I am happy to announce that my book “Foong’s Malaysia Cyber, Electronic Evidence and Information Technology Law” is available for pre-order. This is my third book. It started off with a compendium of cases but subsequently evolved into a textbook. It took me about a year to restructure the contents into a textbook.

This book was inspired by the case of PP v Loh Guo Shi [2016] 1 SMC 190. My learned friend, Lim Chi Chau and I represented the accused when he was charged under s. 5 of the Computer Crimes Act 1997. He was accused of deleting his employers’ database. 

When the case came to us, there was no reported case under Computer Crimes Act 1997 nor any local textbooks that could help us in defending his case. All I had was the book Electronic Evidence by Stephen Mason. This book was recommended by Justice Tan Sri Dato’ Mohamad Ariff Yusof (as then he was) when I had a trial before him. 

Fortunately, when I read the documents provided by the prosecution, I saw flaws in the prosecution’s case. One of them was the issue of Internet Protocol (IP) address. I looked at the year of the alleged offence and I realised that the accused was using a Telekom streamyx account. In that year, a streamyx account can be accessed anywhere so long a person has the login and password. During the trial, we got the witness from Telekom Malaysia Berhad to agree with us. There was no evidence that the accused had log on to his account during the time of offence. Further, by reading the log files provided by the prosecution, we discovered that there was a break in the chain of evidence.

The learned Magistrate, Puan Aminahtul Mardiah, acquitted the accused without calling his defence. The High Court had also dismissed the prosecutor’s appeal. The details of this case are also reported in this book. 

I would like to believe that we freed an innocent man by using knowledge beyond the law. By writing this book, I hope to help those who face the same or similar predicament as us. 

CONTENTS:

1. Civil Matters
2. Cybercrime
3. Admissibility of Computer-Generated Documents
4. Presumption of Fact in Publication
5. Instant Messages, Social Media Postings & Other Electronic Evidence
6. Electronic Evidence in Industrial Relation Disputes
7. Electronic Evidence in Family Disputes
8. Discovery
9. “.MY” Domain Names
10. Legal Practice and Technology
11. Digital Economy
12. Electronic Commercial Transactions
13. Electronic and Digital Signatures
14. Digital Assets
15. E-Commerce

You may purchase the book at Sweet & Maxwell’s website or any selected book stores.

The post Foong’s Malaysia Cyber, Electronic Evidence and Information Technology Law appeared first on Foong Cheng Leong.

Notably, Twitter user @wonghoicheng was charged under Section 504 of the Penal Code and Section 233 of the Communications and Multimedia Act 1998 for “deliberately humiliating and provoking” Inspector-General of Police (IGP) Khalid Abu Bakar on Twitter by likening him to Nazi military commander Heinrich Himmler.

Our courts were also flooded with interesting cyberlaw cases dealing with various issues.

Tracing a person online and 114A

In Tong Seak Kan & Anor v Loke Ah Kin & Anor [2014] 6 CLJ 904, the Plaintiffs initiated an action for cyberspace defamation against the 1st Defendant.

In tracing the perpetrator, who had posted defamatory statements on two Google Blogspot websites, the Plaintiffs filed an action called a John Doe action in the Superior Court of California.

In compliance with the court order, Google traced the blogs to two IP (Internet Protocol) addresses which were revealed by Telekom Malaysia Bhd to be IP addresses belonging to the 1st Defendant’s account.

In the same case, the High Court had held that the controversial Section 114A (2) of the Evidence Act 1950 applied retrospectively. (However, the criminal case of PP v Rutinin Bin Suhaimin [Criminal Case No K42-60-2010] states it doesn’t apply retrospectively).

Section 114A (2) provides that the burden of proof lies on the subscriber of an ISP (Internet service provider) to prove that a certain statement was not published by him or her.

The 1st Defendant failed to convince the Court that Section 114A (2) does not apply because the defamatory statements were published before the enforcement date of Section 114A(2).

The Court held that the 1st Defendant had failed to prove that he was not the publisher of the content. The 1st Defendant is now liable for a payment of RM600,000 as damages to the Plaintiffs.

Speaking about 114A, the said section was applied in a few other cases in 2014.

