23 June, 2016

TOPIK 9 13 ABCR3203 CYBERLAWS.

TOPIK 9 13 ABCR3203 CYBERLAWS.

LEARNING OUTCOMES



By the end of this topic, you should be able to:

   1.  Define cyberlaws; and

   2.  Discuss the effects of cyberlaws in Malaysia.



INTRODUCTION



With the creation of Multimedia Super  Corridor (MSC), Malaysia enacted three

new   cyberlaws   Computer   Crimes   Act   1997,   Digital   Signature   Act   1997   and

Telemedicine   Act   1997.   These   legislations   are   part   of   the   „soft   infrastructure   of

supporting laws‰ which will sustain the development of this project. Other laws

that have been or will   be enforced or may be   enacted include Communications

and   Multimedia   Act   1998,   Amendments  to   the   Copyright   Act   1987,   Electronic

Government Act, Data Protection Act and Electronic Transactions Act.



9.1        COMPUTER CRIMES ACT 1997



The   Computer   Crimes  Act 1997   manifests  the  governmentÊs  recognition  to

criminalise computer crime activities. The Computer Crimes Act 1997 (CCA) is

an   act   that  provides   for   offences   relating   to   the   misuse   of   computers.   The

provisions   of   the   CCA   largely   focused   on   the   crimes   committed   through   the

use of computers. The offences under the CCA include:



(a)    Unauthorised Access to Computer Material


Section 3 provides:


(i)     A person shall be guilty of an offence if:


? He causes a computer to perform any function with intent to secure
access to any program or data held in any computer;


? The access he intends to secure is unauthorised; and


? He knows at the time when he causes the computer to perform the
function that that is the case.


(ii)    The intent a person has to have to commit an offence under this section
need not be directed at:


? Any particular program or data;


? A program or data of any particular kind; or


? A program or data held in any particular computer.



(b)    Unauthorised   Access   with   Intent   to   Commit   or   Facilitate   Commission   of
Further Offence


Section 4 provides:


(i)     A person shall be guilty of an offence under this section if he commits
and offence referred to in section 3 with intent:


? To commit an offence involving fraud or dishonesty or which causes
injury as defined in the Penal Code; or


? To facilitate the commission of such an offence whether by himself
or by any other person.


(ii)   For the purposes of this section, it is immaterial whether the offence to
which this section applies is to be committed at the same time whether
unauthorised access is secured or on any future occasion.



(c)    Unauthorised Modifications of the Contents of Any Computer


Section 5 provides:


(i)    A person shall be guilty of an offence if he does any act which he knows
will cause unauthorised modification of the contents of any computer.


(ii)   For the purposes of this section, it is immaterial that the act in question
is not directed at:


? Any particular program or data;


? A program or data of any kind; or


? A program or data held in any particular computer.


(iii)  For the purposes of this section, it is immaterial whether an unauthorised
modification is, or is intended to be, permanent or merely temporary.



(d)    Wrongful Communications


Section 6 (1) provides   that  a  person    shall  be  guilty   of  an  offence   if  he

          communicates directly or indirectly a number, code, password or other means

          of access to a computer to any person other than a person to whom he is duly

          authorised to communicate.



(e)    Abetments and Attempts Punishable as Offences


Section 7 (1) provides   that   a   person   who   abets   the   commission   of   or   who

          attempts to commit any offence under the CCA shall be guilty of that offence

          and shall on conviction be liable to the punishment for the offence.



(f)    Presumption


Section 8 provides   that  a  person   who    has   in  his  custody   or  control   any

          program, data or other information which is held in any computer or retrieved

          from any computer which he is not authorised to have in his custody or control

          shall be deemed to have obtained unauthorised access to such program, data

          or information unless the contrary is proved.





9.2           DIGITAL SIGNATURE ACT 1997



The Digital Signature Act 1997 aims to regulate the use of digital signatures and

to   provide     for  matters     connected      therewith.    The    Digital    Signature     Act   1997

establishes a Controller of Certification Authorities whose purpose is to monitor

and oversee the activities of certification authorities.



Section 2 provides that „certification authority‰ is a person who issues a certificate.


Section 2 provides that:
„Certificate‰ for the purpose of the Digital Signature Act 1997 is „a computer based
record which:


(a)    Identifies the certification authority issuing it;

(b)    Names or identifies its subscriber;

(c)    Contains the subscriberÊs public key; and

(d)    Is digitally signed by the certification authority issuing it.



The Digital Signature Act 1997 contains provisions in relation to the power of the

Controller   and   the   requirements   and   duties   of   the   certification   authorities   and

subscribers.   It   also   explains   the   effect  of   digital   signatures.   Part   V   of   the   Act

provides that digital signatures are proper substitutes for signatures if properly

used and issued (in accordance with the Act).


