ASSIGNMENT QUESTION UYL2612- CYBERLAW
PROJECT 1 (group assessment-20%)
With reference to relevant legislations and cases, critically identify the issues arising on
authentication in E-commerce and its possible legal remedies/solutions. You are required to
include at least one (1) issue on electronic evidence as part of the discussion.
PLEASE TAKE NOTE:
∙ Students are required to form an assignment group of 5 members each (WITHIN
TUTORIAL GROUP) by filling out the google link previously provided.
∙ Please note it is the students' duty to make sure that their name is not omitted by the
Group Leader.
∙ One consultation will be allowed for this assignment. Do register your group in the link
provided later.
∙ 1.5 spacing, Times New Roman, font size 12.
∙ Contents can be up to 15 pages (excluding table of content and bibliography) ∙
The introduction must not be more than 300 words.
∙ All facts of cases, laws, sections, quotations MUST be typed in BOLD. This will indicate to the
lecturers the extent of literature that you have used in your assignment and to detect
tendency on copy and paste method.
∙ Kindly use APA 7th edition for citation.
∙ File name submitted will be name based on your tutorial class followed by group number
(example: T1_1, T3_2, etc.). PDF format.
∙ Kindly submit via Google Classroom as it will be run through TURNITIN system. Similar
index rating must be <15% on TURNITIN or IT WILL BE 0 GROUP MARK.
∙ Late submission will not be entertained.
DATELINE: WEEK 9, TUESDAY (1/3/2022), BEFORE 6PM
QUESTION 2 (presentation-10%)
Prepare a group presentation based on your outcome for assignment question.
PLEASE TAKE NOTE:
∙ Students are required to record 10-15 minutes group presentation (which will be assess
individually) and to be submitted via GC. You may use any apps/software as long as you
produce 1 video per group.
∙ Students are required to prepare slides for the presentation. One (1) slide per student
(excluding title).
∙ Office attire.
∙ Kindly submit the slide and video via GC- File name submitted will be name based on your
tutorial class followed by group number (example: T1_1, T3_2, etc.). PDF format for the
slides.
∙ Late submission will not be entertained.
DATELINE: WEEK 9, TUESDAY (1/3/2022), BEFORE 6PM
Video
1. One video only
2. 15 minutes (each person have 3 minutes)
3. Put slides submitted to eric Members give slide points by 18/2/2022 Friday (Week 7)
a. Each person one slide
4. Office attire
5. To be submitted to How Chin in between 18-20/2/2022
6. Video must be horizontal
Essay
1. 15 pages: 3 pages each (including Vic and Iryani intros and conculs)
2. No plagiarism please, Nurin will check turnitin after you guys submitted your parts.
3. Format
a. Intro (300 words)
a. 1.5 spacing, Times New Roman, font size 12
b. APA 7th edition for citation
c. Cases, laws, sections, quotations MUST be typed in BOLD
2. Dateline: 16/2/2022 Wednesday morning if possible (Week 7)
Final
1.
2.
3.
4.
5.
PDF Format
Table of content
Bibliography page
File name (T11_1)
Turnitin (less than 15%)
OUTLINE
With reference to relevant legislations and cases, critically identify the issues arising on
authentication in E-commerce and its possible legal remedies/solutions. You are required to
include at least one (1) issue on electronic evidence as part of the discussion.
file:///C:/Users/Hp/Downloads/953460.953496.pdf
WRITTEN PROJECT
Each provides legal solutions or remedies
Issue 1 + Introduction (Impersonation) (Vic)
Issue 2 - Leader (False information) (Nurin)
Issue 3 - Video compiler (unauthorized payment) (How Chin)
Issue 4 + Conclusion (Authentication of the anonymous parties to the transaction) (Iryani)
Issue 5 - Electronic evidence (compile slides points)(design the slide) Eric
(Vic) INTRODUCTION (not more than 300 words)
definition
● Online marketplaces such as the Internet, both buyers and sellers face high levels of
uncertainty.
● Concerns: security, authentication, fraud and risk of loss cited as among the most
significant barriers to the growth of e-commerce.
