Monthly Archives: May 2013

The 5th theatre of war

I was quoted by Prakash in an article published on Free Malaysia Today on 14 April 2013.


The 5th theatre of war
April 14, 2013

The key to preventing such massive debilitating attacks is to ensure nations have what is called Cyber Intelligence and Response Technology (CIRT) technology.

By Prakash

Cyber attacks, similar to the recent attack on South Korea’s military and financial industries, is where the next frontier of war will be.

If and when nations resort to cyber attacks on a worldwide scale, the destruction of vital military, banking and other commercial data will be similar yet not altogether identical to the horrendous banality that nuclear weapons promise.

“It is the fifth theatre of war,” declared Simon Whitburn to FMT on the dangers posed by cyber warfare.
The key to preventing such massive debilitating attacks, according to Lars Voedisch, principal consultant and managing director of Precious Communications, is to ensure nations have what is called Cyber Intelligence and Response Technology (CIRT) technology.

Combining a mix of network forensics, host forensics, malware analysis and large-scale data auditing, CIRT technology gives critical information on malfunctioning software thus crucially preventing and pre-empting any whole scale meltdown of computer systems in a country.

Even as the world knows of Malaysia’s Cyberjaya special zone that opened to deliberate fanfare in 1998, it is unclear if the nation has the kind of technology to deter potential attacks.

“If you don’t have the most sophisticated and up to date preventive technology, like CIRT, you are vulnerable and open to cyber attacks, both on a small and destructive scale’, Voedisch warned.

An even larger problem, according to him, is that it would take a single well coordinated attack to inflict untold damage.

“Even in the corporate world and financial industries, a lack of protection risks the whole industry coming to a halt, destroying the industry’s reputation for starters, and resulting in years of backlash from the public, and in terms of internal rebuilding,” Voedisch explained.

CIRT dovetails data protection

Yet what is highly recommended but alas not quite readily available is the free availability of the technology because the United States – where the technology is believed to have originated from – regulates the flow of the expertise on ideological grounds.

That restriction may prove a ‘tipping point’ in the battle against cyber criminals because technologically savvy criminals always think on their feet and conceive “new and more elusive means of targeting” stressed Voedisch.

CIRT technology will prove particularly instructive when Malaysia’s long-awaited data protection law takes effect.

The Act which has been hampered by a string of legal legerdemain and other technicalities is designed to protect and prevent the kind of callous damage hackers and cyber criminals are wont to do.

Despite the protracted lead up, many Malaysian companies are still not prepared for the eventual implementation of the law, according to the Star newspaper that quoted Malaysian lawyer Foong Cheng Leong. Foong pointed out during his many talks on the Personal Data Protection Act (PDPA), he noticed many companies have not even started their compliance exercise.

Data protection and the right to privacy have been exercising both the Singaporean and Malaysian governments. Though Malaysia initially had thought about data protection in 2001, Malaysian companies are still not prepared for the full implementation of the Act, according to sources.

That leaves Kuala Lumpur especially vulnerable to attacks of any kind which when coupled with the carefree adoption of computers by ordinary folks and the lack of education programmes in the country makes the entire episode of a delayed implementation of the act, doubly worrisome.

Under Malaysian law data collection parties are required to give their subjects a written notification in the national language whereas no such stipulation applies in Singapore.

Singapore’s law, moreover, requires the data collection party to state the purpose of the collection, use or disclosure of the personal data. And the collecting party is then required to provide a contact address for queries by individuals.

Multiple vantage points

Yet in the larger scheme of things is a compelling, overriding need for the kind of cyber security that Malaysia’s PDPA is requesting.

With technologies like Forensics Toolkit and malware available in Malaysia, the edge with CIRT is an ability to analyse what is happening across the entire entreprise from multiple vantage points.

CIRT enables cyber security personnel to proactively and reactively detect, analyse, and security threats in the most efficient manner by correlating network and host data within a single interface.

It also enables large-scale auditing and the correlation of network and host data, allowing organisations to quickly chase down and re-orientate any spillage of data and files with embedded malware.

Prakash is a free lance commentator and author of Inciting Injury-An Expose to Workplace Bullying in Singapore. He runs Nash School of Journalism and can be reached at jaya@nashschoolofjournalism.com

Free PDF    Send article as PDF   

Global Information Governance Summit (GIGS 2013)

I will be speaking at the Global Information Governance Summit (GIGS 2013) on the topic “Data Protection concerns in Social Media”.


