(Dewan Rakyat, Monday): When introducing the Digital Signature Bill last Wednesday, the Minister for Energy, Telecommunications and Posts, Datuk Leo Moggie, described it as a "Commerce Enabling Law" to facilitiate and expedite electronic commerce and transaction.
Like the first cyberbill which the Dewan Rakyat passed last Wednesday, the Computer Crimes Bill, the Digital Signature Bill suffers from four basic defects:
In a parliamentary democracy, the Ministers should be the masters of policy with the Attorney-Generalís Chambers and the civil servants keeping to their role as executors of policy, including the drafting of new laws; but this relationship is reversed in Malaysia, where Ministers forfeit their powers as masters of policy to become the servants of the Attorney-Generalís Chambers and the civil service, depriving Parliament of its right to play its constitutional role as a final but important stage of the legislation process - where amendments to improve on the Bill should be commonplace. Instead, the role of Parliament in law-making is solely to be a rubber-stamp! The glaring policy, social and legal omissions in the Digital Signature Bill are even more apparent than in the Computer Crimes Bill and shows the great drawbacks and even dangers of venturing out into new and uncharted waters with a closed mind, as the government is doing, drafting laws dealing with new technologies with old legal concepts as well as old mindsets.
I will deal with the glaring policy, social and legal omissions in the Digital Signature Bill in the course of my speech but I want to express my dismay at the way the government, and in particular the Attorney-Generalís Chambers, is going about drafting cyberlaws for the country and the world - behaving as if they are the sole authority on cyberlaws in Malaysia. Let us be humble enough to admit that there is no one in Malaysia, whether in the Attorney-Generalís Chambers or elsewhere in the country, or in any country in the world, who can claim to be an expert or authority on cyberlaws in view of both the newness of the subject as well as the rapid changes in Information Technology every day.
This makes the fullest public participation and consultation to pool the knowledge and experiences of all Malaysians who have expertise or special interests in the field of IT particularly important, if Malaysia is to have the best cyberlaws in the world.
The Digital Signature Bill, like the Computer Crimes Bill, is one of the cyberlaws to attract international IT/multimedia companies to make the Multimedia Super Corridor (MSC) a success to enable Malaysia to make the quantum leap from the Second Wave of industrial-based economy to the Third Wave of information-based economy.
In the Bill of Guarantees to demonstrate that the MSC is "a gift from the Malaysian Government" to the world, and in particular to the international IT/multimedia companies, the government has promised that the MSC would "become a regional leader in intellectual property protection and cyberlaws".
How is the government going about drafting the "MSCís world-first cyberlaws"? In the case of the Computer Crimes Bill, it is to have the most severe penalties for the same offence of computer crimes in the world, as making the penalty for unauthorised access to computer material 12 times higher than in United Kingdom and in the United States and two-and-and-half times higher than in Singapore and the first country to create a statutory presumption where any person having custody or control of any program, data or other information when he is not authorised to have it will be deemed to have obtained unauthorised access unless it is proven otherwise - a presumption which criminalises the majority of the computer users in the country.
Going through the Digital Signature Bill, I get the impression that the terms of reference given to drafters of cyberlaws is not to stand on the shoulders of other countries and learn from their experiences and cyberlaws to produce the best cyberlaws in the world, but to produce cyberlaws which could most impress international IT/multimedia companies that the MSC and the cyberlaws are indeed a gift to them rather than to Malaysians.
I would seriously call for the formation of a Parliamentary Cyberlaw Committee where all cyberbills would be submitted for vetting first before tabling in Parliament for general debate to avoid the glaring policy, social and legal omissions made in the case of the Digital Signature Bill.
Let me make clear that when criticising the Digital Signature Bill, just as when I criticised the Computer Crimes Bill, it is not because I oppose the cyberbills but because we want to have the best cyberlaws in the world - not just for international IT/multimedia companies, but even more important, for Malaysians and future generations.
The issue of Digital Signatures is important to Malaysia if we are to become an information society.
As Internet usage expands at a dramatic pace, much has been made of the global network's potential to be a medium of commerce and trade. A study estimates that in 1995, consumers spent US$2.2 billion buying goods and services over the Internet.
Furthermore, the U.S. Commerce Department is predicting that online transactions will amount to US $600 billion by 2000. In January of 1997, key commerce and payment players, including Visa, MasterCard, Pacific Bell, Ameritech, Microsoft, and IBM, among many others, all have independently announced their intentions to offer services designed to promote and develop the way in which electronic commerce is conducted.
