Malaysian Communication and Multimedia Commission

The Malaysian Communication and Multimedia Commission (MCMC) also known as Suruhanjaya Komunikasi dan Multimedia Malaysia (SKMM) is the regulator for the communication and multimedia industry in Malaysia. The Communication and Multimedia Act 1998 was established. This act intends to implement and promote Malaysian Government's national policy objectives for communication and multimedia sector. Malaysia is a knowledge driven economy, and this legislation helps to govern conduct involving communication and multimedia especially over the internet, broadcasting and telecommunications. In November 2001, when the MCMC was given the additional responsibility of regulating postal and courier services, under the Postal Services Act 1991 (PSA), and certification services, under the Digital Signatures Act 1997 (DSA).

The ultimate aim of the MCMC is to create a globally competitive, efficient and increasingly self-regulated postal, communications and multimedia industry capable of generating growth to meet the socio-economic needs of Malaysia. The MCMC acts as an adviser to the Minister of Energy, Water and Communications on all matters concerning communications and multimedia. As stated in the MCMCA, the MCMC is empowered both to implement and enforce communications and multimedia laws. It also performs the role of a watchdog, in ensuring players in the industry abide by the rules and regulations while at the same time encouraging self-regulation within the industry.

Taking Responsibilty for the Internet

Recently, I read an article written by Eva Yeong on the Sun daily newspaper (www.sundaily.com) entitled Need to enhance IT security, it is a very interesting article regarding the need to make the internet a safer place for the citizens of Malaysia.

Recently, computer & networks security giants 'KASPERSKY' has launched a research center in University of Technology Mara (UiTM). This academical program helps in the exchange of cyber security knowledge and the innovational rising threats that is going on over the internet. People have found new ways of attacking systems. For instance, Kaspersky mentions that malwares are now capable of making money rather than just simple mischief and ATMs are being hit with Trojan viruses and enabling criminals to total access to money. The criminals are getting smarter and find new ways of cracking systems. And thus the Kaspersky Research Center Academy provides a strong base to build a much more secure internet environment. It offers various basic training courses, in depth specialized courses, internship courses and many more.

Launching of the Kaspersky Research Center

Kaspersky says that all these criminal activities is going on due to vast anonymous internet users, he says. "To design a safer e-World we need better Internet regulation, such as Internet Passports for individuals, accreditation for businesses, and temporary storage of necessary requests, whilst there is also a need for what I term an Internet-Interpol

which will see more international police collaboration on cybercrime" Kaspersky encouraged more Malaysians to participate in the programmes offered through the Kaspersky Academy as a starting point to careers in the secure content management solutions industry.

Kaspersky Academy is already running worldwide in many countries and has 20,000 experts and affliated experts to help in the developme

nt of cyber security.

Reference: Need to Enhance IT security by Eva Yeong (http://www.thesundaily.com/article.cfm?id=41174)

Censorship in Malaysia

"In order for us to instil good morals and values in our people, we have to stop importing films that are not appropriate for our country....We imposed the ban after viewing thousands of titles over the last five months." - Shaari Mohamad Noor

"hold on to good values and preserve the family institution" - Tun Dr. Mahathir Mohamad

(http://images.search.yahoo.com/images/view?back=http://images.search.yahoo.com/search/images)

Malaysia is known to have one of the toughest censorship laws. The Film Censorship board of Malaysia which is under the control of Malaysian home office, pay special attention to nudity, sex, profanity, violence and sensitive religious content in films and television production. Censorship can be in books, newspaper, films, internet content, musicians, and content which is pornographic.

According to Wikipedia (www.wikipedia.com), it is said that Malaysia has quiet a reasonable level of freedom of speech. Malaysia was graded 4 points out of 7, with 1 being most free and 1 having the least freedom. Malaysia was also ranked 124th in World Wide Press Freedom index by the Reporters Without Borders. Although Malaysia has a flexible levels of freedom of speech its censorship board is strong.

Banned Products

Movies such as Zoolander (2001) is banned because of a plot line in which an assassination attempt is made on the Malaysian prime minister.

