(Petaling Jaya, Monday): The Government should defer the debate on the two cyberbills tabled in Parliament on 25th March till the end of the present parliamentary meeting to give MPs and the nation adequate time to study the proposed new cyberlaws.
According to the Parliamentary Order Paper, the Dewan Rakyat will begin to debate the two cyberbills, the Digital Signature Bill and the Computer Crimes Bill, on April 9 immediately after the end of the debate on the Royal Address. The Deputy Prime Minister, Datuk Seri Anwar Ibrahim, told Parliament during question time last Tuesday that two other cyberbills, the Copyright Amendment Bill and the Telemedicine Development Bill would also be tabled and debated in the current parliamentary meeting.
Parliament should not be regarded merely as a rubber-stamp to give the formal approval necessary before the bills could become law without any intelligent input and debate on the cyberbills, and this is why adequate time must be given to MPs and the nation to study them.
As the parliamentary meeting will be meeting for 26 days until May 7, the second-reading debate on the the Digital Signature Bill and the Computer Crimes Bill should be deferred to the last two weeks between 28th April to 7th May, so that MPs can do justice to the cyberbills.
The Government has already tabled six other bills which could be debated first from April 9 onwards, including the supplementary estimates bill which would, as stipulated by the Parliamentary standing orders, take three days.
The DAP proposes to table amendments to the Digital Signature Bill and the Computer Crimes Bill and this is another reason why we are asking for more time for a fuller study of the proposed cyberlaws before Parliament starts debate on them.
The government has taken a long time to finalise drafting the cyberbills and it is not unreasonable at all to ask that MPs be given at least one month to study them before their debate and enactment.
DAP supports the presentation of the first batch of cyberlaws, as a legal infrastructure is vital if Malaysia is to make the transition into the Digital Era and achieve the national goal of becoming an Information Technology (IT) hub.
This does not mean however that Parliament should forfeit the right and responsibility to ensure that we provide a well-considered legal framework for the IT tomorrow or that MPs should be remiss or in default in giving a thorough examination to the first batch of proposed cyberlaws tabled by the Government.
For instance, a perfunctory reading of the Digital Signature Bill shows that the drafting of this important piece of legislation is far from perfect although there are more than a dozen digital signature legislation in other parts of the world which could serve as models.
The complex Digital Signature Bill envisions an infrastructure in which computer users utilise state-licensed certification authorities, online databases called repositories, and public-key encryption technology in order to “sign” electronic documents in a legally-binding fashion.
A digital signature law is an important pre-condition before electronic commerce can become popular as individuals and businesses must be assured that they could miminise the risks of using the Internet for electronic commerce. Even then, there is a lively debate as to the degree of security that digital signatures bring to net commerce.
However, despite the presentation of the Digital Signature Bill in Parliament six days ago, there had virtually been no public discussion on the merits or demerits of the Bill, and government thinking on the legislation appears to be primarily directed to meet corporate interests when there are also consumer and privacy interests which should be given proper consideration and protection.
Some of the issues which can infringe on consumer and privacy interests are liability, privacy and costs.
For instance, section 61 of the Digital Signature Bill limits the potential liability of the digital certification authority, which may be less than the actual damages a certification authority can cause. Section 61(b) of the Bill for instance stipulates that a licensed certification authority
“shall not be liable in excess of the amount specified in the certificate as its recommended reliance limit for either -
(I) a loss caused by reliance on a misrepresentation in the certificate of any fact that the licensed certification authority is required to confirm; or
(II) failure to comply with sections 29 and 30 in issuing the certificate.”
(I) a loss caused by reliance on a misrepresentation in the certificate of any fact that the licensed certification authority is required to confirm; or (II) failure to comply with sections 29 and 30 in issuing the certificate.”
It is not difficul to envisage a scenario where a certification authority’s private key is compromised - whether by brute force, cryptanalysis, bribery or incompetence - allowing a criminal with the certification authority’s private key to cause immense financial losses to innocent parties. These innocent parties would be unable to recover their full losses from the certification authority if the total of these losses was greater than the “amount specified in the certificate as its recommended reliance limit”.
Privacy-related issues would arise as certain entities, like the online databases of public encryption keys termed “repositories” - defined as “a system for storing and retrieving certificates and other information relevant to digital signatures” - would have unrestricted access to valuable transaction-generated information that could expose sensitive relationships among individuals or businesses.
For instance, if Company A sends a digitally signed message to Company B, Company B must verify the digital signature by connecting to a licensed certification authority. This process would leave electronic footprints. Could the owner of the recognized repository disclose the fact that A and B were corresponding? What if A and B were discussing a possible merger, or other transaction with significant consequences in the securities market?
The costs issue would be part of the larger question of social equity in the Information Age. The costs of the institutional overhead associated with creating and maintaining the infrastructure for implementing the Digital Signature Bill would be passed to the participants, who must have access to expensive computer hardware and software in order to participate in the system.
The chief executive officer of a company dealing with electronic commerce had said that what concerned him most was how many digital signature licensors would be appointed and how would they be charged, expressing the hope that the charges would not be a deterrent in implementing digital signatures.
However, as it must be recognised that there are bound to be Malaysians who would not be able to afford these costs, would there be subsidised or reduced-cost access to the digital signature infrastructure so as not to create a new disparity between the “Information-haves” and “Information have-nots” in the country?