Post 1: Introduction of Malaysia Cyber Law

Before we proceed to any cases, please allow me to start with the introduction of Malaysia Cyber Law.

What is the Cyber Law?

Cyber law is the law applies to all activities happen in the cyber space, the law that ensure people are not misconduct or misuse the computers and the internet for any bad faith events.

Imagine:

With the online banking access, such as http://www.maybank2u.com.my/, http://www.cimbclicks.com.my/, http://www.hsbc.com.my/, and etc have given a lot of convenience to their clients, where the clients can perform e-financing activities easily thru internet and PC without having them to drive over to the desire bank. In addition, clients also take advantage in time saving as they need not to stay in a long queue like in the past conventional way just to perform an easy transaction. Besides, with those internet accesses, bank can also promote or advertise their promotion to their clients or non-clients easily.

This is a win-win situation, but however, with that kind of easy access, if someone intentionally hack into your account and transfer your money to his/her own interest or even others interest, would you accept? Definitely this is not acceptable and this is the reason why cyber laws exist to protect user from any bad faith unauthorized access.

Malaysia Cyber Laws

As IT and communication technology has rapidly increase and getting more and more important, even government themselves also perform e-government to serve their citizen like hearing citizens complaints so that they can consistently improve their operations with the end in view of fulfilling citizens needs by transforming internal operations such as staffing, technology, process and work flow management. Besides, government also associated with third party like MYEG to provide transactions service to their citizen. From above statement, clearly show that internet or “e” is playing an important role nowadays, hence the cyber laws are equally important to protect the right of the computer and internet user.

Below are the cyber laws which had been approved by our parliament:

1)      the Digital Signature Act 1997

2)      the Computer Crimes Act 1997

3)      the Copyright Act 1987, (Amended in 1997)

4)      the Telemedicine Act 1997,

5)      the Communications and Multimedia Act 1998,

6)      the Communications and Multimedia Commission Act 1998,

7)      the Electronic Commerce Act 2006

References:

You can visit: http://www.pcb.gov.my/ to lodge your complaints

You can visit: www.myeg.com.my

You can visit: http://www.laweddie.com/wordpress/current-cyber-laws-in-malaysia/

Post 2: the Digital Signature Act 1997

This act concerns about the secure of electronic communication especially through the internet. Digital Signature is an identity verification using encryption technique to protect against e-mail forgery. In simple, your signature and contents of the email which mostly use in automating signature-dependent processes; approval, agreement, and acceptance must encrypted during send to receive event. Of cause in order to view the encrypted email, the recipient needs to decrypt it with the given key. The Key can be either public key or private key.  

The beauty of this act is to gain confidence across businesses or organizations that needed paperless environment to process e-approval, e-agreement, e-acceptance or even not to disclose PnC (private and confidential) email as the act ensure that the email receive by the recipient is valid. Valid in the sense that the email are true from correspond person or sender.

You can refer to http://www.agc.gov.my/Akta/Vol.%2012/Act%20562.pdf for more information

How the encrypted work?

To do email encrytion, the very beginning is to make sure your email have an add-on encrytion feature.

For an email encrytion, there are 3 components which must be understand during the process

1) Public key - is a key given to everyone who want to send an email to you

2) Passphrase - Your password unlocks your private key and permits it to be used during read and unlock your public key to send and receive encrypted email.

3) Private key - is a key use to kept your secret on your computer since it is used for decryption

The key consist your name, email and password, and it is generated by the software wizard. Your public key must send to a key server so that sender can use it to send encryted email to you. When you receive an encryted email, you will be requested to key in the passphrase to decrypt that email using your private key.

Post 3: the Computer Crimes Act 1997

Computer crimes act ensure e-user does not misuses of computers and involve in any computer criminal activities

The criminal activities involve:
1. accessing computer material without aunthorization;
2. accessing computer material without authorization;
3. the commission of further offeces;
4. modifying contents of any computer without authorization;
5. wrongfully communicating a number, code, password or other means of access;
6. to a computer or person whom one is not duly authorized to communicate to;
7. abetting in a computer crime
 

The person is find guilty of an offence if he

Under section 3(1):

Intentionally use a computer as a weapon to perform unauthorized access to any program or data held in any computers.

