This is my slides presented during RWY Sports Law Conference 2014. Click here download.
Bread & Kaya: Tracing someone online
Nov 17, 2014
- Getting the IP address is one way, but may not always be possible
– On issue of defamation, Section 114A has been applied retrospectively
ONE of the most difficult issues to deal with in cybercrime or cyber-bullying cases is finding the perpetrator online. My years of blogging have brought me some experience in dealing with this issue, especially when dealing with ‘trolls.’
I am glad to say that it is not impossible. Some guesswork is needed. Normally, such a perpetrator is someone you know, although he or she may or may not be close to you. Sometimes, however, it would be just a stranger.
There was one case where the perpetrator was found to be a friend’s spouse whom the victim had only met a few times. Strangely, there was no animosity between these parties.
In one case which I was personally involved, I made a guess on the possible perpetrator and worked from there. Eventually, the person confessed after being confronted.
Getting the Internet Protocol (IP) address of the perpetrator is one of the conventional ways to track someone down. Internet service providers (ISPs) assign unique IP address to each user account. However, IP addresses may not be retrievable if the person is on a proxy server.
Another problem is the jurisdictional issue. Many servers storing such IP addresses may be located overseas and owned by foreign entities. One may have to initiate legal action overseas to get such data, and many of these service providers do not release their user information easily due to data protection laws or their strict privacy practices.
In the recent case of Tong Seak Kan & Anor v Loke Ah Kin & Anor  6 CLJ 904, the Plaintiffs initiated an action for cyberspace defamation against the 1st Defendant.
In tracing the perpetrator, who had posted defamatory statements on two Google Blogspot websites, the Plaintiffs filed an action called a John Doe action in the Superior Court of California. In compliance with the Court order, Google traced the blogs to two IP addresses which were revealed by Telekom Malaysia Bhd to be IP addresses belonging to the 1st Defendant’s account.
In the same case, the High Court had held that the controversial Section 114A (2) of the Evidence Act 1950 applied retrospectively.
S. 114A (2) provides that the burden of proof lies on the subscriber of an ISP to prove that a certain statement was not published by him or her. The 1st Defendant failed to convince the Court that s. 114A (2) does not apply because the defamatory statements were published before the enforcement date of s. 114A(2).
This retrospective stand however was not followed in the case of PP v Rutinin Bin Suhaimin  2 CLJ 427 as the High Court held that s. 114A does not apply retrospectively.
Perhaps the distinguishing factor between these cases is that the first case involved a civil dispute whereas the latter is a criminal prosecution.
Readers may recall that the #Stop114A campaign was initiated to get this law repealed. I am proud to say that Digital News Asia (DNA) was one of the organisers and participants in shutting down its website for one day. The campaign attracted the attention of Prime Minister Najib Razak but unfortunately, the law remained.
Going back to the case, the Court held that the 1st Defendant had failed to prove that he was not the publisher of the content. The 1st Defendant is now liable for a payment of RM600,000 (US$180,000) as damages to the Plaintiffs.
Not all tracing of a perpetrator requires an IP address. In Datuk Seri Anwar Bin Ibrahim v Wan Muhammad Azri Bin Wan Deris  3 MLRH 21, Opposition leader Anwar Ibrahim (pic) sued Wan Muhammad Azri Bin Wan Deris, allegedly a well-known blogger called Papagomo, for defamation.
In proving the identity of Papagomo, instead of tracing the IP address of Papagomo, the Court relied on the statement of a person who had met Papagomo in person before. The former also took a picture with Papagomo and this picture was tendered in Court.
There are other unconventional methods to identify a person online. I have heard of a private investigator entering a person’s home without knowledge to gain access to the computer of that person.
Many people do not password-protect their home computers and leave their email and other online accounts still logged into. This allows the private investigator to easily access a person’s emails and other online accounts without any technical skills.