Click on image for larger view

Download the brochure here.
Note: Fee is now RM100 per delegate and RM50 for students.

PDF    Send article as PDF   

Singapore launches the Personal Data Protection Commission & Do Not Call Registry Public Consultation Paper

On 15 May 2013, Singapore Communications and Information Minister Dr. Yaacob Ibrahim announced the launch of the Singapore Personal Data Protection Commission (Commission). The Minister also announced that the Singapore Do Not Call (‘DNC’) Registry will come into effect on 2 January 2014 and the Singapore Personal Data Protection Act 2012 will come into full force on 2 July 2014.

Further, the Commission has issued a public consultation paper on the proposed business operation of the DNC registry. The consultation paper seeks to solicit views and comments from the public and organisations as to the specifics of how the DNC registry should operate.

Any persons who wish to provide feedback on the Consultation Paper should submit their views via email to pdpc_consultation@pdpc.gov.sg before 5 June 2013, 5 pm.

PDF Printer    Send article as PDF   

GE13 Candidates and 114A

Published on LoyarBurok on 16 April 2013.



I am no expert in election laws but GE13 Candidates should take note of this. If you are running a blog, I suggest you moderate or close the comments section until and after the 13th General Election.

The reason why I say so is because s.114A(1) of the Evidence Act 1950 and the Election Offences Act 1954. S. 114A(1) provide the following:

“A person whose name, photograph or pseudonym appears on any publication depicting himself as the owner, host, administrator, editor or sub-editor, or who in any manner facilitates to publish or re-publish the publication is presumed to have published or re-published the contents of the publication unless the contrary is proved”.
In simple words, if your name, photograph or pseudonym appears on any publication depicting yourself as the aforesaid persons, you are deemed to have published the content unless you prove otherwise.

Also, if you have in any manner facilitated to publish or re-publish the publication, you are presumed to have published the content of the publication.

This means that website owners are deemed to be publishers of contents of a publication although the author of the publication is someone else.

Further, it is not possible for website owner to prove that he is not a publisher due to the wording of the section i.e. the words “in any manner facilitates to publish or re-publish the publication”. By providing a virtual platform, the website owners facilitate to publish or re-publish a publication.

In this regard, you will potentially commit an election offence if someone posts a comment which falls within the scope of corrupt practice. If found guilty of an election offence, the election of a candidate will be declared void (s. 32 of the Election Offences Act 1954).

What I have mentioned is not without basis. A similar scenario had happened after the 12th General Elections. In Kho Whai Phiaw v Chong Chieng Jen (Election Petition No.: 26-01-2008-I), an elector in the Bandar Kuching constituency presented an election petition to have Mr. Chong Chieng Jen’s (representative of the Democratic Action Party (DAP)) election declared void.

The elector sought to have Mr Chong’s election avoided on the ground that the latter had engaged in the corrupt practice of (i) undue influence and (ii) bribery, to procure his victory in the election. The elector alleged, among others, that a letter from one Mr Smith published on the comment section of Mr Chong’s blog site is said to contain certain threatening statement. The elector alleged that Mr Chong had exercised undue influence over the non-Muslim voters in the Bandar Kuching constituency through Mr Smith’s letter appearing on his blog site.

Fortunately for Mr Chong, the High Court held that Mr Smith’s letter was posted by one commentor by the name “Responsible Christian Voter” (‘RCV’). Mr. Smith was the author of the letter and it was RCV who published that letter through Mr Chong’s blog site. The Court held that Mr Chong is therefore not the publisher of the letter. The case is later upheld by the Federal Court. (see Kho Whai Phiaw v Chong Chieng Jen [2009] 3 CLJ 201)

But Mr Chong’s case is pre-114A case. If s. 114A applies, Mr Chong is considered as the publisher of the letter as his blogsite had facilitated the publication of the letter. Mr Chong could potentially commit an election offence if 114A applies. That is the effect of 114A. It creates liability on a virtual platform provider.

This, of course, is not tested in our Courts yet. One may argue that it is the blogsite provider (e.g. Google who owns Blogger.com) but this is only provided that such blog is hosted by such blogsite provider.

