Social Media

Sarawak Report should sue MCMC for blocking site, say lawyers

I was quoted by Malaysia Insider on their report “Sarawak Report should sue MCMC for blocking site, say lawyers” on 22 July 2015. The relevant extract is below.

However, personal data protection expert and lawyer Foong Cheng Leong told The Malaysian Insider that none of the provisions in the Communications and Multimedia Act 1998 explicitly provided for blocking access to sites.

In justifying its decision, MCMC on Sunday said it had acted according to Section 211 and 233 of the act. Both these sections provide for criminal prosecution against those who have been deemed to publish “offensive” content, or content that intends to “annoy” or “harass” any person.

Under both sections, an offender can be sentenced to not more than one year jail or RM50,000 fine, or both.

But Foong said the more relevant act that MCMC could have used to justify its action was Section 263, which said licensees, which were network providers, had the general duty to assist MCMC in preventing the network being in commission of any offence under Malaysian laws.

“This is the provision that is used to compel service providers to help block a website upon request by MCMC,” Foong said.

However, even this section did not explicitly provide for the blocking of a website.

Service providers are not obligated by law to cede to requests to block certain cites, but they normally comply with such requests since MCMC regulates their licences.

“It is possible to bring this matter to the court and challenge it, one possibility is to say that this is ultra vires what is provided for in the act itself,” Foong said.

Section 3 (3) of the same act states that the act does not allow for the censorship of the Internet, in line of the Multimedia Super Corridor (MSC) Bill of Guarantees, which promised the same.

“And because the act doesn’t explicitly provide for blocking of a website, one can also argue that MCMC is acting beyond its scope (with the block).”

There’s a slight clarification on the use of s. 263. If we look at MCMC’s notice, it did state that the blocking order is made pursuant to s. 263 of the CMA. The exact section is s. 263(2) of the CMA provides the following:

(2) A licensee shall, upon written request by the Commission or any other authority, assist the Commission or other authority as far as reasonably necessary in preventing the commission or attempted commission of an offence under any written law of Malaysia or otherwise in enforcing the laws of Malaysia, including, but not limited to, the protection of the public revenue and preservation of national security.

The sentence “preventing the commission or attempted commission of an offence” is key here. No actual offence needs to be committed but an attempt is sufficient to enable MCMC to act against a website. The section does not expressly state “blocking order” but such blocking order is commonly used against unlawful websites such as pornography or drugs websites.

I made further comments in the Malay Mail in their article “Sarawak Report blockage shines light on ‘abusive’ MCMC powers” on this matter:-

Lawyer Foong Cheng Leong, who is well-versed with cyber law, said Section 263(2) has a wide scope and could be interpreted “very liberally” to mean that MCMC can ask ISPs to block a website even when no complaint or police report has been lodged.

“You don’t have to wait for the court to convict the person to block the website,” the KL Bar Information Technology committee chairman told Malay Mail Online when contacted, adding that even prosecution was not a requirement for the section to apply.

Foong said there is “room for abuse” as the MCMC can cite the broadly-worded clause to block websites without reasonable basis, but noted that website owners could seek legal remedy by attempting to have unjustified blocks declared unlawful and beyond the MCMC’s authority.

Both Foong and Amer Hamzah said there appears to be no tribunal available for website owners to appeal to and it is unclear whether the CMA’s Section 82 on resolving disputes through negotiation covers such cases.

The two lawyers suggested safeguards to curb any possible power abuses by MCMC under Section 263 (2), with both saying that the regulator should notify the website owner when it makes a written request to the ISPs to block the websites.

“If you look at the Home Ministry’s website, there is a list of books being banned. Why can’t we have say a list what kind of website has been banned?” Foong asked, adding that a clear avenue for website owners to appeal to the MCMC decision must be provided.

Foong said, however, that some curbs were justifiable, citing as example Islamic State militants’ propaganda as well as existing restrictions on pornography, gambling and drugs.

Malaysia amends law to hold publishers responsible for user comments

I was recently interviewed by PRWeek Asia regarding my views of the amendments of the Sedition Act 1948. My email interview is as follows:-

What power do these amendments give the Malaysian government against the tech giants?

Foong: Our laws may not reach foreign tech giants. However, with the new amendments to the Sedition Act and even under the Communications and Multimedia Act 1998, it is possible to block the websites of these foreign tech giants.

What could it cost them potentially to keep operating in Malaysia?

Foong: Possible problems: being criminally liable, servers and other electronic devices being seized as evidence, and so on, during investigation.

