I was asked by TV3 to comment on the laws relating to doxing in Malaysia. You may watch the full coverage below.
I was asked by TV3 to comment on the laws relating to doxing in Malaysia. You may watch the full coverage below.
I was quoted by FreeMalaysiaToday regarding newspaper reports about the Deputy Home Minister Azis Jamman’s answer in Parliament regarding police powers to inspect public’s mobile phone. He was reported to have said that police personnel are allowed to inspect public’s mobile phone at any time and on what reasonable ground that allows such action.
For the purpose of clarification, the Honourable Deputy Minister’s answer is reproduced in full below (see Hansard 18 November 2019):-
Pihak PDRM menggunakan peruntukan di bawah Seksyen 233, Akta Komunikasi dan Multimedia Tahun 1998, Akta 588 bagi memeriksa telefon bimbit seseorang semasa menjalankan siasatan dan semasa melaksanakan tugas menjaga ketenteraman awam.
Menerusi seksyen ini adalah menjadi satu kesalahan sekiranya seseorang menyalahgunakan kemudahan rangkaian atau perkhidmatan rangkaian telekomunikasi bagi tujuan seperti menghantar komunikasi yang lucah, sumbang, palsu, mengancam atau jelik sifatnya dengan niat untuk menyakitkan hati, menganiaya, mengugut atau mengganggu orang lain.
Melalui seksyen ini, mana-mana pegawai polis boleh mengambil tindakan dengan menyemak apa-apa kemudahan rangkaian atau perkhidmatan rangkaian termasuklah telefon bimbit milik orang yang disyaki melakukan kesalahan di bawah seksyen ini. Selain itu, mana-mana pegawai polis juga boleh mengambil tindakan bagi maksud pemeriksaan apa-apa kemudahan rangkaian atau perkhidmatan rangkaian termasuklah telefon bimbit mengikut peruntukan Seksyen 103, 104 dan 106, Kanun Tatacara Jenayah Akta 593 – di bawah 12 – Tindakan Pencegahan Oleh Polis.
In response to the newspaper reports, I said in FreeMalaysiaToday’s article-
Lawyer Foong Cheng Leong acknowledged that the CMA (Communications and Multimedia Act 1998) allows for searches without warrants, but said this can only be done by an officer above the rank of inspector.
He said a search without a warrant could be done if the officer had reasonable cause to believe that a delay in obtaining a search warrant would adversely affect the investigation or that evidence would be tampered with, removed, damaged or destroyed*.
In such cases, he said, the police could have the phone taken away and inspected later, and refusal to cooperate could see a person being charged with obstruction**.
“A person found guilty is liable to a fine not exceeding RM20,000, imprisonment for a term not exceeding six months or both.”
But he, too, said the power to confiscate or check a person’s phone must be tied to an investigation, and that the police cannot randomly ask for an individual’s phone and check it.
* S. 248 of the Communications and Multimedia Act 1998
** S. 253 of the Communications and Multimedia Act 1998
The Deputy Minister later clarified that the police’s power to request or seize a person’s mobile phone is limited to a suspect and involved in any pending investigation, and not the the general public randomly.
IN THIS third of a four-part series, I will discuss cyber-crime cases and other cyber offences.
Communications and Multimedia Act 1998
The establishment of Cyber Courts in the Kuala Lumpur Sessions Court saw the growth of judgements relating to the Communications and Multimedia Act 1998.
In Pendakwa Raya lwn Dato’ Mohd Zaid Bin Ibrahim (Kuala Lumpur Criminal Sessions Court Case No. 63-003-12/2015), the learned Sessions Court Judge gave a comprehensive judgement regarding a charge under s. 233(1)(a) of the Communications and Multimedia Act 1998.
The accused, a former Minister of Law, was charged for publishing a statement which is offensive in nature on his blog with an intent to annoy another person. The statement consists of a transcript of the accused’s speech given at a luncheon relating to the conduct of the then Prime Minister Najib Razak.
The learned Sessions Court Judge acquitted the accused at the prosecution stage based on the following grounds, among others:-
(1) In determining whether the article is offensive in nature, the article must be examined as a whole and not by looking in a few paragraphs or words. This is because the accused was charged for uploading the article and thus the entire article is considered as offensive in character. The prosecutor cannot pick and choose the relevant paragraphs or words favourable to them and conclude that the article is offensive in character.
(2) The learned Sessions Court Judge looked into the object of the Communications and Multimedia Act 1998 set out in s.3 of the said Act. One of the objectives of the Act is to promote a civil society where information-based services will provide the basis of continuing enhancements to quality of work and life. The learned Sessions Court Judge also considered that the said Act addressed the issue of censorship where nothing in the said Act shall be construed as permitting the censorship of the Internet.
(3) None of the Prosecution’s witnesses stated that they found that the entire article is offensive in character. Two (2) of the prosecution’s witnesses referred part of the article and not the whole article. In fact, the complainant’s police report against the accused had only stated that the article is seditious in nature which is different from offensive in character.
(4) Such article must be examined and not taken without further examination without critical thinking. This is one of the objectives that s. 3 of the said Act seeks to achieve. The attitude of receiving news blindly should be avoided and the new culture in accordance with the purpose and objective of the said Act ought to be promoted.
(5) In respect of the element “with intent” to annoy another person, the learned Sessions Court Judge held that that intent has to be proved and no evidence has been adduced to prove the same. As for the element “annoy another person”, the learned Sessions Court Judge found that the complainant did not feel annoyed when he read the article. The learned Sessions Court Judge held that annoyance or anger or dissatisfaction would appear spontaneously when the article is read. The learned Sessions Court Judge found that the article is intended for blog readers to garner support for what it is written for i.e. to give support to Prime Minister Dr Mahathir.
(6) The charge is defective as the prosecution failed to state clearly in the charges sheet who is the person intended to be annoyed by the accused when the article was uploaded. The charge sheet had only stated “with the intent to annoy another person”. The person in the charge sheet must be named clearly.
(7) The Prosecution should have also called the person intended to be annoyed by the article to testify whether the victim felt annoyed by the article. Without evidence from the victim, the Court is left wondering whether the victim felt annoyed by the article.
