Cyber Law
Bridging the Conventional and Cyber Juris
Hasib bin Mansor
BSc (USM), MSc (UiTM), Bachelor Of Legal Studies Hons. (UiTM)
Setiauaha Bahagian
Bahagian Pengurusan Maklumat
Kementerian Pertanian dan Industri Asas Tani
Malaysia
Definition of Cyber Law
In Simple word we can say that cyber law is unlawful acts
wherein the computer is either a tool or a target or both
• Cyber crimes can involve criminal activities that are traditional
in nature, such as theft, fraud, forgery, defamation and mischief,
all of which are subject to the Penal Code, Act 574.
• Cyber Defamation
Cyber Crime
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
3
Cyber Crime
1. The Computer as a Target ; using a computer
to attack other computers.
e.g. Hacking, Virus/Worm attacks, DOS attack etc.
2. The computer as a weapon; using a computer
to commit real world crimes.
e.g. Cyber Terrorism, IPR violations, Credit card
frauds, EFT frauds, Pornography etc.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
4
Cyber Crime Statistics In Malaysia
• RM2.75billion losses for the period of 2005 to
2010
• 13,173 incidents reported in 2011 as
compared to 6204 incidents reported in 2010,
an increased of 112.3%
Jabatan Perdana Menteri, April 2012, The Star
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
5
UK cyber crime costs £27bn a year government report
• Security minister Baroness Neville-Jones said the
government was determined to work with industry to
tackle cyber crime.
• Nearly half of the £21bn cost to business is made up of
intellectual property theft - such as the theft of designs.
Industrial espionage, such as the theft of commercial
secrets.
• Intellectual property theft cost £9.2bn, industrial espionage
£7.6bn, this was followed by extortion, which cost £2.2bn,
and direct online theft, which cost business £1.3bn. Some
£1bn was lost through theft of customer data.
BBC World Service, London: Feb 2011
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
6
Enacted Cyber Laws in Malaysia
1. computer Crime Act, Act 563
2. Digital Signature Act, Act 562
3. Telemedicine Act, Act 564
4 Comm. and Multimedia Act, Act 589
5. Digital Signature Act, Act 562
6. Electronic Gov. Act, Act 680
IPR
7. Industrial Design Act, Act 552
8. Copy Right Act, Act 332
9. Patent Act, Act 291
10. Trade Description Act, Act 87
11. Personal Data Protection Act, Act 709
12. Electronic Commerce Act, Act 658
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
7
Power To Investigate and Prosecute
• Investigate
– Traditional Crime
• Police officer with the rank of sergeant or any officer in charge of a
police station (Section 109, Criminal Procedure code, Act 593)
– Cyber Crime
• CCA, Police officer with the rank of Inspector or Above to conduct
search, seizure and arrest (Section 10, Computer Crime Act 1997, Act
563)
• MCMC Officer Appointed by the Minister, S.245, case LETCHIMANAN
PERUMAL lwn. PP
• Prosecute
No prosecution shall be instituted for an offence under the acts
without the consent of the public prosecutor. S.12 CCA, S.259
MCMC
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
8
Type of Cyber Crimes
•
•
•
•
•
•
•
•
•
9/11/2012
Hacking (force)
Intrusion(invasion)
Virus, worm, spam, spyware, phishing, Trojan
Ddos (distributed denial of service)
Fraud, Defamation
IPR violation
Cyber Terrorism
Credit card fraud
Pornography
Seminar Keselamatan ICT Bil 1/2012 MoH
9
Computer Crime Act 1997
Unauthorized access to computer material
3. (1) A person shall be guilty of an offence if—
(a) he causes a computer to perform any function with
intent
to secure access to any program or data held in any
computer;
(b) the access he intends to secure is unauthorized; and
(c) he knows at the time when he causes the computer to
perform the function that is the case.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
10
Computer Crime Act 1997
Unauthorized access to computer material
3.(2) The intent a person has to have to commit an offence
under this section need not be directed at:—
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
3.(3) A person guilty of an offence under this section shall on
conviction be liable to a fine not exceeding fifty thousand
ringgit or to imprisonment for a term not exceeding five
years or to both.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
11
S. 3 CCA Case
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
12
Issues Of The Case
Statement of Issues to be tries:• Whether the information and documents were
confidential and protected by law
• Whether the Defendants were under an
obligation not to remove and or disclose them
without the Plaintiff’s consent
• Whether the Defendants’ act of removing the
information and documents from the Plaintiff’s
computer systems to their personal computers or
emails were unauthorized and in breach of their
terms of employment or the law.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
13
Decision
Equitable Remedies
• Plaintiff’s claim for injunction and declaration
were allowed with
• Exemplary damages assessed by the Deputy
Registrar
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
14
Computer Crime Act 1997
Unauthorized access with intent to commit or facilitate
commission of further offence
4. (1) A person shall be guilty of an offence under this section
if he commits an offence referred to in section 3 with intent—
(a) to commit an offence involving fraud or dishonesty or
which causes injury as defined in the Penal Code [Act
574]; or
4.(b) to facilitate the commission of such an offence whether
by himself or by any other person.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
15
Computer Crime Act 1997
Unauthorized access with intent to commit or facilitate
commission of further offence
4.(2) For the purposes of this section, it is immaterial
whether the offence to which this section applies is to
be committed at the same time when the
unauthorized access is secured or on any future
occasion.