Nevertheless, as an abundance of caution, GE13 candidates should close their blog comments section to avoid such actions. Interestingly, Mr Chong’s blogsite has closed its comments section.

A Facebook Page is also another concern. It may be arguable to say postings made by users on a Facebook page is not published by the Facebook page administrator as it appears on a separate page. (Illustrated below).

However, Facebook comments appearing together with the postings by the Facebook administrator (illustrated below) is different. It is arguable that such comments are published by the Facebook page owner.

With this risk of having an election declared void, I hope that the new Parliament will relook into 114A when it convenes in the future.

It’s time to #stop114A.

PDF Creator    Send article as PDF   

Bread & Kaya: Limited Liability Partnership: An alternative business structure

Limited Liability Partnership: An alternative business structure
Foong Cheng Leong
May 01, 2013

– With LLP, entrepreneurs have more options to choose the most preferred form of business vehicle
– This would benefit small businesses (including startups), professionals groups and others

Bread & Kaya by Foong Cheng Leong

THIS month’s topic brings us to the new Limited Liability Partnership Act 2012 which came into force on Dec 26, 2012.

Prior to the introduction of this Act, entrepreneurs who wished to do business had to either register themselves as a sole proprietor/ partner or a body corporate. The new Limited Liability Partnership Act 2012 introduces an alternative business vehicle namely, a Limited Liability Partnership (LLP), offering a hybrid of characteristics between a conventional partnership and a company.

According to the Companies Commission of Malaysia (CCM), LLP features the protection of limited liability to its partners similar to the limited liability enjoyed by shareholders of a company coupled, with the flexibility of internal business regulation through partnership arrangement similar to a conventional partnership.

Any debts and obligations of the LLP will be borne by the assets of the LLP and not that of its partners’. An LLP has the legal status of a body corporate which is capable of suing and being sued in its own name, holding assets and doing such other acts and things in its name as bodies corporate may lawfully do and suffer.

LLP also offers flexibility in terms of its formation, maintenance and termination, while simultaneously has the necessary dynamics and appeal to be able to compete domestically and internationally.

With the introduction of LLP, entrepreneurs will have more options to choose the most preferred form of business vehicle and this would benefit small businesses (startups), professionals groups (e.g. lawyers, accountants or company secretaries), joint ventures and venture capital funds.

The cost of incorporating an LLP is in the region of RM500 as compared to general partnership and corporation which are in the region of RM30 to RM60, and RM1,000 and above respectively.

[RM1 = US$0.32]

Difference between LLP and general partnership

IN a general partnership, partners are jointly and severely liable for all business debts and obligations.

For example, if the partnership had incurred a debt and the debtor sues the partnership for the debt, all the partners will be named as party to the suit, notwithstanding that some partners are not involved in the debt.

The same goes if one partner is negligent; the rest of the partners may be liable for such a negligent act.

The LLP offers limited liability to its partners whereby any debts and obligations of the LLP will be borne by the assets of the LLP. Thus, the named party in a suit involving a LLP would be the LLP itself.

Difference between LLP and a company

According to the CCM, there are many fundamental differences between an LLP and a company. Amongst others, the differences are:

– No issuance of shares;
– Flexibility in making decisions;
– No formal requirement for Annual General Meetings;
– No requirement to submit financial statements to CCM; and
– Accounts need not be audited
– Drawback

However, one drawback of an LLP regime as compared with a conventional partnership is the tax structure.

The Malaysian Bar Corporate and Commercial Committee reported that the Minister of Finance concluded that the tax treatment of LLPs ought to be similar to the tax treatment of companies. Thus, LLPs would be subject to income tax at the rate of 25%.

However, there is a provision that if the capital of a Malaysian tax resident LLP at the beginning of the year of the assessment is not more than RM2.5 million (and subject to some conditions and exceptions), then the applicable tax rate would be 20% for the LLP’s chargeable income of us to RM500,000, with chargeable income in excess of RM500,000 being subject to tax rate of 25%.

This is akin to the tax rate for small and medium enterprises or SMEs.

For more information on LLP, please visit http://www.ssm.com.my/en/LLP-AboutLLP.



First published on my column Bread and Kaya at Digital News Asia on 1 May 2013.

Create PDF    Send article as PDF   

Bread & Kaya: Start-ups, get your house in order

My 4th Bread & Kaya’s column was published on Digital News Asia on 3 April 2013.