In YB Dato Haji Husam bin HJ Musa v Mohd Faisal bin Rohban Ahmad (Court of Appeal Civil Appeal No D-02-1859-08/2012), the Defendant denied that he was the writer of a defamatory article and the High Court held that there was insufficient evidence to prove so.

The Court of Appeal held that the learned High Court Judge ought to have applied Section 114A and in the present case, the Defendant failed to rebut the presumption in Section 114A.

The Court of Appeal held that as a general rule, once the elements of defamation are satisfied, liability is attached and the defendant’s defence cannot survive on mere denial, and when it relates to cybercrime, Section 114A will assist the plaintiff to force the defendant to exonerate himself from liability.

In Stemlife Berhad v Mead Johnson Nutrian (Malaysia) Sdn Bhd [2013] 1 LNS 1446, the High Court held that Mead Johnson was liable for the defamatory postings made by users of Mead Johnson’s Internet forum and website.

The Court, in applying Section 114A, stated that the introduction of Section 114A is the Malaysian legislature’s response to address, amongst others, the issue of anonymity on the Internet to ensure users do not exploit the anonymity that the Internet can provide to escape the consequences of their actions.

In the present case, the Court held that the Defendants failed to rebut the presumptions cast by Section 114A.

Facebook defamation

There were numerous Facebook defamation cases. In Amber Court Management Corporation & Ors v Hong Gan Gui & Anor [2014] 1 LNS 1384, the management corporation of Amber Court Condominium and its council members sued two unit owners of the condominium for allegedly defaming them on Facebook.

The High Court struck out the case after finding that a management corporation has no powers to do so under the Strata Titles Act 1985 and common law.

Salleh Berindi Bin Hj Othman, who had earlier sued his colleagues for Facebook defamation, lost another Facebook defamation case (Salleh Berindi Bin Hj Othman v Professors Madya Dr Abdul Hamid Ahmad & Ors [2014] 1 LNS 1611) in the High Court.

He alleged that the postings made by the Defendants on the 2nd Defendant’s Facebook wall were defamatory of him. The High Court did not agree with him.

In Foo Hiap Siong v Chong Chin Hsiang [2014] 1 LNS 1196, the Plaintiff sued the Defendant, complaining about the following defamatory statement posted by the Defendant, in the said two Facebook forums named ‘Rakyat Ingin Jadi Bos’ and ‘Ubahkan Politik,’ showing an doctored coloured photograph of the Plaintiff’s face, depicting him with long hair with the top half of a naked body dressed in a bra with certain defamatory comments in Mandarin.

The High Court held in favour of the Plaintiff and with cost of RM20,000 and further awarded general damages, aggravated damages and exemplary damages to the total sum of RM50,000.

In an action against the Defendant for publishing defamatory statements through emails (Mox-Linde Gases Sdn Bhd & Anor v Wong Siew Yap (Shah Alam High Court Civil Suit No 22-1514-2010), the High Court applied the principle of presumed publication on emails.

The court held that there is a legal presumption that emails are published on being sent without actual proof that anyone did in fact read them.

Under defamation law, a defamatory statement must be published in order to have an actionable cause of action. Using this presumed publication, it is not necessary to prove someone has read the defamatory statement.

Such a legal principle was applied to materials sent in post such as telegram and postcards. It seems that the court had expended this presumption to email, notwithstanding that emails do sometimes get diverted into the Spam folder or get rejected by the recipient server.

Others

In Dato’ Ibrahim Ali v. Datuk Seri Anwar Ibrahim [2015] 1 CLJ 176, the Court dealt with the liability of an office bearer of an association with respect to contempt of court.

In 2013, president of Malay right-wing group Perkasa, Ibrahim Ali, was jailed for a day and fined by the High Court for contempt of court over a posting on the website http:www.pribumiperkasa.com/ made by one Zainuddin bin Salleh, a member of Perkasa.

The posting is said to be outright contemptuous of the court. The High Court held that Ibrahim Ali was liable for the posting made by Zainuddin on that website by virtue of his position as president of Perkasa.

In the appeal before the Court of Appeal, Ibrahim claimed that the posting was made on a website which is not the official website of Perkasa. He also claimed that he is not liable for the posting because he had no actual knowledge and had no control as to the so-called offence.