● Various views on online authentication. Such as, “ the identification of one party to
another”
● “A core set of activities used to verify the quality and features of a product offered, the
authenticity of the trading parties, and monitor conformance to the contract or agreement
among parties”
CONTENT
Seller
1. Impersonation attack (pretending to be someone else)
Issues on user impersonations in the online market
a. example carousel, sell duck product but you are not a duck agent but the customer
b.
c.
d.
e.
believe that you are an a duck agent.
Pretend to be the legal participants for both parties
Seller (Person C) is impersonated by person A (Third party) , person B (buyer)
pays person A, instead of Person C.
Person C sells to Person B but delivers it to Person A because Person A
impersonates.
i. Digital Signatures Act - S.2 - Asymmetric Cryptography. .(one public key
and one private key -- to encrypt and decrypt a message and protect it from
unauthorized access or use.) ( 2 participants only (Sender) & (Receiver),
each have their own key to encrypt and decrypt the message using their
key)
ii. Penal Code - S.417( Punishment for impersonation)
Problems with third party (agent) fake agent or not trustworthy agent
f. Cases:
I. Zschimmer & Schwarz GMBH & Co. KG Chemische Fabriken v
Persons Unknown and Mohammad Azuwan bin Othman (t/a Premier
Outlook Services)
II. CMOC Sales & Marketing Limited v Persons Unknown [2018] EWHC
2230 (Comm)
Solutions
a. Cybersecurity protection
● Mitigate activities & to minimise the reach and effectiveness of any cyber threat
● Ex: Fraudwatch
b. Penal Code Act 574
● S 416 of PC ( Phishing)
● S 420 of PC ( Cheating and dishonestly inducing delivery of property)
c. Computer Crimes Act 1997
● S 4(1) of CCA 1997 ( Offense involving fraudulent act)
(Nurin) Issue on the authentication in terms of product
2. False information in regards to the goods or services. (Mainly on Product)
a. Not authentication of parties but authentication of products, goods and services.
b. Sells or distributes product falsely characterizes, mislabels the content, character,
origin or utility of the product
i. S.8 of CPA 1999 - (leading a consumer into error)
ii. S.9 of CPA 1999 - Misleading conduct
iii. S.10 of CPA 1999 - False and misleading
iv.
S.20(1) of DSASA - content of advertisement in mails order sales
c. The originality of product
i. Counterfeit product (dealing with counterfeit products i.e. not authentic &
inaccurate information)
ii. Price Control (Labeling by Manufacturers, Importers, Producers or
Wholesalers) Order 1980
1. S.13 of Price Control Act 121
http://www.commonlii.org/my/legis/consol_act/pca19461973232/
a. mandatory for goods to carry details of the manufacturer,
importer, wholesaler, and producer (details on counterfeit
goods are normally fictitious or inaccurate)
iii.
A & M Beauty Wellness Sdn Bhd v Shopee Mobile Malaysia Sdn Bhd
(Berniaga sebagai Shopee Malaysia) [2021] MLJU 65
d. The quality of the products
i. S.32 of CPA 1999 - acceptable quality
ii. Product defects (S.3 of CPA 1999)
iii. Consumer Protection Act 1999
https://aseanconsumer.org/file/pdf_file/CONSUMER%20PROTECTION
%20ACT%201999%20AMENDMENT%202019%20.pdf
1. CPA applies in respect of all goods and services including trade
transactions in electronic commerce.
iv.
Electronic Commerce Act 2006 (see first)
https://aseanconsumer.org/file/post_image/Act%20658%20%20Electronic%20Commerce%20Act%202006.pdf
Solutions
a. Trade Description Act 2011 (dealing with counterfeits)
v.
the details and information provided about a product or service to help consumers
vi.
understand what they are buying. ( false trade description to goods may lead to
criminal offense)
S.5 of TDA 2011 - Prohibition of false trade description
https://www.jetro.go.jp/ext_images/world/asia/my/ip/pdf/tradedescription2011_e
n.pdf
a. Consumer Protection Act 1999
i.
S.42 of CPA 1999 - Refund
b. Direct Sales and Anti-Pyramid Scheme Act 1993
https://www.kpdnhep.gov.my/images/dokumen/awam/perundangan/AktaBI/7-bi-DirectSales-and-Anti-Pyramid-Scheme-Act-1993-reprint-2013.pdf
i.
Mail order - buying of goods or services by mail delivery. The buyer places an
order for the desired products with the merchant through some remote methods.
ii.