In Sivarasa Rasiah v Pendakwa Raya (Kuala Lumpur Criminal Sessions Court Case No. 63-001-04/2016 & 63-002-04/2016, Criminal Application No: 64-085-07/2016) and Premesh Chandran a/l Jeyachandran v Pendakwa Raya (Kuala Lumpur Criminal Sessions Court Case: WA-64-155-12/2017), the two accused were charged under s. 233(1) of the Communications and Multimedia Act 1998. They filed an application to refer a few constitutional issues to the High Court pursuant to s. 30 of the Courts of Judicature Act 1964 on the ground that s. 233(1) of the Communications and Multimedia Act 1998 is in contravention of Article 8 and 10(2)(a) of the Federal Constitution.
The Prosecution raised a preliminary objection against this application on the ground that s. 233(1) of the Communications and Multimedia Act 1998 is settled and not in contravention of the Federal Constitution. The same Sessions Court Judge dismissed the application on the ground that the case of Nor Hisham Osman v PP  MLJU 1429 has already determined that s. 233(1) of the Communications and Multimedia Act 1998 is reasonable and not unconstitutional.
Fortunately for the two accused, the charges were withdrawn against them after the change of Government after the 14th General Election.
Sedition – Sex bloggers on trial
In Lee May Ling v Public Prosecutor & Another Appeal  10 CLJ 742, the Appellant, also known as Vivian of the Alvivi duo, was found guilty by the Sessions Court for an offence under s. 4(1)(c) of the Sedition Act 1948 and sentenced to an imprisonment term of five (5) months and twenty (22) days.
Vivian and her co-accused, Alvin Tan, had published a picture of themselves with the words “Selamat Berbuka Puasa (dengan Bak Kut Teh. wangi,enak, meyelerakan!!!) with the Halal logo on the Facebook page “Alvin and Vivian-Alvivi”.
She appealed against her conviction and sentence. There was also a cross-appeal by the prosecution against the inadequacy of sentence meted out by the Sessions Court Judge.
The co-accused absconded through the trial and was absent until the conclusion of the trial.
The High Court dismissed the appeals. The learned Judge found that Vivian and Alvin Tan had a common intention to publish the picture, and that Vivian was a willing participant. Although no one saw Alvin or Vivian posting the picture, the learned Judge also made an inference from the evidence showing that the picture was kept in Alvin’s notebook and the Facebook page was registered in the name of Alvin and Vivian.
The High Court however substituted the sentence of five (5) months and twenty (22) days imprisonment with a fine in the sum of RM5,000 in default, imprisonment of six (6) months. The High Court in the same vein dismissed the prosecution’s appeal on the inadequacy of the sentence.
Official Secrets Act 1972 – Liability for receiving forwarded messages
Last year, I reported that one Subbarau @ Kamalanathan (Pendakwa Raya v Subbarau @ Kamalanathan (Court of Appeal Criminal Appeal No. N-06B-55-09/2016) was charged in the Sessions Court under s. 8(1)(c)(iii) of the Official Secrets Act 1972 (OSA 1972) for having possession in his Samsung mobile phone soft copies of 2014 UPSR examination papers.
In the same year, the Court released two more judgements relating to the possession of Ujian Penilaian Sekolah Rendah (UPSR) examination papers which they had received via forwarded messages on WhatsApp.
In Pendakwa Raya lwn Uma Mageswari A/P Periasamy @ Mayandy (Kuala Kangsar Sessions Court Criminal Case No. 61-1-11-2014) and Pendakwa Raya v Anparasu al Kadampiah (Kuala Kangsar Sessions Court Criminal Case No. 61-2-11-2014), the two school teachers were charged with possession of a few pages of examination papers for Ujian Penilaian Sekolah Rendah (UPSR) for Science 018 under s. 8(1)(c)(iii) of the Official Secrets Act 1972. Both were acquitted as the photographs of the examination papers were forwarded to them and stored automatically on their mobile phones, and they had no use for them, among others.
The prosecution of persons who possess information received via forwarded messages is a dangerous precedent. The law should make exception to those who had not knowingly received such information and chose not to delete those information thereafter.
Online and phone scams – Scammer or victim?
Online and phone scams have become common in Malaysia. The authorities had been tracking and arresting these scammers but many of them are based outside Malaysia. Instead, these scammers use the services of Malaysians, whether knowingly or not, to receive and dissipate money.
In Pendakwa Raya lwn Charles Sugumar a/l M. Karunnanithi (Kota Bharu Magistrate Court Kes Tangkap No: MKB (A) 83-43-02/2016), the accused was charged under s. s. 424 of the Penal Code for dishonestly concealing money of a scam victim in his bank account knowing that the said money does not belong to him. The victim had befriended a person by the name of Alfred Hammon from UK through Facebook. Alfred Hammon then made the victim transfer money to the accused’s bank account on the pretence that he needed the money to cash his cheque of three million dollars. Alfred Hammon promised that he will return the money together with interest. However, after transferring the money, the victim realised that she was scammed.
The accused claimed that he is not part of the scam and that when he was working as a tour driver, he was requested by his customer to receive money on the customer’s behalf. The accused claimed that he did it to give his customer the best service so that he can attract more customers. He said that he was informed by the customer that the customer’s friend had to transfer money to him so that the customer can continue his tour in Malaysia. The accused said that he did not make any remuneration or commission from that assistance.
The Magistrate acquitted the accused as the Magistrate found that, among others, the accused’s evidence is consistent and he is a credible witness. The Magistrate agreed that the accused was made a scapegoat by the customer who took advantage of his goodness and sincerity in giving the best service as a tour driver.
In Pendakwa Raya lwn Sabariah Binti Adam (Magistrate Court Criminal Trial No. 83RS – 206 – 08 / 2016), the accused was charged with two counts of knowingly concealing stolen property, an offence under s. 414 of the Penal Code. The victim was duped by a Facebook user by the name of Nasir to bank in her money into the accused’s bank account. The accused claimed that she was a victim of the same trumpery scheme and not the perpetrator. She has no control and custody over her bank account. The Court however drew inference that an account holder must be held responsible for all transaction initiated or authorised using her account number including transaction by another person whom the account holder has given permission to. The Court sentenced the accused twelve (12) months imprisonment for each charge.
However, in Pendakwa Raya lwn Hasimah Binti Aziz (Kuala Lumpur Criminal Sessions Court Case No. WA-62CY-052-08/2017), the accused was charged under s. 4(1)(b) of the Computer Crimes Act 1997 for allowing access without authorisation to her Maybank bank account and thereafter assist a scam against the complainant.