What are their options? Self-monitor like Tencent?

A self monitoring practice is possible but it will be costly and time consuming. Unfortunately, we do not have takedown notice provision (other than under our Copyright Act) or laws to protect intermediaries, hence monitoring is required in Malaysia.

One possible option is to have their operations moved out from Malaysia which is detrimental to our economy.

Do you think lobbying will change these amendments?

Foong: Lobbying for laws to protect intermediaries would be recommended. Other than affecting the freedom of expression, it also affects our digital economy. Foreign investors will have to think twice before setting up their operation and putting their servers here in Malaysia.

For the full article, please visit here.

Bread & Kaya: How the ‘new’ Sedition Act affects netizens

Bread & Kaya: How the ‘new’ Sedition Act affects netizens
By Foong Cheng Leong
Apr 08, 2015

– As with Section 114A, website hosts and FB page owners can be held liable
– Particularly thorny are comments left by others on your portal

BY the time you read this article, the Sedition (Amendment) Bill 2015 – which seeks to amend the Sedition Act 1948 – will be debated in Parliament. The Bill is now published on the Parliament of Malaysia’s website. Click here to download a copy.

The Najib Administration is seeking to update the 1948 Act to now cover electronic publications, and this article will focus on how these amendments may affect the netizens of Malaysia, and website operators in particular.

The purpose of introducing the amendments is stated in the Explanatory Statement of the Bill.

On the eve of Malaysia Day 2011, Malaysian Prime Minister Najib Razak pledged watershed changes to enhance the parliamentary democracy system in Malaysia. This pledge was reiterated in July 2012 and a decision was made to repeal the Sedition Act 1948.

“However, events since that date have demonstrated the continued relevance of the Sedition Act 1948 in tandem with recognition for the need for enhanced safeguards against its misuse to stem legitimate criticism of Government and discussion of issues of concern to Malaysians,” the explanatory statement reads.

“Among the issues of concern are the increasingly harmful and malicious comments, postings and publications that jeopardise that most valued ideals of Malaysia – tolerance and racial and religious harmony in a multiracial, multireligious and multicultural nation.

“Even more alarming are calls for the secession of States in the Federation of Malaysia established by the consensus of the peoples of Malaysia and unwarranted attacks against the sovereign institutions of Malaysia, the Yang di-Pertuan Agong and the Rulers of the States.

“It is against this background that the Government has decided to retain the Sedition Act 1948 (‘Act 15’) at this time with the addition of enhanced measures and penalties to deal with the threats against peace, public order and the security of Malaysia, in particular through the irresponsible misuse of social media platforms and other communication devices to spread divisiveness and to insult the race, religion, culture, etc. of particular groups of Malaysians without regard for the consequences,” it says.

The definition of seditious tendency will be amended. It will no longer be seditious to “bring into hatred or contempt or to excite disaffection against any Government, administration of Justice (our Courts).

It will be seditious to excite the secession of a State from Malaysia. It is seditious to insult our Rulers, and to promote feelings of ill will and hostility between different races or classes of the population of Malaysia and, with the new amendments, between persons or groups of persons on the grounds of religion.

The Sedition (Amendment) Bill 2015 creates liability to website operators (I use this term loosely as the Bill uses the words ‘any person’ and thus may include owner, host, editor and subeditor) such as online forums, online news portals, and even Facebook Page/ Group owners.

Sections 3 and 4 of the Bill introduce the words “caused to be published.” Under the newly amended Section 4(1)(c) of the Sedition Act 1948, a person who, among others, publishes or caused to be published any seditious publication is guilty of an offence.

The punishment is now “a term not less than three years but not exceeding seven years.” Previously, it was not exceeding three years and a fine.

So what does “caused to be published” here mean? It seems to cover a website operator who allows a comment to be published on his website (especially in the case where comments are moderated). This also covers a comment or a posting published on a Facebook page.

Further, pursuant to Section 114A of the Evidence Act 1950, the owner, host, administrator, editor or a subeditor of the website is the publisher of that comment – notwithstanding that such person is not the author of such a comment (unless the contrary is proven).

If the offence involves a publication of a seditious comment under the new Section 4(1A) – that is, published or ‘caused to be published’ any seditious comments which caused bodily injury or damage to property – the Public Prosecutor has a right not to allow bail. Such a person will languish in jail until his trial is over.