Section 62 provides:


(b)    Where a rule of law requires a signature or provides for certain consequences
in the absence of a signature, that rule shall be satisfied by a digital signature
where:


(i)    That digital signature is verified by reference to the public key listed in a
valid certificate issued by a licensed certification authority;


(ii)   That   digital   signature   was   affixed   by   the   signer   with   the   intention   of
signing the message; and


(iii)  The recipient has no knowledge or notice that the signer:


? Has breached a duty as a subscriber; or


? Does   not   rightfully   hold   the   private   key   used   to  affix   the   digital
signature.


(c)    Notwithstanding any written law to the contrary:


(i)    A document signed with a digital signature in accordance with this Act
shall   be  legally   binding   as  a  document      signed   with   a  handwritten
signature, an affixed thumb-print or any other mark;


(ii)   A digital signature created in accordance with this Act shall be deemed
to be a legally binding signature; and


(iii)  Nothing   in   this   Act   shall   preclude   any   symbol   from   being   valid   as   a
signature under any other applicable law.


Section 64 provides:


(a)    A message shall be as valid, enforceable and effective as if it had been written
on paper if:


(i)    It bears in its entirety a digital signature; and


(ii)   That digital signature is verified by the public key listed in a certificate
which:


? Was issued by a licensed certification authority; and


? Was valid at the time the digital signature was created.


Section 65 provides:


A copy of a digitally signed message shall be as valid, enforceable and effective as the
original of the message unless it is evident that the signer designated an instance of
the digitally signed message to be a unique original, in which case only that instance

constitutes the valid, enforceable and effective message.


9.3          TELEMEDICINE ACT 1997



The Telemedicine Act 1997 is an Act that provides for the regulation and control

of the practice of telemedicine. Section 2 defines what telemedicine is.


Section 2 provides:


„Telemedicine‰       means    the  practice   of   medicine    using   audio,   visual   and    data

   communications.



Who may practise telemedicine?


Section 3 provides:


(a)    No person other than:


(i) A     fully  registered    medical    practitioner    holding    a  valid   practising
certificate; or


(ii) A medical practitioner who is registered or licensed outside Malaysia:


? Holds a certificate to practise telemedicine issued by the Council; and


? Practises       telemedicine     from   outside    Malaysia     through     a  fully
registered   medical   practitioner   holding   a   valid   practising   certificate
may practise telemedicine.



Section 4 further provides that in order to practise telemedicine, a person needs to

apply for a certificate to practise.



9.4           OPTICAL DISC ACT 2000



The   Optical   Disc   Act   200   came   into   force   on   31   August   2000.   It   is   an   Act   to

provide for the licensing and regulation of the manufacture of optical discs and

matters connected therewith.



„Optical disc‰ is interpreted under section 2 of the Act. Section 2 provides:

Section 2

„Optical Disc‰ means:

(a)    Any medium or device listed in Schedule 1; or

(b)     Any other medium or device on which data may be stored in digital form and read by means of a laser.

and includes any such medium or device manufactured for any purpose, whether or not any data readable by means of a laser or any other means has been stored on it.



The Act also establishes a „Controller of Optical Disc‰ whose duty is to perform

the functions and duties imposed and may exercise the powers conferred upon

him under the Act. The Act requires the manufacturer of optical disc to have a

valid   licence   failing   which   an   offence   is   said   to   be   committed   under   the   Act.

Section 13 provides that the licence may not be transferred to a third person.



Section 19 provides that optical disc should be marked with the manufacturerÊs

code in accordance with the licence obtained by the manufacturer. Sections 19 to

21 of the Act contain provisions on manufacturerÊs code.


Section 19


Optical discs to be marked with manufacturer's code


(a)    A   licensee   shall   cause   each   optical   disc   manufactured   by   him   to   be   marked
with the manufacturer's code assigned to him under paragraph 7(2) (b).


(b)    A licensee who contravenes subsection (1) commits an offence.


In   this   section,   "marked"   means   to   be  marked   in   accordance   with   the   standards
prescribed under section 20.


Section 20 Marking standards


(a)    The   Minister   may   prescribe   standards   for   the   marking   of   the   manufacturer's
code on optical discs.


(b)    Without limiting the generality of subsection (1), the Minister may prescribe:


(i)    Different    standards     in  relation  to  different   classes  or  descriptions     of
optical discs; or


(ii)   Standards   relating   to   the   manner   in   which,   and   the   means   by   which,
manufacturer's code are to be marked on optical discs or on optical discs
of any class or description.


