijlgc.com › IJLGC2019-15-06-13 Obtaining and Using Electronic Evidence: Issues, Cases, and ...https://www.cybersecurity.my › data › content_files (PDF) Digital evidence in Malaysia - ResearchGatehttps://www.researchgate.net › publication › 28756206... (KIV) smaller issue - Jurisdiction problems - cross border transactions, country A or country B will govern the dispute. 1. Extradition Act 1992 2. S.9 CCA 3. Use of International Laws a. Budapest Convention/Council of Europe’s Convention on Cyber Crime i. M’sia not part of (which is an issue) (Iryani) CONCLUSION · Amendment should be made to our existing legislations to reflect to a new dimension/series of crimes that happened in our E-commerce · A more severe and deterrent sentence should be imposed to the criminals · Provide new acts that can cope with the advancement of computer misuse activities · Adding more act in regards to E-commerce -------------------------------------------------------------------------------------------------------------------Essay structure: Issue Issue Solution Solution OTHERS Buyer 1. Giving wrong information i.e. wrong phone number or address causes the seller to have loss in revenue. (KIV) 2. Forged signature - sometimes signature is not needed when buying online. Pyramid scheme Electronic Commerce Act 2006 Personal Data Protection Act 2010 - governs personal data Consumer Protection Act 1999 - Protection for consumers Digital Signature Act 1997 - Questions for Dr: 1. Cases should be from Malaysia or other countries as well (more to malaysian) combine 2. Should we compare it to other countries such as the UK, US etc. Solution better law 3. Remedies or legal solution or both for each issues (both - prioritize - legal and non legal) 4. Can it be a non legal solution such as software to track counterfeit product (example) 5. Is it okay if we use international laws like UNCITRAL ? 6. Citation and Footnote - need to put in footnote or just put in bibliography (no footnote) 7. Can we apply foreign laws? 8. Are the issues restricted to Malaysia or can be from other countries? Better to be close in malaysia 9. Do the issues regarding electronic evidence only refer to e-commerce or as a separate topic and electronic evidence in general? Related to e commerce INTRODUCTION CONTENT Issue 1 + Introduction (Impersonation) (Vic) Issue 2 - Leader (False information) (Nurin) Issue 3 - Video compiler (unauthorized payment) (How Chin) Issue 4 + Conclusion (Authentication of the anonymous parties to the transaction) (Iryani) Issue 5 - Electronic evidence (compile slides points)(design the slide) Eric CONCLUSION PRESENTATION PROJECT - 2 people Slides (Ask members points and compile points to put in slide from members) VIdeo compiler - Insert video + put picture in slides + edit (make it pretty pretty) Leader - Check all from zero to hero LOL !! (Check and read everyone’s part, book consultation, aware of notice posted, check plagiarism in turnitin each part, ensure everything is good and correct and awesome) Important: ask members first agree or not 1. We will use google docs (google drive), everyone submit your part there, leader proceed checking everything DATELINES: Discussion - 16/1/2022 Sunday (Week 2) Outline - 19/1/2022 Wednesday or 22/1/2022 Saturday (Week 3) (depends on notice) Consultation - 24/1/2022 Monday (12:30 pm - 12:40 pm) Internal Written - 16/2/2022 Wednesday morning if possible (Week 7) Leader check everything, plagiarism, footnote and give feedback towards group members to make correction if any - 17/2/2022 Thursday (Week 7) Members make the corrections on the same day. Presentation: ● Members give slide points by 18/2/2022 Friday (Week 7) ● Members send video to video compiler 18-20/2/2022 (horizontal video) ● Compile slide points 19/2/2022 Saturday (Week 7) ● Video compiler 20-25/2/2022 Sunday - Friday (Whole week 8) ● Final check up by every group members on video and written projects by 26-27/2/2022 Saturday - Sunday (Week 8) 28/2/2022 Monday (Week 9) (Check once again) Submission - Leader External Written - 1/3/2022 Tuesday (Week 9)