The Prince of Egypt (1998) was initially banned so as not to offend the country's majority Muslim population. The reason given by chairman of the Film Censorship Board was: "We found it insensitive for religious and moral reasons. Because of the many races in Malaysia, religion is a very sensitive issue." It was passed for VCD and DVD release by Berjaya HVN

Many books such as the indonesian version of Charles Darwin's origin of Species, the Iban bible, The Vagina Monologues, and many more are banned for sale and distribution in Malaysia. You will be able to find a list of vast banned items on wikipedia.

It has also come to concern that strict censorship laws should be applied on the internet. According to Wikipedia Encyclopedia. Deputy Science and Technology Minister Kong Cho Ha has announced that all Malaysian news blogs will have to be register with the Ministry of Information. He justified this by stating the law was necessary to dissuade bloggers from promoting disorder in Malaysia’s multi-ethnic society.

Reference (www.wikipedia.com)

My Poster

This is my poster to create awareness for Cyber crime.

"it's against the law"

The sources of the original pictures are from google's image gallery.

Tutorial question 2

Q. Meera has been receiving emails from travel companies that keep offering her holiday packages to various places in the world She replied to the senders to stop emailing her, but only to find that the emails keep coming and flooding her inbox. She came to you to on the legal aspects that may arise out of this practise by the travel company. Advise her on both criminal and data protection aspects.

A.Meera could charge the company under Communications & Multimedia Act 1998. If the company is found guilty. Than the company can pay a fine up to RM 50,000. There are no personal data protection (PDP) laws still available in Malaysia.

Tutorial question 1

Andrew is a computer science student attached with Microhard Corporation in Cyberjaya as a practical trainee. One day he managed to crack the company’s information system but did not do anything afterwards. The following day he also managed to intrude into Microhard’s Corporation’s website system and then posted his picture in the front page of the website and left his mobile number below his picture hoping that someone will call him and make friends. Subsequently his phone rang, but unfortunately it was his training manager who called and later warned him that actions will be taken. Upon investigation, it wad also revealed that Andrew had previously leaked the company’s system access code to his friends at University, to who he also sent emails telling bad things about his manager. Advise Microhard Corporation on various potential liabilities of Andrew from the above incidents, with reference to various cybercrimes laws applicable in Malaysia.

Under the Computer Crimes Act 1997 and Communications & Multimedia Act 1998, a few charges could be faced by Andrew. And these charges are:

1. "One day he managed to crack the company's information system but did not do anything"

Andrew can be charged under CCA s.3(1) which falls under unauthorized access to computer, computer system & computer network (intrusion) which the punishment could be a fine up to RM 50000 or up to 5 years imprisonment or both.

2. "Andrew intrude into his company’s website system" again for the second time.

Andrew can be charged under CCA s.3 (1) which falls under intrusion win which the punishment could be a fine up to RM 50000 or up to 5 years imprisonment or both.

3. "Andrew posted his picture on the front page of the website and left his mobile number below his picture so that someone will call him & make friends."

Andrew can be charged under CCA s.5 (1) regarding unauthorized alteration, amendment & modification of data CCA s.5 (1) which falls under unauthorized alteration, amendment & modification of data. And the punishment could be a fine up to RM 100000 or up to 7 years imprisonment or both.

4. "Andrew leaked the company’s system access code to his friends at University."

Andrew can be charged against CCA s.6(1) which covers unauthorized communication of passwords in which the punishment will be fined up to RM 25000 or up to 3 years imprisonment or both.

5. "Andrew sent e-mails telling bad things about his manager."

Andrew can be presed charges under the Communication & Multimedia Act 1998 (CMA) s.211 which regards e-mail with false spreading and e-mail with hatred and abusive content in which the punishment will be fined up to RM 50000 or up to 1 year imprisonment or both.

Computer Crimes Act 1997

In 1997, Malaysia adopted the Computer Crimes Act 1997. This act is similar to United State's Computer Fraud and Abuse Act 1986, United Kingdom's Computer Misuse Act 1990 and Singapore's Computer Misuse Act 1993. These laws govern the conduct of use of computers, internet and network usage and protect the consumers from intrunsion, fraud, deception and theft within the on-line community. Computers are defined more deeply under the section 2, and refereed to as any device of interelated electronical and mechanical system enable to process data, calculate mathematical functions, store data, communicate data and display data. These do not include type writers and calculators. And networks are defined as "the interconnection of communication lines and circuits with computer or a complex consisting of two or more interconnected computers"

Under the CCA 1997 certain rules with penalty is enforceable in Malasyia.