One method that I always use is to find something unique in the content posted by the perpetrator. For example, I recently concluded that a website was held by a cyber-squatter by doing a Google search on certain sentences that appeared on the website. The cyber-squatter’s website looked like a legitimate website, but the search revealed that the same facade had been employed by the cyber-squatter on several websites using well-known brand names.
If there are images involved, a Google Image search would be useful to find whether other websites are hosting the same image.
It is of utmost importance that one must have reliable evidence to prove the identity of a perpetrator before suing or charging them. The person doing such investigation should be knowledgeable enough to conduct the investigation, know the rules of producing evidence and testifying in Court, and to thwart all challenges by the perpetrator’s lawyers.
Failure to do so would result in the case being dismissed or in a worst scenario, an innocent person being charged or sued in Court.
First published on Digital News Asia on 17 November 2014.
The Malaysia Personal Data Protection Commissioner Office wishes to enforce compounding regulations pursuant to the Personal Data Protection Act 2010. They have now issued a survey for the members of the public and organisations.
Any response to the survey should be submitted before 14 November 2014. For more details, go to www.pdp.gov.my
Download: Survey Form (in Malay language only)
With the retirement of Haji Abu Hassan Ismail as the Director General of the Personal Data Protection Department, Encik Mazmalek bin Mohamad has been appointed as the new Director General of the Personal Data Protection Department effective from 1st October 2014.
I will be speaking about Intellectual Property in Sports i.e. Sports Personalities’ Image Rights on 4 December 2014 at RWY Sports Law Conference 2014.
In early 2013, the Inland Revenue Board (IRB) of Malaysia’s issued a guideline on how income derived from e-commerce is to be taxed. This guideline seeks to provide some guidance on basic tax issues and income tax treatment in respect of electronic commerce (e-commerce) transactions.
Notably, the IRB stated that a server / website itself do not carry any meaning in determining derivation of income. Business income from e-commerce would be considered as Malaysian income if the operations test shows that the person is carrying on a business in Malaysia. Even though the server is fully automated in performing business activities, the substantial part of the business activities such as updating and maintaining the current information on the website is still managed by a human (Paragraph 5.1). For more details, please visit Digital News Asia.
The Royal Malaysian Customs (RMC) also released the GST Guides on E-Commerce and Web Hosting to assist in understanding the upcoming Goods and Services Tax and its implications on e-commerce and web hosting businesses.
Under an e-commerce transaction, the RMC stated that if a business is supplying goods or services in Malaysia via the Internet, the business is accountable for the collection of GST as in conventional commerce. This also applies regardless that the transactions are done through a third party e-commerce service provider (e.g. web hosting company).
As for web hosting business, all provisions of services whether it originates in the country or imported from other countries are under the scope of GST. The principal rule with regards to place of supply for services provided by web host is where the supplier belongs. In this context, if the supplier of web host services belongs to Malaysia, such services have to be standard rate. On the other hand if the supplier belongs to another country, the supply of service is out of scope. However, if the recipient of the services provided by overseas supplier belongs to Malaysia, the imported service will be subjected to GST.
Inland Revenue Board – Guidelines On Taxation of Electronic Commerce
Royal Malaysian Customs – Goods and Services Tax – Guide on E-Commerce
Royal Malaysian Customs – Goods and Services Tax – Guide on Web Hosting Services
On behest of the Malaysian Bar Ad Hoc Committee for the Personal Data Protection Act, the Malaysian Bar has published the feedback by Ad Hoc Committee on Personal Data Protection to Personal Data Protection Commissioner’s following proposal papers.
1) Guideline on Compliance of Personal Data Protection Act 2010;
2) Guide on the Management of Employee Act Data under Personal Data Protection Act 2010;
3) Advisory Guideline related to Consent requirement under the Personal Data Protection Act 2010; and
4) Guide on Management of CCTV under Personal Data Protection Act 2010.
Download the feedback.
Ban Lee Siang restaurants – used with permission of sixthseal.com
Ban Lee Siang is a well known satay celup restaurant in Melaka. It consists of two adjoining shops operated by two different owners who are brothers. The shop was started by their other brother in 1987.
