Computer hacking without criminal or malicious intent should not be a crime

The government has been talking for a long time about cyberlaws, and there is no reason why Parliament should not have been consulted on the various cyber legislation or other legislative proposals the government intends to enact well before they reach the final form of a Bill awaiting three readings for enactment - whether as a Green Paper, which is a consultative document to stimulate a broad-ranging and constructive public debate on a particular issue; a White Paper on the government’s concrete proposals or even in the process of the formulation of a Bill.

For instance, after the two hackings into the TMnet homepage early this month, the Minister for Energy, Telecommunications and Posts and the Malaysian Police suddenly showed great concern about computer hacking, with the former saying that he would take a second look at the proposed bill on computer crime while the latter said it was seeking the co-operation of their more experienced counterparts in dealing with computer hackers.

Why should the two TMnet hackings create such reactions, especially as it is clear that both were not criminal or malicious in the strict sense of the word but to make the Telekom authorities bestir from their complacency over their very unsatisfactory services.

Leo Moggie said that the the proposed cyberlaws would be national in scope and would not be confined to the Multimedia Super Corridor, and that those involved in computer crimes would be prosecuted under the law regardless of whether they are committed inside the MSC or without.

Malaysia must be realistic when approaching the problem of computer crimes. Electronic fraud, for instance, can easily take place internationally. In the case of transnational electronic crimes, it is not always clear who is responsible for their investigation, for the prosecution of the criminals or for insurance purposes. The situation may arise where criminals choose to act from a country without extradition agreements, or from a country without a sufficiently sophisticated police force to catch them.

At this stage of our IT development, there may be merit in taking a more relaxed attitude towards computer hacking where the purpose is to point out the poor security and to highlight the need to tighten up the lax system rather than to commit computer fraud or crimes.

In the United States, the years prior to 1974 had been described as an “era of forgiveness” for computer hackers. Youthful “hackers” who broke into computer systems were regarded as budding geniuses and were punished only by having to write essays on how they did it.

It was only in the mid-1970s, when the cost of computer crimes mounted, that the process began to criminalise computer offences.

Although the Police is seeking the co-operation of their more experienced foreign counterparts in dealing with computer hackers, the government must also be realistic about the problem of computer hacking.

For instance, a report of the United States General Accounting Office (GAO) last year revealed that the computers of the US Department of Defence had been subject to 160,000 hacker attacks in 1995.

It further revealed that 65 per cent of the 38,000 attacks led by the US Defence Information System Agency (DISA) on government computers to test security levels were successful, amongst which only 4 per cent were detected and even fewer reported to DISA.

It has rightly been pointed out that the term “computer security” is a misnomer, as there is no such thing as computer security. There are only various degrees of insecurity.

Under these circumstances, any measures which could help in improving the computer security of institutions or networks should be encouraged, provided there is no criminal or malicious intent.

This is why Telekoms should reward the two “hackers” into TMnet last month for giving it the opportunity to realise and rectify weak security system rather using the occasion to criminalise them.

Such an issue, for instance, should be ventilated in Parliament even well before any final form has taken shape about the computer crime bill as under the present Parliamentary practice in Malaysia, once a Bill had been tabled in Parliament, the Cabinet Minister concerned regards it as a great “loss of face” if he had to accept any amendment proposed by MPs, whether in government or in Opposition!

This bring me to the fourth point on the role of Parliament in leading the people into the information society - to set the example by going IT, not only with MPs becoming computer-literate, but developing the Information Society mindset and culture about life-long learning and having an open attitude to accept ideas which are good regardless of their origin - so that Parliament becomes a real interactive chamber of ideas and views with real bearing and influence on the life of the people.

During the debate on the Seventh Malaysia Plan in May last year, I had proposed the establishment of a Parliamentary Standing Committee on IT and that the government should present an annual status report on IT developemnts, problems, challenges and targets which would be debated in Parliament to promote a IT-literate Malaysian citizenry. I am still waiting for a proper government response to these two proposals.