Power of online petitions: Working collectively to inspire change

I was asked by The Star to comment on legal matters concerning online petitions. I said-

Fact or fiction?

However, it’s important to verify the validity of a petition before supporting it, as not all petitions are based on facts.

Foong Cheng Leong, Bar Council Information Technology and Cyber Laws Committee [former] deputy chairman, urges people to be more wary about the information presented in a petition before signing or sharing one online.

Like in any other online post, the text in petitions has to be carefully worded so that they do not defame or affect the livelihood of anyone adversely.

“Petitions can be defamatory. A petition usually starts with an introduction using background facts, which can be untrue,” he says.

According to Foong, online petitions are treated the same as website posts in the eyes of the law.

“Perhaps the slight difference is that the court is able to see how many people have reacted to the defamatory statements by looking at the petition numbers,” he adds.

Foong explains that online petitions have no effect on legal proceedings and that public opinion is not valid in court for ongoing cases.

“The court bases its decisions on facts and evidence, not on public opinion. Courts are cautious when dealing with public opinion as not to equate it with the public interest,” he says.

..

Is it past time for Malaysia to establish its own official petition platform? Foong says it will be a good start, as it will allow issues to be raised with the government.

“In the olden days, people started petitions in the hope that the mainstream media would report it so that the relevant people would become aware of the issue,” he adds.

..

In the meantime, Malaysians who want to create an online petition will still have to rely on third-party platforms.

Foong urges anyone wanting to post a petition to be careful about how they phrase their concerns.

“Like in any other online post, the text in petitions has to be carefully worded so that they do not defame or affect the livelihood of anyone adversely,” he says.

Data of Malaysians born between 1940 and 2004 allegedly being sold for over RM40,000

I was asked by The Star to comment on the recent news about an alleged data leak containing the information of 22.5 million Malaysians born between 1940 and 2004, purportedly stolen from the National Registration Department (NRD).

I said-

Lawyer Foong Cheng Leong said the lack of transparency on investigations related to data leaks in Malaysia has been frustrating.

“There needs to be an account of how the matter is being investigated and what steps are being taken to ensure that the data is secure.

“The information could serve as a deterrent to others and show that there will be consequences for those leaking private information,” he said in a phone interview.

Foong urged fresh investigations to be conducted by the relevant agencies, including the Department of Personal Data Protection (JPDP) to discover if the leak was genuine.

When contacted, JPDP declined to comment at this point.

Foong said the data from the alleged leak could be used by scammers to dupe victims.

“For example, they could pose as an authority figure and present information such as your MyKad number or address to gain your trust.

“They will use this to convince you to give out more details or perform financial transactions,” he said.

Government Says Not Liable For Damages Over MySejahtera Data Use

I was asked by CodeBlue, a health care news portal, to comment on the recent debacle about MySejahtera App, particularly, on the disclaimer of MySejahtera’s terms and conditions. The term states-

DISCLAIMER
Government of Malaysia shall not be liable for any loss or damage caused by the usage of any information obtained from this Application.

https://mysejahtera.malaysia.gov.my/penafian_en/

Here is an extract from the article-

Intellectual property (IP) and information technology (IT) lawyer Foong Cheng Leong said the MySejahtera disclaimer does not allow the government to disclaim liability for negligence.

“This clause has no legal effect for damages and losses due to negligence claims,” Foong told CodeBlue. “Data breach is a form of negligence.”

He explained that the MySejahtera disclaimer means that the government cannot be held liable for loss or damages in incidents that do not involve negligence, such as wrongly reporting Covid-19 cases.

When asked if the government could be held liable, despite its disclaimer, if a private company somehow manages to get access to MySejahtera users’ personal data and uses it for marketing purposes, Foong replied in the affirmative, but said a data breach must first be proven.

He also pointed out that MySejahtera’s privacy policy merely states how the government treats one’s personal data on the app, but omits specifying its data retention policy, security measures, or government contractors handling the app. The only retention period mentioned by the app’s privacy policy relates to check-in data, which is 90 days, but nothing for other user data like personal details and medical and health information like Covid-19 diagnostics, close contact status, and blood pressure and heart rate readings.

“The privacy policy is scarcely explained.”

….

Foong said although the government may claim that MySejahtera data protection is in compliance with PDPA requirements (which the government is not legally subject to), the lawyer said the law just sets out the basics.

“Under the PDPA, the privacy policy has to be in a certain format, for example, describe what is collected, the purposes of collection, whether it’s obligatory to collect and if so, consequences for not providing those obligatory data. But no requirement to state what kind of security is provided, what is the retention time etc.”

In the intellectual property section of the App Store review guidelines for app developers, Apple requires app developers to ensure that their app “only includes content that you created or that you have a licence to use.”

This includes avoiding use of protected “third-party material such as trademarks, copyrighted works, or patented ideas” in the app. “Apps should be submitted by the person or legal entity that owns or has licensed the intellectual property and other relevant rights.”

Foong said this does not indicate that the Malaysian government, which is described on Apple’s App Store as the MySejahtera developer, owns the app and its IP.

