By Foong Cheng Leong | Mar 30, 2018
– Sending death threats using someone else’s mobile phone is not OK
– 2018 will mark interesting year for cyber related cases including Uber driver suing Uber
THE first statute in Malaysia to use the term “social media” is part of the law designed to protect children against sexual offences and not any computer crimes related or media related law.
At the same time a bank officer got into hot soup for using their superior’s email account and password. Let’s go through these cases now.
Sexual Offences Against Children Act 2017
The Sexual Offences Against Children Act 2017 was introduced to address the seriousness of sexual offences committed against children in Malaysia. The ultimate object of the proposed Act is to provide for better protection for children against sexual offences and to safeguard the interest and well-being of children and to provide effective deterrence.
One of the laws introduced is the law against child grooming. S. 12 of the Act states that child grooming is an offence punishable with imprisonment of no more than 5 years and liable for whipping. The Act specifically stated that the following amounts to child grooming :-
(a) A communicates with Z, a child via social media by pretending to be a teenager and develops a love relationship with Z with the intention of using Z in the making of child pornography. A never meets Z. A is guilty of an offence under this section .
(b) A communicates with Z, a child via e-mail and befriends Z with the intention that A’s friends C and B could rape Z. A never meets Z. A is guilty of an offence under this section.
This law is also the first statute in Malaysia to use the words “social media”.
Last year, we were anticipating the amendments of the Communications and Multimedia Act 1998. However, the amendments never came. Nevertheless, numerous people were investigated under s. 233 of the Communications and Multimedia Act 1998. Notably, in the case of Mohd Fahmi Redza Bin Mohd Zarin Lawan Pendakwa Raya dan Satu Lagi Kes (Kuala Lumpur Criminal Application No. 44-103-08/2016), the accused was charged under s. 233 of the Communications and Multimedia Act 1998 for publishing an offensive Instagram posting using the username kuasasiswa. The accused filed an application to strike out the charge on the grounds that:-
– s. 233 of the Communications and Multimedia Act 1998 is unconstitutional and/or ultra vires in view of Article 5(1), 8 and 10(1)(a) of the Federal Constitution
– the charge against him acts as and/or has the characteristic of a censorship and therefore in contravention of the objectives of the CMA according to s. 3(3) of the CMA; and
– the charge against the accused is defective as it does not have the details of the parties that were offended by his acts.
The Public Prosecutor applied to have the matter heard before the Federal Court in respect of the issues on the constitutionality of s. 233 of the CMA (in accordance with ss. 30 and 84 of the Courts of Judicature Act 1964. Upon hearing the parties, the High Court referred the matter to the Federal Court for the latter to decide on the following question:-
Whether Section 233(1)(a) of the Multimedia and Communication Act (Act 588) is Inconsistent with Article 5(1), 8 and 10(1)(a) of the Federal Constitution?
However, the Federal Court dismissed the application for non-compliance of the Courts of Judicature Act 1964 (Federal Court Criminal Application No. 06-04-04/2017(W)).
In Nik Adib Bin Nik Mat v Public Prosecutor (Rayuan Jenayah No 42S(A)-39-7/16), the accused was charged under s.233(1)(a) of the Communications and Multimedia Act 1998 for sending indecent and false photos of cabinet leaders titled “Pesta Bogel” on Facebook. He was also charged under s. 5(1)(a) of the Film Censorship Act 2002 for possession of 883 pieces of pornographic videos in his laptop. The Session Court sentenced him to the maximum sentence of 1 year imprisonment for the first offence and another 1 year imprisonment for the second offence.
On appeal, the High Court Judge stated that “cyber offences are serious offences especially the offence at hand, as those offensive materials could be easily disseminated to the public at large within seconds at a touch of a button” and agreed with the Sessions Court Judge that public interest is of paramount importance and should supersede the interest of the accused.
However, the learned High Court Judge was of the view that personal interest of the accused should not be disregarded at all and thus, allowed the appeal against the sentence. The learned High Court Judge took into account the grounds submitted by the accused and held that the misdirection of Session Court on imposing maximum sentence for the first offence warrants the appellate intervention and a special consideration ought to be given so that he can mend his ways and “turn over a new leaf”.