4.(3) A person guilty of an offence under this section shall
on conviction be liable to a fine not exceeding one
hundred and fifty thousand ringgit or to imprisonment
for a term not exceeding ten years or to both.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
16
Cases Fall Under S.4
• Causing injury or death to a patient as a result
of tampering his medical information
• Divert money from someone’s account into
another account
• Tampering with prisoner’s record
• Tampering with forwarding agent’s databases
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
17
Computer Crime Act 1997
Unauthorized modification of the contents of any computer
5. (1) A person shall be guilty of an offence if he does any act
which he knows will cause unauthorized modification of the contents
of any computer.
5.(2) For the purposes of this section, it is immaterial that the act
in question is not directed at—
(a) any particular program or data;
(b) a program or data of any kind; or
(c) a program or data held in any particular computer.
5.(3) For the purposes of this section, it is immaterial whether an
unauthorized modification is, or is intended to be, permanent or
merely temporary.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
18
Computer Crime Act 1997
5.(4) A person guilty of an offence under this
section shall on conviction be liable to a fine not
exceeding one hundred thousand ringgit or to
imprisonment for a term not exceeding seven
years or to both; or be liable to a fine not
exceeding one hundred and fifty thousand
ringgit or to imprisonment for a term not
exceeding ten years or to both, if the act is done
with the intention of causing injury as defined in
the Penal Code.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
19
CCA, S5, Case
http://www.tabunghaji.gov.my/tabunghajitheme/PDF/KLIP_AKHBAR/FEBRUARI2012/240212_APRIL%2025%20TRIAL%20FOR%20TABUNG%20HAJI%20DUO.pdf,
9:9-2012
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
20
Computer Crime Act 1997
Wrongful communication
6. (1) A person shall be guilty of an offence if he communicates
directly or indirectly a number, code, password or other means of
access to a computer to any person other than a person to whom
he is duly authorized to communicate.
(2) A person guilty of an offence under this section shall on
conviction be liable to a fine not exceeding twenty five thousand
ringgit or to imprisonment for a term not exceeding three years
or to both.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
21
8. Presumption.
• A person who has in his custody or control
any program, data or other information which
is held in any computer or retrieved from any
computer which he is not authorised to have
in his custody or control shall be deemed to
have obtained unauthorised access to such
program, data or information unless the
contrary is proved.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
22
S234, MCMC Act
• 234. Interception and disclosure of communications prohibited.
(1) A person who, without lawful authority under this Act or any other
written law(a) intercepts, attempts to intercept, or procures any other person to intercept or
attempt to intercept, any communications;
(b) discloses, or attempts to disclose, to any other person the contents of any
communications, knowing or having reason to believe that the information
was obtained through the interception of any communications in
contravention of this section; or
(c) uses, or attempts to use, the contents of any communications, knowing or
having reason to believe that the information was obtained through the
interception of any communications in contravention of this section,
commits an offence.
(3) A person who commits an offence under subsection (1) or (2)
shall, on conviction, be liable to a fine not exceeding fifty thousand
ringgit or to imprisonment for a term not exceeding one year or to
both.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
23
Section 6, Interpretation
• intercept
"intercept" means the aural or other
acquisition of the contents of any
communications through the use of any
electronic, mechanical, or other equipment,
device or apparatus;
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
24
Case Law, Section 234
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
25
The Allegation
D.I. was conducted on 5 December 2000 and the claimant had
duly attended. At its conclusion, the claimant was found guilty
of all the 6 charges except Charge 5.2 namely:
• 1. As MIS Manager, you were aware of other employees entering the Chief
Operating Officer's e-mail account illegally, but you did not stop or report
such activities;
• 2. Going into the internet for non-company related activities;
• 3. Entering into other people's e-mail account illegally;
• 4. Unauthorized access to your account whilst on suspension;
• 5. Together with the above two ladies (Ms. KK Lee and Ms. Tang Aye Tin),
paid an unscheduled visit to the Hong Leong Senior Management at
Wisma Hong Leong on Nov-11-2000;
• 6. Collaborating with other employees to undermine the Chief Operating
Officer.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
26
Rationale for the Court's Decision
• A Mere received copies of email and not active member as required
under section 234 MCMC
• not a misconduct in the absence of any written policy or practice and that
in respect of item 2, the respondent had failed to prove these 2 items on a
balance of probability.
• A mere possession of such an e-mail does not necessarily prove that the
claimant had entered into Mr. LC Ho's e-mail account and acquired it.