S.19A of DSASA - sales through electronic transaction
iii.
S.22 of DSASA - Goods to be available for inspections
(Nurin’s research part)
● https://asklegal.my/p/misleading-advertisement-mere-puff-contract-malaysia
● https://www.stimmel-law.com/en/articles/false-advertising-or-labeling-rights-andremedies
● https://iclg.com/practice-areas/product-liability-laws-and-regulations/malaysia
●
●
●
●
●
https://www.qliktag.com/product-authentication-2/
https://drivesustainability.org/wp-content/uploads/2019/06/Malaysia_LegislationSummary_final.pdf
https://www.authenticvision.com/fake-goods-real-news-how-criminal-organizations-areplundering-half-a-trillion-dollars-from-africa-through-counterfeiting/
https://www.shearndelamore.com/wp-content/uploads/2017/06/World-TrademarkReview-Anti-Counterfeiting-2014.pdf
https://core.ac.uk/download/pdf/234625012.pdf
(How Chin) 3.Unauthorized payment/Non-Repudiation - pay using stolen or lost card
Issue: The unauthorized/illegal transaction by the third parties while using e-commerce
payment system.
Introduction:
Personal Data Protection
-Duty of Data User - S.6-S.12
Computer Crimes Act
-Unauthorized, S.3,S.4,S.5
Body Paragraph 1
Topic sentence: Unauthorized use of credit card/debit card
Detail 1: transaction involving the charging of expenses/purchase of goods and services without
the consent of the cardholder
Detail 2: the fraudster will advise victim to lodge a report with Bank Negara Malaysia's "Unit
Kad Kredit Palsu”
Solutions:
-Do not respond to SMS or call from unknown person
-Be skeptical
-In case an arrangement has been made, keep copies of all the communication records and
documentation
Body paragraph 2
Topic sentence: E-wallet fraud/Mobile payment scams
Detail 1: Preferred option for consumers across all demographics to pay for the goods and
services they need
Detail 2: Types of scams related to authentication issue: Social contest scams
-scammers will use social media platforms to launch a fake contest
-scammers require the supposed winners to pay a fee to verify their account and receive their
prize money
Detail 3: Fraudulent payment scams
-scammers use stolen credit cards to make fraudulent payments across a variety of platforms
-convince the sellers to send an item prior to making the payment
Detail 4: Overpayment scams
-Sellers may receive a fake e-mail that says they were inadvertently overpaid for the item they
listed
Detail 5: Fraudulent customer service scams
-a target may receive a call from the customer service department of a popular mobile payment
app
-this app or program is some sort of malicious software designed to give them control of your
phone and subsequently, your digital wallet.
Solutions:
-Avoid making mobile payments over public Wi-Fi
-Only make peer-to-peer payments with people you know
-Create unique, secure passwords and safely store it
-Learn to spot and avoid phishing and SMShing (or Smishing)
-Never ever give out sensitive information
Body paragraph 3
Topic sentence: Online banking transfer scams
Detail 1: Identity theft
-a hacker can spy on the bank database with the aim of stealing several accounts’ identity
Detail 2: Banking account takeovers
-The criminal accesses an individual’s account and alters information about it
Detail 3: Credential stuffing
-targeted to obtain banking customers’ personal information
-hackers can gain unauthorized access to customer’s accounts.
Detail 4: Spoofing
-cybercriminals mimic a bank’s website URL with a new website that looks very similar to its
website
Solutions:
-Multi-factor authentication
-End-to-End Encryption
-Secure code and architecture
-Enable real-time alerts
-Educate customers about security
4. (Iryani) Authentication of the anonymous parties to the transaction
a) The problem of identifying the anonymous
-Many ways to hide one’s identity
-Harder to find the criminal if they are using a big online platform
b) The problem of authentication of electronic evidence
- Information in the internet that is going around can be easily forged and modified
-S.90A (2) of the Evidence Act 1950
-Bank Bumiputra Malaysia Berhad v Emas Bestari Sdn Bhd
c) Challenges faced because of the anonymous users
-During online transaction or online agreement, this anonymous user could use a stolen
credit card to perform the transaction
-Challenge of attribution: S.17 of Electronic Commerce Act
-Identifying the electronic signature: S.9 of the ECA 2006
-False and misleading product, S.10 of Consumer Protection Act 1999
d) Consumer’s rights
-Freedom to impose the term, Comb v Paypal
-Guarantee of quality of the product, S.32 of CPA
-Consumer Protection to get redress, S.39 of CPA
e) Punishments
-S.419 of PC: for an imprisonment which may extend to seven years or with a fine or with
both. Apart from the legal initiatives, consumers can also install anti-viruses like
Kapersky or Firewall to ensure that their computer is safe from any viruses that may lead
to unauthorized access
-S.137 of CPA, any person who submit false information in any application, liable to a
fine not exceeding two thousand ringgits or to imprisonment not exceeding six months or
to both
solutions:
-The existing legislations should be updated to reflect to a new dimension of crimes
-More severe and deterrent sentences should be imposed
-Provide new acts that can cope with the advancement of computer misuse activities
(Eric) Issues on Electronic Evidence
Electronic evidence - information transmitted in digital form for investigation
1. Issue = Authentication of information/evidence
a. Identity Management Challenge
i. Who is the Author of the Records?