The High Court substituted the original sentence with 1 week imprisonment and a fine of RM3,000 in default 3 months imprisonment for the first charge and for the second charge, a fine of RM10,000 in default 1 ½ years imprisonment.
In Pendakwa Raya v Dato’ Dr Ahmad Ramzi Bin Ahmad Zubir (Rayuan Jenayah No. T-09-15-01/2014), the Respondent was charged with criminal defamation after he had sent text messages containing death threats to various individuals using another person’s (SP5) mobile phone number via an online platform registered in the name of a colleague of the Respondent (SP16). The said online platform allows users to broadcast SMS to numerous mobile numbers via the Internet. The Respondent had changed the sender’s mobile phone to SP5’s mobile number. The Respondent’s convicted by the Sessions Court but his conviction was overturned by the High Court.
On appeal, the Court of Appeal restored the conviction. In the grounds of judgment, the Court of Appeal discussed on the method used to determine whether the SMS was sent by the Respondent. The investigation had showed that the internet protocol address that was used to send the SMS was registered to the Respondent’s internet account. The MAC Address found was the same MAC Address of the Respondent’s router. According to the evidence provided by Cyber Security Malaysia, a MAC Address is a unique number provided by the Internet Service Provider and in order to connect to the Internet, it must be done through a router.
In Pendakwaraya v Charles Sugumar a/l M. Karunnanithi (Mahkamah Majistret Kota Bharu Kes Tangkap No: MKB (A) 83-43-02/2016), the accused was charged under s. s. 424 of the Penal Code for dishonestly concealing money of a scam victim in his bank account knowing that the said money does not belong to him. The victim had befriended a person by the name of Alfred Hammon from UK through Facebook. Alfred Hammon then made the victim transfer money to the accused’s bank account on the pretence that he needed the money to cash his cheque of US$3 million. Alfred Hammon promised that he will return the money together with interest. However, after transferring RM36,300 the victim realised that she was scammed.
The accused claimed that he is not part of the scam. The accused claimed that when he was working as a tour driver, he was requested by his customer to receive money on the customer’s behalf. The accused claimed that he did it to give his customer the best service so that he can attract more customers. He said that he was informed by the customer that the customer’s friend had to transfer money to him so that the customer can continue his tour in Malaysia. The accused said that he did not gain any remuneration or commission from that assistance.
The Magistrate acquitted the accused as the Magistrate found that, among others, the accused’s evidence is consistent and is a credible witness. The Magistrate agree that the accused was made a scapegoat by the customer who took advantage of his goodness and sincerity in giving the best service as a tour driver.
Computer Crimes Act
In Rose Hanida Binti Long lwn Pendakwa Raya (Kuala Lumpur High Court Criminal Appeal No. 42K–(115–124)-09/2016), the appellant was charged under the Computer Crimes Act 1997 (unauthorised access to computer material with intent to facilitate the commission of an offence involving fraud or dishonesty or which causes injury) and s. 420 of the Penal Code (for cheating) for making false claims to his employer, a bank, by using his superior’s account and password to without his superior’s knowledge. She was initially sentenced by the Sessions Court with 4 years of imprisonment and fine of RM260,000 in default of 15 months jail. She appealed the sentence but withdrew it later. Notwithstanding that it had been withdrawn, the High Court Judge exercised his revisionary powers and enhanced the sentence to 6 years and fine of RM260,000 in default of 15 months jail due to the seriousness of the offence.
In Kangaie Agilan Jammany lwn PP  1 LNS 1640, the accused was charged under s. 5(1) of the Computer Crimes Act 1997 for making modification of the contents of Air Asia’s flight booking system without authorisation. The accused had allegedly used the function “move flight function” in those unauthorised transactions to change, among others, the flight details and customers’ emails for the purpose of notification. The said function is a critical function to allow authorised staff to make changes so that no charges are made to customers.