Section 21


Applying false manufacturer's code


(a)    Any person who:


(i)    Forges a manufacturer's code;


(ii)   Falsely applies to an optical disc a manufacturer's code or any mark so
resembling a manufacturer's code as to be calculated to deceive;


(iii)  Makes any die,   block,   machine   or   other   instrument for   the   purpose   of
forging, or which is capable of being used for forging, a manufacturer's

                  code;


(iv)   Disposes   of   or   has   in   his   possession   any   die,   block,   machine   or   other
instrument for the purpose of forging a manufacturer's code; or


(v)    Causes to be done anything referred to in paragraph (a), (b), (c) or (d),
commits an offence.


In any proceedings for an offence under subsection (1), it shall be a defence for the
person charged to prove that he acted without intent to deceive or defraud.



The     Optical    Disc   Act   2000   gives    power     to  the   Controller     to  issue   a  code    of

conduct. Section 22, 24 and 25 provides:


Section 22



   Controller may issue code of conduct



   (a)    The Controller may issue a code of conduct dealing with the conduct of any

          person connected with the business of manufacturing optical discs.



   (b)    The   Controller   may,   before   issuing   a   code   of   conduct   under   subsection   (1),

          consult with such body representing the persons to whom the code of conduct

          will apply and other interested persons as he thinks fit.



   (c)    The   code   of   conduct   issued   by   the   Controller   under   subsection   (1)   shall   be

          published in the Gazette.


Section 24


Civil penalty for non-compliance



   (a)    Notwithstanding Part VI, a person who fails to comply with any provisions of

          a code of conduct shall be liable to pay to the Controller a fine not exceeding

          two hundred ringgit.



   (b)    Notwithstanding   the   provisions   of   any   other   written   law,   the   fine   payable

          under this section may, without prejudice to any other remedy or sanction, be

          recoverable as a civil debt.


Section 25


Compliance with code of conduct a legal defence
Compliance with a code of conduct shall be a defence against any prosecution, action
or proceedings of any nature, whether in a court or otherwise, taken against a person
who is subject to the code of conduct regarding a matter dealt with in that code of
conduct.


9.5      ELECTRONIC COMMERCE ACT 2006



The Electronic Commerce Act 2006 came into force on 19th October, 2006. It is an

Act    that  provides     for  legal   recognition    of  electronic    messages     in  commercial

transaction,   the   use   of   electronic   messages   to   fulfil   legal   requirements   and   to

enable and facilitate commercial transactions through the use of electronic means

and     other   matters    connected     therewith.    Commercial       transactions     are  defined

under Section 5.


Section 5


„Commercial        transactions‰     means      a   single    communication        or    multiple
communications of a commercial nature, whether contractual or not, which includes
any   matters    relating  to  the  supply    or  exchange    of  goods   or   services,  agency,
investments, financing, banking and insurance.



Part II provides the legal recognition and formation of electronic messages.




Section 6



   (a)   Any information shall not be denied legal effect, validity or enforceability on

         the ground that it is wholly or partially in an electronic form.



   (b)   Any information shall not be denied legal effect, validity or enforceability on

         the ground that the information is not contained in the electronic message that

          gives   rise  to  such  legal  effect,  but  is merely  referred   to  in  that  electronic

         message,   provided   that   the   information   being   referred   to   is   accessible   to   the

         person against whom the referred information might be used.


Section 7



   (a)   In the formation of a contract, the communication of proposals, acceptance of

         proposals,     and   revocation    of   proposals    and   acceptance     or  any   related

                    SELF-CHECK 9.1

         communication may be expressed by an electronic message.



   (b)   A   contract   shall   not   be   denied   legal   effect,   validity   or   enforceability   on   the

         ground that an electronic message is used in its formation.



Part III of the Act provides for the legal requirements like writing, signature, seal,

etc and Part IV provides the requirements as regards to the communications of

electronic   message   for   example,   time   of   dispatch,   time   of   receipt,   contents   of

electronic message, etc.


SELF-CHECK 9.1



       1.   What are cyberlaws?



       2.   State the prohibitions under the Computer Crimes Act 1997.



       3.   What is telemedicine and who may practice telemedicine?



       4.   What is a digital signature and its effects?


ACTIVITY 9.1


Discuss the practice of telemedicine in Malaysia with your course mates.





? The   Computer   Crimes   Act   1997   criminalises   computer   crimes   and   there   is

prohibition under the Act.



? The Digital Signature Act 1997 legalises digital signature and it establishes the
authority to foresee activities connected to digital signature.



? The Telemedicine Act 1997 authorises the practice of telemedicine.




Abetment                                      
Telemedicine



Certificate                                    
Unauthorised access



Certification authority                        
Unauthorised modifications



Digital signature                              
Wrongful communications



Presumption



No comments:

Post a Comment