Bad Laws Won’t Stop Cyber Crime
by Jac sm Kee
First published at loyarburuk
The amended act is deeply problematic at several levels and directly counters fundamental democratic principles. This does not bode well for democracy in Malaysia, and voting Malaysians should take heed of such a move as a further sign of things to come, if the government persists in dismantling safeguards to our civil liberties and fundamental human rights.
Innocent until proven guilty
At the most basic level, the newly introduced Section 114(A) to the Evidence (Amendment) (No 2) Act 2012* has the impact of removing the critical presumption of innocence principle, which is at the cornerstone of our criminal justice system. This principle protects individuals against wrongful conviction, by ensuring that everyone has access to a fair trial. It also upholds the ideal that every person is a law abiding citizen until proven otherwise, and provides an important safeguard against abuse of power by the government to persecute individuals by requiring any allegations to be proven beyond reasonable doubt.
If this amended law were to take effect, all 17 million internet users in Malaysia who post anything online – from emails to comments to status updates – will exist in a state of presumed illegality. Instead of being law abiding citizens, we are all instead assumed to be criminals unless we can prove otherwise. A law that seeks to remove such a fundamental protection to our civil liberties cannot be made under the arguments of expediency, and definitely without extensive and well-considered debate which takes into account public interest and participation.
Punishing the victims
Datuk Seri Nazri Abdul Aziz from the Prime Minister’s Department justified the need for such an amendment to overcome the difficulty of anonymity and pseudonyms in cybercrime cases. First of all, it is important to clarify what is meant by cyber crime. Under the Computer Crimes Act 1997, the offences cited are unauthorised access to computers (for example, hacking into someone’s computer or account), including for the purposes of committing another offence (e.g. fraud), unauthorised modification of content (e.g. installing spyware or changing any kind of data) and wrongful communication of passwords. It is clear from here that the main forms of cyber crimes involve someone else taking control of your equipment and making changes to your content, programmes or data.
So who does the amendment protect in cases of cyber crime? These amendments, in fact, allow hackers and cyber criminals to go scot-free by making the person – whose computer or account is hacked – liable for any content which might have been altered. Given that more than 600,000 Facebook accounts are hacked daily, this Act not only disproportionately impinges upon a large majority of internet users in Malaysia, it is also inherently flawed in logic and provides for a serious miscarriage of justice.
For example, in the increasingly familiar cases of online harassment - where women and girls find their names and images being posted on sites under fake accounts created by stalkers and harassers – the newly amended Evidence Act does not help them in attaining redress or justice. In fact, it places an additional burden on them to prove their innocence and re-victimises the actual victims of cybercrimes.
In fact, the more skilled you are at hacking, the more the law protects you by assuming that the party you hacked is guilty of the offence. For example, if I want an easy way to give trouble to someone I dislike, I can simply create an account in his or her name, and post all kinds of problematic content – like hate speech, or threats to bomb the Parliament, for example. Under the new section in the amended act, this person would be automatically held liable and – provided I’m smart enough to hide my actual IP address – I can actually get away scot-free. It does not address the issue of anonymity, and it only acts to punish potential victims.
Anonymity a key principle of an open internet
Freedom from surveillance and protection of an individual’s right to privacy is one of the grounding principles of a free and open internet framed on fundamental human rights. This includes the ability to be anonymous online, and to use encryption software should one choose to do so. In many instances, anonymity is an important safeguard for vulnerable or marginalised individuals. For example, women who are in situations of domestic violence need to be able to post calls for support without putting themselves at further risk by publishing their name or other identifiable information. It also promotes transparency and accountability in democratic governance by protecting whistleblowers against persecution by authorities for bringing to attention abuses of power.
If the government of Malaysia is committed to democratic deliberations, transparency and accountability, any proposed measure to remove the principle of anonymity online needs to be examined and debated critically, and potential violations to our human rights cannot be simply waved aside to make the job of police authorities easier.
Violating fundamental human rights
Finally, as a member of the Human Rights Council (HRC), Malaysia has an obligation to (a) “to uphold the highest standards in the promotion and protection of human rights” and (b) to “fully cooperate with the Council.” At the May 2011 Human Rights Council session, the Special Rapporteur on Freedom of Expression and Opinion, Mr Frank La Rue, presented a report on the internet which states that, “The Internet is one of the most powerful instruments of the 21st century for increasing transparency in the conduct of the powerful, access to information, and for facilitating active citizen participation in building democratic societies. As such, facilitating access to the Internet for all individuals, with as little restriction to online content as possible, should be a priority for all States.”
He further recommends against the criminalisation of legitimate expression, and making internet intermediaries (including parties that provide online community forums, blogging and hosting services) liable for content that is published through its services. This is because such measures will result in a “chilling effect”, encouraging self-censorship and surveillance practices.
The amendments to the Evidence Act clearly run against these recommendations by placing blanket assumptions of criminal liability upon all internet users who use the internet for information exchange and expression, including those who host websites which allow for interaction with users, e.g. comment boxes. This law will promote a feeling of fear amongst internet users and result in occurrences such as website owners removing comment functions – which is a key characteristic of the internet today as a vibrant, interactive public space for democratic deliberations.
As a member of the HRC, the government has an obligation to develop measures to promote free and open access and use of the internet for expression, information exchange and democratic participation and debate. Not enact laws that will place undue and disproportionate burdens on the ordinary Malaysian public from engaging with the space.
The newly amended Evidence Act is bad law. It adds to the string of other recently passed Acts such as the Peaceful Assembly Act – which only acts to remove critical safeguards to civil liberties. If the government of Malaysia is truly committed to principles of democracy, justice, due process and fundamental human rights, it needs to demonstrate this clearly by immediately taking steps to ensure that these laws do not become an everyday battle for us Malaysians to contend with, in the exercise of our citizenship rights.
* The newly included Section 114A provides that:
– a person whose name, photograph or pseudonym appears on any publication depicting himself as the owner, host, administrator, editor or sub-editor, or who in any manner facilitates to publish or re-publish the publication is presumed to have published or re-published the contents of the publication unless the contrary is proved.
– a person who is registered with a network service provider as a subscriber of a network service on which any publication originates from is presumed to be the person who published or re-published the publication unless the contrary is proved.
– Any person who has in his custody or control any computer on which any publication originates from is presumed to have published or re-published the content of the publication unless the contrary is proved. (Computer here means any data processing device, including tablets, laptops and mobile phones.)
From The Sun news report, “Internet users cry foul over amendment to Evidence Act“, 21 May 2012