(Petaling Jaya, Friday): The Minister for Energy, Telecommunications and Posts, Datuk Leo Moggie has agreed to send a Ministry representative to the first DAP Cyberbill Seminar to be held at Hotel Swiss Garden, Kuala Lumpur to explain the government’s thinking in formulating the first batch of cyberbills which would be enacted by the current meeting of Parliament.
The Ministry of Energy, Telecommunications and Posts would be represented by its Principal Assistant Secretary, Mr. Letchumanan Ramatha, who will respond to views expressed at the Cyberbill Seminar on the Computer Crimes Bill and the Digital Signature Bill.
The DAP Cyberbill Seminar on Sunday will be the first in a series of five Cyberbill Seminars to be held in various parts of the country in the next 10 days to provide an opportunity for public feedback and consultation before Parliament enacts the first batch of cyberlaws for the country.
This series of DAP Cyberbill Seminars is intended to be a preparation for the Parliamentary Cyberbill Forum being organised by the recently-formed multi-party Parliamentary Information Technology (IT) Committee which would be held in Parliament either on April 25 or 26.
All political parties and civic organisations should organise seminars and discussions on the first batch of cyberbills in the next two weeks to disseminate IT awareness culminating in the Parliamentary Cyberbill Forum for three reasons:
This will ensure that the Parliamentary Cyberbill Forum on April 25 or 26 would be the culmination and climax, and not the first step, of the process of national discussion and consultation process on the first batch of cyberbills - especially as Parliament would begin to debate and enact the laws immediately after the forum.
MPs for instance should not attend the Parliamentary Cyberbill Forum with an blank mind as to the cyberlaw proposals presented by the Government, only learning about the details of the cyberbills at the Parliamentary Cyberbill Forum, but should be fully informed and knowledgeable about the contents of the various cyberbills so that participants could address the substantive issues about the various cyberbills.
For instance, on the Digital Signature Bill, MPs should know about the meaning of digital signature, key pair, public key, private key, certification authority, repository, encryption, etc. how they function and relate to each other by before the Parliamentary Cyberbill Forum. This will allow the Parliamentary Cyberbill Forum to address policy, legislative, regulatory and drafting issues of a digital signature law for Malaysia.
When the Parliamentary IT Committee was formed and announced last week, the public was informed that the proposed Parliamentary Cyberbill Forum would be open to members of the public.
However, as a result of the constraints of space, it is not possible to invite members of the public to the Parliamentary Cyberbill Forum at Parliament House. I wish to apologise for any public disappointment, especially as at the DAP "IT For All" Conference last month, I had also undertaken to hold a cyberbill forum in Parliament House.
Members of the public who wish to participate in public discussions on the cyberbills are welcome to the series of DAP Cyberbill Seminar beginning in Kuala Lumpur on Sunday or to the other cyberbill seminars that might be organised by other political parties or civic organisations.
I had commended the government for adopting a more open and participatory form of governance in the enactment of the first batch of cyberlaws. However, the government is still slow in making use of the Information Technology as in posting the cyberbills on the Internet.
The DAP had already posted the Computer Crime Bill and the Digital Signature Bill on the Internet through the DAP homepage at http://www.malaysia.net/dap
I am glad to announce that the third and fourth Malaysian cyberbills, the Telemedicine Bill and the Copyright (Amendment) Bill are now online on the DAP homepage. This is indeed Internet history for Malaysia as it means that the first batch of all the four cyberbills are now on the Internet.
While the DAP is prepared to continue to perform this national service to post the cyberbills on the Internet, it is time that the government should take over this function from the DAP!
One important objective of the DAP Cyberbill Forum in Kuala Lumpur on Sunday should be to consider whether amendments are needed to the cyberbills which have been tabled in the House.
This is particularly pertinent to the Computer Crimes Bill so as not to criminalise the majority of computer users which will be a setback to efforts to popularise IT-literacy in Malaysia to world-class standards.
The Computer Crimes Bill is based on United Kingdom’s Computer Misuse Act 1990 and the Singapore Computer Misuse Act 1993.