Further, the new Section 10(5) of the Sedition Act 1948 compels a person who knowingly has in his possession, power or control a prohibited publication by electronic means, shall remove or cause to be removed, such publication – failing which he shall be liable to a fine not exceeding RM500,000 (US$137,000) or imprisonment not exceeding three years, or both.

However, there are exceptions for a website operator if he can prove that the seditious publication was done:

– Without his authority, consent and knowledge and without any want of due care or caution on his part, or
– That he did not know and had no reasonable grounds to believe that the publication had a seditious tendency.

The first exception will not be applicable to a website operator who moderates comments because publication of a comment was done by his authority, consent and knowledge when he approved the comment.

It would however be applicable to an unmoderated website but such an operator must show that due care and caution had been taken.

Nevertheless, the second exception above will be of assistance to a website operator who moderates comments. However, it is difficult to determine what amounts to seditious nowadays (we need a compendium of sedition statements!).

A Sessions Court Judge, on the application by the Public Prosecutor, can make an order to prohibit the making or circulation of certain sedition publications (that are likely to lead to bodily injury, damage to property, promote feelings of ill will, etc., as per the new Section 10(1)).

Any person making or circulating the prohibited publication shall remove or caused to be removed that publication, or be prohibited from accessing any electronic device.

Any person who fails to do so shall be guilty to a fine not exceeding RM500,000 or to imprisonment not exceeding three years, or both.

If the person making or circulating the seditious publication by electronic means cannot be identified, a Sessions Court Judge can direct that such publication be blocked (under the new Section 10A).

[Note: This article is subject to amendments in the event that there are new facts or clarifications from the First Meeting of the Third Session of the 13th Parliament (2015)].



First published on Digital News Asia on 8 April 2015.

Bread & Kaya: Malaysian cyberlaw cases in 2014

2014 was another interesting year in cyberspace for Malaysia’s legal fraternity. Numerous sedition investigations and charges were made against statements made online and offline.

Notably, Twitter user @wonghoicheng was charged under Section 504 of the Penal Code and Section 233 of the Communications and Multimedia Act 1998 for “deliberately humiliating and provoking” Inspector-General of Police (IGP) Khalid Abu Bakar on Twitter by likening him to Nazi military commander Heinrich Himmler.

Our courts were also flooded with interesting cyberlaw cases dealing with various issues.

Tracing a person online and 114A

In Tong Seak Kan & Anor v Loke Ah Kin & Anor [2014] 6 CLJ 904, the Plaintiffs initiated an action for cyberspace defamation against the 1st Defendant.

In tracing the perpetrator, who had posted defamatory statements on two Google Blogspot websites, the Plaintiffs filed an action called a John Doe action in the Superior Court of California.

In compliance with the court order, Google traced the blogs to two IP (Internet Protocol) addresses which were revealed by Telekom Malaysia Bhd to be IP addresses belonging to the 1st Defendant’s account.

In the same case, the High Court had held that the controversial Section 114A (2) of the Evidence Act 1950 applied retrospectively. (However, the criminal case of PP v Rutinin Bin Suhaimin [Criminal Case No K42-60-2010] states it doesn’t apply retrospectively).

Section 114A (2) provides that the burden of proof lies on the subscriber of an ISP (Internet service provider) to prove that a certain statement was not published by him or her.

The 1st Defendant failed to convince the Court that Section 114A (2) does not apply because the defamatory statements were published before the enforcement date of Section 114A(2).

The Court held that the 1st Defendant had failed to prove that he was not the publisher of the content. The 1st Defendant is now liable for a payment of RM600,000 as damages to the Plaintiffs.

Speaking about 114A, the said section was applied in a few other cases in 2014.

In YB Dato Haji Husam bin HJ Musa v Mohd Faisal bin Rohban Ahmad (Court of Appeal Civil Appeal No D-02-1859-08/2012), the Defendant denied that he was the writer of a defamatory article and the High Court held that there was insufficient evidence to prove so.

The Court of Appeal held that the learned High Court Judge ought to have applied Section 114A and in the present case, the Defendant failed to rebut the presumption in Section 114A.

The Court of Appeal held that as a general rule, once the elements of defamation are satisfied, liability is attached and the defendant’s defence cannot survive on mere denial, and when it relates to cybercrime, Section 114A will assist the plaintiff to force the defendant to exonerate himself from liability.

In Stemlife Berhad v Mead Johnson Nutrian (Malaysia) Sdn Bhd [2013] 1 LNS 1446, the High Court held that Mead Johnson was liable for the defamatory postings made by users of Mead Johnson’s Internet forum and website.

