I was asked by TV3 to comment on the laws relating to doxing in Malaysia. You may watch the full coverage below.
I was asked by TV3 to comment on the laws relating to doxing in Malaysia. You may watch the full coverage below.
I was asked by The Star to comment on legal matters concerning online petitions. I said-
Fact or fiction?
However, it’s important to verify the validity of a petition before supporting it, as not all petitions are based on facts.
Foong Cheng Leong, Bar Council Information Technology and Cyber Laws Committee [former] deputy chairman, urges people to be more wary about the information presented in a petition before signing or sharing one online.
Like in any other online post, the text in petitions has to be carefully worded so that they do not defame or affect the livelihood of anyone adversely.
“Petitions can be defamatory. A petition usually starts with an introduction using background facts, which can be untrue,” he says.
According to Foong, online petitions are treated the same as website posts in the eyes of the law.
“Perhaps the slight difference is that the court is able to see how many people have reacted to the defamatory statements by looking at the petition numbers,” he adds.
Foong explains that online petitions have no effect on legal proceedings and that public opinion is not valid in court for ongoing cases.
“The court bases its decisions on facts and evidence, not on public opinion. Courts are cautious when dealing with public opinion as not to equate it with the public interest,” he says.
Is it past time for Malaysia to establish its own official petition platform? Foong says it will be a good start, as it will allow issues to be raised with the government.
“In the olden days, people started petitions in the hope that the mainstream media would report it so that the relevant people would become aware of the issue,” he adds.
In the meantime, Malaysians who want to create an online petition will still have to rely on third-party platforms.
Foong urges anyone wanting to post a petition to be careful about how they phrase their concerns.
“Like in any other online post, the text in petitions has to be carefully worded so that they do not defame or affect the livelihood of anyone adversely,” he says.
I was asked by The Star to comment on the recent news about an alleged data leak containing the information of 22.5 million Malaysians born between 1940 and 2004, purportedly stolen from the National Registration Department (NRD).
Lawyer Foong Cheng Leong said the lack of transparency on investigations related to data leaks in Malaysia has been frustrating.
“There needs to be an account of how the matter is being investigated and what steps are being taken to ensure that the data is secure.
“The information could serve as a deterrent to others and show that there will be consequences for those leaking private information,” he said in a phone interview.
Foong urged fresh investigations to be conducted by the relevant agencies, including the Department of Personal Data Protection (JPDP) to discover if the leak was genuine.
When contacted, JPDP declined to comment at this point.
Foong said the data from the alleged leak could be used by scammers to dupe victims.
“For example, they could pose as an authority figure and present information such as your MyKad number or address to gain your trust.
“They will use this to convince you to give out more details or perform financial transactions,” he said.
I was asked by CodeBlue, a health care news portal, to comment on the recent debacle about MySejahtera App, particularly, on the disclaimer of MySejahtera’s terms and conditions. The term states-
Government of Malaysia shall not be liable for any loss or damage caused by the usage of any information obtained from this Application.
Here is an extract from the article-
Intellectual property (IP) and information technology (IT) lawyer Foong Cheng Leong said the MySejahtera disclaimer does not allow the government to disclaim liability for negligence.
“This clause has no legal effect for damages and losses due to negligence claims,” Foong told CodeBlue. “Data breach is a form of negligence.”
He explained that the MySejahtera disclaimer means that the government cannot be held liable for loss or damages in incidents that do not involve negligence, such as wrongly reporting Covid-19 cases.
When asked if the government could be held liable, despite its disclaimer, if a private company somehow manages to get access to MySejahtera users’ personal data and uses it for marketing purposes, Foong replied in the affirmative, but said a data breach must first be proven.
Foong said although the government may claim that MySejahtera data protection is in compliance with PDPA requirements (which the government is not legally subject to), the lawyer said the law just sets out the basics.
In the intellectual property section of the App Store review guidelines for app developers, Apple requires app developers to ensure that their app “only includes content that you created or that you have a licence to use.”
This includes avoiding use of protected “third-party material such as trademarks, copyrighted works, or patented ideas” in the app. “Apps should be submitted by the person or legal entity that owns or has licensed the intellectual property and other relevant rights.”