“The app and content are different,” the lawyer said, adding that MySejahtera content includes things like user data, images, write-ups, charts, or source codes of the app.

BFM Podcast: THE MYSEJAHTERA APP: WHO OWNS WHAT?



The MySejahtera saga continues with uncertainty over the ownership of the app. Foong Cheng Leong, Intellectual property and information technology lawyer helps us untangle this complex web, reminding us of the importance of contracts.

Produced by: Moh Heng Ying
Presented by: Wong Shou Ning, Tan Chen Li, Philip See

Enforceability of Hyperlinked Electronic Contracts in Malaysia

I am happy to share this article I co-authored with my former interns Mira Marie Wong and Nur Faiqah Nadhra Mohamad Faithal. This article was initially published as one of my Bread & Kaya articles on Digital News Asia. I have updated it for it to be published by Thomson Reuters in their The Law Review 2021.

Singapore’s First Action against Unknown Persons on Cyberspace

I am happy to announce that my book “Foong’s Malaysia Cyber, Electronic Evidence and Information Technology Law” was recently featured in the Singapore High Court case of CLM v CLN and others [2022] SGHC 46.

The case had referred to our High Court case of Zschimmer & Schwarz GmbH & Co KG Chemische Fabriken v Persons Unknown & Anor which had quoted my commentary in para [8.098] to [8.100] of my book (reproduced below) regarding actions against persons unknown.

CLM v CLN and others [2022] SGHC 46

The Singapore High Court dealt with two (2) interesting and novel points of law.

First, can stolen cryptocurrency assets be the subject of a proprietary injunction?

Second, does the court have jurisdiction to grant interim orders against persons whose identities are presently unknown?

Brief Facts

The plaintiff had commenced an action to trace and recover 109.83 Bitcoin (“BTC”) and 1497.54 Ethereum (“ETH”) (collectively, the “Stolen Cryptocurrency Assets”) that were allegedly misappropriated from him by unidentified persons (ie, the first defendants), a portion of which has been traced to digital wallets that were controlled by cryptocurrency exchanges with operations in Singapore (ie, the second and third defendants).

The Court granted the plaintiff an ex parte proprietary injunction against the first defendant from, among others, dealing with the Stolen Cryptocurrency Assets, and a worldwide freezing injunction.

Action against persons unknown

The Singapore High Court held that there is nothing in their Rules of Court (Cap 322, R5, 2014 Rev Ed) (“ROC”) that requires a defendant to be specifically named. O 2 r 1 of the ROC expressly provides that even if the commencement of proceedings against persons unknown contravenes the ROC, such a contravention is treated as a mere irregularity, and will not result in the nullification of proceedings unless the court exercises its discretion to order the same.

Like how our Court had relied on O. 89 of the Malaysian Rules of Court 2012, the Singapore High Court held that O. 81 of the ROC allows for a reference to persons unknown in summary proceedings for possession of land.

Hence, the Court held that it has the jurisdiction to grant interim orders against the first defendants, who are persons unknown.

Further, the Singapore High Court held that the description of the first defendant must be sufficiently certain as to identify both those who are included and those who are not. In the present case, the plaintiff has sufficiently defined the first defendant as “any person or entity who carried out, participated in or assisted in the theft of the Plaintiff’s Cryptocurrency Assets on or around 8 January 2021, save for the provision of cryptocurrency hosting or trading facilities“.

Stolen cryptocurrency assets as subject matter of a proprietary injunction

The Singapore High Court held that there is a serious arguable case that the plaintiff has a proprietary interest. Cryptocurrencies are a form of property. The Court adopted the test from the English case of National Provincial Bank Ltd v Ainsworth [1965] AC 1175, which defined the term property rights, and held that-

  1. The first requirement is that the right must be “definable” – the asset must hence be capable of being isolated from other assets whether of the same type or of other types and thereby identified. To this end, cryptocurrencies are computer-readable strings of characters which are recorded on networks of computers established for the purpose of recording those strings, and are sufficiently distinct to be capable of then being allocated to an account holder on that particular network.
  2. The second requirement is that the right must be “identifiable by third parties”, which requires that the asset must have an owner being capable of being recognised as such by third parties. An important indicator is whether the owner has the power to exclude others from using or benefiting from the asset. In this vein, excludability is achieved in respect of cryptocurrencies by the computer software allocating the owner with a private key, which is required to record a transfer of the cryptocurrency from one account to another.
  3. The third requirement is that the right must be “capable of assumption by third parties”, which in turn involves two aspects: that third parties must respect the rights of the owner in that asset, and that the asset must be potentially desirable. The fact that these two aspects are met by cryptocurrencies, is evidenced by the fact that many cryptocurrencies, certainly BTC and ETH, are the subject of active trading markets.
  4. The fourth requirement is that the right and in turn, the asset, must have “some degree of permanence or stability”, although this is a low threshold since a “ticket to a football match which can have a very short life yet unquestionably it is regarded as property”. In this respect, the blockchain methodology which cryptocurrency systems deploy provides stability to cryptocurrencies, and a particular cryptocurrency token stays fully recognised, in existence and stable unless and until it is spent through the use of the private key, which may never happen.

