The Star

Maintaining privacy and control

I was asked by The Star to comment on the National Digital ID (NDID) Framework which is currently under the development of the Malaysian Communications and Multimedia (MCMC). The NDID will would ease the public in the process of verification and authentication of their identities for performing digital transactions based on based on biometric features such as fingerprints, face recognition and demographic information such as names and others [Source: Identiti Digital Nasional (ID Digital Nasional)].

Based on a survey conducted by MCMC on the development of a framework for digital ID, participants have identified the 5 areas where NDID can be used-

  • Electronic healthcare records: Patients will be able to access their healthcare records online, including reviewing doctor visits and current prescriptions. They will also be able to share their records with other parties.
  • Government assistance: Citizens will be able to check their eligibility and register for government assistance programmes online. Less paperwork and documentation will be required, and the payment will be automatically banked into their accounts upon identity verification.
  • Government services: A more efficient and integrated e-government system will allow citizens to access various services, including business registration, e-voting and apply for driving licences.
  • Financial institutions: Authentication will be made seamless, allowing users to open bank accounts and perform various transactions such as applying for loans through their phones.
  • Telecommunications sector: A digital ID will eliminate repetitive verification for updating personal details, change of SIM card and when a person forgets the password to an account.

In the article, I said-

Privacy laws have to be improved to assure the public that the best measures are being taken to keep the user’s personal data associated with the digital ID safe, said Bar Council Information Technology and Cyber Laws Committee deputy chairman Foong Cheng Leong. He pointed out that the Federal and state governments are not subject to the Personal Data Protection Act (PDPA) 2010. This meant users cannot take action if their personal data was compromised when using a government service.

“Also, any breach of the PDPA is subject to the discretion of the [Personal Data Protection] Commissioner to take action. There is no express provision in the PDPA stating that a victim can go to court to sue through his or her own lawyer,” he added.

To help reassure the public, Foong also wanted the government to consider allowing civil societies such as privacy rights groups and the Bar Council to participate in the development, maintenance and operation of the digital ID.

The experts also felt that it’s only right to make the digital ID optional.

Madihah said it would be best to have all citizens signed up, but in reality, it could be an issue for those without proper Internet connection or are tech illiterate.

“For a start it’s good enough to have a portion of the public sign up first, before enrolling more people,” she suggested.

Foong also agreed, saying that the government should opt for a slower adoption process, adding that more should be made known about the digital ID first.

“We should have the right to know what information will be
included and have the right to ask for details to be deleted. Further, we should also have the right to correct and update the information. Basically the rights provided by our PDPA should also be reflected in the digital ID,” he said.

In addition to the above, perhaps the Government should also consider introducing a digital ID framework for businesses. This is because many businesses in Malaysia use Government platforms to conduct businesses and many of these platforms require separate and some times tedious registration. For example, law firms are required to register themselves with the judiciary in order to use the e-filing system. A separate registration is also required for an account with the Companies Commission of Malaysia and the Intellectual Property Corporation of Malaysia. A digital ID framework would reduce the verification process by the Government and also submission of physical or identical documents.

Hijacking hardware in stealth mode

I was featured by The Star in their article “Hijacking hardware in stealth mode“. I was asked to comment about malicious cryptomining Malaysia.

Under our law, malicious cryptominers can be punished with the Computer Crimes Act 1997, says Bar Council information technology and cyberlaw committee deputy chairman Foong Cheng Leong.

“It can be considered unauthorised access to computer material or unauthorised modification to computer material,” he adds.

If found guilty for unauthorised access, the cybercriminal can face up to a RM50,000 fine, a five-year jail term or both.

At present, digital currencies such as bitcoin are not recognised as legal tender in Malaysia.

But cryptocurrency exchangers are required to report their activities to Bank Negara.

This reporting obligation, the central bank was reported as saying, is the first step in making activities in the cryptocurrency business more transparent.

Foong says while it is not recognised as legal tender, it doesn’t mean cryptocurrency is illegal.

“You can still use digital currencies to purchase things. It is up to the buyer and seller,” he adds.

