By: Sonny Zulhuda (An Op-ed for the New Straits Times)
As we are approaching the new year 2024, hopes are mounting of having a safer and more convenient cyberspace for all. Moreover, when aligned with various national agendas to strengthen digital transformation to make the country’s digital economy and data sovereignty a success, we certainly hope that our critical national information infrastructures continue to be more resilient in the future.
We read with interest a recent statement by the government that aims to combat online criminal activities by formulating a decisive policy through the collaboration of its Legal Affairs Division and the National Anti-Financial Crime Centre (NFCC). Minister in the Prime Minister’s Department (Law and Institutional Reform), Datuk Seri Azalina Othman, was quoted to announce plans to bring about clarity in this matter through the amendment of existing laws and introducing a new specific law (New Strait Times, 20/12/2023).
This announcement cannot come at a better time, i.e. when we are constantly under a myriad of cyber security threats and negative effects of offensive content. Our law needs to be improved further considering that cybercrimes keep on transforming. Despite some improvements such as the passing of new laws like the Sexual Offences Against Children Act 2017, the National Anti-Financial Crime Centre Act 2019 and the Penal Code amendment on the offence of stalking (including cyber stalking), some loopholes are still needing our urgent attention.
Two Key Concerns on Cybercrime
The key concerns for this legal development are two-fold: One, online criminal activities keep evolving, changing and expanding in terms of forms, manners and impact. Our cyber laws which were pre-dated more than two decades ago will not be able to accommodate the new types and methods of criminal activities. Secondly, we know that cybercrime is international and extraterritorial in nature. We cannot deal with it alone; this global problem needs a global solution. Therefore, submitting to international legal enforcement is a necessity.
Doing it alone is not an option anymore. We need to quickly adapt to the international standard and work with the international community, both regionally and globally.
Cybercrime Reform Needed
Based on the above concerns, some points are worth considering: Firstly, we need to reform some of our old laws: create more cybercrime offences to capture the latest developments. Cyber wrongs such as system obstruction, misuse of devices, data breaches, identity theft as well as the provision of facilities to commit cybercrime need to be criminalised.
Secondly, preventive and responsive measures are equally necessary such as requiring organisations to establish a minimum baseline of cybersecurity and cyber-hygiene standards and practices. Enhanced protection of critical national information infrastructure is a must. When a data breach occurs, an immediate reporting mechanism should be made mandatory so that people may be alerted as soon as possible and take necessary measures to mitigate the potential loss, such as by changing passwords, freezing an account, or taking other security steps. Some procedural reforms would be necessary such as the obligation to preserve data and to disclose such data when needed for investigation. These are among the areas that need to be revisited.
The Problem of Cyber Fraud Mules
Thirdly, there is a disturbing trend relating to online or cyber fraud: the culprit use mule accounts as intermediary to receive illicit funds from their criminal activities. The question is, how much does our law enable the enforcement agencies to take a swift coordinated action? Laws need to allow agencies to freeze the account immediately and temporarily to prevent the money from flowing elsewhere. Some attempts have been made in the past to criminalise the mules, which is necessary. But the problem is, there are so many “innocent” people who allow their phone numbers, email addresses or bank accounts to be made a mule. What should be done to prevent this trend of innocent intermediary? Imposing a strict liability or presumption of guilt would not be fair to them. Perhaps the best answer lies in education and awareness rather than the strict treatment of the law against those mules.
Anticipating the New UN Convention
Fourthly, Malaysia needs to participate in the international treaty on cybercrime. Currently, there is only one Budapest Convention that is available for us to consider. But at the same time, Malaysia and other United Nations member countries have been actively negotiating a new UN draft convention on the use of information and communications technology for criminal purposes. Once concluded, this will be the best avenue for our global and collective efforts in addressing online criminal activities, both at preventive and responsive phases. With the increasing initiatives of today’s Madani Government on embarking the digital transformation, these legal reforms relating cybercrimes are clearly and urgently necessary.
TRIBUTE 