The Court, in applying Section 114A, stated that the introduction of Section 114A is the Malaysian legislature’s response to address, amongst others, the issue of anonymity on the Internet to ensure users do not exploit the anonymity that the Internet can provide to escape the consequences of their actions.

In the present case, the Court held that the Defendants failed to rebut the presumptions cast by Section 114A.

Facebook defamation

There were numerous Facebook defamation cases. In Amber Court Management Corporation & Ors v Hong Gan Gui & Anor [2014] 1 LNS 1384, the management corporation of Amber Court Condominium and its council members sued two unit owners of the condominium for allegedly defaming them on Facebook.

The High Court struck out the case after finding that a management corporation has no powers to do so under the Strata Titles Act 1985 and common law.

Salleh Berindi Bin Hj Othman, who had earlier sued his colleagues for Facebook defamation, lost another Facebook defamation case (Salleh Berindi Bin Hj Othman v Professors Madya Dr Abdul Hamid Ahmad & Ors [2014] 1 LNS 1611) in the High Court.

He alleged that the postings made by the Defendants on the 2nd Defendant’s Facebook wall were defamatory of him. The High Court did not agree with him.

In Foo Hiap Siong v Chong Chin Hsiang [2014] 1 LNS 1196, the Plaintiff sued the Defendant, complaining about the following defamatory statement posted by the Defendant, in the said two Facebook forums named ‘Rakyat Ingin Jadi Bos’ and ‘Ubahkan Politik,’ showing an doctored coloured photograph of the Plaintiff’s face, depicting him with long hair with the top half of a naked body dressed in a bra with certain defamatory comments in Mandarin.

The High Court held in favour of the Plaintiff and with cost of RM20,000 and further awarded general damages, aggravated damages and exemplary damages to the total sum of RM50,000.

In an action against the Defendant for publishing defamatory statements through emails (Mox-Linde Gases Sdn Bhd & Anor v Wong Siew Yap (Shah Alam High Court Civil Suit No 22-1514-2010), the High Court applied the principle of presumed publication on emails.

The court held that there is a legal presumption that emails are published on being sent without actual proof that anyone did in fact read them.

Under defamation law, a defamatory statement must be published in order to have an actionable cause of action. Using this presumed publication, it is not necessary to prove someone has read the defamatory statement.

Such a legal principle was applied to materials sent in post such as telegram and postcards. It seems that the court had expended this presumption to email, notwithstanding that emails do sometimes get diverted into the Spam folder or get rejected by the recipient server.

Others

In Dato’ Ibrahim Ali v. Datuk Seri Anwar Ibrahim [2015] 1 CLJ 176, the Court dealt with the liability of an office bearer of an association with respect to contempt of court.

In 2013, president of Malay right-wing group Perkasa, Ibrahim Ali, was jailed for a day and fined by the High Court for contempt of court over a posting on the website http:www.pribumiperkasa.com/ made by one Zainuddin bin Salleh, a member of Perkasa.

The posting is said to be outright contemptuous of the court. The High Court held that Ibrahim Ali was liable for the posting made by Zainuddin on that website by virtue of his position as president of Perkasa.

In the appeal before the Court of Appeal, Ibrahim claimed that the posting was made on a website which is not the official website of Perkasa. He also claimed that he is not liable for the posting because he had no actual knowledge and had no control as to the so-called offence.

The Court of Appeal dismissed the first ground but agreed with Ibrahim on the second ground and overturned the conviction.

Sex bloggers ‘Alvivi’ (Alvin Tan Jye Yee and Vivian Lee May Ling) were freed from the charge under Section 298A of the Penal Code (Tan Jye Lee & Anor v PP [2014] 1 LNS 860) for posting their controversial ‘Hari Raya Greeting’ which contained the couple’s photograph enjoying the Chinese pork dish Bah Kut Teh with the ‘Halal’ logo with, among others, the words ‘Selamat Berbuka Puasa (dengan Bah Kut Teh … wangi, enak, menyelerakan!!!…’

The post had allegedly created enmity between persons of different religions under Section 298A of the Penal Code. The Court of Appeal, in striking out the charge under Section 298A of the Penal Code, held that the said section had already been declared invalid by the Federal Court in another case.

The dispute over the use of the word ‘Allah’ in the Herald – The Catholic Weekly had an interesting point over the use of Internet research by judges.