The complainant was tricked into transferring money to the accused to pay for charges to release a present purportedly sent by a person she knew from Facebook. The investigating officer found that the accused had given her automatic teller machine (ATM) card to a person she knew from Facebook. That person claimed he could not open a bank account in Malaysia.
The Court held that based on the evidence produced, it is clear that the complainant and accused were online scam victims themselves. The accused was deceived into giving her account number, ATM card and PIN number. The complainant on the other had was deceived into paying courier charges, among others. If detailed investigation was made, the main character of the scam would be revealed. There was no attempt to obtain the CCTV recording of who had taken the money from the ATM machine. The bank officer had testified that CCTV recording are stored by the bank for three (3) months. If the CCTV recording was obtained, it would reveal who had used the ATM card.
Sexual grooming – A new offence
In Syed Naharuddin Bin Syed Hashim v Etiqa Takaful Berhad (Award No.: 3143/2018), the Claimant was dismissed after the Company received an anonymous email alleging that the Claimant had been operating as a sexual predator and targeting girls as young as thirteen-years-old.
The anonymous author also alleged that the Claimant, using the pseudonym, “KBoy”, carried out his meetings with girls. It was also alleged that the Claimant’s conversations had been recorded and featured in an undercover expose by the Star newspaper team of journalists know as STAR R.AGE Team. An investigation by the Company revealed that there were two video recordings featuring K-Boy which had been uploaded onto the STAR R.AGE online website and the videos had gone viral on YouTube. The Claimant admitted that he was the individual in the video.
The Industrial Court held that the actions of the Claimant can amount to a sexual communication under the Sexual Offences Against Children Act 2017. The facts of the case which are largely admitted to by the Claimant, are that he communicated with the intended “victim” in social media and then met up with the person (who informed him that she was a young girl of 15). The setting, the time and the locale were such that a person of his standing in society and representing an insurance company should have been wary of. Further, the conversations were explicitly related to sex and sexual exploits which a man of his age has no business to discuss with a young lady, notwithstanding her real age.
The Court found that the termination was with just cause or excuse and the Claimant’s case is therefore dismissed.
E-hailing services – Naughty GrabCar driver
In Pendakwa Raya lwn Muhamad Izuwan Bin Kamaruddin (Mahkamah Magistrate Ampang No Kes: 85-55-09/2017, 83JS-16-09/2017 dan 83-780-09/2017), a GrabCar driver was charged under ss. 323, 354 and 506 of the Penal Code for assaulting his passenger. He pleaded guilty and was sentenced to a total of 3 years and five (5) months.
In deciding the sentence, the learned Magistrate took into account of the negative effect on the e-hailing provider GrabCar which may cause difficulty to female passengers to trust a GrabCar driver. The learned Magistrate imposed a deterrence sentence to send a message to all drivers so that they will drive ethically and treat their passengers with respect and not take advantage of then.
On another note, the Commercial Vehicle Licensing Board (Amendment) Act 2017 and Land Public Transport (Amendment) Act 2017 came to force on 12 July 2018.
These new laws introduced the licensing of intermediation business. Intermediation business is defined as “business of facilitating arrangements, booking or transactions of e-hailing vehicle (pursuant to the new amendment to CVLBA) and for the provision of land public transport services (pursuant to the new amendment to LPTA). These amendments were introduced to regulate e-hailing services such as Grab and also e-hailing vehicles.
Part 4 which focuses on commercial cases will be published on May 10.
First published on Digital News Asia on 3 May 2019
THE change of Government after the 14th General Election saw changes to our sphere of cyber and IT laws. The new Government withdrew numerous charges under s.233 of the Communications and Multimedia Act 1998, especially against those who had allegedly spoke against the previous Government.
The Anti-Fake News Act 2018 that was introduced before the 14th General Election was quickly shipped away by the House of Representatives via The Anti-Fake News (Repeal) Bill 2018, but was thwarted by the Senate. One person has been charged and sentenced under this Act.
There has also been an array of interesting cyber- and IT-related cases in our Courts.
An employee was dismissed from his job as his conduct could amount to sexual grooming under the Sexual Offences Against Children Act 2017. His action was recorded and featured in an undercover expose by the Star newspaper team of journalists know as The STAR R.AGE Team.
We saw the first decision on the liability of online service providers i.e whether they are liable for trademark infringement for the sale and advertisement of their Merchants’ products published on their website.
We also saw a greater adoption of the electronic service of Court documents. In 30 Maple Sdn Bhd v Noor Farah Kamilah Binti Che Ibrahim (Kuala Lumpur High Court Suit No: WA-22IP-50-12/2017), the Intellectual Property High Court granted an application to serve a Writ and Statement of Claim via email and WhatsApp messenger after it could not locate the Defendant at her last known address.
Traditionally, when a Defendant cannot be located, a Plaintiff would normally ask the Court to allow a notice relating to the lawsuit to be published in the newspaper, among others. The current Rules of Court 2012 does not expressly recognise the electronic service of Court documents notwithstanding that people are more mobile these days. Furthermore, the chance of being able to communicate with someone online is much higher than in person.
PKR communications director and Member of Parliament for Lembah Pantai, Fahmi Fadzil’s civil suit against the Malaysian Communications and Multimedia Commission and Nuemera (M) Sdn Bhd (Ahmad Fahmi Bin Mohamed Fadzil v Suruhanjaya Komunikasi dan Multimedia & Anor (Kuala Lumpur Sessions Court Suit No. WA-A52-2-02/2018)) for allegedly failing to protect his personal data which resulted in the leakage of his personal data together with the personal information of 46.2 million mobile subscribers has now been settled. This was one of Malaysians’ biggest data leaks. However, the terms of settlement were not disclosed.
Nevertheless, the lawsuit by Nuemera (M) Sdn Bhd against Malaysian Communications and Multimedia Commission (Nuemera (M) Sdn Bhd v Malaysian Communications and Multimedia Commission(Kuala Lumpur High Court Originating Summons No. WA-24NCC(ARB)-14-04/2018)) over its suspension of their services to the Commission due to the data leakage is pending before the Court of Appeal (Civil Appeal No. W-01(NCC)(A)-318-05/2018). The details of the lawsuit are unknown as the Court documents have been sealed by the Court.