Although both restaurants are named “Ban Lee Siang”, they are both known as Restoran Makanan and Minuman Ban Lee Siang and Restoran Ban Lee Siang. The former was taken over by the Plaintiff in 1997 and the latter was started by the Defendant in 2004.
In 2012, the Plaintiff filed a lawsuit against the Defendant over the use of the name Ban Lee Siang. The Plaintiff alleged that he is the exclusive and registered proprietor whereas the Defendant is merely a licensee. The Plaintiff terminated the licence via a letter.
The Plaintiff’s registered trade mark
However, the Defendant alleged that he is a joint proprietor of the trade mark as he had purchased the business jointly with the Plaintiff and their mother.
The High Court held that:-
1. Based on the evidence provided, the trade mark BAN LEE SIANG was not only sold to the Plaintiff but also to the Defendant and their mother (paragraph 15);
2. The Defendant is a honest concurrent user (pursuant to s. 40(c) of the Trade Marks Act 1976 (TMA)) but also entitled to file an application under s. 20 of the TMA to be a joint proprietor (paragraph 16); and
3. Since the Plaintiff did not object to the use of the trade mark from the date of establishment of the Defendant’s restaurant until the date of the letter terminating the alleged licence, this shows that the Plaintiff had indeed allowed the use of the trade mark. Thus, following s. 40(c) and (dd) of the TMA, there is no trade mark infringement (paragraph 17).
Bread & Kaya: Liking a Facebook page and the law
Foong Cheng Leong
Aug 14, 2014
- ‘Liking’ a page doesn’t necessary mean you agree with it
– Using Sedition Act for what you ‘Like’ sets dangerous precedent
THE recent report that Malaysian police are investigating a Penang teenager under the Sedition Act 1948 for liking the ‘I love Israel’ Facebook page has raised more than a few eyebrows.
This leads to some interesting questions: What does liking a Facebook page mean? Does it mean liking the idea that is expressed by the Facebook page? In the above case, does this mean that the teenager actually loves Israel?
To answer this, we first refer to Facebook’s definition of ‘Like.
What’s the difference between liking a Page and liking a post from a friend?
Liking a Page means you’re connecting to that Page. Liking a post from a friend means you’re letting that friend know you like their post without leaving a comment.
When you connect to a Page, you’ll start to see stories from that Page in your News Feed. The Page will also appear on your profile, and you’ll appear on the Page as a person who likes that Page.
Further, in the US case of Bland v. Roberts, No. 12-1671 (4th Cir. Sept. 18, 2013, click here for the PDF), the Court held that:
On the most basic level, clicking on the ‘Like’ button literally causes to be published the statement that the User ‘Likes’ something, which is itself a substantive statement. In the context of a political campaign’s Facebook page, the meaning that the user approves of the candidacy whose page is being liked is unmistakable. That a user may use a single mouse click to produce that message that he Likes the page instead of typing the same message with several individual key strokes is of no constitutional significance.
This is a US case thus it is not applicable to us, and Facebook’s definition may not be relevant here. So far, we have no reported case in Malaysia of the legal implications of Liking a Facebook page.
To me, when a person Likes a certain page, it doesn’t necessary mean he or she ‘likes’ what the page represents. I may ‘Like’ a page to ‘get the stories from that Page in my News Feed.’ I sometimes Like a page to support a friend who started such page, but that does not mean I like his postings or expressions there. I’m sure many of us here use the Facebook ‘Like’ button differently.
To charge the teenager for sedition for Liking the ‘I Love Israel’ Facebook page is a dangerous precedent. Each Facebook user would have to be very careful on the Facebook page they Like. Those who are oblivious to current affairs would be most vulnerable.
Furthermore, the name of a Facebook page can be changed. Imagine if someone changes a Facebook page in open support of child pornography, and those who had previously Liked the page seem to suddenly like child pornography!
(Note: No approval is required to change the name of a Facebook Page with fewer than 200 members).
First published on Digital News Asia on 14 August 2014