Punishment:

No more than RM50’000 or imprisonment for not more than 5 years or both.

Under section 4(1):

Intent to use a computer as a weapon to perform unauthorized access to any program or data held in any computer with commit or facilitates commission of further offence which causes injury as defined in the Penal Code due to his fraud or dishonesty.

Punishment:

No more than RM150’000 or imprisonment for not mode than 10 years or both.

Under section 5(1):

Intent to use a computer as a weapon to perform unauthorized access to any program or data held in any computer, and make modification of the contents

Punishment:

No more than RM100’000 or imprisonment for not more than 7 years or both.

Under section 6(1):

A person shall be guilty of an offence if he communicates directly or indirectly a number, code, password or other means of access to a computer to any person other than a person whom is duly authorized to communicate

Punishment:

No more than RM25’000 or imprisonment for not more than 3 years or both.

Post 4: Computer Crime Case 1

Hacker takes aim at actress Meghna Naidu

Monday June 28, 2010

POPULAR Hindi actress Meghna Naidu’s (pic) email account was hacked into with posting that she needed “ad-­vice” after she became pregnant following a fling with a man whose name she could not remember, reported Tamil Nesan. - From Star

For news detail, please visit: http://thestar.com.my/news/story.asp?file=/2010/6/28/nation/6560063&sec=nation

In this case, under he/she's (hacker) act is definitely guilty of an offence in the computer crime act 1997.

The hacker would be charge under computer crime act 1997's section 3(1) where he/she had intended to broke into other people account which so call authorized access with his skill or knowledge to perform bad function. The hacker use Meghna Naidu account and chart something suspected "fishy" with her friends on behalf of her and this had alerted Meghna Naidu that her email account had been hacked.

The hacker should know hacking into people account is an irresponsible and dishonestly act where he/she will cause the complainant feel insecure and no privacy. The mentality of the complainant will also get impacted where she could believe the hacker may be forwarded others bad emails to her friends or public using her email account. Besides, the complainant will also feel somebody is detailing watching her or spying whatever she did, as a result causing uncomfortable during her normal life.

Computer crime is not strange to us, even though many of us know that hacking into other people computer is a crime act. How to solve the issue and how to prevent it happen has become the popular topic.
In my opinion, computer user, internet service providers and government are playing their important roles to control the crime happen.

As a computer user, he/she must ensure that his/her computer is integrated with a trustable genuine security system like anti-virus and firewall to protect their PC. The installed security system should always updated to get the latest or enhanced protection. And make sure it always ON.

As a internet service provider, they should also provide good security system to avoid unauthorized access. Having knowledgeable or expertise team to defend unauthorized access is necessary.

We have cyber law and government should ensure the laws must enforce effectively and well educated to the public.

Post 5: Computer Crime Case 2

Malaysian charged with hacking into US bank

Saturday November 20, 2010

NEW YORK: A Malaysian man, charged on Thursday with hacking into computer networks of the US Federal Reserve Bank (FRB) and a defence contractor, was caught by Secret Service agents while selling stolen credit card numbers for US$1,000 (RM3,200) at a diner in New York.

For news detail, please visit: http://thestar.com.my/news/story.asp?file=/2010/11/20/nation/7469956&sec=nation

"US prosecutors described Lin Mun Poo, 32, as an “extremely sophisticated and dangerous computer hacker” in documents obtained from the US Justice Department."

In this case, Lin is offenced the computer crime act 1997 section 4(1) where he intended to use his computer to hack into high security cyber systems of major institutions in the US, including the Federal Reserve Bank and the Pentagon’s security contractors. Resulting in thousands of dollars in damages, affecting 10 or more computers.

