TOPIK 9 13 ABCR3203 CYBERLAWS.
LEARNING OUTCOMES
By the end of this topic, you should be able to:
1. Define cyberlaws; and
2. Discuss the effects of cyberlaws in Malaysia.
INTRODUCTION
With the creation of Multimedia Super Corridor (MSC), Malaysia enacted three
new cyberlaws Computer Crimes Act 1997, Digital Signature Act 1997 and
Telemedicine Act 1997. These legislations are part of the „soft infrastructure of
supporting laws‰ which will sustain the development of this project. Other laws
that have been or will be enforced or may be enacted include Communications
and Multimedia Act 1998, Amendments to the Copyright Act 1987, Electronic
Government Act, Data Protection Act and Electronic Transactions Act.
9.1 COMPUTER CRIMES ACT 1997
The Computer Crimes Act 1997 manifests the governmentÊs recognition to
criminalise computer crime activities. The Computer Crimes Act 1997 (CCA) is
an act that provides for offences relating to the misuse of computers. The
provisions of the CCA largely focused on the crimes committed through the
use of computers. The offences under the CCA include:
(a) Unauthorised Access to Computer Material
Section 3 provides:
(i) A person shall be guilty of an offence if:
? He causes a computer to perform any function with intent to secure
access to any program or data held in any computer;
? The access he intends to secure is unauthorised; and
? He knows at the time when he causes the computer to perform the
function that that is the case.
(ii) The intent a person has to have to commit an offence under this section
need not be directed at:
? Any particular program or data;
? A program or data of any particular kind; or
? A program or data held in any particular computer.
(b) Unauthorised Access with Intent to Commit or Facilitate Commission of
Further Offence
Section 4 provides:
(i) A person shall be guilty of an offence under this section if he commits
and offence referred to in section 3 with intent:
? To commit an offence involving fraud or dishonesty or which causes
injury as defined in the Penal Code; or
? To facilitate the commission of such an offence whether by himself
or by any other person.
(ii) For the purposes of this section, it is immaterial whether the offence to
which this section applies is to be committed at the same time whether
unauthorised access is secured or on any future occasion.
(c) Unauthorised Modifications of the Contents of Any Computer
Section 5 provides:
(i) A person shall be guilty of an offence if he does any act which he knows
will cause unauthorised modification of the contents of any computer.
(ii) For the purposes of this section, it is immaterial that the act in question
is not directed at:
? Any particular program or data;
? A program or data of any kind; or
? A program or data held in any particular computer.
(iii) For the purposes of this section, it is immaterial whether an unauthorised
modification is, or is intended to be, permanent or merely temporary.
(d) Wrongful Communications
Section 6 (1) provides that a person shall be guilty of an offence if he
communicates directly or indirectly a number, code, password or other means
of access to a computer to any person other than a person to whom he is duly
authorised to communicate.
(e) Abetments and Attempts Punishable as Offences
Section 7 (1) provides that a person who abets the commission of or who
attempts to commit any offence under the CCA shall be guilty of that offence
and shall on conviction be liable to the punishment for the offence.
(f) Presumption
Section 8 provides that a person who has in his custody or control any
program, data or other information which is held in any computer or retrieved
from any computer which he is not authorised to have in his custody or control
shall be deemed to have obtained unauthorised access to such program, data
or information unless the contrary is proved.
9.2 DIGITAL SIGNATURE ACT 1997
The Digital Signature Act 1997 aims to regulate the use of digital signatures and
to provide for matters connected therewith. The Digital Signature Act 1997
establishes a Controller of Certification Authorities whose purpose is to monitor
and oversee the activities of certification authorities.
Section 2 provides that „certification authority‰ is a person who issues a certificate.
Section 2 provides that:
„Certificate‰ for the purpose of the Digital Signature Act 1997 is „a computer based
record which:
(a) Identifies the certification authority issuing it;
(b) Names or identifies its subscriber;
(c) Contains the subscriberÊs public key; and
(d) Is digitally signed by the certification authority issuing it.
The Digital Signature Act 1997 contains provisions in relation to the power of the
Controller and the requirements and duties of the certification authorities and
subscribers. It also explains the effect of digital signatures. Part V of the Act
provides that digital signatures are proper substitutes for signatures if properly
used and issued (in accordance with the Act).