ii. Courts look for ways to tie the author to the digital information offered into
evidence.
iii. Whether a message, document, video, or photo was included in an email or
posted on a website, it is important for the proponent to provide testimony
about who the author is.
b. Reliability
i. Is the Computer Program that generated the Records Reliable? Was the
output of the computer what it purported to be?
c. Alteration
i. evidence is not certain, can be changed
d. Incompleteness
i. Is the evidence the entire record or conversation
ii. United States v Jackson, 2007 WL 1381772 (D. Neb. 2007)
2. Solution = Admissibility of Electronic Evidence/Current Malaysian Practice
a. Define Hearsay
i. General Rule of Hearsay
1. S.60 of Evidence Act 1950
ii. Electronic Evidence as exception to General Rule of Hearsay
1. S.90A , S.90B, S.90C of Evidence Act 1950.
a. Element 1: Computer in Course of Ordinary Use
i.
Gnanasegaran a/l Perarajasigam v PP
1. By certificate (S.90A(2)); or
2. Calling maker (S.90A(3)(a))
ii. PB Securities S/B v Justin Ong Kian Kuok & Anor
KL HC
1. By certificate
iii. Public Prosecutor v Hanafi Mat Hassan
1. X need certificate = The presumption in
S.90A(6) was sufficient + Oral Evidence
b. Element 2: Computer = good working order + operated
properly
i.
S.90A(4) of EA
ii. SRT Building System Sdn Bhd v Andrew Gregory
Swell and Anor
iii. The implication of admissibility of Hearsay evidence of Electronic
Evidence in the face of authentication issues.
1. Preconditions to admissibility of electronic ensure:
a. Computer-generated documents are admissible in the courts
without having to call the original maker of the documents
to testify as to the contents of the documents. (Ensure legal
weight of documents by certificate/testification of maker)
b. Eliminate the admissibility of unreliable evidence/evidence
that has been altered/that are incomplete.
i.
Azilah Hadri & Anor v. PP
1. Ratio - A person cannot be convicted if the
chain of evidence [was] not complete.
Improvements
Adopt Guidelines in accepting electronic evidence such as the UK ACPO guidelines, to better
ensure authentication and integrity of evidence.
Issue = identification and proving of the identity of an anonymous person involved in publication
through the internet.
Solution
1. S.114A of Evidence Act 1950
2. Eg: proves that Mr. X has used the computer
a. This is a presumption of guilt in law.
i. Whoever writes something/publishes, it will be presumed that it is the
person who wrote it.
1. Eg: Someone uses Starbucks network system and writes a
defamatory statement on social media. Digital forensics experts
trace back to Starbucks.
2. Strabucks will be held to be the one who made the comment. It is
unfair. Hence, public wifi now requires registration of personal
details before having to use their network system.
3. Network service provider is found in Section 6 of the CMA 1998.
Means a person who provides network services.
b. Implication
i. With the operation of section 114, a plaintiff in a similar situation could
now directly seek redress against the web site hosts. The onus would be on
the defendants to use their resources to identify the bloggers of the
offensive postings and join them in the proceedings and prove that they are
not the publishers.
1. Stemlife Bhd v Bristol-Myers Squibb - (Still limited to publishers)
Improvements
Educate ISP on their liabilities in issues of publication through the internet.