However, he points out that cryptocurrency may also be misused, particularly in the black market for illegal purposes like money laundering, purchase of drugs and other undesirable items, to avoid detection.

“I foresee more crimes and disputes may arise from there,” Foong says.

Legal start-up’s services scrutinised by Malaysian Bar

I was quoted by The Star newspaper on the entry of Dragon Law, a Hong Kong based company providing access to legal documents and legal access, into Malaysia.

“Intellectual Property lawyer Foong Cheng Leong said it would be “interesting” to see what the Bar Council, especially its Legal Profession Committee, would do.

“Dragon Law says it will refer those who use the template to a qualified lawyer. But they have to be careful as it may amount to touting for such lawyers,” he said.

To elaborate further, s. 37(3) of the Legal Profession Act 1976 (LPA) which prohibits touting for law firms. S37(3) of the LPA provides the following:-

(3) Any unauthorized person who offers or agrees to place at the disposal of any other person the services of an advocate and solicitor shall be guilty of an offence under this subsection:

Provided that this subsection shall not apply to any person who offers or agrees to place at the disposal of any other person the services of an advocate and solicitor pursuant to a lawful contract of indemnity or insurance.

The Malaysian Bar is entitled to file an injunction against any person who contravenes s. 37 of the LPA and this was confirmed recently by the Federal Court in Bar Malaysia v. Index Continent Sdn Bhd [2016] 2 CLJ 545.

GE13: Online campaigns get nasty

I was quoted by The Star in their article “GE13: Online campaigns get nasty” on 12 April 2013.

PETALING JAYA: Online campaigning has gone nasty in the run-up to the May 5 general election with cyber troopers from both sides of the political divide going beyond mudslinging at times.

The fight tends to get ugly with vulgar words used freely, sometimes crossing the boundary of racial and religious sensitivity as rival cyber troopers vie to influence public perception.

Both Barisan Nasional and Pakatan Rakyat have accused each other of paying cyber troopers to attack their opponents on social networks.

One example which a non-governmental organisation complained about was the case of pro-opposition cyber troopers uploading a photograph of a woman online last month accompanied by harsh and vulgar comments.

The woman, who is a committee member of the Malaysian Youth Rights Movement, was also threatened with gangrape and murder over her stand on some issues.

Deputy Higher Education Minister Datuk Saifuddin Abdullah condemned the strategies being employed by cyber troopers, saying “they put too much focus on attack”.

“In the long run, these strategies won’t work. The people will start reading these comments and say you are insulting my intelligence’,” said Saifuddin.

Outgoing Jelutong MP Jeff Ooi denies that there are cyber troopers on his party’s payroll, and called for politicians to make a stand against the current tactics employed by cyber activists.

“We (politicians) should not be seen to be condoning abusive commentaries. We have to call a spade a spade. If it were to come from my party, we would have to put them under restraint,” said Ooi.

Supt Ahmad Noordin Ismail from the cyber crime department of the police’s Commercial Crime Unit said nabbing cyber troopers and cyber bullies can be complicated due to a lack of evidence.

“People can make these comments and remove them easily,” he said.

Digital News Asia executive editor A. Asohan said he expected the mud-slinging, and warned that things would get worse as polling day nears.

“The real dirty play will come from the Internet. You will see a lot of accusations flying back and forth while paid bloggers will go on the warpath,” he added.

However, he believed people are smarter these days and would not be easily taken in by what was being posted on Websites.

MCA Youth new media bureau head Neil Foo agreed that it was not a healthy trend for both sides to have a go at each other in an unruly manner.

He said he always reminded the MCA cyber warriors and supporters to be polite, argue based on facts and not be too emotional.

He admitted that there are some who got carried away when egged on by other cyber troopers.

“I’ll ask them to watch the words they use. There should not be any vulgarity or personal attacks. They should stick to the facts,” he said.

Action can be taken against people who post offensive comments online, Kuala Lumpur Bar IT committee chairman Foong Cheng Leong said.