Section 62 provides:
(b) Where a rule of law requires a signature or provides for certain consequences
in the absence of a signature, that rule shall be satisfied by a digital signature
where:
(i) That digital signature is verified by reference to the public key listed in a
valid certificate issued by a licensed certification authority;
(ii) That digital signature was affixed by the signer with the intention of
signing the message; and
(iii) The recipient has no knowledge or notice that the signer:
? Has breached a duty as a subscriber; or
? Does not rightfully hold the private key used to affix the digital
signature.
(c) Notwithstanding any written law to the contrary:
(i) A document signed with a digital signature in accordance with this Act
shall be legally binding as a document signed with a handwritten
signature, an affixed thumb-print or any other mark;
(ii) A digital signature created in accordance with this Act shall be deemed
to be a legally binding signature; and
(iii) Nothing in this Act shall preclude any symbol from being valid as a
signature under any other applicable law.
Section 64 provides:
(a) A message shall be as valid, enforceable and effective as if it had been written
on paper if:
(i) It bears in its entirety a digital signature; and
(ii) That digital signature is verified by the public key listed in a certificate
which:
? Was issued by a licensed certification authority; and
? Was valid at the time the digital signature was created.
Section 65 provides:
A copy of a digitally signed message shall be as valid, enforceable and effective as the
original of the message unless it is evident that the signer designated an instance of
the digitally signed message to be a unique original, in which case only that instance
constitutes the valid, enforceable and effective message.
9.3 TELEMEDICINE ACT 1997
The Telemedicine Act 1997 is an Act that provides for the regulation and control
of the practice of telemedicine. Section 2 defines what telemedicine is.
Section 2 provides:
„Telemedicine‰ means the practice of medicine using audio, visual and data
communications.
Who may practise telemedicine?
Section 3 provides:
(a) No person other than:
(i) A fully registered medical practitioner holding a valid practising
certificate; or
(ii) A medical practitioner who is registered or licensed outside Malaysia:
? Holds a certificate to practise telemedicine issued by the Council; and
? Practises telemedicine from outside Malaysia through a fully
registered medical practitioner holding a valid practising certificate
may practise telemedicine.
Section 4 further provides that in order to practise telemedicine, a person needs to
apply for a certificate to practise.
9.4 OPTICAL DISC ACT 2000
The Optical Disc Act 200 came into force on 31 August 2000. It is an Act to
provide for the licensing and regulation of the manufacture of optical discs and
matters connected therewith.
„Optical disc‰ is interpreted under section 2 of the Act. Section 2 provides:
Section 2
„Optical Disc‰ means:
(a) Any medium or device listed in Schedule 1; or
(b) Any other medium or device on which data may be stored in digital form and read by means of a laser.
and includes any such medium or device manufactured for any purpose, whether or not any data readable by means of a laser or any other means has been stored on it.
The Act also establishes a „Controller of Optical Disc‰ whose duty is to perform
the functions and duties imposed and may exercise the powers conferred upon
him under the Act. The Act requires the manufacturer of optical disc to have a
valid licence failing which an offence is said to be committed under the Act.
Section 13 provides that the licence may not be transferred to a third person.
Section 19 provides that optical disc should be marked with the manufacturerÊs
code in accordance with the licence obtained by the manufacturer. Sections 19 to
21 of the Act contain provisions on manufacturerÊs code.
Section 19
Optical discs to be marked with manufacturer's code
(a) A licensee shall cause each optical disc manufactured by him to be marked
with the manufacturer's code assigned to him under paragraph 7(2) (b).
(b) A licensee who contravenes subsection (1) commits an offence.
In this section, "marked" means to be marked in accordance with the standards
prescribed under section 20.
Section 20 Marking standards
(a) The Minister may prescribe standards for the marking of the manufacturer's
code on optical discs.
(b) Without limiting the generality of subsection (1), the Minister may prescribe:
(i) Different standards in relation to different classes or descriptions of
optical discs; or
(ii) Standards relating to the manner in which, and the means by which,
manufacturer's code are to be marked on optical discs or on optical discs
of any class or description.