The Court of Appeal dismissed the first ground but agreed with Ibrahim on the second ground and overturned the conviction.

Sex bloggers ‘Alvivi’ (Alvin Tan Jye Yee and Vivian Lee May Ling) were freed from the charge under Section 298A of the Penal Code (Tan Jye Lee & Anor v PP [2014] 1 LNS 860) for posting their controversial ‘Hari Raya Greeting’ which contained the couple’s photograph enjoying the Chinese pork dish Bah Kut Teh with the ‘Halal’ logo with, among others, the words ‘Selamat Berbuka Puasa (dengan Bah Kut Teh … wangi, enak, menyelerakan!!!…’

The post had allegedly created enmity between persons of different religions under Section 298A of the Penal Code. The Court of Appeal, in striking out the charge under Section 298A of the Penal Code, held that the said section had already been declared invalid by the Federal Court in another case.

The dispute over the use of the word ‘Allah’ in the Herald – The Catholic Weekly had an interesting point over the use of Internet research by judges.

In 2013, the Court of Appeal, in deciding to overturn the High Court’s decision allowing the of the word ‘Allah,’ conducted its own research via the Internet and relied on the information and points obtained therefrom to substantiate its judgments (see Menteri Dalam Negeri & Ors v. Titular Roman Catholic Archbishop Of Kuala Lumpur [2013] 8 CLJ 890 on Pages 959-960).

Upon the overturn of the appeal, the Titular Roman Catholic Archbishop of Kuala Lumpur (see Titular Roman Catholic Archbishop Of Kuala Lumpur v. Menteri Dalam Negeri & Ors [2014] 6 CLJ 541) filed an application for leave to appeal to the Federal Court (permission is required before one can appeal to the Federal Court and it must satisfy certain thresholds). The Federal Court however refused to grant leave.

The majority judgement by the Chief Justice of Malaya (Arifin Zakaria, on Page 584) held that those views obtained from the Internet were merely obiter (said in passing – not binding but persuasive) whereas Chief Justice of Sabah and Sarawak Richard Malanjum held that leave ought to be granted as the suo moto (on its own motion) research sets a precedent binding on the lower courts yet untested before the Federal Court, and also that the Court of Appeal relied upon the materials gathered suo moto from the Internet in upholding the impugned decision (on Page 617).

It seems that the Federal Court did not endorse such suo moto research by the Court of Appeal Judges.

Closing

Last year, I wrote a ‘wishlist’ of laws to be introduced to govern or deal with cyberspace issues. Out of the five proposed laws, two of them may be potentially addressed with the proposed anti-harassment law.

I understand that the drafting of this anti-harassment law is at its infancy stage and may not be introduced so soon.

Singapore’s Protection from Harassment Act 2014 came into effect on Nov 15 2014. It was reported that Singapore blogger Xiaxue is the first person or one of the first persons who had obtained a protection order under this law against online satire site SMRT Ltd (Feedback) for trolling her online.

First published on Digital News Asia on 17 March 2015.

The post Bread & Kaya: Malaysian cyberlaw cases in 2014 appeared first on Foong Cheng Leong.

– Getting the IP address is one way, but may not always be possible
– On issue of defamation, Section 114A has been applied retrospectively

ONE of the most difficult issues to deal with in cybercrime or cyber-bullying cases is finding the perpetrator online. My years of blogging have brought me some experience in dealing with this issue, especially when dealing with ‘trolls.’

I am glad to say that it is not impossible. Some guesswork is needed. Normally, such a perpetrator is someone you know, although he or she may or may not be close to you. Sometimes, however, it would be just a stranger.

There was one case where the perpetrator was found to be a friend’s spouse whom the victim had only met a few times. Strangely, there was no animosity between these parties.

In one case which I was personally involved, I made a guess on the possible perpetrator and worked from there. Eventually, the person confessed after being confronted.

Getting the Internet Protocol (IP) address of the perpetrator is one of the conventional ways to track someone down. Internet service providers (ISPs) assign unique IP address to each user account. However, IP addresses may not be retrievable if the person is on a proxy server.