I will summarise all these over four articles as part of my yearly tradition of what happened in the preceding year.
Anti-Fake News Act 2018 – Taking down fake news
The Anti-Fake News Act 2018 was quickly passed by the previous Government prior to the 14th General Election.
According to the explanatory note of the Anti-Fake News Bill 2018, the law was introduced to seek to deal with fake news by providing for certain offences and measures to curb the dissemination of fake news and to provide for related matters. As technology advances with time, the dissemination of fake news becomes a global concern and more serious in that it affects the public.
The Act seeks to safeguard the public against the proliferation of fake news whilst ensuring that the right to freedom of speech and expression under the Federal Constitution is respected. The provision on the power of the Court to make an order to remove any publication containing fake news serves as a measure to deal with the misuse of the publication medium, in particular social media platforms. With the Act, it is hoped that the public will be more responsible and cautious in sharing news and information.
S.4 of the Anti-Fake News Act 2018 makes it is an offence for any person who, by any means, maliciously creates, offers, publishes, prints, distributes, circulates or disseminates any fake news or publication containing fake news.
“Fake news” is defined as any news, information, data and reports, which is or are wholly or partly false, whether in the form of features, visuals or audio recordings or in any other form capable of suggesting words or ideas.
It was reported that one Salah Salem Saleh Sulaiman was charged and punished under s. 4(1) of the Anti-Fake News Act 2018, which carries a punishment of up to six years in prison and a fine of up to RM500,000, for maliciously publishing fake news in the form of a YouTube video under the user name Salah Sulaiman. He pleaded guilty and was sentenced to a week’s jail and fined RM10,000.
Online news portal, Malaysiakini.com, tried to challenge the constitutionality of the Act but failed in the High Court. In Mkini Dotcom Sdn Bhd v Kerajaan Malaysia & Anor (Kuala Lumpur Judicial Review Application No. WA-25-111-04/2018), Justice Azizah Nawawi held that the application should be dismissed as neither Malaysiakini nor its reporters had been charged under the law. She allowed the objection by the Government to refuse the leave application as the applicant is not adversely affected and the action is premature. Malaysiakini appealed to the Court of Appeal (Civil Appeal No. W-01(A)-399-06/2018) but the appeal was subsequently withdrawn.
As soon as Pakatan Harapan took over the Government, the Anti-Fake News (Repeal) Bill 2018 was introduced to repeal the Anti-Fake News Act 2018. The explanatory note of the Bill stated that fake news may be dealt with under existing laws such as the Penal Code, the Printing Presses and Publications Act 1984 and the Communications and Multimedia Act 1998. As such, the Act is no longer relevant. The House of Representatives passed the said Bill. However, the Senate rejected the Bill. As of the date of this article, the Anti-Fake News Act 2018 still stands.
Private Information – Leaked nudes
As video recording and photography become easily accessible, our Courts are now stating to deal with electronic files containing intimate and/or private materials.
In Datuk Wira S.M Faisal Bin SM Nasimuddin Kamal v Datin Wira Emilia Binti Hanafi & 4 Ors 7 CLJ 290, the 1st Defendant, the ex-wife of the Plaintiff, had taken into possession mobile phones and USB Flash Drives belonging to the Plaintiff. It was alleged that one of the flash drives contains files which featured intimate and/or private audio-visuals.
The Plaintiff sued the 1st Defendant and her other family members for the return of the devices. The High Court held that there had been no denial that the devices belonged to the Plaintiff. In view of the aforesaid, the High Court ordered the return of the devices.
In M v S (Joint Petitioners) (Sabah and Sarawak High Court), the High Court had to deal with the expungement of nude pictures allegedly of the wife. The husband and wife were fighting over the custody of their children. Custody was earlier granted to the husband and the wife applied to vary the custody order.
In opposing the application, the husband exhibited in his affidavit nude photographs of the wife taken from her computer and hand phone without her consent and stated she is a “wild woman” and an unfit mother. The wife applied to expunge several paragraphs and related nude pictures in the said affidavit under Order 41 Rule 6 of the Rules of Court 2012.
The High Court found that the wife did not release the pictures into the public domain. She had stored them privately in her hand phone and laptop computer. It is the husband who accessed them without her permission and gave access to others including law firm staff and court staff by exhibiting them in the affidavit in opposition without any sort of censoring whatever.
Thus, the exhibition of the said pictures of the wife in the affidavit in opposition was a gratuitous and malicious act to embarrass and humiliate her. The exhibition of the uncensored pictures in the husband’s affidavit was therefore scandalous and oppressive. Under these premises, the discretionary power vested in the court under Order 41 rule 6 of the Rules of Court 2012 should come to the aid of the wife.
The High Court also held that, in this day and age, private intimate photographs of a person stored in the computer or handphone should not suggest that person in question is immoral or an unfit parent.
Instant messaging – “WhatsApping” your children
In Lee Chui Si v Teh Yaw Poh (Sabah & Sarawak High Court Divorce Petition No. KCH-33JP-234/7-2017), the High Court found ways to soften the blow of a divorce by introducing the use of electronic messaging. The husband and wife fought over the custody of their children but two of their children do not wish to see their father.
Nevertheless, the learned Judge was of the view that a window of opportunity should be left open for the father to make amends to his two children. As such, in lieu of physical access, access to their father can be given by way of communicating with them via mobile phones (WhatsApp, phone calls, SMS or WeChat). In view of the present strained relationship between the two children and their father, the communication between them should be limited in the early stage and the Judge limited it to one phone call not exceeding ten minutes and two text messages a week. If the said two children respond and feel comfortable with communicating with their father, the number of phone calls and texting can be more than what the court has decreed.
Part 2 which focuses on cyber-defamation will be published on April 26
First published on Digital New Asia on 19 April 2019.
By Foong Cheng Leong | Mar 30, 2018
– Sending death threats using someone else’s mobile phone is not OK
– 2018 will mark interesting year for cyber related cases including Uber driver suing Uber
THE first statute in Malaysia to use the term “social media” is part of the law designed to protect children against sexual offences and not any computer crimes related or media related law.
At the same time a bank officer got into hot soup for using their superior’s email account and password. Let’s go through these cases now.
Sexual Offences Against Children Act 2017
The Sexual Offences Against Children Act 2017 was introduced to address the seriousness of sexual offences committed against children in Malaysia. The ultimate object of the proposed Act is to provide for better protection for children against sexual offences and to safeguard the interest and well-being of children and to provide effective deterrence.