I am sure this is a very surprise news to most of the Malaysian where our "neighbor" is in the world headline but unfortunate for the wrong reason.

What a waste, imagine a guys who manage to hack into Federal Reserve Bank which has a high security cyber systems had wrongly utilize his skill in an offence of computer crime. I am sure many IT engineers in Malaysia are envy with the skill Lin has, if the skill are proper utilize in a good way, he at least can easily be a specialist in IT firm in many aspect. He can use his skill to increase our central bank security cyber system or may be give advice to the banker how to defend from hacker hack into their system, he is a good candidate who can understand more on the motive of those hacker compare to others.

Is greedy causing the act or we do not appreciate the skill that Lin has is still questionable.

However, one has to responsible for his own actions, if Lin convicted, he would be facing a potential maximum prison sentence of between six-and-a-half years to eight years.

Post 6: Computer Crime Talk

Search through most popular hacker and I got this link

Please refer to link: http://tekkieblog.com/hackers-of-all-time/

From this link, you may find most of them were very popular hacker in the past.

Kevin Mitnick:
In the past, he was the most-wanted computer criminal in US.
Now, he is a computer security consultant and author.

David L.Smith:
Is the man responsible for the release of the single most costly worm in the history of the internets to that point .
Now, he is working for FBI.

Mudge:
Was a member of the high profile hacker think tank the L0pht as well as the long-lived computer and culture hacking cooperative “The Cult of the Dead Cow”.
Now, he  is now a program manager at DARPA where he will help fund research to defeat cyber attacks.

What all above tell?

In my first thought, the answer came across my mind "looking for a good job, please be a professional and expect hacker". But after when through wiki search for detail on name stated above and other hackers, all hackers get their lesson learn by serving impriosonment or fine depend on type of offence. Example, Kevin Mitnick was served 5 years in prison.

Finally I change my mind and realize your expertise should utilize in good manner and you will be success in future, don’t waste your time in prison.

Post 7: Contract and OnlineContract

Contract 
Agreement occurs only when there are two or more parties agree in something. But not all agreements are legally enforceable for example verbal agreement between a couple

“I will buy a Gucci bag for you” you will never see a girl successfully sue her boyfriend if he didn’t make it, so how an agreement to be legally enforceable? That’s how contract occur.

Contract is legally enforceable agreement between two or more parties mutual obligations. Which party doesn’t obey or broke the contract can be charge in the court according to the Contracts Act 1950.

However, to form a contract there must have 7 elements:

1) Offer and Acceptance
>> One party make an offer make an arrangement that another accepts

2) Consideration
>> A value propose by a promissor to a promisee in exchanging something value given by the promisee to the promissor. Simple, like buyer and seller.

3) Intention to create legal relations
>> Having “heart” to create a legal relationship in the agreement for future reference.
>> Note: But not in social (Government), domestic (Husband and wife, relative and friends)  and family agreement (father, mother, son and daughter)

4) Legal capacity
>> Above age of 21, sound mind (Not crazy)

5) Legality
>> Purpose of the contract must legal or not offence
>> Example: Agreement in selling drug is definitely void

6) Free consent
>> Is not force by another party, willingness and agree about the contract

7) Certainty
>> Contents of the contract must be specify

-------------------------------------------------------------------------------------------------------

OnlineContract

Online contract consist

1)      Shrink-wrap agreements

2)      Click-wrap/Click on agreements

Shrink-wrap agreements

Is an agreement located inside the package or box of the goods. I call this agreement as an agreement inside the agreement. You can easily find this agreement when you purchase any genuine software in a CD form.

Any end user who bought the genuine software would usually need to agree in two agreements which the first agreement is the purchase agreement where you agree to purchase the software with the offered price. You may find the second agreement which normally call “end user license agreement” inside the CD cover or when you try to setup the software. If you read it carefully you may find the corporate actually still own the “software” which means you own the CD but not the software.

