- Now easier to try cyber crime cases in Malaysian courts
- More challenges to be addressed as both technology and law evolve
THE Malaysian cyber court was set up on Sept 1 and has to date heard a handful of cybercrime cases, both civil and criminal.
At the court’s opening, Minister in Prime Minister's Department Azalina Othman Said, the defacto law minister, said that such a court is necessary to address the increasing numbers of civil and criminal cyber offenses. CyberSecurity Malaysia, a government agency under the Ministry of Science, Technology and Innovation, states that about 30 Malaysians fall victim to cybercrime every day.
The cyber court is essentially a traditional court enabled with Internet and social media connectivity and where the judge, deputy public prosecutor and lawyer are all familiar with the workings of the internet and digital technology, explains A J Surin, an expert on cyber policy and cyber criminology.
Surin, who is also the author of Cyber Law and its Implications, a book on the intersection of law, communications and the internet, explains why the cyber court was set up and how it works.
Why the need?
The concept of a cyber court is not a new one – cybercrime has been around as long as the Internet has – but it is something that is increasingly essential all around the world as technology becomes more pervasive and a vital part of people’s lives.
“Individuals are relying on technology more and more every day, so we need a way of addressing the challenge of crime. This is especially important with the advent of the Internet of Things (IoT), where all our gadgets are connected,” says Surin (pic, right).
Before the cyber court was set up, cybercrimes were tried through the traditional courts. The creation of the cyber court means that judges, prosecutors and lawyers are now able to provide a concerted focus to technology-related cases.
“This means an enhanced efficiency of court proceedings because the stakeholders are familiar with the technology,” says Surin.
Just as with a traditional court, the cyber court is divided into two – a civil and criminal court – to hear different types of cases.
In creating the cyber court, the Malaysian government conducted a study of similar courts throughout the world and then constructed a court that is suited the local environment, culture and people, as well as a court that is able to work with the country’s current cyber laws.
The cybercourt tries cybercrime – that much is self evident – but how is cybercrime defined? In Malaysia, the first cyber laws came into being during the mid to late 1990s and were put in place to assist and enhance the growth of the Multimedia Super Corridor vision or MSC , the national initiative to drive the growth of information communications technology in the country.
Surin explains that there are two types of cyber law in Malaysia – specific and general. Specific legislation are whole Acts that govern cybercrime, such as the Computer Crimes Act 1991.
“These were created or amended to facilitate the growth of Malaysia’s digital economy via the MSC,” he says.
General laws are legislation that has been in existence for many years and have been amended to cover conduct facilitated by technology or regulate behaviour on the Internet. These include the Penal Code, Anti-Money Laundering Act 2001, Sedition Act 1948, Defamation Act 1957 and the Film Censorship Act 2002.
“Basically, general behaviour that is considered wrong in society is taken care of by these laws. But with there being an increasing number of cybersecurity breaches and cyber attacks in Malaysia and around the world, it is very important that the law continues to grow,” says Surin.
There is, however, a need for laws that are not specific to particular technology, he continues. Malaysia’s Digital Signatures Act 1997 can be used to illustrate this. In the Act, the definition of ‘digital signature’ confines it to an asymmetric cryptosystem, a system that is now going out of date.
“A narrow definition of technology in our laws may not cover everything that now exists or a technology that we will use in the future,” explains Surin.
Understanding the real impact
Law as a concept is essentially reactive – it governs behaviour and conditions not present yet, says Surin. In this sense, the law is always trying to keep up with technology. It is essential that it does so for the sustained growth of Malaysia’s digital economy.
That is the bigger picture view; at their core, cyber laws also benefit people and corporations.
Surin says that what people need to understand is that the exponential growth of technology means that crime is increasingly happening online and that the consequences of this are substantial.
What is needed is something of a change in mind sets, from thinking about crime in an offline context – a physical robbery of a bank, for example – to understanding that online crime can be bigger, happen halfway around the world and still have an impact on you.
Surin cites the example of the hack of Sony Pictures Entertainment in 2014 by the hacker group that identified itself as ‘Guardians of Peace’, where confidential data from the film studio, including personal information about employees, was released to the public.
The hack was conducted using malware and destructive tools, and erased data from the servers. More than this, Sony suffered in terms of reputation, while there was some turmoil in the media about reporting the hack and the stolen personal data being published.
“In examining this hack, some experts have drawn parallels to a terrorist attack. It was an attack on the company’s critical infrastructure that caused chaos,” says Surin.
The impact of cyber crime is clear and not always remote – billions of dollars in assets can be stolen in a blink of an eye as well as personal information that can be used to rob you blind or destroy your business.
As to whether Malaysian judges have the required expertise to make sound decisions on cases that come before them, Surin points out that with any niche aspect of the law, there are practitioners who are experts in that particular subject matter. Not every judge will be comfortable dealing with cyber law cases but there are those who do have the requisite expertise. “This is the territory of lawyers and judges who understand the technology and how the law applies to it. It is about familiarity with and passion for the subject matter. These people are experts in legal technology,” says Surin.
To explain, he draws a parallel with a lawyer who specialises in medical negligence. This lawyer may also have some type of medical qualification, extensive experience with medical negligence law, or both.
Surin believes that at this point in the cyber court’s new life, there is not yet a need for formal certification programmes for the judiciary, as the court still needs a little more time to mature. He feels that the time taken by such a programme will likely slow down the court’s growth at this point. Hhowever, he makes it clear that such formal training programmes may benefit the court in the future.
[Above 3 paras added to enhance clarity of article.]
The first step
The nature of cyber crime is such that a person with a computer in Malaysia can commit a crime in the United States. The borderless nature of cybercrime begs the question of jurisdiction.
“This is one of the biggest challenges faced by national courts in any country. Law is jurisdictional, so there are no easy answers here. This is a topic for much further discussion and inter-governmental discourse,” says Surin.
As such, the Malaysian cyber court must continue to grow and evolve not only to keep up with ever-changing technology and more inventive cyber crime, but also to keep contributing to the shaping of the country’s digital economy.
Besides serving justice, the court’s job now is to provide confidence to Malaysian individuals and corporations in that they have an avenue with which they can protect their interests and seek redress should they be victims of cyber crime, says Surin.
“The cyber court is still very young and this is just the first step in a very long journey that the government must take to be on top of regulation and governance of digital technology.”
Why Malaysia should review its ‘no censorship’ Internet policy