Section 3 of the CCA 1997 is regarding the unathorized access to computer materials.

Section 4 of the CCA 1997 is regardin the unathorized access with the intent to commit or facilitate commission of further offence.

Section 5 of the CCA is regarding the unauthorized modification of the contents of any computer.

Section 6 regards the wrongful communication.

Section 7 Abetments and attempts punishable as offences.

Section 8 Presumption

The penalty could be a fine of up to RM 50,000 depending on the conduct of crime or could be imprisoned up to 10 years or even both.

Using digital signatures

Digital signature has become a way to authenticate the identity of a sender and to ensure that the original message or document is not tempered. It is a technological scheme that ensures the authenticity of digital messages and documents. It ensures the receiver that it was sent by the original creater of the message and it was not tampered by any other party during the transmission.

How it works:

The document is first converted by a software into a mathematical hash (a encrypted format of the message) and a private key is used to seal this encrypted message. When the sender receives the message, it will use a public key which was generated by the private key to decrypt the message hash to the valid message. The technicality of this is more complicated, but it is very important for financial data to be secured when being shipped away. Banks use this technological system to secure 24 hour transactions of financial data across the world. Digital signatures can be used to secure internal communication between banks across the nation.

image: Source (http://www.digitalsignature.in/digital-signature-pic.jpg)

Protection in the Cyber world

Now a days, vast amounts of information of internet users are gathered by corporate websites and their databases. Information such as name, address, contact numbers, mothers maiden name, financial information and other sensitive information is being accumulated by corporate entities to conduct their business operations in the Cyber world.

Now, these corporations such as private companies, banks and insurance companies hold very sensitive data of people. And as internet users are the primary stakeholders in this Cyber world, they should be aware of the many issues going on in. There are vast databases maintained by these entities which includes passwords to financial accounts or other accounts accessible to vital resources. In an article "Beware on inside job" written by Tan Weizhen of the Singapore Straits Times says that Singapore criminal activities on personal data is growing, especially in the financial sector. He further explains that investigations show that a lot of inside jobs are going on to create internally perpetrated fraud. Employees within the entity are stealing sensitive data for means of deceiving their customers. It was reported that 43% of the complaints was from the financial sector, other sectors included government agencies, energy sectors, manufacturing, retailing and technology sectors.

And Malaysia also has similar figures, and equally growing amounts of reports on personal data fraud schemes. And large corporations must ensure that these personal information is protected. Malaysia is still very new to the issue of digital protection, and the parliment is in the process of establishing Personal Data Protection (PDP) Bill and the 1st complete draft is available on the Malaysian parliment website. Basically what this bill states is the regulation of the data and how data should be kept confidential and private.

To sumerize in breif, the PDP bill contains 9 elements/principles governing how data should be collected, organized and handled with.

1. Personal data shall be collected fairly and lawfully

2. The purpose of collection of data must be stated

3. Use of personal data must be stated

4. Discloser of personal data shall be limited

5. Accuracy of personal data must be ensured

6. Retention of personal data- data kept only for a particular purpose and no other than that.

7. Access to and correction of personal data

8. Security of personal data

9. Information to be generally available

This PDP bill not only tries to protect the users, but provides a legal framework for entities to follow. Regarding the case in Singapore, these entities in the overall economy must take measures to digitally, electronically and physically secure personal data.

National Conference on PDP Law '09

(Source: www.pdpconsulting.com.my/.../2009/10/pdp_1.jpg)

For more further reading, check out my reference links, its just a google away!!. . .

Reference :

Personal Data Protection (PDP) Bill 2009, Sonny Zulhuda on December 5, 2009

Beware inside jobs, By Tan Weizhen. Singapore Straits times Dec 9 2009.

http://www.parlimen.gov.my/billindexbi/pdf/DR352009E.pdf