In 2013, the Court of Appeal, in deciding to overturn the High Court’s decision allowing the of the word ‘Allah,’ conducted its own research via the Internet and relied on the information and points obtained therefrom to substantiate its judgments (see Menteri Dalam Negeri & Ors v. Titular Roman Catholic Archbishop Of Kuala Lumpur [2013] 8 CLJ 890 on Pages 959-960).

Upon the overturn of the appeal, the Titular Roman Catholic Archbishop of Kuala Lumpur (see Titular Roman Catholic Archbishop Of Kuala Lumpur v. Menteri Dalam Negeri & Ors [2014] 6 CLJ 541) filed an application for leave to appeal to the Federal Court (permission is required before one can appeal to the Federal Court and it must satisfy certain thresholds). The Federal Court however refused to grant leave.

The majority judgement by the Chief Justice of Malaya (Arifin Zakaria, on Page 584) held that those views obtained from the Internet were merely obiter (said in passing – not binding but persuasive) whereas Chief Justice of Sabah and Sarawak Richard Malanjum held that leave ought to be granted as the suo moto (on its own motion) research sets a precedent binding on the lower courts yet untested before the Federal Court, and also that the Court of Appeal relied upon the materials gathered suo moto from the Internet in upholding the impugned decision (on Page 617).

It seems that the Federal Court did not endorse such suo moto research by the Court of Appeal Judges.

Closing

Last year, I wrote a ‘wishlist’ of laws to be introduced to govern or deal with cyberspace issues. Out of the five proposed laws, two of them may be potentially addressed with the proposed anti-harassment law.

I understand that the drafting of this anti-harassment law is at its infancy stage and may not be introduced so soon.

Singapore’s Protection from Harassment Act 2014 came into effect on Nov 15 2014. It was reported that Singapore blogger Xiaxue is the first person or one of the first persons who had obtained a protection order under this law against online satire site SMRT Ltd (Feedback) for trolling her online.


First published on Digital News Asia on 17 March 2015.

Exploring the Digital Landscape in Malaysia

I’ve been provided with a report by UNICEF Malaysia entitled “Exploring the Digital Landscape in Malaysia”. It has quiet a bit of interesting facts and figures. Some of them are:-

1. One study based on data collected in 2010 and entitled Young people and New Media—Social uses, Social shapings and Social consequences, 50.5 per cent of the respondents aged 14–16 spent four or more hours a week phoning and texting, social networking and playing new media games using a variety of tools. About 17 per cent of them spent more than 12 hours a week on such activities. Respondents who reported sending and receiving over 80 text messages a week were significant: 29.8 per cent received in excess of 80 text messages a week, while 27.8 per cent sent in excess of 80 messages a week. More than a third (35.6 per cent) of respondents spent between one and 12 hours a week in cyber cafes; of these, 2.9 per cent spent 12 hours a week in cyber cafes

2. 68 per cent of participants in the CyberSAFE in Schools National Survey 2013 reported using the Internet for social media and 44 per cent use the Internet to do research for school. Social media use was higher among the older age groups (16–18 and 18+), with more than three-quarters in these age cohorts reporting that they use social media.

3. Young Malaysians are active users of social media, and children and young people (aged 13–24) make up nearly half of the Facebook users in the country

4. In the CyberSAFE in Schools National Survey 2013, one-quarter of the students said that they had been bullied online at some point. Half of them said they had never been bullied and others were unsure. Half of the participants knew at least one person being bullied online. Common forms of cyberbullying included someone being rude or sending nasty messages, being left out or ignored. Cyberbullying using Facebook and blogs is the most common, followed by SMS.

5. To date, Malaysia has not introduced specific legislation targeting crimes against children or adolescents as they interact with others through the Internet.

Read more about it at http://www.unicef.org/malaysia/UNICEF_Digital_Landscape_in_Malaysia-FINAL-lowres.pdf.

BFM Podcast: Sedition, Porn and Torrents

I was interviewed by BFM Radio to talk about the regulation of social media space in Malaysia on 17 February 2015.


The Inspector General of Police Tan Sri Khalid Abu Bakar recently cautioned Malaysians to be mindful of what they post on social media platforms like twitter in order not to get on the wrong side of the law. Foong Cheng Leong, a lawyer who specializes on internet law, discusses how the social media space is regulated in Malaysia, the limits to freedom of speech on the internet, and our government’s position on the net neutrality debate.

Your browser does not support native audio, but you can download this MP3 to listen on your device.