One of the laws introduced is the law against child grooming. S. 12 of the Act states that child grooming is an offence punishable with imprisonment of no more than 5 years and liable for whipping. The Act specifically stated that the following amounts to child grooming :-
(a) A communicates with Z, a child via social media by pretending to be a teenager and develops a love relationship with Z with the intention of using Z in the making of child pornography. A never meets Z. A is guilty of an offence under this section .
(b) A communicates with Z, a child via e-mail and befriends Z with the intention that A’s friends C and B could rape Z. A never meets Z. A is guilty of an offence under this section.
This law is also the first statute in Malaysia to use the words “social media”.
Last year, we were anticipating the amendments of the Communications and Multimedia Act 1998. However, the amendments never came. Nevertheless, numerous people were investigated under s. 233 of the Communications and Multimedia Act 1998. Notably, in the case of Mohd Fahmi Redza Bin Mohd Zarin Lawan Pendakwa Raya dan Satu Lagi Kes (Kuala Lumpur Criminal Application No. 44-103-08/2016), the accused was charged under s. 233 of the Communications and Multimedia Act 1998 for publishing an offensive Instagram posting using the username kuasasiswa. The accused filed an application to strike out the charge on the grounds that:-
– s. 233 of the Communications and Multimedia Act 1998 is unconstitutional and/or ultra vires in view of Article 5(1), 8 and 10(1)(a) of the Federal Constitution
– the charge against him acts as and/or has the characteristic of a censorship and therefore in contravention of the objectives of the CMA according to s. 3(3) of the CMA; and
– the charge against the accused is defective as it does not have the details of the parties that were offended by his acts.
The Public Prosecutor applied to have the matter heard before the Federal Court in respect of the issues on the constitutionality of s. 233 of the CMA (in accordance with ss. 30 and 84 of the Courts of Judicature Act 1964. Upon hearing the parties, the High Court referred the matter to the Federal Court for the latter to decide on the following question:-
Whether Section 233(1)(a) of the Multimedia and Communication Act (Act 588) is Inconsistent with Article 5(1), 8 and 10(1)(a) of the Federal Constitution?
However, the Federal Court dismissed the application for non-compliance of the Courts of Judicature Act 1964 (Federal Court Criminal Application No. 06-04-04/2017(W)).
In Nik Adib Bin Nik Mat v Public Prosecutor (Rayuan Jenayah No 42S(A)-39-7/16), the accused was charged under s.233(1)(a) of the Communications and Multimedia Act 1998 for sending indecent and false photos of cabinet leaders titled “Pesta Bogel” on Facebook. He was also charged under s. 5(1)(a) of the Film Censorship Act 2002 for possession of 883 pieces of pornographic videos in his laptop. The Session Court sentenced him to the maximum sentence of 1 year imprisonment for the first offence and another 1 year imprisonment for the second offence.
On appeal, the High Court Judge stated that “cyber offences are serious offences especially the offence at hand, as those offensive materials could be easily disseminated to the public at large within seconds at a touch of a button” and agreed with the Sessions Court Judge that public interest is of paramount importance and should supersede the interest of the accused.
However, the learned High Court Judge was of the view that personal interest of the accused should not be disregarded at all and thus, allowed the appeal against the sentence. The learned High Court Judge took into account the grounds submitted by the accused and held that the misdirection of Session Court on imposing maximum sentence for the first offence warrants the appellate intervention and a special consideration ought to be given so that he can mend his ways and “turn over a new leaf”.
The High Court substituted the original sentence with 1 week imprisonment and a fine of RM3,000 in default 3 months imprisonment for the first charge and for the second charge, a fine of RM10,000 in default 1 ½ years imprisonment.
In Pendakwa Raya v Dato’ Dr Ahmad Ramzi Bin Ahmad Zubir (Rayuan Jenayah No. T-09-15-01/2014), the Respondent was charged with criminal defamation after he had sent text messages containing death threats to various individuals using another person’s (SP5) mobile phone number via an online platform registered in the name of a colleague of the Respondent (SP16). The said online platform allows users to broadcast SMS to numerous mobile numbers via the Internet. The Respondent had changed the sender’s mobile phone to SP5’s mobile number. The Respondent’s convicted by the Sessions Court but his conviction was overturned by the High Court.
On appeal, the Court of Appeal restored the conviction. In the grounds of judgment, the Court of Appeal discussed on the method used to determine whether the SMS was sent by the Respondent. The investigation had showed that the internet protocol address that was used to send the SMS was registered to the Respondent’s internet account. The MAC Address found was the same MAC Address of the Respondent’s router. According to the evidence provided by Cyber Security Malaysia, a MAC Address is a unique number provided by the Internet Service Provider and in order to connect to the Internet, it must be done through a router.
In Pendakwaraya v Charles Sugumar a/l M. Karunnanithi (Mahkamah Majistret Kota Bharu Kes Tangkap No: MKB (A) 83-43-02/2016), the accused was charged under s. s. 424 of the Penal Code for dishonestly concealing money of a scam victim in his bank account knowing that the said money does not belong to him. The victim had befriended a person by the name of Alfred Hammon from UK through Facebook. Alfred Hammon then made the victim transfer money to the accused’s bank account on the pretence that he needed the money to cash his cheque of US$3 million. Alfred Hammon promised that he will return the money together with interest. However, after transferring RM36,300 the victim realised that she was scammed.
The accused claimed that he is not part of the scam. The accused claimed that when he was working as a tour driver, he was requested by his customer to receive money on the customer’s behalf. The accused claimed that he did it to give his customer the best service so that he can attract more customers. He said that he was informed by the customer that the customer’s friend had to transfer money to him so that the customer can continue his tour in Malaysia. The accused said that he did not gain any remuneration or commission from that assistance.
The Magistrate acquitted the accused as the Magistrate found that, among others, the accused’s evidence is consistent and is a credible witness. The Magistrate agree that the accused was made a scapegoat by the customer who took advantage of his goodness and sincerity in giving the best service as a tour driver.