Another problem is the jurisdictional issue. Many servers storing such IP addresses may be located overseas and owned by foreign entities. One may have to initiate legal action overseas to get such data, and many of these service providers do not release their user information easily due to data protection laws or their strict privacy practices.

In the recent case of Tong Seak Kan & Anor v Loke Ah Kin & Anor [2014] 6 CLJ 904, the Plaintiffs initiated an action for cyberspace defamation against the 1st Defendant.

In tracing the perpetrator, who had posted defamatory statements on two Google Blogspot websites, the Plaintiffs filed an action called a John Doe action in the Superior Court of California. In compliance with the Court order, Google traced the blogs to two IP addresses which were revealed by Telekom Malaysia Bhd to be IP addresses belonging to the 1st Defendant’s account.

In the same case, the High Court had held that the controversial Section 114A (2) of the Evidence Act 1950 applied retrospectively.

S. 114A (2) provides that the burden of proof lies on the subscriber of an ISP to prove that a certain statement was not published by him or her. The 1st Defendant failed to convince the Court that s. 114A (2) does not apply because the defamatory statements were published before the enforcement date of s. 114A(2).

This retrospective stand however was not followed in the case of PP v Rutinin Bin Suhaimin [2013] 2 CLJ 427 as the High Court held that s. 114A does not apply retrospectively.

Perhaps the distinguishing factor between these cases is that the first case involved a civil dispute whereas the latter is a criminal prosecution.

Readers may recall that the #Stop114A campaign was initiated to get this law repealed. I am proud to say that Digital News Asia (DNA) was one of the organisers and participants in shutting down its website for one day. The campaign attracted the attention of Prime Minister Najib Razak but unfortunately, the law remained.

Going back to the case, the Court held that the 1st Defendant had failed to prove that he was not the publisher of the content. The 1st Defendant is now liable for a payment of RM600,000 (US$180,000) as damages to the Plaintiffs.

Not all tracing of a perpetrator requires an IP address. In Datuk Seri Anwar Bin Ibrahim v Wan Muhammad Azri Bin Wan Deris [2014] 3 MLRH 21, Opposition leader Anwar Ibrahim (pic) sued Wan Muhammad Azri Bin Wan Deris, allegedly a well-known blogger called Papagomo, for defamation.

In proving the identity of Papagomo, instead of tracing the IP address of Papagomo, the Court relied on the statement of a person who had met Papagomo in person before. The former also took a picture with Papagomo and this picture was tendered in Court.

There are other unconventional methods to identify a person online. I have heard of a private investigator entering a person’s home without knowledge to gain access to the computer of that person.

Many people do not password-protect their home computers and leave their email and other online accounts still logged into. This allows the private investigator to easily access a person’s emails and other online accounts without any technical skills.

One method that I always use is to find something unique in the content posted by the perpetrator. For example, I recently concluded that a website was held by a cyber-squatter by doing a Google search on certain sentences that appeared on the website. The cyber-squatter’s website looked like a legitimate website, but the search revealed that the same facade had been employed by the cyber-squatter on several websites using well-known brand names.

If there are images involved, a Google Image search would be useful to find whether other websites are hosting the same image.

It is of utmost importance that one must have reliable evidence to prove the identity of a perpetrator before suing or charging them. The person doing such investigation should be knowledgeable enough to conduct the investigation, know the rules of producing evidence and testifying in Court, and to thwart all challenges by the perpetrator’s lawyers.

Failure to do so would result in the case being dismissed or in a worst scenario, an innocent person being charged or sued in Court.

First published on Digital News Asia on 17 November 2014.

The post Bread & Kaya: Tracing someone online appeared first on Foong Cheng Leong.

Nov 01, 2013

– No doubt the dissemination of gruesome images is distasteful and disrespectful of victims and their families
– However, when the MCMC cited legislation against it, the industry regulator may have been stretching it

Bread & Kaya by Foong Cheng Leong

IT was with great interest that I read the following Facebook posting by industry regulator the Malaysian Communications and Multimedia Commission (MCMC):

Assalamu’alaikum dan Selamat Sejahtera,

Orang ramai dinasihatkan untuk tidak menyebarkan gambar dan rakaman CCTV pembunuhan kejam seorang pegawai bank atau gambar-gambar mangsa di mana-mana media sosial seperti Facebook dan Whatsapp .