Section 21
Applying false manufacturer's code
(a) Any person who:
(i) Forges a manufacturer's code;
(ii) Falsely applies to an optical disc a manufacturer's code or any mark so
resembling a manufacturer's code as to be calculated to deceive;
(iii) Makes any die, block, machine or other instrument for the purpose of
forging, or which is capable of being used for forging, a manufacturer's
code;
(iv) Disposes of or has in his possession any die, block, machine or other
instrument for the purpose of forging a manufacturer's code; or
(v) Causes to be done anything referred to in paragraph (a), (b), (c) or (d),
commits an offence.
In any proceedings for an offence under subsection (1), it shall be a defence for the
person charged to prove that he acted without intent to deceive or defraud.
The Optical Disc Act 2000 gives power to the Controller to issue a code of
conduct. Section 22, 24 and 25 provides:
Section 22
Controller may issue code of conduct
(a) The Controller may issue a code of conduct dealing with the conduct of any
person connected with the business of manufacturing optical discs.
(b) The Controller may, before issuing a code of conduct under subsection (1),
consult with such body representing the persons to whom the code of conduct
will apply and other interested persons as he thinks fit.
(c) The code of conduct issued by the Controller under subsection (1) shall be
published in the Gazette.
Section 24
Civil penalty for non-compliance
(a) Notwithstanding Part VI, a person who fails to comply with any provisions of
a code of conduct shall be liable to pay to the Controller a fine not exceeding
two hundred ringgit.
(b) Notwithstanding the provisions of any other written law, the fine payable
under this section may, without prejudice to any other remedy or sanction, be
recoverable as a civil debt.
Section 25
Compliance with code of conduct a legal defence
Compliance with a code of conduct shall be a defence against any prosecution, action
or proceedings of any nature, whether in a court or otherwise, taken against a person
who is subject to the code of conduct regarding a matter dealt with in that code of
conduct.
9.5 ELECTRONIC COMMERCE ACT 2006
The Electronic Commerce Act 2006 came into force on 19th October, 2006. It is an
Act that provides for legal recognition of electronic messages in commercial
transaction, the use of electronic messages to fulfil legal requirements and to
enable and facilitate commercial transactions through the use of electronic means
and other matters connected therewith. Commercial transactions are defined
under Section 5.
Section 5
„Commercial transactions‰ means a single communication or multiple
communications of a commercial nature, whether contractual or not, which includes
any matters relating to the supply or exchange of goods or services, agency,
investments, financing, banking and insurance.
Part II provides the legal recognition and formation of electronic messages.
Section 6
(a) Any information shall not be denied legal effect, validity or enforceability on
the ground that it is wholly or partially in an electronic form.
(b) Any information shall not be denied legal effect, validity or enforceability on
the ground that the information is not contained in the electronic message that
gives rise to such legal effect, but is merely referred to in that electronic
message, provided that the information being referred to is accessible to the
person against whom the referred information might be used.
Section 7
(a) In the formation of a contract, the communication of proposals, acceptance of
proposals, and revocation of proposals and acceptance or any related
SELF-CHECK 9.1
communication may be expressed by an electronic message.
(b) A contract shall not be denied legal effect, validity or enforceability on the
ground that an electronic message is used in its formation.
Part III of the Act provides for the legal requirements like writing, signature, seal,
etc and Part IV provides the requirements as regards to the communications of
electronic message for example, time of dispatch, time of receipt, contents of
electronic message, etc.
SELF-CHECK 9.1
1. What are cyberlaws?
2. State the prohibitions under the Computer Crimes Act 1997.
3. What is telemedicine and who may practice telemedicine?
4. What is a digital signature and its effects?
ACTIVITY 9.1
Discuss the practice of telemedicine in Malaysia with your course mates.
? The Computer Crimes Act 1997 criminalises computer crimes and there is
prohibition under the Act.
? The Digital Signature Act 1997 legalises digital signature and it establishes the
authority to foresee activities connected to digital signature.
? The Telemedicine Act 1997 authorises the practice of telemedicine.