• The respondent ought to have known that if the claimant was not allowed
to use the said facility, it had to be withdrawn from her or to be expressly
mentioned in her letter of suspension. Without it being so expressed, it
would be inequitable to hold the claimant liable for a misconduct on such
a charge. This court agrees with the submission for the claimant that there
was no evidence led by the respondent to prove that the claimant had
deleted documents on 10 November 2000. …..He who seeks equity
must do equity
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
27
Remedy & Award
Claimant had pleaded for reinstatement to her former position
with backwages, inter alia.
• As a consequent of this case, this court is the view that there has
been bad feeling between Management team. Such environment
will certainly not be conducive for both the claimant as well as the
respondent since the mutual trust and confidence may be
diminishing.
• This court finds that reinstatement is not the appropriate remedy in
the circumstances. The alternative remedy to the claimant would
be compensation in term of back wages
• Ubi jus ibi remedium
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
28
Cyber Defamation
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
29
Defamation Arises
• Publication – The words are defamatory
• Tends to lower a person’s reputation (Tendency to
lower the estimation of the plaintiff in the mind of
right thinking members of society) OR
• To cause him to be shunned or avoided by
reasonable people in the society
• Thereby adversely affecting his reputation
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
30
Rindos v Hardwick
Facts of case
• A landmark case in cyber defamation in Western
Australia in 1994
• Dr Rindos, An American academic and probationary
lecturer at WA University
• He was denied tenure at the university on controversial
issue of homosexual.
• Hardwick was a student and studying in a different
department. He made defamatory statement about Dr
Rindos when he posted to the usenet newsgroup Sc.
anthropology computer bulletin board via DIALix, An
ISP
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
31
Rationale for the Court's Decision
• Rindos was awarded $40,000 damages from
Hardwick - but apparently did not collect
before his death.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
32
Bridging the Gaps
Basic Elements of Criminal Liability
1. ACTUS REUS – causing computer to perform S.3,
CCA 1997
1.
2.
In cyber world it is not physically painful but emotionally,
eg: computer crash, hand phone and notebook stolen
Action may from remote
2. MENS REA
2.1 He must intend to secure access to computer
2. He knew that his intended access was unauthorised
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
33
Bridging the Gaps
• Cyber defamation
– Circulation of defamatory words traditionally through sale
of book, magazine, newspaper, bulletin- come in person
– Cyber world, through www, email, social
networking(email, facebook, tweeter, blog) – through
electronic
– www = publisher
– Number of circulations, exponentially fast v traditional
printing
– The media of defamations are hard to disposed, case
youtube, Video: Police Inspector Held For ‘Beating’ Hotel
Employee , http://mynewshub.my/eng/2012/07/videopolice-inspector-held-for-beating-hotel-employee/
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
34
Challenges And Issues
• Law conflict with organization goals
• Law enforcer, Lack of competent technical skills in
computer crime forensic, Malaysia need 7000 such
personnel in the next three years, Cyber Security Malaysia ,
August 2012
• Shortage of lawyers in cyber laws
• Circumstantial evidences, forensic evidences – problem in
identifying the perpetrators
• Victims reluctant to report – fear of reputational damage
• Too many regulatory bodies that involves in cyber laws
• Lack of awareness of the law
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
35
S.114A Evidences Act
114A. Presumption of fact in publication.
• (1) A person whose name, photograph or pseudonym appears on any publication depicting
himself as the owner, host, administrator, editor or sub-editor, or who in any manner facilitates
to publish or re-publish the publication is presumed to have published or re-published the
contents of the publication unless the contrary is proved.
• (2) A person who is registered with a network service provider as a subscriber of a network
service on which any publication originates from is presumed to be the person who published
or re-published the publication unless the contrary is proved.
• (3) Any person who has in his custody or control any computer on which any publication
originates from is presumed to have published or re-published the content of the publication
unless the contrary is proved.
• (4) For the purpose of this section- (a)"network service" and "network service provider" have the meaning assigned to them
in section 6 of the Communications and Multimedia Act 1998 [Act 588]; and
- (b)"publication" means a statement or a representation, whether in written, printed,
pictorial, film, graphical, acoustic or other form displayed on the screen of a computer.
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
36
Terima Kasih
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
37
LACK OF AWARENESS OF THE LAW
Jeremy Bentham, the Classical Utilitarian Theory (A Positivist)
http://users.ox.ac.uk/~ball0888/oxfordopen/happiness.htm
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
38
CCA 1987 Analysis of the Punishments
Section
3
4
5
6
7
9/11/2012
Fine
(RM)
50000
150000
100000
150000
25
=
Max Imprisonment
(Year)
5
10
7
10
3
1/2 of the above
Seminar Keselamatan ICT Bil 1/2012 MoH
39
Letchimanan Perumal v PP
• Found Not Guilty
• IO was not Authorized by
the minister
• Lack of Evidences
– Video recordings, punch
card, job sheets of daily
activities were not
produced as exhibits
• Wrongful gain to one
person or wrongful loss to
another, not produced in
court
He who comes to equity must come with clean Hands, Maxim of equity
9/11/2012
Seminar Keselamatan ICT Bil 1/2012 MoH
40