Jika anda telah berbuat demikian sila padamkan post tersebut. Ini adalah untuk menghormati mangsa dan keluarga beliau. Ia mungkin juga mengakibatkan gangguan emosi kepada orang ramai terutamanya kanak-kanak.

Kami telah pun meminta kerjasama YouTube untuk mengeluarkan video berkenaan dengan seberapa segera.

Untuk makluman, penyebaran gambar dan video sebegini adalah suatu kesalahan di bawah Seksyen 211 dan 233 Akta Komunikasi dan Multimedia 1998. Jika didapati bersalah, denda yang dikenakan tidak melebihi RM50,000 dan satu tahun penjara atau kedua-duanya sekali.

Sekian, terima kasih

In brief, the MCMC stated that the dissemination of gruesome images or video recordings of crime victims is an offence under the ss. 211 and 233 of the Communications and Multimedia Act 1998 (CMA). Reference was made to the CCTV recording of the deadly shooting of Ambank officer Norazita Abu Talib.

There is no doubt that the dissemination of such gruesome recordings and images is distasteful and disrespectful of the victim and her family. But for the MCMC to state that it is an offence under ss.211 and 233 of the CMA is stretching the applicability of these laws too far.

For there to be an offence under s. 233 of the CMA, the case of PP v Rutinin Bin Suhaimin has clearly set out that the following ingredients must be proven:

– The accused person initiated the communication in question.
– The communication in question is either indecent, obscene, false, menacing, or offensive in character; and
– The accused had intention to annoy, abuse, threaten or harass any person.

Section 211 of the CMA is similar to s. 233 of the CMA.

A person who posted the offensive materials must have the intention to annoy, abuse, threaten or harass any person. I doubt the people who have shared such images or recording had such intentions. Perhaps bloggers or portals that had done so had the intention to gain more visitors. Or perhaps some netizens share them to satisfy the morbid curiosities of other netizens.

But certainly this is not an intention to annoy, abuse, threaten or harass any person.

In short, the dissemination of gruesome recording and images is not an offence under ss.211 and 233 of the CMA unless it was disseminated with an intention to annoy, abuse, threaten or harass any person.

No doubt it is a calamity to have images of your late loved ones being disseminated online; but there are other laws to govern the dissemination of such information. Section 292 of the Penal Code makes it an offence to disseminate obscene material. The person who caused the leak of gruesome image (e.g. autopsy pictures) could be subject to a civil suit for negligence.

Even the soon-to-be introduced law s. 203A of the Penal Code, which punishes, among others, a civil servant for disclosing information obtained by him in his performance of his functions with a fine of not more than RM1 million (US$317,000), or imprisonment for a term which may extend to one year, or both.

However, I do not think that Parliament should introduce a law to curb the dissemination of gruesome recording of victims, especially if there are benefits of doing so. For example, for education purposes (e.g. study of forensic science) or even to highlight the extent of injuries suffered by inmates due to alleged police brutality.

The purpose of this article is not to justify the dissemination of gruesome images or videos but to highlight the extent of our laws. The MCMC should ensure that its statement, in particular, the last paragraph, is accurate and not leave room for misinterpretation.

First published on Digital News Asia on 16 August 2013

The post Bread & Kaya: Sharing images of crime victims appeared first on Foong Cheng Leong.

Bread & Kaya: Looks can be deceiving!

– Under Malaysian laws, what amounts to obscene, indecent, false, menacing or offensive in character is quite wide
– Sessions Court decisions perhaps the reasons why Section 114A of the Evidence Act 1950 was introduced

Bread & Kaya by Foong Cheng Leong

A COUPLE of weeks ago, I received a message with the title “Looks can be deceiving!” on my blog’s Facebook page, from an unknown user.

In the message, the user claimed that a certain celebrity was having an affair with another celebrity. Unknown to the user, I happen to know former and I alerted that celebrity.

A day after that, the user deleted her account! Fortunately, I saved a screenshot of the message.

Coincidentally, I found that someone had searched for the celebrity’s name on the day the message was sent and landed on my blog. My blog captured the transaction, together with the Internet Protocol (IP) address, time-stamp and other details. It was the only transaction searching for the celebrity’s name.