Foong said this does not indicate that the Malaysian government, which is described on Apple’s App Store as the MySejahtera developer, owns the app and its IP.
“The app and content are different,” the lawyer said, adding that MySejahtera content includes things like user data, images, write-ups, charts, or source codes of the app.
The MySejahtera saga continues with uncertainty over the ownership of the app. Foong Cheng Leong, Intellectual property and information technology lawyer helps us untangle this complex web, reminding us of the importance of contracts.
Produced by: Moh Heng Ying
Presented by: Wong Shou Ning, Tan Chen Li, Philip See
I am happy to share this article I co-authored with my former interns Mira Marie Wong and Nur Faiqah Nadhra Mohamad Faithal. This article was initially published as one of my Bread & Kaya articles on Digital News Asia. I have updated it for it to be published by Thomson Reuters in their The Law Review 2021.
I am happy to announce that my book “Foong’s Malaysia Cyber, Electronic Evidence and Information Technology Law” was recently featured in the Singapore High Court case of CLM v CLN and others  SGHC 46.
The case had referred to our High Court case of Zschimmer & Schwarz GmbH & Co KG Chemische Fabriken v Persons Unknown & Anor which had quoted my commentary in para [8.098] to [8.100] of my book (reproduced below) regarding actions against persons unknown.
CLM v CLN and others  SGHC 46
The Singapore High Court dealt with two (2) interesting and novel points of law.
First, can stolen cryptocurrency assets be the subject of a proprietary injunction?
Second, does the court have jurisdiction to grant interim orders against persons whose identities are presently unknown?
The plaintiff had commenced an action to trace and recover 109.83 Bitcoin (“BTC”) and 1497.54 Ethereum (“ETH”) (collectively, the “Stolen Cryptocurrency Assets”) that were allegedly misappropriated from him by unidentified persons (ie, the first defendants), a portion of which has been traced to digital wallets that were controlled by cryptocurrency exchanges with operations in Singapore (ie, the second and third defendants).
The Court granted the plaintiff an ex parte proprietary injunction against the first defendant from, among others, dealing with the Stolen Cryptocurrency Assets, and a worldwide freezing injunction.
Action against persons unknown
The Singapore High Court held that there is nothing in their Rules of Court (Cap 322, R5, 2014 Rev Ed) (“ROC”) that requires a defendant to be specifically named. O 2 r 1 of the ROC expressly provides that even if the commencement of proceedings against persons unknown contravenes the ROC, such a contravention is treated as a mere irregularity, and will not result in the nullification of proceedings unless the court exercises its discretion to order the same.
Like how our Court had relied on O. 89 of the Malaysian Rules of Court 2012, the Singapore High Court held that O. 81 of the ROC allows for a reference to persons unknown in summary proceedings for possession of land.
Hence, the Court held that it has the jurisdiction to grant interim orders against the first defendants, who are persons unknown.
Further, the Singapore High Court held that the description of the first defendant must be sufficiently certain as to identify both those who are included and those who are not. In the present case, the plaintiff has sufficiently defined the first defendant as “any person or entity who carried out, participated in or assisted in the theft of the Plaintiff’s Cryptocurrency Assets on or around 8 January 2021, save for the provision of cryptocurrency hosting or trading facilities“.
Stolen cryptocurrency assets as subject matter of a proprietary injunction
The Singapore High Court held that there is a serious arguable case that the plaintiff has a proprietary interest. Cryptocurrencies are a form of property. The Court adopted the test from the English case of National Provincial Bank Ltd v Ainsworth  AC 1175, which defined the term property rights, and held that-
The Singapore High Court held that the balance of convenience lay in favour of granting the proprietary injunction. If it were not granted, there would be a real risk that the first defendants would dissipate the Stolen Cryptocurrency Assets, which would prevent the plaintiff from recovering those assets even if he successfully obtained a judgment in his favour. Conversely, even if the plaintiff’s case were later refuted, the first defendants would only suffer losses arising from their inability to deal with the Stolen Cryptocurrency Assets, which could be compensated by way of damages.
Worldwide freezing injunction
The Singapore High Court also granted the worldwide freezing injunction to restrain the first defendants from dealing with, disposing of, or diminishing the value of, their assets up to the value of the Stolen Cryptocurrency Assets.