In truth, the whole notion of 'electronic' commerce is really a misnomer, because there is little, if anything, 'electronic' about it. What everyone should really be talking about is 'digital' commerce. Electronic or digital commerce is the transformation of paper-based transactions and processes into digital processes where the printed word on paper is replaced by the 1's and 0's of binary code. For the Internet to perform a role as an appropriate medium for commerce, there must be a way to make sure that the senders and recipients of 1's and 0's are known with some degree of reliability and that some mischievous spirit can't easily alter the sender's sequence of 1's and 0's on their way to the recipient.
While retail commerce (wine or roses over Internet for example) is certainly part of the future of digital commerce, it is only a small part. There exists a whole spectrum of services (legal services, financial and accounting services, health care services ) which can be more efficiently provided with the assistance of open networks. There is also the very important matter of communications between the state and its citizens.
Although retail electronic commerce can, and to a certain degree will, flourish on open networks like the Internet as they exist today without the need to bring copious amounts of technology to bear in order to provide high-grade messaging integrity, security and authentication services, this applies only to the relatively narrow spectrum of commercial traffic represented by retail transactions and in particular the majority of credit card purchases.
If electronic commerce is going to be prevalent on the Internet, it is necessary to address the concerns raised by using open networks to serve the needs of the broader range of commercial traffic.
There are formidable amounts of information recorded, stored and transmitted in the health care industry. The information is created and used by such diverse participants as medical professionals (doctors, nursing and para-medical staff), hospitals, clinics, insurance companies, federal, provincial, state and local agencies, and patients. The same is true in the financial and accounting industry and the legal profession.
Such information flows make up a very large component of business communications and form the greater part of the broader spectrum of 'electronic commerce'. These types of information require a higher standard of care.
In retail commerce, all that matters is that in point of fact most transactions get completed satisfactorily inspite of the occasional glitch. The broader spectrum of traffic has intrinsic value related more often than not to its confidential nature.
Medical, financial and legal information must most often be reasonably protected from disclosure to the wrong parties. The present nature of Internet and other open networks fairly precludes their generalized use to carry such traffic.
In fact, legal opinions have been given to the effect that Internet, absent special measures being taken to provide a reasonable assurance of confidentiality, integrity and authentication, is not an appropriate medium for transmitting privileged information.
Ten key issues had been identified which would have an important impact on how electronic commerce would evolve, whether they would address the significant questions for corporations, governmental bodies, and individuals as to how electronic commerce should be conducted to best serve the disparate interests of consumers and businesses.
Digital signatures feature in two of these 10 key issues in electronic commerce in 1997, which has been described as likely to be a landmark year for the development of electronic commerce. The ten key issues are
o Privacy: How will privacy of information, such as credit card numbers, credentials, etc. be protected during electronic transactions? What legal issues, including the question of encryption, will impact data security and privacy? Will public keys and digital signatures provide adequate privacy protection?
o International Trade Barriers: How will the notoriously unregulated Internet affect typically highly regulated trade in terms of electronic transactions? Are governments applying trade restrictions to international electronic commerce? Should electronic commerce be subject to the same trade restrictions as traditional commerce? Are there international regulatory initiatives addressing cross-border electronic trade?
o Contracts: To what extent is current complex commercial and contract law applicable to electronic-based contracts for transactions? Are digital signatures legally binding for such contracts?
o Payment: What are the leading methods for transaction settlement on the Internet? What are some of the key liability issues surrounding electronic cash and secure credit card payments?
o Liability: Are Internet Service Providers (ISPs) liable for issues of intellectual property, content and security, as pertains to electronic commerce that is conducted over their networks? Who will be liable for failed encryption or authentication procedures?
o Taxation: How will sales taxes, tariffs, and import duties be assessed on electronic-based transactions?
o Fraud and Consumer Rights: How to resolve fraud disputes in online transactions and to adequately protect the consumer from fraud in electronic commerce transactions.
o Intellectual Property: Are there adequate protections for the intellectual property of goods delivered via Internet-based and electronic commerce?
o Standards and Interoperability: What are current government initiatives to standardize the way electronic commerce is conducted? Will those initiatives support or conflict with private, corporate efforts? What are key issues for cross-border interoperability?
o Fairness and Accessibility: Will electronic commerce be only available to those who can afford expensive computers, thereby shutting out the economically disadvantaged in a way not incurred in typical retail and telephone-based commerce? What is the government doing to address this issue?