Computer Crimes Act
In Rose Hanida Binti Long lwn Pendakwa Raya (Kuala Lumpur High Court Criminal Appeal No. 42K–(115–124)-09/2016), the appellant was charged under the Computer Crimes Act 1997 (unauthorised access to computer material with intent to facilitate the commission of an offence involving fraud or dishonesty or which causes injury) and s. 420 of the Penal Code (for cheating) for making false claims to his employer, a bank, by using his superior’s account and password to without his superior’s knowledge. She was initially sentenced by the Sessions Court with 4 years of imprisonment and fine of RM260,000 in default of 15 months jail. She appealed the sentence but withdrew it later. Notwithstanding that it had been withdrawn, the High Court Judge exercised his revisionary powers and enhanced the sentence to 6 years and fine of RM260,000 in default of 15 months jail due to the seriousness of the offence.
In Kangaie Agilan Jammany lwn PP  1 LNS 1640, the accused was charged under s. 5(1) of the Computer Crimes Act 1997 for making modification of the contents of Air Asia’s flight booking system without authorisation. The accused had allegedly used the function “move flight function” in those unauthorised transactions to change, among others, the flight details and customers’ emails for the purpose of notification. The said function is a critical function to allow authorised staff to make changes so that no charges are made to customers.
The accused was given an ID ‘6954’ and password to access Air Asia flight booking system but he had limited access to it. Thus, one of the witnesses, SP4, had given his ID and password to the accused after the accused had requested for it on the ground that the latter is unable to access to the system using his own ID. SP4 did not know that the accused had misused his account. The accused had then used the said account to help his family members and friends to get cheaper flight tickets, among others. Air Asia alleged that it had lost about RM229,100.42 due to the accused’s actions.
In the system log, it was found that the accused had changed the flight schedule and also that there were a few customer email notifications which involved the agent code 6954 which had made the flight changes. Further, there was an incident whereby SP4 was asked by the accused to provide his new password after it had been changed.
The Sessions Court found the accused guilty and had applied the statutory presumption under s. 114A of the Evidence Act 1950 after the accused could not rebut the evidence that the agent code 6954 belongs and used by him.
Under 114A of the Evidence Act 1950, a person is deemed to be a publisher of a content if it originates from his or her website, registered networks or data processing device of an internet user unless he or she proves the contrary. In 2014, this new law sparked a massive online protest dubbed the Malaysia Internet Blackout Day or also the Stop114A.
On appeal, the High Court concurred with the Sessions Court Judge. The High Court Judge also held that s. 114A of the Evidence Act 1950 applies retrospectively notwithstanding that the offence was committed prior to the enforcement of s. 114A as the presumption did not alter the original subject matter and even includes the same subject matter that did not prejudice the accused before and after. In other words, without using such presumption, the Prosecution would still have to prove that the Accused was the person who used his ID and password to access the employer’s system had committed an offence to change the flight schedule without authorisation. On the contrary also by applying the presumption of the law, the Prosecution will still have to prove that the accused alone has a specific ID and password to access the system.
2018 will mark another interesting year for cyber related cases. In late 2017 and early 2018, the following cases have been filed:-
– A Uber driver sued Uber Malaysia Sdn Bhd for non payment of his fees. The interesting question in this case would be whether Uber Malaysia Sdn Bhd is liable to pay such fees or one of Uber’s foreign entities.
– In the Intellectual Property Court of Kuala Lumpur, a brand owner had filed a law suit for trade mark infringement against a web hosting company for hosting a website that sold counterfeit products. The interesting question in this case is whether a webhoster is liable for what their subscribers do.
– In the same Court, a brand owner had also filed a law suit for trade mark infringement against online marketplace operator for using the brand owner’s registered trade mark and allowing their users to sell unauthorised products. The interesting question in this case is whether an online marketplace operator is liable for what their users do on their platform and in particular case, for selling unauthorised products.
– The same Court also granted an application to serve a Writ and Statement of Claim via email and WhatsApp messenger after it could not locate the Defendant at her last known address. Traditionally, when a Defendant cannot be located, Plaintiff would normally ask the Court to allow a notice relating to the lawsuit to be published in the newspaper, among others. We will see more and more substituted service applications to be served electronically.
PKR communications director Fahmi Fadzil filed a civil suit against the Malaysian Communications and Multimedia Commission and Nuemera (M) Sdn Bhd for allegedly failed to protect his personal data which resulted in the leakages of his personal data together with personal information of 46.2 million mobile subscribers. This was one of Malaysians’ biggest data leak.
Finally, the recent introduction this month of the Anti-Fake News Bill 2018 is too important for me to leave till next year to comment!
The word “fake news” is defined as any news, information, data and reports, which is or are wholly or partly false, whether in the form of features, visuals or audio recordings or in any other form capable of suggesting words or ideas.
The law applies to fake news concerning Malaysia or the person affected by the commission of the offence is a Malaysian citizen. Any person who, by any means, knowingly creates, offers, publishes, prints, distributes, circulates or disseminates any fake news or publication containing fake news commits an offence and shall, on conviction, be liable to a fine not exceeding RM500,000 or to imprisonment for a term not exceeding 10 years or to both.
The Court may also order the accused to make an apology. Interestingly, the new law allows civil action to be initiated by a person affected by the fake news publication for an order for the removal of such publication. I will write further on this new law on a separate article. [Postscript: The Anti Fake News Act 2018 is now in force effective from 11 April 2018]
First published on Digital News Asia on 30 March 2018
I was interviewed by The Star on the issue of legality of a local website that connects “sugar daddies” with “sugar babies”. In the article entitled “A raw nerve hit, but no laws broken“, I said the following:-
There is no law against couple matching services in Malaysia unless it is for prostitution or other illegal purposes, said Bar Council cyber law and information technology committee deputy chairman Foong Cheng Leong.
While the website’s service and users may be entering a moral grey area, Foong said “immoral doesn’t necessarily mean unlawful”.
“Payment for companionship is legal. This is unless the companionship falls under prohibited acts, which include prostitution and soliciting prostitution,” he said.
Foong was commenting on a Malaysia-based online dating platform which matches established, wealthy men or “sugar daddies” with women who are seeking financial support.
MCMC also said operating, providing and using an online service or application is not an offence under the Communications and Multimedia Act 1998.
“However, action can be taken if such a service is being used to disseminate illicit content such as obscenities, nudity, pornography and others,” it said.
Other enforcement agencies like the police may also pursue various actions under the relevant laws if there are elements of prostitution, extortion, blackmail and scams.