The learned Judge was of the view that the first defendants dissipated the stolen assets through a series of digital wallets that appear to have been created solely for the purpose of frustrating the plaintiff’s tracing and recovery efforts, and which had either no or negligible transactions other than the deposit and withdrawal of the Stolen Cryptocurrency Assets.
Moreover, the risk of dissipation in the present case is heightened by the nature of the cryptocurrency: the Stolen Cryptocurrency Assets are susceptible to being transferred by the click of a button, through digital wallets that may be completely anonymous and untraceable to the owner, and can be easily dissipated and hidden in cyberspace.
Ancillary disclosure orders
Ancillary disclosure orders were also made against the second and third defendants to disclose to the plaintiff the current balances of the second and third defendants’ accounts that were credited with BTC and ETC that are traceable to the Stolen Cryptocurrency Assets, and information and documents collected by the second and third defendants in relation to the owners of the relevant accounts in the second and third defendants and details of all transactions involving the relevant accounts in the second and third defendants from the dates on which the stolen assets were credited against the accounts.
I was asked by The Malay Mail to give my thoughts on the issue of the word TIMAH by a local whisky brand. The Government has asked the brand owner to consider to change its brand name in view of the alleged public outcry over the use of a Malay word for an alcoholic product. I said-
How companies could navigate the use of brand names
Foong Cheng Leong, who is also a co-chair of the Bar Council’s Intellectual Property Committee, told Malay Mail: “Businesses in Malaysia are generally free to use whatever brand name they want on their goods and services so long that, among others, it is not a brand name of another person or a confusingly or deceptively similar one, or a false trade description.
“For certain industries, prior approval is required from local government/agencies. For example, a name of a property development would need approval from the local council,” he said, adding that he is not aware of any name approval requirement for alcoholic products.
Foong also noted that a trademark could still be used even if it is not registered, noting that the registration of a brand name with MyIPO “is merely a process to protect the mark from being infringed by a third party”.
“MyIPO has the right to object to the registration of a mark that is offensive or scandalous, or against morality, among others. However, the non-registration of a trademark does not prohibit the use of a trademark. The effect is only that they do not get protection under the Trademarks Act 2019,” he said.
“When it comes to using a name that could cause fear or alarm to the public or against public tranquility, Section 505(b) of the Penal Code may be relevant. However, I am not aware of this section being used against anyone using a brand name that has caused public anxiety.
“A use of a brand name is a commercial decision. One would use a name that would attract customers and certainly not a name to cause public anxiety,” he added.
Section 505(b) covers the crime of making, publishing, circulating any statement, rumour or report with intention to cause or which is likely to cause fear or alarm to the public or to any section of the public where any person may be induced to commit an offence against the state, or with such statements being against public tranquility.
When asked if companies should avoid using the Malay language altogether for brand names to avoid possibly causing public anxiety in Malaysia (including in the context of race and religion), Foong replied: “There is no issue in the use of Malay words as a brand name. Many Malaysians are proud to use Malay words as their brand name to show that their goods and services are from Malaysia.”
“However, the Timah case has shown us that there is a limitation to such use. It seems to me that it is not so much on Muslims being confused but rather the use of Malay words on products prohibited by religion e.g. alcoholic products. I do not think that there is an express prohibition by law on this.
“But historically, there had always been a prohibition on use of religious words or words which connotes religious meaning on all forms of publication.
“Nevertheless, I think brands would now need to rethink their strategy, especially when using local names on products which are prohibited for consumption by religion or custom,” he said.
Once upon a time, it was considered totally unacceptable for musicians to even consider selling their song catalogues, but now, we see a trend of musicians, especially the senior ones, doing so. Some have cited estate planning as one of the reasons for doing this, but surely, these songs have value too and can be kept and passed on to their family members? Lawyer Foong Cheng Leong joins us on the show to share his take on this trend.
Produced by: Daryl Ong, Haniff Baharudin
Presented by: Daryl Ong, Haniff Baharudin
Last night, Facebook, Instagram and Whatsapp all went down for six hours. We look at the lessons to be learnt from the unprecedented blackout.
Produced by: Tasha Fusil, Raihanna Azwar
Presented by: Sharmilla Ganesan, Lee Chwi Lynn