Educate ISP to pre-requisite identification prior to use of public internet/Possibly create legal
requirement of identification prior to use of public internet
Sources
ADMISSIBILITY AND AUTHENTICITY OF ELECTRONIC ...http://www.ijlgc.com › IJLGC2019-15-06-13
Obtaining and Using Electronic Evidence: Issues, Cases, and ...https://www.cybersecurity.my ›
data › content_files
(PDF) Digital evidence in Malaysia - ResearchGatehttps://www.researchgate.net › publication ›
28756206...
(KIV) smaller issue - Jurisdiction problems - cross border transactions, country A or country B
will govern the dispute.
1. Extradition Act 1992
2. S.9 CCA
3. Use of International Laws
a. Budapest Convention/Council of Europe’s Convention on Cyber Crime
i. M’sia not part of (which is an issue)
(Iryani) CONCLUSION
· Amendment should be made to our existing legislations to reflect to a new
dimension/series of crimes that happened in our E-commerce
· A more severe and deterrent sentence should be imposed to the criminals
· Provide new acts that can cope with the advancement of computer misuse
activities
· Adding more act in regards to E-commerce
-------------------------------------------------------------------------------------------------------------------Essay structure:
Issue
Issue
Solution
Solution
OTHERS
Buyer
1. Giving wrong information i.e. wrong phone number or address causes the seller to have
loss in revenue. (KIV)
2. Forged signature - sometimes signature is not needed when buying online.
Pyramid scheme
Electronic Commerce Act 2006
Personal Data Protection Act 2010 - governs personal data
Consumer Protection Act 1999 - Protection for consumers
Digital Signature Act 1997 -
Questions for Dr:
1. Cases should be from Malaysia or other countries as well (more to malaysian) combine
2. Should we compare it to other countries such as the UK, US etc. Solution better law
3. Remedies or legal solution or both for each issues (both - prioritize - legal and non legal)
4. Can it be a non legal solution such as software to track counterfeit product (example)
5. Is it okay if we use international laws like UNCITRAL ?
6. Citation and Footnote - need to put in footnote or just put in bibliography (no footnote)
7. Can we apply foreign laws?
8. Are the issues restricted to Malaysia or can be from other countries? Better to be close in
malaysia
9. Do the issues regarding electronic evidence only refer to e-commerce or as a separate
topic and electronic evidence in general? Related to e commerce
INTRODUCTION
CONTENT
Issue 1 + Introduction (Impersonation) (Vic)
Issue 2 - Leader (False information) (Nurin)
Issue 3 - Video compiler (unauthorized payment) (How Chin)
Issue 4 + Conclusion (Authentication of the anonymous parties to the transaction) (Iryani)
Issue 5 - Electronic evidence (compile slides points)(design the slide) Eric
CONCLUSION
PRESENTATION PROJECT - 2 people
Slides (Ask members points and compile points to put in slide from members)
VIdeo compiler - Insert video + put picture in slides + edit (make it pretty pretty)
Leader - Check all from zero to hero LOL !!
(Check and read everyone’s part, book consultation, aware of notice posted, check plagiarism
in turnitin each part, ensure everything is good and correct and awesome)
Important: ask members first agree or not
1. We will use google docs (google drive), everyone submit your part there, leader
proceed checking everything
DATELINES:
Discussion - 16/1/2022 Sunday (Week 2)
Outline - 19/1/2022 Wednesday or 22/1/2022 Saturday (Week 3) (depends on notice)
Consultation - 24/1/2022 Monday (12:30 pm - 12:40 pm)
Internal Written - 16/2/2022 Wednesday morning if possible (Week 7)
Leader check everything, plagiarism, footnote and give feedback towards group members to
make correction if any - 17/2/2022 Thursday (Week 7)
Members make the corrections on the same day.
Presentation:
● Members give slide points by 18/2/2022 Friday (Week 7)
● Members send video to video compiler 18-20/2/2022 (horizontal video)
● Compile slide points 19/2/2022 Saturday (Week 7)
● Video compiler 20-25/2/2022 Sunday - Friday (Whole week 8)
● Final check up by every group members on video and written projects by 26-27/2/2022
Saturday - Sunday (Week 8)
28/2/2022 Monday (Week 9) (Check once again)
Submission - Leader
External Written - 1/3/2022 Tuesday (Week 9)