Bread & Kaya: Tracing someone online
Nov 17, 2014
– Getting the IP address is one way, but may not always be possible
– On issue of defamation, Section 114A has been applied retrospectively
ONE of the most difficult issues to deal with in cybercrime or cyber-bullying cases is finding the perpetrator online. My years of blogging have brought me some experience in dealing with this issue, especially when dealing with ‘trolls.’
I am glad to say that it is not impossible. Some guesswork is needed. Normally, such a perpetrator is someone you know, although he or she may or may not be close to you. Sometimes, however, it would be just a stranger.
There was one case where the perpetrator was found to be a friend’s spouse whom the victim had only met a few times. Strangely, there was no animosity between these parties.
In one case which I was personally involved, I made a guess on the possible perpetrator and worked from there. Eventually, the person confessed after being confronted.
Getting the Internet Protocol (IP) address of the perpetrator is one of the conventional ways to track someone down. Internet service providers (ISPs) assign unique IP address to each user account. However, IP addresses may not be retrievable if the person is on a proxy server.
Another problem is the jurisdictional issue. Many servers storing such IP addresses may be located overseas and owned by foreign entities. One may have to initiate legal action overseas to get such data, and many of these service providers do not release their user information easily due to data protection laws or their strict privacy practices.
In the recent case of Tong Seak Kan & Anor v Loke Ah Kin & Anor  6 CLJ 904, the Plaintiffs initiated an action for cyberspace defamation against the 1st Defendant.
In tracing the perpetrator, who had posted defamatory statements on two Google Blogspot websites, the Plaintiffs filed an action called a John Doe action in the Superior Court of California. In compliance with the Court order, Google traced the blogs to two IP addresses which were revealed by Telekom Malaysia Bhd to be IP addresses belonging to the 1st Defendant’s account.
In the same case, the High Court had held that the controversial Section 114A (2) of the Evidence Act 1950 applied retrospectively.
S. 114A (2) provides that the burden of proof lies on the subscriber of an ISP to prove that a certain statement was not published by him or her. The 1st Defendant failed to convince the Court that s. 114A (2) does not apply because the defamatory statements were published before the enforcement date of s. 114A(2).
This retrospective stand however was not followed in the case of PP v Rutinin Bin Suhaimin  2 CLJ 427 as the High Court held that s. 114A does not apply retrospectively.
Perhaps the distinguishing factor between these cases is that the first case involved a civil dispute whereas the latter is a criminal prosecution.
Readers may recall that the #Stop114A campaign was initiated to get this law repealed. I am proud to say that Digital News Asia (DNA) was one of the organisers and participants in shutting down its website for one day. The campaign attracted the attention of Prime Minister Najib Razak but unfortunately, the law remained.
Going back to the case, the Court held that the 1st Defendant had failed to prove that he was not the publisher of the content. The 1st Defendant is now liable for a payment of RM600,000 (US$180,000) as damages to the Plaintiffs.
Not all tracing of a perpetrator requires an IP address. In Datuk Seri Anwar Bin Ibrahim v Wan Muhammad Azri Bin Wan Deris  3 MLRH 21, Opposition leader Anwar Ibrahim (pic) sued Wan Muhammad Azri Bin Wan Deris, allegedly a well-known blogger called Papagomo, for defamation.
In proving the identity of Papagomo, instead of tracing the IP address of Papagomo, the Court relied on the statement of a person who had met Papagomo in person before. The former also took a picture with Papagomo and this picture was tendered in Court.
There are other unconventional methods to identify a person online. I have heard of a private investigator entering a person’s home without knowledge to gain access to the computer of that person.
Many people do not password-protect their home computers and leave their email and other online accounts still logged into. This allows the private investigator to easily access a person’s emails and other online accounts without any technical skills.
One method that I always use is to find something unique in the content posted by the perpetrator. For example, I recently concluded that a website was held by a cyber-squatter by doing a Google search on certain sentences that appeared on the website. The cyber-squatter’s website looked like a legitimate website, but the search revealed that the same facade had been employed by the cyber-squatter on several websites using well-known brand names.
If there are images involved, a Google Image search would be useful to find whether other websites are hosting the same image.
It is of utmost importance that one must have reliable evidence to prove the identity of a perpetrator before suing or charging them. The person doing such investigation should be knowledgeable enough to conduct the investigation, know the rules of producing evidence and testifying in Court, and to thwart all challenges by the perpetrator’s lawyers.
Failure to do so would result in the case being dismissed or in a worst scenario, an innocent person being charged or sued in Court.
First published on Digital News Asia on 17 November 2014.