Abetment
Telemedicine
Certificate
Unauthorised access
Certification authority
Unauthorised modifications
Digital signature
Wrongful communications
Presumption
LEARNING OUTCOMES
By the end of this topic, you should be able to:
1. Define cyberlaws; and
2. Discuss the effects of cyberlaws in Malaysia.
INTRODUCTION
With the creation of Multimedia Super Corridor (MSC), Malaysia enacted three
new cyberlaws Computer Crimes Act 1997, Digital Signature Act 1997 and
Telemedicine Act 1997. These legislations are part of the „soft infrastructure of
supporting laws‰ which will sustain the development of this project. Other laws
that have been or will be enforced or may be enacted include Communications
and Multimedia Act 1998, Amendments to the Copyright Act 1987, Electronic
Government Act, Data Protection Act and Electronic Transactions Act.
9.1 COMPUTER CRIMES ACT 1997
The Computer Crimes Act 1997 manifests the governmentÊs recognition to
criminalise computer crime activities. The Computer Crimes Act 1997 (CCA) is
an act that provides for offences relating to the misuse of computers. The
provisions of the CCA largely focused on the crimes committed through the
use of computers. The offences under the CCA include:
(a) Unauthorised Access to Computer Material
Section 3 provides:
(i) A person shall be guilty of an offence if:
? He causes a computer to perform any function with intent to secure
access to any program or data held in any computer;
? The access he intends to secure is unauthorised; and
? He knows at the time when he causes the computer to perform the
function that that is the case.
(ii) The intent a person has to have to commit an offence under this section
need not be directed at:
? Any particular program or data;
? A program or data of any particular kind; or
? A program or data held in any particular computer.
(b) Unauthorised Access with Intent to Commit or Facilitate Commission of
Further Offence
Section 4 provides:
(i) A person shall be guilty of an offence under this section if he commits
and offence referred to in section 3 with intent:
? To commit an offence involving fraud or dishonesty or which causes
injury as defined in the Penal Code; or
? To facilitate the commission of such an offence whether by himself
or by any other person.
(ii) For the purposes of this section, it is immaterial whether the offence to
which this section applies is to be committed at the same time whether
unauthorised access is secured or on any future occasion.
(c) Unauthorised Modifications of the Contents of Any Computer
Section 5 provides:
(i) A person shall be guilty of an offence if he does any act which he knows
will cause unauthorised modification of the contents of any computer.
(ii) For the purposes of this section, it is immaterial that the act in question
is not directed at:
? Any particular program or data;
? A program or data of any kind; or
? A program or data held in any particular computer.
(iii) For the purposes of this section, it is immaterial whether an unauthorised
modification is, or is intended to be, permanent or merely temporary.
(d) Wrongful Communications
Section 6 (1) provides that a person shall be guilty of an offence if he
communicates directly or indirectly a number, code, password or other means
of access to a computer to any person other than a person to whom he is duly
authorised to communicate.
(e) Abetments and Attempts Punishable as Offences
Section 7 (1) provides that a person who abets the commission of or who
attempts to commit any offence under the CCA shall be guilty of that offence
and shall on conviction be liable to the punishment for the offence.
(f) Presumption
Section 8 provides that a person who has in his custody or control any
program, data or other information which is held in any computer or retrieved
from any computer which he is not authorised to have in his custody or control
shall be deemed to have obtained unauthorised access to such program, data
or information unless the contrary is proved.
9.2 DIGITAL SIGNATURE ACT 1997
The Digital Signature Act 1997 aims to regulate the use of digital signatures and
to provide for matters connected therewith. The Digital Signature Act 1997
establishes a Controller of Certification Authorities whose purpose is to monitor
and oversee the activities of certification authorities.
Section 2 provides that „certification authority‰ is a person who issues a certificate.
Section 2 provides that:
„Certificate‰ for the purpose of the Digital Signature Act 1997 is „a computer based
record which:
(a) Identifies the certification authority issuing it;
(b) Names or identifies its subscriber;
(c) Contains the subscriberÊs public key; and
(d) Is digitally signed by the certification authority issuing it.
The Digital Signature Act 1997 contains provisions in relation to the power of the
Controller and the requirements and duties of the certification authorities and
subscribers. It also explains the effect of digital signatures. Part V of the Act
provides that digital signatures are proper substitutes for signatures if properly
used and issued (in accordance with the Act).