“Should consumers feel the app is inappropriate due to its content, they can reach out to the MCMC or the police. Investigations will be undertaken to assess if such contravene the existing laws.”
I was also interview by Digital New Asia on the same issue in their article “TheSugarBook – sweet endings or bitter disappointment?“. The relevant excerpts are as follow:-
One of the most-asked questions about TheSugarBook is whether or not such a service is legal.
“There is no law against couple matching services in Malaysia unless it is for prostitution or other illegal purposes,” says Foong Cheng Leong (pic, above), deputy chairperson of The Malaysian Bar’s Information Technology & Cyber Law Committee.
It must be pointed out that other popular dating apps such as Tinder or Grindr (a social networking app for LGBTQ people) could also have users who met on the app engaging in illegal activities outside of it. Many of these platforms do not enable users to report other users or have such strict regulations regarding user profiles as TheSugarBook does and it is quite usual for users to state on their profiles that they are only looking for casual sex.
According to Foong, such platforms should not be liable for what its users do outside the platform.
Though TheSugarBook does seem to be using discretion when it comes to ensuring no underage activity, none of these checks can actually guarantee that a user cannot lie their way through to a verified profile. A user could use someone else’s photo and enter their age as older, as they could on their Facebook profile, and a college student could very well be under 18.
However, being below 18 is not actually a legal requirement for registering a profile on a dating app in Malaysia. “Currently, there are no laws stipulating the minimum safety requirements of a couple matching platform,” says Foong.
“Assuming that a minor circumvents the age requirement and falsely pretends to be a person of 18 and above, I don’t think such platform would be doing anything illegal,” he continues.
Late last year, it was reported that the private data of 46.2 million mobile phone subscribers were leaked sometime in the middle of 2014. All 14 telcos were affected in what is Malaysia’s biggest ever data breach. Explaining what this means for you and me is lawyer Foong Cheng Leong. He chairs the KL Bar’s Information Technology and Publications Committee.
Your browser does not support native audio, but you can download this MP3 to listen on your device.
Recently, tech blogger Keith Rozario created the website SayaKenaHack.com, a platform to allow people to check if they were affected by the data leakage of 46.2 million mobile phone subscribers. The website allowed users to key in their identity card number and the website will inform the users whether they are affected by the leakage. If they are affected, the website will yield a masked mobile number. Some users have complained that those masked numbers do not resemble their mobile numbers.
The Malaysian Communications and Multimedia Commission (MCMC), under s. 263 of the Communication and Multimedia Act 1998 (CMA), directed internet service providers to block the website SayaKenaHack.com on the ground that it had contravened s. 130 of the Personal Data Protection Act 2010 (PDPA).S. 263(2) of the CMA and s. 130 of the PDPA provide the following:
Section 263. General duty of licensees.
(2) A licensee shall, upon written request by the Commission or any other authority, assist the Commission or other authority as far as reasonably necessary in preventing the commission or attempted commission of an offence under any written law of Malaysia or otherwise in enforcing the laws of Malaysia, including, but not limited to, the protection of the public revenue and preservation of national security.
130 Unlawful collecting, etc., of personal data
(1) A person shall not knowingly or recklessly, without the consent of the data user-
(a) collect or disclose personal data that is held by the data user; or
(b) procure the disclosure to another person of personal data that is held by the data user.
(2) Subsection (1) shall not apply to a person who shows-
(a) that the collecting or disclosing of personal data or procuring the disclosure of personal data-
(i) was necessary for the purpose of preventing or detecting a crime or for the purpose of investigations; or
(ii) was required or authorized by or under any law or by the order of a court;
(b) that he acted in the reasonable belief that he had in law the right to collect or disclose the personal data or to procure the disclosure of the personal data to the other person;
(c) that he acted in the reasonable belief that he would have had the consent of the data user if the data user had known of the collecting or disclosing of personal data or procuring the disclosure of personal data and the circumstances of it; or
(d) that the collecting or disclosing of personal data or procuring the disclosure of personal data was justified as being in the public interest in circumstances as determined by the Minister.
(3) A person who collects or discloses personal data or procures the disclosure of personal data in contravention of subsection (1) commits an offence.
(4) A person who sells personal data commits an offence if he has collected the personal data in contravention of subsection (1).
(5) A person who offers to sell personal data commits an offence if-
(a) he has collected the personal data in contravention of subsection (1); or
(b) he subsequently collects the personal data in contravention of subsection (1).
(6) For the purposes of subsection (5), an advertisement indicating that personal data is or may be for sale is an offer to sell the personal data.
In the Personal Data Protection Commissioner Khalidah Mohd Darus’s media statement dated 17 November 2017, the Commissioner stated that SayaKenaHack.com was blocked because it had contained personal data which had been collected without the consent of the data user pursuant to s. 130 of the PDPA. The Commissioner then advised members of the public to be vigilant when sharing personal data with others, among others.
Unfortunately, Keith Rozario decided to close SayaKenaHack.com upon being blocked. It would be interesting if he had filed an action to challenge the blocking order. So far, there is no reported case on anyone challenging a “blocking order” by MCMC in Court.
There ought to be checks and balances against such blocking order. Under the s. 10A of the Sedition (Amendment) Bill 2015, the Public Prosecutor must make an application to a Sessions Court Judge to direct an officer authorised under the Communications and Multimedia Act 1998 to prevent access to any seditious publication. Likewise, s 263 of the CMA should be amended to reflect such checks and balances.
I was interviewed by The Star, on my personal capacity (not on behalf of Bar Council, as earlier reported by The Star), on this issue. In The Star’s article dated 18 November 2017 entitled “SayaKenaHack.com only provides information, does not allow data download“, I was asked whether SayaKenaHack.com was in contravention of s. 130 of the PDPA. I replied:-
SayaKenaHack.com did not breach Section 130 of the Personal Data Protection Act 2010 (PDPA), says the Bar Council cyber law and information technology committee.
The committee’s co-chairman Foong Cheng Leong said the website was merely a platform for users to check whether their personal data had been leaked or breached.
“Currently, the Malaysian Communications and Multimedia Commission (MCMC) is blocking the website for breaching Section 130 of the PDPA for unlawful collection of personal data.
“If the website allows people to download the personal data of others, then it will be a violation of PDPA.
“Therefore, the website did not violate the PDPA,” he said when contacted yesterday.