Click-wrap/Click on agreements

Is the agreement when you click something in the web. This can be seen during setup an software, there will be a message or term and condition show in the dialog box or pop-up window that you must click “I Agree”, or please check the “I agree” box to continue the setup, in this situation you are tight with the click on agreement.

When you purchase something through internet, you will experience there is a lot of steps that need you to click on “I Agree” or “Next” button to done at least a deal, basically you are in the click on agreement. So beware in what you click when browse thru the net as you can be legally binding.  

Post 8: OnlineContract Talk

We know that a company product "software" can be protected under shrink wrap agreement or click on agreement to prevent end user from using the software or the contents for any bad faith like producing pirated software. To those who producing the pirated software has definitely fail to comply with any material term and condition of the agreement and also offended the Copyright Act 1987. Before 2006, the pirated software can be easily obtain in the market, but after government treat this as a serious offence, many pirated software "seller" has been warned and fined if found guilty, and many of the pirated CD has been confiscated during the operation.

But however, I'm doubt whether this legal action can stop end user from using the pirated software. I guess no, the legal action will only reduce the number of vendor from selling it or produce the software in a physical product (in CD form) but will never stop the end user using the not licensed software because end user still can get it thru net.

Believe or not, many pirated software or non genuine software can be easily found in any computer of most of the PC user.

"PUTRAJAYA: The Domestic Trade, Cooperative and Consumerism Ministry seized RM794,300 worth of pirated software from a private institution of higher learning in Kota Kemuning, Selangor."
Click to see the detail news

What does this tell?


In my opinions,  affordability to have a genuine software is the main issue.

According to salary survey, http://www.interec.net/salary/

Taking an engineer as a example, notice that the salary range in US is almost equivalent to the salary range in Malaysia without converting. However in US, you can get any PC or laptop with the price below than a thousand and you can get most of the software which is less than a hundred. But in Malaysia you will get those with the price of 3x higher than the price selling in US, here's come the problem.

Check US Price:  http://www.compusa.com/main/indexcu.asp?
Check M'sia Price: http://www.pcdepot.com.my/

For example, assuming $600 for a laptop and $70 for a software, so to get a complete system with 10 genuine software installed could be cost American $1300 but for Malaysia the price would be $1300 * 3.1= RM4030. What do you think?

So in general the lower the cost relative to monthly earning, the less the incident of piracy is most of the case I seen. Because most of the people would wish to have a genuine software if the price is affordable.

Price does matter...!! Or cause I will still encourage my friends and myself to use genuine software.. Haha :)

Post 9: Copyright Act 1987

Copyright is legally binding to protect author or creator of an original work, including the right of copy and distribute. Many company will fill copyright, trademark, patents, industrial design rights, trade secrets on their intellectual properties because those are intangible asset for a company.

The intellectual property is a term referring to the creations of the mind. Creation of the mind include music, note, novel, artistic works, discoveries and inventions, design and even any words, symbol and buildings.

Why need to generate copyright?
Simple, this is to protect your work from pirating by other or vice verse.

How to generate copyright?
To generate the copyright, there are two very important element you must know:

1) Originally - the creation must not be copied from others, and must creative enough
2) Fixation - the thing that you wish to fill copyright must at least reduced to a fix form, like paper or book

Note: Idea is not copyrightable.

Do we need to register to get protected?
Copyright itself doesn't not need an official registeration, any created work is considered protected by copyright as soon as the work exists. But certain countries have a national copyright office and some national laws allow the created work to be registered, during any copyright cases those registered will be serve as the highest important evidence in the court.

In Malaysia, the national copyright office is call Intellectual Property Corporation of Malaysia. You can visit the web http://www.myipo.gov.my/.

How to consider copyright infringement?
When a person publishes copyrighted materials, publicly display or performs copyrighted material or performs any act that reduces the value of the copyrighted works.

But however, certain product is not considered as infringement of copyright if the copyrighted material is used for purposes of non-profit research, private study, criticism, review or the reporting of current events. For those we call it as Fair Use, but if this product would like to use it in public, then it must be accompanied by acknowledgement of the title of the work and its authorship.