Section 62 provides:
(b) Where a rule of law requires a signature or provides for certain consequences
in the absence of a signature, that rule shall be satisfied by a digital signature
where:
(i) That digital signature is verified by reference to the public key listed in a
valid certificate issued by a licensed certification authority;
(ii) That digital signature was affixed by the signer with the intention of
signing the message; and
(iii) The recipient has no knowledge or notice that the signer:
? Has breached a duty as a subscriber; or
? Does not rightfully hold the private key used to affix the digital
signature.
(c) Notwithstanding any written law to the contrary:
(i) A document signed with a digital signature in accordance with this Act
shall be legally binding as a document signed with a handwritten
signature, an affixed thumb-print or any other mark;
(ii) A digital signature created in accordance with this Act shall be deemed
to be a legally binding signature; and
(iii) Nothing in this Act shall preclude any symbol from being valid as a
signature under any other applicable law.
Section 64 provides:
(a) A message shall be as valid, enforceable and effective as if it had been written
on paper if:
(i) It bears in its entirety a digital signature; and
(ii) That digital signature is verified by the public key listed in a certificate
which:
? Was issued by a licensed certification authority; and
? Was valid at the time the digital signature was created.
Section 65 provides:
A copy of a digitally signed message shall be as valid, enforceable and effective as the
original of the message unless it is evident that the signer designated an instance of
the digitally signed message to be a unique original, in which case only that instance
constitutes the valid, enforceable and effective message.
9.3 TELEMEDICINE ACT 1997
The Telemedicine Act 1997 is an Act that provides for the regulation and control
of the practice of telemedicine. Section 2 defines what telemedicine is.
Section 2 provides:
„Telemedicine‰ means the practice of medicine using audio, visual and data
communications.
Who may practise telemedicine?
Section 3 provides:
(a) No person other than:
(i) A fully registered medical practitioner holding a valid practising
certificate; or
(ii) A medical practitioner who is registered or licensed outside Malaysia:
? Holds a certificate to practise telemedicine issued by the Council; and
? Practises telemedicine from outside Malaysia through a fully
registered medical practitioner holding a valid practising certificate
may practise telemedicine.
Section 4 further provides that in order to practise telemedicine, a person needs to
apply for a certificate to practise.
9.4 OPTICAL DISC ACT 2000
The Optical Disc Act 200 came into force on 31 August 2000. It is an Act to
provide for the licensing and regulation of the manufacture of optical discs and
matters connected therewith.
„Optical disc‰ is interpreted under section 2 of the Act. Section 2 provides:
Section 2
„Optical Disc‰ means:
(a) Any medium or device listed in Schedule 1; or
(b) Any other medium or device on which data may be stored in digital form and read by means of a laser.
and includes any such medium or device manufactured for any purpose, whether or not any data readable by means of a laser or any other means has been stored on it.
The Act also establishes a „Controller of Optical Disc‰ whose duty is to perform
the functions and duties imposed and may exercise the powers conferred upon
him under the Act. The Act requires the manufacturer of optical disc to have a
valid licence failing which an offence is said to be committed under the Act.
Section 13 provides that the licence may not be transferred to a third person.
Section 19 provides that optical disc should be marked with the manufacturerÊs
code in accordance with the licence obtained by the manufacturer. Sections 19 to
21 of the Act contain provisions on manufacturerÊs code.
Section 19
Optical discs to be marked with manufacturer's code
(a) A licensee shall cause each optical disc manufactured by him to be marked
with the manufacturer's code assigned to him under paragraph 7(2) (b).
(b) A licensee who contravenes subsection (1) commits an offence.
In this section, "marked" means to be marked in accordance with the standards
prescribed under section 20.
Section 20 Marking standards
(a) The Minister may prescribe standards for the marking of the manufacturer's
code on optical discs.
(b) Without limiting the generality of subsection (1), the Minister may prescribe:
(i) Different standards in relation to different classes or descriptions of
optical discs; or
(ii) Standards relating to the manner in which, and the means by which,
manufacturer's code are to be marked on optical discs or on optical discs
of any class or description.