Under Section 233 of the Communications and Multimedia Act, those found guilty of harassing or being offensive online can be fined a maximum of RM50,000 or jailed up to a year or both, he noted.

The same clause also provides that a further fine of RM1,000 can be levied daily during which the offence is continued after conviction.

Foong strongly felt that “while people are free to express their opinions, they should not defame or attack others maliciously”.

Universiti Sains Malaysia psychologist Dr Geshina Ayu Mat Saat said cyber bullies, who preyed on their victims often perceived they had the right to bully.

“They have this sense of entitlement, whereby their way is the best and people should follow them. Their perception is also very lopsided based on their own personal experience and expectations,” she said yesterday.

Dr Geshina Ayu said these bullies were more daring online as they felt that they could get away with it.

“But they failed to realise they are bound by the law, even online,” she said.

Trial by Facebook

I was featured in The Star newspaper in their article entitled “Trial by Facebook” in January 2013.

Trial by Facebook
Posted: 11th January 2013 by R.AGE in Stories


MANY memes and posts go viral on the Internet every week, from harmless Chuck Norris jokes to the more factious Relatable Romney photos. Last week, it was a set of Facebook photos of a 13-year-old alleged rapist – complete with the boy’s full name, MyKad number and address.

One of the photos was accompanied by a description, written by the man who posted it, claiming the boy had allegedly tried to rape his girlfriend at a petrol station in Malacca. The alleged victim also posted a detailed account of the incident.

The post quickly went viral, appearing on various online forums and social networks even before the boy was charged in court. The police probe into the incident had not even begun.

One Facebook user commented: “Show the (boy)’s face! Embarrass him! And I guess most of us already saw his face!”

Another one added: “It can only get worse from here on. Well we all got this kiddo’s home address, lets go protest and harass the family. The apple doesn’t fall far from the tree.”

Though the boy was eventually charged after a police investigation (and will now face a magistrate court), questions have to be asked on why so many social media users decided to share the photo – even though the case was not verified at the time, and involved the naming and shaming of a minor.

According to lawyer Foong Cheng Leong, the Kuala Lumpur Bar Council’s IT committee co-chairman, the act is firmly against the law.

“Under Section 15 on Child Act 2001, whenever anyone under the age of 18 is concerned; no mass media should disclose information related to the name or whereabouts of a child who is implicated in any offence,” he said.

Anyone found to have committed the offence of circulating an image or personal details of an underage suspect would be liable to a hefty fine, a prison term of not more than five years, or both.

Even now, photos showing the boy’s face are still all over the Internet. A comic artist even created his own “poster” using the photos, describing his anger at the incident. The poster was uploaded to the artist’s Facebook page a day after the incident, and has been shared nearly 30,000 times.

There have been several high profile incidents involving reckless dissemination of sensitive information over the Internet in recent weeks. A student in Kerala, India was wrongly identified through a photo on Facebook as the victim of the brutal New Delhi gang rape case. Her parents filed a complaint with the police over the incident.

Before that, Ryan Lanza hit out on Facebook after he was mistakenly identified as the gunman involved in the Sandy Hook Elementary School shooting in Connecticut, US. His brother Adam was later revealed to be the gunman.

So, is the “Facebook mob” getting out of control? Is the quest on social media to raise awareness about crime slowly descending into anarchy?

Viral vigilance
For digital media expert David Lian, the Asia-Pacific digital lead for PR firm Text100, incidents like these are just an unfortunate result of the speed of the Internet.

“I don’t think any of these incidents were done maliciously. It’s just so easy to share things on social media now. A friend of mine shared something about a scam this morning, and I shared it too.

“It’s a normal reaction. Not everyone will have the resources to verify the stories, but when you feel it’s a life or death kind of thing like with crime, you just share it,” he said.

Indeed, Facebook posts about harrowing encounters with criminals tend to go viral quite easily these days.

In August last year, three men armed with machetes broke into Eric Lim’s family home in Serdang, Selangor. He rushed home from his office to find blood splattered all over the living room floor, as his brothers and mother who were home at the time had put up a fight.