However, the Computer Crimes Bill went beyond both computer crime legislations of the United Kingdom and Singapore by providing for very heavy penalities, giving Malaysia the dubious distinction of having the most severe penalties for computer crimes, as well as introducing new offences which would criminalise the majority of computer users in the country. For instance, the offence of unauthorised access to computer material in section 3 of the Computer Crimes Bill is to be found almost word for word in the UK and Singapore Computer Misuse legislations.
Section 3(1) of the Computer Crimes Bill reads:
However, in UK, the penalty for the offence of "unauthorised computer access" is a maximum of six months’ jail or 5,000 pound sterling or both whereas in Singapore, it is S$2,000 fine or two years’ jail or both. However, the penalty proposed for this same offence under the Computer Crimes Bill is RM50,000 fine or five years’ jail or both.
Is it justifiable to introduce such severe penalties where the same offence of "unauthorised computer access" could involve a jail sentence 12 times more severe than in UK and two-and-a-half times more severe in Singapore?
The Computer Crimes Bill provides for three main categories of computer crimes, first, under Section 3 for "unauthorised access", with a maximum fine of RM50,000 or five years jail or both; second, under Section 4 on "unauthorised access with intent to commit offence involving fraud or dishonesty or to cause injury as defined in the Penal Code, with a maximum fine of RM100,000 or ten years jail or both; and third, under Section 5 on "unauthorised modification of the contents of any computer" with maximum fine of RM150,000 or ten years’ jail or both.
Under the Computer Crimes Bill, the two recent TMnet hackers would be regarded as criminals liable to be charged under the more severe provision of Section 5 for "unauthorised modification of contents of any computer" which entails the penalty of up to RM150,000 five or ten years’ jail or both.
This is clearly unacceptable as the two TMnet hackings in February and March were not malicious or criminal in intent - but to highlight public unhappiness with the poor TMnet services and to point out its poor security system.
However, there is no saving clause to exempt hackers who gain access to computers with no criminal or malicious intent, as in the two TMnet hackings - what I have called "Spiderman" provision, as the "French Spiderman", Alain Robert was not charged with "trespass" although he was arrested by the police for trying to scale one of the Petronas Twin Towers, the world’s tallest building on March 20 - after climbing 60 floors of the 88-storey building.
The Computer Crimes Bill should have a "French Spiderman" provision to exempt from prosecution hackers with no criminal or malicious intent and which result in better computer security systems, in contrast to "cracking", which connotes malicious computer meddling.
The Computer Crimes Bill is probably setting a world lead in providing for a statutory presumption in Section 8, which states:
A New Sunday Times article on the Computer Crimes Bill referred to this section and commented: "This will give added ammunition to the current campaign to wipe out computer software piracy - which has had to shoulder the burden to prove that the errant party actually committed the act of piracy".
I am not so sanguine or elated by this presumption that a person who has a program which he is not authorised to have will be deemed to have committed the offence of "unauthorised access", where he or she could be jailed for five years or fined RM50,000 or both, unless it is proven otherwise.
As far as I know, there is no other country in the world where its computer crime legislation has such a statutory presumption which would criminalise the overwhelming majority of computer users. As I said in Parliament yesterday, I believe the majority of computer users in Malaysia - including members of the press, MPs and even Ministers who use computers - would have some programme, whether downloaded from the Internet or from some other sources which could make them criminals with such a statutory provision.
The question is whether at this stage of Malaysia’s IT development, we should lead the world in having such a provision to criminalise the majority of computer users and cause a setback to efforts to promote IT-literacy among Malaysians to world-class standards.
Malaysians must ponder deep and hard whether we should have double standards in our law where on the one hand, under our Computer Crime legislation, we criminalise the overwhelming majority of computer users, virtually declaring them as computer criminals unless they can prove their innocence that programs in their computers are legal.
On the other hand, however, when under the Prevention of Corruption Act, the law regards the real criminals who are guilty of corruption in having unusual wealth completely disproportionate to their known sources of income as innocent unless the creaky anti-corruption machinery could prove them guilty!