Post 10: Copyright Case 1

Oprah Sued for Plagiarism: Writer Charles Harris Says Star Read His Work on Talk Show

October 28, 2010

"NEW YORK (CBS) A Philadelphia writer is suing Oprah Winfrey for plagiarism, after she allegedly read on her talk show passages from a political booklet he penned, without permission. ......"

Please click for news details

This is a copyright case happen in New York, where the complainant Charles Harris filled a lawsuit clamming
the language and structure of the questions came out from Oprah Winfrey were exactly the same on his work "How American Elects Her Presidents" which he send some booklet to the show in years ago.

But however from the star 29-March-2011,

"A federal judge in Pennsylvania has tossed out an author's US$100 million lawsuit against Oprah Winfrey for violating the copyright in the political booklet, How America Elects Her Presidents... "

Please click for news details

"Which one of our presidents weighed the most ?"; "William Howard Taft at 327 pounds" Is the question and answer that use to argue in this copyright issue.

Winfrey told the judge to dismiss the lawsuit saying that Harris' lawyers should know that the fact of American presidents are not copyrightable. But the lawyers said compilation of facts based on the selection and arrangement can be copyrightable. However Winfrey pointed out that Harris didn't register his work as a compilation, and it lacked originality, among other things.
 
U.S. District Court Judge Jan DuBois agreed that Harris' work is ''not original,'' and that Winfrey's use of the Fat Taft fact, even if she did learn it from Harris' book, was not an infringement.


Lesson learned from the case:

1) The work must be "originally". In this case, the Harris' work is not creative enough as the questions are based on fact.

2) The infringement would not be consider if is based on fact.

Post 11: the Trade Marks Act 1976

Copyright and trademarks are both intellectual property refer to different area. Copyright is legally binding to protect author or creator of an original work, while the trademarks protect the word, name, symbol or device of a good to identify it from other goods.

For example, HONDA and NISSAN are both popular car manufacturer in the market. To identify the different between HONDA vs NISSAN car, they can be identify via their logo, name, design, performance or spec. Logo and name is the trademarks belong to the company, while the design, performance and spec would be the copyright of the company. Besides, slogan "the power of dreams" - HONDA and slogan "shift the way you move" - NISSAN are also trademarked by both company.

To use a trademarks, the very beginning is to register the trade marks, in section 32(2) of the Trade Marks Act 1976, the registration of a trade marks shall be for a period of 10 years but can be renewed from time to time.

However, there is term and conditions if you want to register a trademarks. A trademarks shall not be registered as a trademark if

1. if the trademarks cause confusion to the public;
2. if it contain any scandalous or offensive matter; example picture of naked girl or picture that sensitive to certain religion would not be protected by any court of law.
3. if it contain a matter which in the opinion of the Register is or might be prejudicial to the interest or security of the nation;
4. if the trademarks had registered or well known;
5. if it contains or consists of a geographical indication with respect to goods not originating in the territory indicated, if use of the indication in the mark for such good in M'sia is of such nature as to mislead the public as to the true place of origin of the goods ; or
6. if it is a mark for wines which contains or consists of a geographical indication identifying wines, or is a mark for spirits which contains of a geographical indication identifying spirits, not originating in the place indicated by the geographical indication in question.

Any person who use a registered trademark or nearly resembling the trademark that cause confusion in the public is consider a trademark infringement.

The most happen trademarks issue in the cyber space can be easily fall under the domain name conflict.

Domain name is the name chosen by the owner which indicate the owner web site address, domain name can be easier to remember instead of publishing an Internet protocol address which in series of numbers form. For example: http://www.google.com/ is the domain name registered under google corporation, http://www.google.com/ can be also call as 209.85.175.103. Domain name is trademark-able, and the issue usually occur when the registered domain name is misleading public which we call domain name conflict or being used in bad faith.