Bread & Kaya: Tracing someone online

Bread & Kaya: Tracing someone online
Nov 17, 2014

– Getting the IP address is one way, but may not always be possible
– On issue of defamation, Section 114A has been applied retrospectively

ONE of the most difficult issues to deal with in cybercrime or cyber-bullying cases is finding the perpetrator online. My years of blogging have brought me some experience in dealing with this issue, especially when dealing with ‘trolls.’

I am glad to say that it is not impossible. Some guesswork is needed. Normally, such a perpetrator is someone you know, although he or she may or may not be close to you. Sometimes, however, it would be just a stranger.

There was one case where the perpetrator was found to be a friend’s spouse whom the victim had only met a few times. Strangely, there was no animosity between these parties.

In one case which I was personally involved, I made a guess on the possible perpetrator and worked from there. Eventually, the person confessed after being confronted.

Getting the Internet Protocol (IP) address of the perpetrator is one of the conventional ways to track someone down. Internet service providers (ISPs) assign unique IP address to each user account. However, IP addresses may not be retrievable if the person is on a proxy server.

Another problem is the jurisdictional issue. Many servers storing such IP addresses may be located overseas and owned by foreign entities. One may have to initiate legal action overseas to get such data, and many of these service providers do not release their user information easily due to data protection laws or their strict privacy practices.

In the recent case of Tong Seak Kan & Anor v Loke Ah Kin & Anor [2014] 6 CLJ 904, the Plaintiffs initiated an action for cyberspace defamation against the 1st Defendant.

In tracing the perpetrator, who had posted defamatory statements on two Google Blogspot websites, the Plaintiffs filed an action called a John Doe action in the Superior Court of California. In compliance with the Court order, Google traced the blogs to two IP addresses which were revealed by Telekom Malaysia Bhd to be IP addresses belonging to the 1st Defendant’s account.

In the same case, the High Court had held that the controversial Section 114A (2) of the Evidence Act 1950 applied retrospectively.

S. 114A (2) provides that the burden of proof lies on the subscriber of an ISP to prove that a certain statement was not published by him or her. The 1st Defendant failed to convince the Court that s. 114A (2) does not apply because the defamatory statements were published before the enforcement date of s. 114A(2).

This retrospective stand however was not followed in the case of PP v Rutinin Bin Suhaimin [2013] 2 CLJ 427 as the High Court held that s. 114A does not apply retrospectively.

Perhaps the distinguishing factor between these cases is that the first case involved a civil dispute whereas the latter is a criminal prosecution.

Readers may recall that the #Stop114A campaign was initiated to get this law repealed. I am proud to say that Digital News Asia (DNA) was one of the organisers and participants in shutting down its website for one day. The campaign attracted the attention of Prime Minister Najib Razak but unfortunately, the law remained.

Going back to the case, the Court held that the 1st Defendant had failed to prove that he was not the publisher of the content. The 1st Defendant is now liable for a payment of RM600,000 (US$180,000) as damages to the Plaintiffs.

Not all tracing of a perpetrator requires an IP address. In Datuk Seri Anwar Bin Ibrahim v Wan Muhammad Azri Bin Wan Deris [2014] 3 MLRH 21, Opposition leader Anwar Ibrahim (pic) sued Wan Muhammad Azri Bin Wan Deris, allegedly a well-known blogger called Papagomo, for defamation.

In proving the identity of Papagomo, instead of tracing the IP address of Papagomo, the Court relied on the statement of a person who had met Papagomo in person before. The former also took a picture with Papagomo and this picture was tendered in Court.

There are other unconventional methods to identify a person online. I have heard of a private investigator entering a person’s home without knowledge to gain access to the computer of that person.

Many people do not password-protect their home computers and leave their email and other online accounts still logged into. This allows the private investigator to easily access a person’s emails and other online accounts without any technical skills.

One method that I always use is to find something unique in the content posted by the perpetrator. For example, I recently concluded that a website was held by a cyber-squatter by doing a Google search on certain sentences that appeared on the website. The cyber-squatter’s website looked like a legitimate website, but the search revealed that the same facade had been employed by the cyber-squatter on several websites using well-known brand names.

If there are images involved, a Google Image search would be useful to find whether other websites are hosting the same image.

It is of utmost importance that one must have reliable evidence to prove the identity of a perpetrator before suing or charging them. The person doing such investigation should be knowledgeable enough to conduct the investigation, know the rules of producing evidence and testifying in Court, and to thwart all challenges by the perpetrator’s lawyers.

Failure to do so would result in the case being dismissed or in a worst scenario, an innocent person being charged or sued in Court.