Section 21
Applying false manufacturer's code
(a) Any person who:
(i) Forges a manufacturer's code;
(ii) Falsely applies to an optical disc a manufacturer's code or any mark so
resembling a manufacturer's code as to be calculated to deceive;
(iii) Makes any die, block, machine or other instrument for the purpose of
forging, or which is capable of being used for forging, a manufacturer's
code;
(iv) Disposes of or has in his possession any die, block, machine or other
instrument for the purpose of forging a manufacturer's code; or
(v) Causes to be done anything referred to in paragraph (a), (b), (c) or (d),
commits an offence.
In any proceedings for an offence under subsection (1), it shall be a defence for the
person charged to prove that he acted without intent to deceive or defraud.
The Optical Disc Act 2000 gives power to the Controller to issue a code of
conduct. Section 22, 24 and 25 provides:
Section 22
Controller may issue code of conduct
(a) The Controller may issue a code of conduct dealing with the conduct of any
person connected with the business of manufacturing optical discs.
(b) The Controller may, before issuing a code of conduct under subsection (1),
consult with such body representing the persons to whom the code of conduct
will apply and other interested persons as he thinks fit.
(c) The code of conduct issued by the Controller under subsection (1) shall be
published in the Gazette.
Section 24
Civil penalty for non-compliance
(a) Notwithstanding Part VI, a person who fails to comply with any provisions of
a code of conduct shall be liable to pay to the Controller a fine not exceeding
two hundred ringgit.
(b) Notwithstanding the provisions of any other written law, the fine payable
under this section may, without prejudice to any other remedy or sanction, be
recoverable as a civil debt.
Section 25
Compliance with code of conduct a legal defence
Compliance with a code of conduct shall be a defence against any prosecution, action
or proceedings of any nature, whether in a court or otherwise, taken against a person
who is subject to the code of conduct regarding a matter dealt with in that code of
conduct.
9.5 ELECTRONIC COMMERCE ACT 2006
The Electronic Commerce Act 2006 came into force on 19th October, 2006. It is an
Act that provides for legal recognition of electronic messages in commercial
transaction, the use of electronic messages to fulfil legal requirements and to
enable and facilitate commercial transactions through the use of electronic means
and other matters connected therewith. Commercial transactions are defined
under Section 5.
Section 5
„Commercial transactions‰ means a single communication or multiple
communications of a commercial nature, whether contractual or not, which includes
any matters relating to the supply or exchange of goods or services, agency,
investments, financing, banking and insurance.
Part II provides the legal recognition and formation of electronic messages.
Section 6
(a) Any information shall not be denied legal effect, validity or enforceability on
the ground that it is wholly or partially in an electronic form.
(b) Any information shall not be denied legal effect, validity or enforceability on
the ground that the information is not contained in the electronic message that
gives rise to such legal effect, but is merely referred to in that electronic
message, provided that the information being referred to is accessible to the
person against whom the referred information might be used.
Section 7
(a) In the formation of a contract, the communication of proposals, acceptance of
proposals, and revocation of proposals and acceptance or any related
SELF-CHECK 9.1
communication may be expressed by an electronic message.
(b) A contract shall not be denied legal effect, validity or enforceability on the
ground that an electronic message is used in its formation.
Part III of the Act provides for the legal requirements like writing, signature, seal,
etc and Part IV provides the requirements as regards to the communications of
electronic message for example, time of dispatch, time of receipt, contents of
electronic message, etc.
SELF-CHECK 9.1
1. What are cyberlaws?
2. State the prohibitions under the Computer Crimes Act 1997.
3. What is telemedicine and who may practice telemedicine?
4. What is a digital signature and its effects?
ACTIVITY 9.1
Discuss the practice of telemedicine in Malaysia with your course mates.
? The Computer Crimes Act 1997 criminalises computer crimes and there is
prohibition under the Act.
? The Digital Signature Act 1997 legalises digital signature and it establishes the
authority to foresee activities connected to digital signature.
? The Telemedicine Act 1997 authorises the practice of telemedicine.
Abetment
Telemedicine
Certificate
Unauthorised access
Certification authority
Unauthorised modifications
Digital signature
Wrongful communications
Presumption
No comments:
Post a Comment