Bear in mind, the domain name is register under first come first serve basis.
Domain name conflict or trademark conflict can be occurred in few ways, which are

1. Cybersquatting;
2. Typosquatting;
3. Commentary or tarnishment;
4. registration of domain names of the competitors.

Post 12: Cybersquatting and Cases

Since domain name is given or registered in first come first serve basis, conflict can be easily occur when one desire domain name is taken by other.

Cybersquatting occur when a owner registered a domain name which consist other owner registered trademark and sell it to the owner for profit purposes.

Cybersquatting case 1: Madonna vs Parisi

"A pornographer who has registered hundreds of domain names could lose one of the biggest gems in his collection: Madonna.com. ..."

Read more: http://news.cnet.com/2100-1023-244734.html#ixzz1J9FeBUMN

Complainant: Madonna

Respondent: Dan Parisi

Parisi, who operates adult entertainment site Whitehouse.com purchased Madonna.com in 1998 for $20'000 from a bulk domain name registrar. However, Madonna who runs her own site at Madonnafanclub.com, has filled a complaint with WIPO to reclaim Madonna.com.

In order to win the arbitration, Madonna has to prove that Parisi register the domain name

1. the Trademark is belong to the complainant
2. the Trademark infringement is confusing public
3. that the respondent has no legitimate interests in respect of the domain name (fair use), and
4. the domain name had been registered and used in bad faith

On the other hand, if Parisi want to win the arbitration, then he has to prove that

1. good reason for the selection of Madonna as a domain name
2. is not confusing public
3. used in good faith

Decision: Favor fall on complainant, the domain name should be tranferred to the complainant.

Reason:

Madonna had registered her name Madonna as her trademark for entertainment services and related goods since 1979. Hence the domain name registered by respondent Parisi is definitely trademark infringement where it confusing public and misleading consumers into thinking the site is somehow related to Madonna.

Pasiri also failed to provide the panel with a resonable explanation why he chose Madonna as a domain name. Furthermore, the registered domain name is also found used in bad faith where Parisi used the address with the intent to attract Internet users to a pornographic Web site.

Cybersquatting Case 2: Nikon Sdn Bhd vs First Web Enterprise

Post 13: Typosquatting and Case

Typosquatting is referring to those registered domain name which is close to the actual domain name where it occur differently in a common misspelling of a trademark, intended typo error, a differently phrased domain name or missing the dot. Typosquatting is intended or targeted to catch the web users who make typographical error when entering a web site address.

Typosquatting Case: Edmunds.com vs Digi Real Estate Foundation (2006)

For details, please visit: http://www.wipo.int/amc/en/domains/decisions/html/2006/d2006-1043.html

Complainant: Edmunds.com, Inc US

Respondent: Digi Real Estate Foundation, Panama

Disputed website: edmundss.com

Observation and lesson learned:

Domain name edmundss.com registered by the respondent is confusingly similar to complainant Edmund’s trademark with an extra letter ‘s’. Edmund’s trademark has been registered by the complainant and www.edmunds.com has been launched since 1995 which was used for automotive information website and is now of the leading online resource for automotive information.

To make any decision, the panel always consider 3 elements according to UDPR policy

1)  Is the disputed domain name confusingly similar

2)  Rights or Legitimate Interests (fair use)

3)  Is it used in bad faith

In fact, the disputed domain name is clearly a typosquatting where it only different from the complainant trademark with an additional letter ‘s’ at the end. Double typing is an easily made typo error by the internet user, when this happen it lead user to a different web. Hence edmundss.com is confusingly similar.

Respondent does not fair use with the registered domain name, where the content of the disputed web is observe similar. Respondent also fail to give any reasonable reason why the domain name was registered.

By offering similar contents, the respondent is expecting commercial gain by attracting the internet users who make typo error, this clearly shown bad faith in using the edmundss.com. Furthermore, respondent has a history of registering domain name in bad faith.

As a result, Panel orders that the domain name edmundss.com be transferred to the complainant.