Lim, 25, used his mobile phone to take pictures of the scene, which he uploaded to Facebook along with an account of what had happened.

Initially, he received a lot of well wishes from family and friends, never expecting the post to go viral. But in just a matter of weeks, the post received over 1,700 shares, and he was getting well wishes from complete strangers.

“When I posted those images and my story, it was all about raising awareness among my friends. I wanted them to know what happened, to hear my account first-hand. Hopefully, that will inspire them to be more vigilant.”

Marketeer Chin Xin-Ci, 26, understands this phenomenon better than most, being the publisher of one of the first high-profile viral crime stories. Chin was the victim of an unsuccessful kidnapping attempt in May last year, and her Facebook post detailing the experience got more than 10,000 shares in a matter of hours. The story became national news.

“When I first shared on Facebook that I had been robbed and almost kidnapped (this was just a couple hours after the incident), quite a number of my family members and friends were worried . So I thought I’d just write the note as a cathartic release, and also I wouldn’t have to repeat myself to every friend I meet,” said Chin.

Chin added when she wrote the note, she remembered what a policeman at the scene mentioned to her.

“A police officer told me I was lucky to have escaped. So as I wrote the note, I thought ‘maybe the thought process that helped me get away might help someone in the same situation?’”

A Facebook page called PJ Community Alert ( now compiles and shares posts like Lim’s and Chin’s to keep the public vigilant and help nab the perpetrators.

Foong however, is still worried about how often people are now sharing crime-related information without “verifying the facts”.

“Sometimes a social media posting could be defamatory in nature. It could be distressing for a person’s professional and personal life if others were to go around circulating such false information about the person,” he said.

Digital culture writer and consultant Niki Cheong believes most social media users still do not understand the ramifications of their actions.

“People are not aware of the laws. Protecting the identity of minors, for instance, is something journalists are familiar with. But now everyone is a publisher, but not everyone is equipped with this education or knowledge,” he said.

Another important issue, according to Cheong, is the blurring of “social ties”.

“Offline, our social networks are a bit more restrained. We are selective of our friends. We categorise them with labels like ‘acquaintances’, and we use these markers to help evaluate what they say – can we trust this person, where did she get this information, etc.

“It’s different online. we have become less invested in who our friends are, and we know less about them. Is he or she a gossip? Is he or she credible? Because we don’t have this background knowledge with which to evaluate online information, our judgement is affected,” he added.

Nevertheless, Chin hopes to prove that this viral effect can be used not only to warn others about danger, but to inspire kindness as well.

“After I shared my experience, a ‘crime-story-sharing’ trend kind of started on Facebook. It got a bit depressing after awhile. My friend, Khai Yong, actually came to me with an idea to start spreading good stories instead,” she said.

The idea became The Kindness Project, a Facebook page that shares inspiring stories of kindness from Malaysians.

“We want to remind Malaysians online that while there is a lot of bad in this world, there is hope as Malaysia is filled with tonnes of kind people, and we can all make a difference in our own way.”

Lawyers: Act will result in more cautious Net users

I was quoted in The Star’s recent article on the amendments of the Evidence Act 1950.

PETALING JAYA: The newly-amended Evidence Act will potentially result in a wave of more cautious Internet users, say lawyers, as the onus is now on the person to prove they did not post or create offending material.

If one is hauled up, however, maintaining innocence might prove to be tricky unless Internet users are more thorough with safety measures, they said.

“Witnesses or documents would suffice, depending on circumstan­ces.

“However, if you’re a website owner and someone posts such comments, there’s no way out,” said KL Bar IT Committee co-chairman Foong Cheng Leong.

Foong advised Internet users to secure their WiFi connection, frequently update their anti-virus software, use strong passwords and refrain from retweeting or republishing anything dubious or unverified.

“Or, you could stop using the Internet and start sending snail mail,” he commented, tongue-in-cheek.

Lawyer and activist Edmund Bon said that in the case of anonymous comments, there was al­ways the option of tracking IP addresses.

 Scroll to top