Bread & Kaya: Start-ups, get your house in order

– There are a number of things you need to get done before potential investors do due diligence on your start-up
– Seek advice from others, ensure any legal advice is professional, and do due diligence on your investor as well

Bread & Kaya by Foong Cheng Leong
3 April 2013

WHEN I was in high school, I invested a few thousand ringgit on a web-hosting company operated by a ‘friend.’ Unfortunately, the web-hosting company didn’t materialize and I never saw my money again, nor the ‘friend.’ In fact, there was no such web-hosting company!

That was my first failed investment. Looking back, I realized that the investment was purely done by trust. I did not do any background check on the company or even the ‘friend.’

But years later, I was approached by a stranger (at that time) to help his start-up by providing my services to him, in return for shares in his company. I did not invest a single ringgit. I am glad to report that the start-up is doing well, with offices around South-East Asia and other parts of the world.

Today’s column sets out some tips before opening your start-up for funding.

Before you think about attracting investors, you need to get your house in order. Prudent investors would usually do an in-depth due diligence of your company to see, among others, what assets and liabilities you have.

They will check your background, hence you need to make sure it’s squeaky clean. They will obtain a company search report from the Companies Commission of Malaysia to verify the details of your directors and shareholders, shareholding structure and financial reports – so make sure you file your reports on time.

They will also go through your memorandum of association and articles of association (documents that are required before incorporating a ‘Sdn Bhd’). Take some time to read them and amend if necessary. Board and shareholders minutes will also be part of due diligence exercise.

Investors usually come with high expectations. Thus, educate your investors of the nature of your business and industry, business plans, goal, competitors and obviously, monetizing strategy. Over-promising will create legal trouble for you.

When meeting your investors, appoint someone presentable who speaks well to deal with them. This raises investor confidence.

Other than your financial records and information, here are some common matters that should be addressed before the due diligence stage.

1) Intellectual property rights

Intellectual property rights generally refer to your trademarks, copyright, industrial designs, confidential information and patents.

Start-ups generally file their trademarks first as it is affordable. If you have a physical product and the design is new, do consider filing an industrial design to protect the design.

Patents are usually not filed due to budget constraints. A patent application (with the assistance of a patent attorney) costs at least RM5,000 and above. However, if the invention is novel and you think it’s worth protecting, do file it within one year otherwise it will not be afforded protection.

You can file for protection with the Intellectual Property Corporation of Malaysia (MyIPO), or if your business or operation extends to other countries (e.g. Singapore), you should register your rights there too.

A registered intellectual property right gives you the exclusivity over your product, thus you may stop others from using them. Also, the Income Tax (Deduction for Expenditure on Registration of Patent and Trade Mark) Rules 2009 provides tax deduction for the registration of trademarks and patents in Malaysia for certain start-ups.

2) Proper contracts

All terms and conditions between the founders, with merchants, customers, vendors and employers must be properly spelled out. For existing contracts, review them to see whether they are still applicable or have to be changed or terminated.

Here are a few tips:
– In your agreements with customers, investors will look on how revenue is generated and to find any unfavorable terms, etc. Do make sure your contracts (or invoice or receipt) with service providers (e.g. graphic designer, website, software) do not state that intellectual property rights (in particular, copyright) belong to them (by default, intellectual property rights belong to the person who commissioned the work, unless stated otherwise). Such contracts should describe the subject matter in detail and that the rights to the intellectual property are properly assigned to your company.
– If you are using a website or a software application to deal with your customers, put terms of use or services and a privacy policy in place as required by the Consumer Protection (Electronic Trade Transactions) Regulations 2012. Do not rip off terms of use or services and a privacy policy of others as those agreements are drafted specifically for their businesses.

3) Non-disclosure agreement

Before opening your door to investors, do get them to sign a non-disclosure agreement (commonly known as an NDA). This agreement is crucial in making sure that they do not misuse the information they gathered from the due diligence. Such information may include your finance information, source codes and customer data.

Your investors may also want to look into the source codes of your proprietary software. Although an NDA may be signed to protect it, you may want to take an extra step to request that the software due diligence is done by an independent third party.

Also, when dealing with your vendors or employees, get them to sign a NDA. Your information is your asset.