First published on Digital News Asia on 17 November 2014.

Guidelines On Taxation of Electronic Commerce

In early 2013, the Inland Revenue Board (IRB) of Malaysia’s issued a guideline on how income derived from e-commerce is to be taxed. This guideline seeks to provide some guidance on basic tax issues and income tax treatment in respect of electronic commerce (e-commerce) transactions.

Notably, the IRB stated that a server / website itself do not carry any meaning in determining derivation of income. Business income from e-commerce would be considered as Malaysian income if the operations test shows that the person is carrying on a business in Malaysia. Even though the server is fully automated in performing business activities, the substantial part of the business activities such as updating and maintaining the current information on the website is still managed by a human (Paragraph 5.1). For more details, please visit Digital News Asia.

The Royal Malaysian Customs (RMC) also released the GST Guides on E-Commerce and Web Hosting to assist in understanding the upcoming Goods and Services Tax and its implications on e-commerce and web hosting businesses.

Under an e-commerce transaction, the RMC stated that if a business is supplying goods or services in Malaysia via the Internet, the business is accountable for the collection of GST as in conventional commerce. This also applies regardless that the transactions are done through a third party e-commerce service provider (e.g. web hosting company).

As for web hosting business, all provisions of services whether it originates in the country or imported from other countries are under the scope of GST. The principal rule with regards to place of supply for services provided by web host is where the supplier belongs. In this context, if the supplier of web host services belongs to Malaysia, such services have to be standard rate. On the other hand if the supplier belongs to another country, the supply of service is out of scope. However, if the recipient of the services provided by overseas supplier belongs to Malaysia, the imported service will be subjected to GST.

Download
Inland Revenue Board – Guidelines On Taxation of Electronic Commerce
Royal Malaysian Customs – Goods and Services Tax – Guide on E-Commerce
Royal Malaysian Customs – Goods and Services Tax – Guide on Web Hosting Services

Bread & Kaya: Liking a Facebook page and the law

Bread & Kaya: Liking a Facebook page and the law

Foong Cheng Leong
Aug 14, 2014

– ‘Liking’ a page doesn’t necessary mean you agree with it
– Using Sedition Act for what you ‘Like’ sets dangerous precedent

THE recent report that Malaysian police are investigating a Penang teenager under the Sedition Act 1948 for liking the ‘I love Israel’ Facebook page has raised more than a few eyebrows.

This leads to some interesting questions: What does liking a Facebook page mean? Does it mean liking the idea that is expressed by the Facebook page? In the above case, does this mean that the teenager actually loves Israel?

To answer this, we first refer to Facebook’s definition of ‘Like.

What’s the difference between liking a Page and liking a post from a friend?

Liking a Page means you’re connecting to that Page. Liking a post from a friend means you’re letting that friend know you like their post without leaving a comment.

When you connect to a Page, you’ll start to see stories from that Page in your News Feed. The Page will also appear on your profile, and you’ll appear on the Page as a person who likes that Page.

Further, in the US case of Bland v. Roberts, No. 12-1671 (4th Cir. Sept. 18, 2013, click here for the PDF), the Court held that:

On the most basic level, clicking on the ‘Like’ button literally causes to be published the statement that the User ‘Likes’ something, which is itself a substantive statement. In the context of a political campaign’s Facebook page, the meaning that the user approves of the candidacy whose page is being liked is unmistakable. That a user may use a single mouse click to produce that message that he Likes the page instead of typing the same message with several individual key strokes is of no constitutional significance.

This is a US case thus it is not applicable to us, and Facebook’s definition may not be relevant here. So far, we have no reported case in Malaysia of the legal implications of Liking a Facebook page.

To me, when a person Likes a certain page, it doesn’t necessary mean he or she ‘likes’ what the page represents. I may ‘Like’ a page to ‘get the stories from that Page in my News Feed.’ I sometimes Like a page to support a friend who started such page, but that does not mean I like his postings or expressions there. I’m sure many of us here use the Facebook ‘Like’ button differently.

To charge the teenager for sedition for Liking the ‘I Love Israel’ Facebook page is a dangerous precedent. Each Facebook user would have to be very careful on the Facebook page they Like. Those who are oblivious to current affairs would be most vulnerable.

Furthermore, the name of a Facebook page can be changed. Imagine if someone changes a Facebook page in open support of child pornography, and those who had previously Liked the page seem to suddenly like child pornography!

(Note: No approval is required to change the name of a Facebook Page with fewer than 200 members).


