First published on LoyarBurok
This is perhaps one of the many issues raised in the Teoh Beng Hock Royal Commission Report (“TBHRCI”) that did not receive wide attention. I have read a few commentaries on TBHRCI but I did not see anyone raising the issue of privacy in the interrogation of Mr Teoh Beng Hock (“TBH”). But as an advocate of privacy rights in Malaysia, I thought it would be pertinent for me to raise this.
When I first read the TBHRCI, the first thing that caught my eyes is that the investigators of the Malaysian Anti-Corruption Agency (“MACC”) had forced TBH to reveal his password to his personal email.
I was shocked. Isn’t TBH merely a “witness”? How can a witness be forced to give his password to investigators? What happened to his right to privacy? (On the right to privacy in Malaysia, please read my earlier article here.)
The background to this invasion can be seen in paragraph 42 of the TBHRCI where the Commission stated the following:-
 Another important aspect of this “interview” is that both these officers extracted from TBH the password to his private email account, a matter which vexed TBH very much, causing him great concern and distress. We will discuss this later in this report.
Later at paragraph 48 of the TBHRCI,
 TBH, according to Lee, complained that MACC officers had taken away his mobile phone and laptop. He also lamented that he should not have disclosed to the officers his password to his email account….
We all know that password to our personal email is sacred. Our personal email may contain all sorts of private information such as banking, financial or health information, private conversations and even intimate photographs. It may not only contain one’s private information but also private information of others. Allowing another person to have our password is akin to giving that person keys to our private life. What people do in the private lives is none of our business.
Further, many internet users use the same password for various accounts. One password can be used to access many account to avoid memorizing many passwords.
However, request for password to private email is not new. Recently, Malaysian Blogger Hanief complained that the Malaysian Communication and Multimedia Commission compelled him to reveal the passwords to his email, Facebook account and Blogger account when he was investigated for publishing a defamatory blog posting. In his own defence, Hanief stated that the defamatory article is available on his blog and there is no reason for him to reveal his passwords.
In view of the TBHRCI, such practice must be carefully exercised. In paragraph 155, the Commission criticized the interrogators’ action:-
 Another aspect of this interrogation of concern was the ability of Arman and Ashraf to extract from TBH his password to his private email account. To many of us, this may be equivalent to disclosing our pin number of our ATM card. At least in the case of an ATM card, the extractor may be allowed to withdraw a limited amount of our money at any one time before such unauthorised access is reported. But in the case of an email account, all our personal information and data would be exposed immediately and permanently. This is a gross violation of a person’s right. TBH would have been very disturbed over this and his disappointment and regret in divulging his password to Arman and Ashraf was further mirrored in his conversation with Lee.
 We are of the view that this regret and concern of TBH over these matters remained festering with him. An indication of this could be seen from his behavior when his statement was being recorded by Nadzri. This was further reflected in his being silent and being deep in thought when he met Tan Boon Wah near the toilet. Instead of being excited and surprised to see a fellow in a similar distressful situation, he maintained a distance and was virtually silent.
In fact, the TBHRCI has attributed TBH’s “suicide” to this invasion of privacy. In paragraph 220, the Commission stated that:
 Another factor which had serious implications on TBH was the surrendering of his laptop to the officers of the MACC, and worse than this was being forced to divulge to the MACC officers the password to his email account. As this held the key to many things private, TBH must have felt that his privacy was violated under duress, and the secrets to his life were in the open. This was a gross violation of TBH’s person right, which would have compounded his anxiety and worry.
The TBHRCI provided recommendation for the MACC to implement due to TBH’s case. Unfortunate, there is no specific recommendation by the Commission on such practice. The best we could rely on is the recommendation for powers of search.
However, search on a premise is very different from a search on a person’s private email and also electronic data. A search on a house may not reveal as many information as a search on a person’s personal computer. It is opening a whole new can of worms. In the Canadian case of R v Cole, 2011 ONCA 218, it was held that “searching a computer that is used for personal purposes is potentially among the most invasive of searches”.
There are many things that one would not want the world to see and it includes details belonging to others. For example, in Edison Chen’s case, the intimate photographs of his partners were spread around the internet after he had his laptop sent for service. These photographs now can be considered to have entered public domain and no amount of work can remove them from the public domain.
In view of the aforesaid, special attention must be given to search on electronic data. A party granting such search must carefully weight the individual reasonable right to privacy and public interest. If there are other means of obtaining information, such search should not be conducted.
If the owner specifically requests that certain portion of the computer be restricted, such request must be considered.
Also, whether there can be search to electronic data should be left to the Courts. In R v. IRC, Ex P Rossminster  AC 952, Lord Wilberforce stated that:-
The courts have the duty to supervise, I would say critically, even jealously, the legality of any purported exercise of these powers. They are the guardians of the citizens’ right to privacy. But they must do this in the context of the times, ie, of increasing Parliamentary intervention, and of the modern power of judicial review.
Perhaps an exception can be given if is a real and present belief that failure to act will result in the destruction or loss.
Guidelines and standard operating procedures on electronic data search should be issued. Officers must be educated on the right to privacy of all Malaysians. No forceful entry should be made by them. Information wrongly obtained through this practice must be deemed inadmissible in Court.
On the other hand, private sectors, who hold our personal information, should play a role in protecting all Malaysian’s privacy. For example, internet or web hosting service providers should restrict the access of personal information of customers by any Government authorities or other individuals.
I must state that nothing in this article prohibits the access of electronic data. There are circumstances that should justify the access to one’s electronic data. As an extreme example, the police should be allowed to access private emails of a kidnapper, who they reasonably believe based on credible information, which has information of the whereabouts of his victim.
TBH’s case reveals the sad stage of our right to privacy. Every Malaysian, including those in power or given power, should be concerned with how their own privacy is being treated.
I am sure TBH would still be distressed if the MACC interrogators still have access to his private email – if only he is still alive today