4) Employee matters

If you have employees, make sure that there are employment contracts. If you have promised the employees something (e.g. equity), make sure you state it in writing. Ensure that you have been contributing to statutory contributions such as the Employee Provident Fund (EPF) and Social Security Organization (Socso).

This guide is a non-exhaustive basic guide and merely an idea on what you need to do before attracting investors. Do seek out advisers or mentors for help and advice. Get an experienced lawyer when dealing with terms and conditions. Speak to other fellow entrepreneurs who have done it before for advice.

Most importantly, do due diligence on your investor as well!

Docudeer – Your source of sample legal agreements and documents!
1. General Terms of Services
2. Comprehensive e-Commerce Terms & Conditions
3. Simple e-Commerce Terms & Conditions (Free!)
4. General Privacy Policy
5. Simple Non Disclosure Agreement
6. Letter of Employment

Free PDF    Send article as PDF   

GE13: Online campaigns get nasty

I was quoted by The Star in their article “GE13: Online campaigns get nasty” on 12 April 2013.



PETALING JAYA: Online campaigning has gone nasty in the run-up to the May 5 general election with cyber troopers from both sides of the political divide going beyond mudslinging at times.

The fight tends to get ugly with vulgar words used freely, sometimes crossing the boundary of racial and religious sensitivity as rival cyber troopers vie to influence public perception.

Both Barisan Nasional and Pakatan Rakyat have accused each other of paying cyber troopers to attack their opponents on social networks.

One example which a non-governmental organisation complained about was the case of pro-opposition cyber troopers uploading a photograph of a woman online last month accompanied by harsh and vulgar comments.

The woman, who is a committee member of the Malaysian Youth Rights Movement, was also threatened with gangrape and murder over her stand on some issues.

Deputy Higher Education Minister Datuk Saifuddin Abdullah condemned the strategies being employed by cyber troopers, saying “they put too much focus on attack”.

“In the long run, these strategies won’t work. The people will start reading these comments and say you are insulting my intelligence’,” said Saifuddin.

Outgoing Jelutong MP Jeff Ooi denies that there are cyber troopers on his party’s payroll, and called for politicians to make a stand against the current tactics employed by cyber activists.

“We (politicians) should not be seen to be condoning abusive commentaries. We have to call a spade a spade. If it were to come from my party, we would have to put them under restraint,” said Ooi.

Supt Ahmad Noordin Ismail from the cyber crime department of the police’s Commercial Crime Unit said nabbing cyber troopers and cyber bullies can be complicated due to a lack of evidence.

“People can make these comments and remove them easily,” he said.

Digital News Asia executive editor A. Asohan said he expected the mud-slinging, and warned that things would get worse as polling day nears.

“The real dirty play will come from the Internet. You will see a lot of accusations flying back and forth while paid bloggers will go on the warpath,” he added.

However, he believed people are smarter these days and would not be easily taken in by what was being posted on Websites.

MCA Youth new media bureau head Neil Foo agreed that it was not a healthy trend for both sides to have a go at each other in an unruly manner.

He said he always reminded the MCA cyber warriors and supporters to be polite, argue based on facts and not be too emotional.

He admitted that there are some who got carried away when egged on by other cyber troopers.

“I’ll ask them to watch the words they use. There should not be any vulgarity or personal attacks. They should stick to the facts,” he said.

Action can be taken against people who post offensive comments online, Kuala Lumpur Bar IT committee chairman Foong Cheng Leong said.

Under Section 233 of the Communications and Multimedia Act, those found guilty of harassing or being offensive online can be fined a maximum of RM50,000 or jailed up to a year or both, he noted.

The same clause also provides that a further fine of RM1,000 can be levied daily during which the offence is continued after conviction.

Foong strongly felt that “while people are free to express their opinions, they should not defame or attack others maliciously”.

Universiti Sains Malaysia psychologist Dr Geshina Ayu Mat Saat said cyber bullies, who preyed on their victims often perceived they had the right to bully.

“They have this sense of entitlement, whereby their way is the best and people should follow them. Their perception is also very lopsided based on their own personal experience and expectations,” she said yesterday.

Dr Geshina Ayu said these bullies were more daring online as they felt that they could get away with it.

“But they failed to realise they are bound by the law, even online,” she said.

PDF    Send article as PDF   
 Scroll to top