The Singapore High Court held that the balance of convenience lay in favour of granting the proprietary injunction. If it were not granted, there would be a real risk that the first defendants would dissipate the Stolen Cryptocurrency Assets, which would prevent the plaintiff from recovering those assets even if he successfully obtained a judgment in his favour. Conversely, even if the plaintiff’s case were later refuted, the first defendants would only suffer losses arising from their inability to deal with the Stolen Cryptocurrency Assets, which could be compensated by way of damages.

Worldwide freezing injunction

The Singapore High Court also granted the worldwide freezing injunction to restrain the first defendants from dealing with, disposing of, or diminishing the value of, their assets up to the value of the Stolen Cryptocurrency Assets.

The learned Judge was of the view that the first defendants dissipated the stolen assets through a series of digital wallets that appear to have been created solely for the purpose of frustrating the plaintiff’s tracing and recovery efforts, and which had either no or negligible transactions other than the deposit and withdrawal of the Stolen Cryptocurrency Assets.

Moreover, the risk of dissipation in the present case is heightened by the nature of the cryptocurrency: the Stolen Cryptocurrency Assets are susceptible to being transferred by the click of a button, through digital wallets that may be completely anonymous and untraceable to the owner, and can be easily dissipated and hidden in cyberspace.

Ancillary disclosure orders

Ancillary disclosure orders were also made against the second and third defendants to disclose to the plaintiff the current balances of the second and third defendants’ accounts that were credited with BTC and ETC that are traceable to the Stolen Cryptocurrency Assets, and information and documents collected by the second and third defendants in relation to the owners of the relevant accounts in the second and third defendants and details of all transactions involving the relevant accounts in the second and third defendants from the dates on which the stolen assets were credited against the accounts.

Does Malaysia have laws to nix ‘offensive’ brand names or ones that cause ‘public anxiety’? Lawyers explain

I was asked by The Malay Mail to give my thoughts on the issue of the word TIMAH by a local whisky brand. The Government has asked the brand owner to consider to change its brand name in view of the alleged public outcry over the use of a Malay word for an alcoholic product. I said-

How companies could navigate the use of brand names

Foong Cheng Leong, who is also a co-chair of the Bar Council’s Intellectual Property Committee, told Malay Mail: “Businesses in Malaysia are generally free to use whatever brand name they want on their goods and services so long that, among others, it is not a brand name of another person or a confusingly or deceptively similar one, or a false trade description.

“For certain industries, prior approval is required from local government/agencies. For example, a name of a property development would need approval from the local council,” he said, adding that he is not aware of any name approval requirement for alcoholic products.

Foong also noted that a trademark could still be used even if it is not registered, noting that the registration of a brand name with MyIPO “is merely a process to protect the mark from being infringed by a third party”.

“MyIPO has the right to object to the registration of a mark that is offensive or scandalous, or against morality, among others. However, the non-registration of a trademark does not prohibit the use of a trademark. The effect is only that they do not get protection under the Trademarks Act 2019,” he said.

“When it comes to using a name that could cause fear or alarm to the public or against public tranquility, Section 505(b) of the Penal Code may be relevant. However, I am not aware of this section being used against anyone using a brand name that has caused public anxiety.

“A use of a brand name is a commercial decision. One would use a name that would attract customers and certainly not a name to cause public anxiety,” he added.

Section 505(b) covers the crime of making, publishing, circulating any statement, rumour or report with intention to cause or which is likely to cause fear or alarm to the public or to any section of the public where any person may be induced to commit an offence against the state, or with such statements being against public tranquility.

When asked if companies should avoid using the Malay language altogether for brand names to avoid possibly causing public anxiety in Malaysia (including in the context of race and religion), Foong replied: “There is no issue in the use of Malay words as a brand name. Many Malaysians are proud to use Malay words as their brand name to show that their goods and services are from Malaysia.”

“However, the Timah case has shown us that there is a limitation to such use. It seems to me that it is not so much on Muslims being confused but rather the use of Malay words on products prohibited by religion e.g. alcoholic products. I do not think that there is an express prohibition by law on this.

“But historically, there had always been a prohibition on use of religious words or words which connotes religious meaning on all forms of publication.

“Nevertheless, I think brands would now need to rethink their strategy, especially when using local names on products which are prohibited for consumption by religion or custom,” he said.

BFM Podcast: SONG CATALOGUES UP FOR SALE



Once upon a time, it was considered totally unacceptable for musicians to even consider selling their song catalogues, but now, we see a trend of musicians, especially the senior ones, doing so. Some have cited estate planning as one of the reasons for doing this, but surely, these songs have value too and can be kept and passed on to their family members? Lawyer Foong Cheng Leong joins us on the show to share his take on this trend.

Produced by: Daryl Ong, Haniff Baharudin
Presented by: Daryl Ong, Haniff Baharudin

1 2 3 35  Scroll to top