The accused was given an ID ‘6954’ and password to access Air Asia flight booking system but he had limited access to it. Thus, one of the witnesses, SP4, had given his ID and password to the accused after the accused had requested for it on the ground that the latter is unable to access to the system using his own ID. SP4 did not know that the accused had misused his account. The accused had then used the said account to help his family members and friends to get cheaper flight tickets, among others. Air Asia alleged that it had lost about RM229,100.42 due to the accused’s actions.
In the system log, it was found that the accused had changed the flight schedule and also that there were a few customer email notifications which involved the agent code 6954 which had made the flight changes. Further, there was an incident whereby SP4 was asked by the accused to provide his new password after it had been changed.
The Sessions Court found the accused guilty and had applied the statutory presumption under s. 114A of the Evidence Act 1950 after the accused could not rebut the evidence that the agent code 6954 belongs and used by him.
Under 114A of the Evidence Act 1950, a person is deemed to be a publisher of a content if it originates from his or her website, registered networks or data processing device of an internet user unless he or she proves the contrary. In 2014, this new law sparked a massive online protest dubbed the Malaysia Internet Blackout Day or also the Stop114A.
On appeal, the High Court concurred with the Sessions Court Judge. The High Court Judge also held that s. 114A of the Evidence Act 1950 applies retrospectively notwithstanding that the offence was committed prior to the enforcement of s. 114A as the presumption did not alter the original subject matter and even includes the same subject matter that did not prejudice the accused before and after. In other words, without using such presumption, the Prosecution would still have to prove that the Accused was the person who used his ID and password to access the employer’s system had committed an offence to change the flight schedule without authorisation. On the contrary also by applying the presumption of the law, the Prosecution will still have to prove that the accused alone has a specific ID and password to access the system.
2018 will mark another interesting year for cyber related cases. In late 2017 and early 2018, the following cases have been filed:-
– A Uber driver sued Uber Malaysia Sdn Bhd for non payment of his fees. The interesting question in this case would be whether Uber Malaysia Sdn Bhd is liable to pay such fees or one of Uber’s foreign entities.
– In the Intellectual Property Court of Kuala Lumpur, a brand owner had filed a law suit for trade mark infringement against a web hosting company for hosting a website that sold counterfeit products. The interesting question in this case is whether a webhoster is liable for what their subscribers do.
– In the same Court, a brand owner had also filed a law suit for trade mark infringement against online marketplace operator for using the brand owner’s registered trade mark and allowing their users to sell unauthorised products. The interesting question in this case is whether an online marketplace operator is liable for what their users do on their platform and in particular case, for selling unauthorised products.
– The same Court also granted an application to serve a Writ and Statement of Claim via email and WhatsApp messenger after it could not locate the Defendant at her last known address. Traditionally, when a Defendant cannot be located, Plaintiff would normally ask the Court to allow a notice relating to the lawsuit to be published in the newspaper, among others. We will see more and more substituted service applications to be served electronically.
PKR communications director Fahmi Fadzil filed a civil suit against the Malaysian Communications and Multimedia Commission and Nuemera (M) Sdn Bhd for allegedly failed to protect his personal data which resulted in the leakages of his personal data together with personal information of 46.2 million mobile subscribers. This was one of Malaysians’ biggest data leak.
Finally, the recent introduction this month of the Anti-Fake News Bill 2018 is too important for me to leave till next year to comment!
The word “fake news” is defined as any news, information, data and reports, which is or are wholly or partly false, whether in the form of features, visuals or audio recordings or in any other form capable of suggesting words or ideas.
The law applies to fake news concerning Malaysia or the person affected by the commission of the offence is a Malaysian citizen. Any person who, by any means, knowingly creates, offers, publishes, prints, distributes, circulates or disseminates any fake news or publication containing fake news commits an offence and shall, on conviction, be liable to a fine not exceeding RM500,000 or to imprisonment for a term not exceeding 10 years or to both.
The Court may also order the accused to make an apology. Interestingly, the new law allows civil action to be initiated by a person affected by the fake news publication for an order for the removal of such publication. I will write further on this new law on a separate article. [Postscript: The Anti Fake News Act 2018 is now in force effective from 11 April 2018]
First published on Digital News Asia on 30 March 2018