In The Star’s article dated 31 October 2017 entitled “M’sia sees biggest mobile data breach“, I added:-
“..assuming that the leak was after the enforcement of the Personal Data Protection Act 2010, there might have been a breach of the Act’s Security Principle by the data users.
The Security Principle requires data users to process personal data securely, but there is not much customers can do other than file a complaint with the Personal Data Protection Commissioner
There may be a recourse against the telecommunication companies for negligence i.e. failing to ensure that the subscribers’ personal data are adequately protected. In an article dated 20 November 2017 in The Other, I said:-
For Malaysians looking for legal recourse in light of the mass data breach, Foong Cheng Leong, a lawyer specialising in cybersecurity law, says it is possible. “If they have the evidence to show that the telco was the source of leak and they had been negligent.”
Currently, a company is now being investigated for causing the said personal data protection leakage.
On a separate issue, in The Star’s article dated 26 November 2017 entitled “Going full force to enforce Act“, the Personal Data Protection Commissioner stated that 3 companies have fined for contravening the PDPA.
The Commissioner added that mobile applications are not required to be registered under the PDPA. But the operators must comply with the PDPA since they process personal data in commercial transactions.
I was asked to comment on this issue. I said:-
..an individual has a right under the PDPA to request a copy of the personal data processed by the data user.
“You also have a right to withdraw your consent in allowing your personal data to be processed by a data user.
“However, the data user has the right to refuse the request to delete the data if they are required to process such information by law,” he says.
“Online users should also be vigilant in what data they provide. If it isn’t necessary, online users need not give such data,” he says.
Bread & Kaya: Are WhatsApp admins going to jail?
By Foong Cheng Leong | May 02, 2017
– Two key elements in s. 233 are not fulfilled by a group chat admin
– To use s. 114A to attach liability on a group chat admin is stretching s. it too far
I REFER to the recent news reports stating that the Honourable Deputy Communications and Multimedia Minister Jailani Johari announced that group chat admins can be held accountable under the Communications and Multimedia Act 1998 (CMA) if they fail to stop the spread of false news to its members.
With due respect to the Honourable Deputy Ministry, the CMA, in particular s. 233 of the CMA, does not attach any liability to an admin of a group chat admin for spreading “false news”.
For ease of reference, I reproduce s. 233 of the Act:-
233 Improper use of network facilities or network service, etc
(1) A person who-
(a) by means of any network facilities or network service or applications service knowingly-
(ii) initiates the transmission of,
any comment, request, suggestion or other communication which is obscene, indecent, false, menacing or offensive in character with intent to annoy, abuse, threaten or harass another person; or
(b) initiates a communication using any applications service, whether continuously, repeatedly or otherwise, during which communication may or may not ensue, with or without disclosing his identity and with intent to annoy, abuse, threaten or harass any person at any number or electronic address,
commits an offence.
(2) A person who knowingly-
(a) by means of a network service or applications service provides any obscene communication for commercial purposes to any person; or
(b) permits a network service or applications service under the person’s control to be used for an activity described in paragraph (a),
commits an offence.
(3) A person who commits an offence under this section shall, on conviction, be liable to a fine not exceeding fifty thousand ringgit or to imprisonment for a term not exceeding one year or to both and shall also be liable to a further fine of one thousand ringgit for every day during which the offence is continued after conviction.
The offence under s. 233(1) of the CMA is committed by a person who uses any network facilities or network service or applications service knowingly makes, creates or solicits and initiates the transmission of an offensive communication with intent to annoy, abuse, threaten or harass another person. Two key elements in s. 233 are not fulfilled by a group chat admin namely “knowingly make or initiates the offensive communication” and “with intent to annoy, abuse, threaten or harass another person”.
As for s. 233(2), liability is only attached to a person who knowingly provide or permits an applications service to provide any obscene communication for commercial purposes. This is also not applicable to the present case.
It is noted that s. 114A of the Evidence Act 1950 provides for three circumstances where an Internet user is deemed to be a publisher of a content unless proven otherwise by him or her. The relevant section, namely s. 114A(1), states that “A person whose name, photograph or pseudonym appears on any publication depicting himself as the owner, host , administrator, editor or sub-editor, or who in any manner facilitates to publish or re-publish the publication is presumed to have published or re-published the contents of the publication unless the contrary is proved”.
In simple words, if your name, photograph or pseudonym appears on any publication depicting yourself as the aforesaid persons, you are deemed to have published the content.
To use s. 114A to attach liability on a group chat admin is stretching s. 114A too far. It must be highlighted that s. 114A was introduced to “provide for the presumption of fact in publication in order to facilitate the identification and proving of the identity of an anonymous person involved in publication through the internet” (Explanatory Statement of Evidence (Amendment) (No. 2) Bill 2012). Common sense would dictate that a group chat admin is not a publisher of their member’s messages.
In fact, in the Delhi High Court case of Ashish Bhalla vs Suresh Chawdhury & Ors, the Court held that:-
Similarly, I am unable to understand as to how the Administrator of a Group can be held liable for defamation even if any, by the statements made by a member of the Group. To make an Administrator of an online platform liable for defamation would be like making the manufacturer of the newsprint on which defamatory statements are published liable for defamation. When an online platform is created, the creator thereof cannot expect any of the members thereof to indulge in defamation and defamatory statements made by any member of the group cannot make the Administrator liable therefor. It is not as if without the Administrator‟s approval of each of the statements, the statements cannot be posted by any of the members of the Group on the said platform
Perhaps the Honourable Deputy Minister should clarify which section in the CMA attaches liability to a group chat admin to avoid further confusion and panic to group chat admins.
First published on Digital News Asia on 2 May 2017.
Subsequent to my update on the Malaysian 2016 cyberlaw cases, I was interviewed by BFM Radio to talk about general laws applicable to social media in Malaysia on 13 April 2017. I also covered the rules applicable to your digital data after your death and how to manage them in preparation of your death.
Who owns the pictures you post on Facebook? Can comments you post on Facebook be used against you in court, even after it is deleted? How is defamation defined on social media? On this episode of Landmark, a series exploring how the law shapes society and vice versa, lawyer Foong Cheng Leong talks us through recent rulings involving the social media platform and explains where the law currently stands when it comes to Facebook.
Your browser does not support native audio, but you can download this MP3 to listen on your device.