First published on Digital News Asia on 14 August 2014

Bread & Kaya: Cyberstalking, harassment … and road rage

Bread & Kaya: Cyberstalking, harassment … and road rage
Foong Cheng Leong
Jul 17, 2014

– No specific Malaysian law that criminalises stalking or harassment
– Singapore has enacted such laws, and Malaysia should follow suit

THE recent case of a blogger complaining that she had been harassed and stalked by a fan got me thinking about the law in Malaysia with regards to stalking and harassment.

I think this would depend on the acts of the stalker. There is no specific Malaysian law that criminalises stalking and harassment, but there are provisions of law that prohibit certain actions that border on stalking and harassment.

For example:

– Hacking into someone’s computer or mobile device or online account, or installing any trojan or tracking device is a crime under the Computer Crimes Act 1997;
– Sending messages threatening to harm a person – depending on the content, this may amount to a criminal offence under the Communications and Multimedia Act 1998 or Section 503 of the Penal Code (criminal intimidation); and
– Breaking into someone’s home amounts to trespass (installing a closed-circuit TV as in the Nasha Aziz case).

There are many forms of stalking and harassment. I’ve heard of cases where a person would call someone numerous times a day – and in some such cases, keeping silent or even make heavy breathing sounds.

Other cases include following a person from time to time; loitering outside a person’s home (which is a public venue, for example a road); downloading someone’s picture off Facebook and publishing it on blogs or online forums with degrading messages; and even frequently posting annoying or insulting comments on a person’s Facebook page, blog or Instagram account.

A police report would be useful to ward off these people but not all reports will be acted on. Sometimes no threat is made, and there’s ‘only’ persistent annoyance.

One blogger showed me some persistent emails from an alleged stalker, who also contacted the blogger through phone calls and SMS.

However, the nature of the contact was not a threat but merely invitations to go out, despite the fact that the blogger had expressly asked him to stop contacting her. Such contact would stop for a short period, but return thereafter.

One email from the alleged stalker was just a reproduction of chat messages between the alleged stalker and his friend.

A police report was made but the police could not take any action as there was no threat involved.

In such cases, I think that the police should take proactive action by contacting the alleged stalker and warning him against pursuing the matter further. A lawyer’s letter of demand may be useful too.

If all else fails, a restraining order may be obtained from the courts.

The victims are not only women. Vancouver teacher Lee David Clayworth was ‘cyberstalked’ by his Malaysian ex-girlfriend. She posted nude pictures of him and labelled him all sorts of names, according to a CNET report.

A warrant of arrest was issued in Malaysia against his ex-girlfriend but she had reportedly left the country.

Many victims suffer in silence. They try to ignore their stalkers and hope that they go away. Sometimes this works, sometimes it does not.

It is noted that s. 233 of the Communications and Multimedia Act 1998 criminalises harasses but such harassment must be in a form of electronic harassment which is obscene, indecent, false, menacing or offensive in character.

Our Parliament should introduce a new law to criminalise stalking and harassment. Singapore recently introduced the Protection from Harassment Bill 2014. This new law will provide protection from harassment and anti-social behaviour, such as stalking, through a range of civil remedies and criminal sanctions.

It’s time for our Parliament to look into this before it’s too late.

Regarding the recent Kuantan road rage case, I was asked whether doxing or document tracing by netizens amounts to harassment.

From what I read, some netizens had posted her name, company name and pictures on the Internet, created Facebook pages about her, and also created all sorts of memes featuring her. Some even started bombarding her mobile phone with SMSes and left numerous comments on her company’s Facebook page.

As mentioned, we have no specific law to govern harassment, thus it is difficult to determine whether such acts amount to harassment without a legal definition here.

In my personal opinion, I think there is nothing wrong in exposing the identity of the driver to the public. The lady had posted her own personal information online, thus there is no expectation of privacy with respect to that posted information.

The Personal Data Protection Act 2010 only applies to commercial transactions. But the extraction of her personal information through her licence plate number may be an issue if someone had unlawfully extracted it from a company’s database.

Some messages that were posted may also be subject to the Communications and Multimedia Act 1998 provisions on criminal defamation. Tracking her home address and taking photographs of it may be considered a form of harassment.

She also has rights (that is, copyright) to the pictures that she has taken (selfies especially), but she will not have rights to her modelling pictures if those were taken by a photographer – in that case, the photographer usually has rights to the photographs.



First published on Digital News Asia on 17 July 2014.

1 2 3 4 9  Scroll to top