There was also a record to show that the user clicked on the link to my blog’s Facebook page. From this, there is a possibility that the author had found my blog using the celebrity’s name (and my blog appears on the first page of search results) and decided to send me that message.

A query on the IP address shows that the user resides in Malaysia and is thus subject to the laws of Malaysia. The celebrity may file an action in court to obtain the user account details of the IP address if she wishes to. Alternatively, she may make a police report against that person.

The lesson of the story is: If you want to do naughty things online, remember to mask your tracks (e.g. by using proxies); otherwise the law will come knocking on your door. Internet trolls have been living amongst us and many still roam the streets of cyberspace.

This brings me to the topic of this article: Section 233 of the Communications and Multimedia Act 1998.

Section 233 makes it an offence to post any content which is obscene, indecent, false, menacing or offensive in character with intent to annoy, abuse, threaten or harass another person.

Anyone who does so is liable to a fine not exceeding RM50,000 or to imprisonment for a term not exceeding one year, or both, and shall also be liable to a further fine of RM1,000 for every day during which the offence is continued after conviction. It’s a widely used tool by law enforcers to nab Internet trolls.

[RM1 = US$0.32]

What amounts to obscene, indecent, false, menacing or offensive in character is quite wide. Making prank emergency calls (PP v Sow Kuen Chun; Criminal Case No. 63- 01- 2008); and insulting the Sultan (PP v Muslim bin Ahmad; [2013] 1 AMR 436); offensive comments (Nor Hisham Bin Osman v PP; Criminal Case No: MTJ(2)44-14-2010)), and (PP v Rutinin Bin Suhaimin (Criminal Case No. K42-60-2010)) are examples where people were charged under Section 233.

[Click links above to download case files]

PP v Muslim bin Ahmad and PP v Rutinin Bin Suhaimin are both recently decided cases and they relate to the Perak constitutional crisis. Both men had allegedly posted offensive comments towards the Sultan of Perak after Barisan Nasional took over the state of Perak. Both men alleged that they did not post the comments, notwithstanding that the IP addresses point to them.

Muslim bin Ahmad was acquitted by the Sessions Court and Rutinin bin Suhaimin was discharged by the Sessions Court without his defense being called. The prosecution had apparently failed to show that the persons who posted the offensive comments were the accused.

I am told that the impact of the said Sessions Court decisions was one of the reasons why Section 114A of the Evidence Act 1950 was introduced – that is, to facilitate the prosecution in proving the identity of the maker.

To recap, under Section 114A, a person is deemed to be a publisher of a content if it originates from his or her website, registered networks or data processing device of an Internet user unless he or she proves the contrary.

This new law sparked a massive online protest dubbed the Malaysia Internet Black Out Day or also the Stop114A.

However, the High Court subsequently overturned said Sessions Court decisions. Rutinin Bin Suhaimin’s defense was called. Interestingly, the learned High Court judge was of the view that calling the Sultan of Perak names has the tendency to cause annoyance or abuse to any person, thus falling within the ambit of Section 233.

Muslim Bin Ahmad was handed a fine of RM10,000 for each charge and six months’ imprisonment. He pleaded for a “binding over order” (released on probation).

However, the learned High Court Judge warned that a binding over order “would send the wrong message to would be offenders and the public at large that offensively uncontrolled and virulent comments can be indiscriminately posted on the Internet without any or serious repercussions. And that is not a message that this court would like to send out.”

Surprisingly, Section 114A of the Evidence Act 1950 was never relied on by the Courts. In fact, the High Court in PP v Rutinin Bin Suhaimin said that 114A is not applicable because the postings were made before the enforcement date of 114A (July 31, 2012).

This ruling is interesting as it may be a defense for website owners who can argue that 114A does not apply to posting made by their users prior to July 31, 2012.

Nevertheless, these laws and cases serve as a reminder that the Internet is not a ‘wild, wild west.’ Netizens need to be accountable for what they say. Further abuse by netizens attracts further legislations by Government.

Unfortunately, website owners now face the brunt of 114A due to the actions of their users. Their pleas for the repeal or amendment of 114A are still unanswered.

The post Bread & Kaya: Looks can be deceiving! appeared first on Foong Cheng Leong.