3.0 Legislative, Regulatory Framework and Enforcement 3.1 Current Laws Malaysia was one of the earliest countries in Asia to enact the Computer Crime Act in 1997. Subsequent to that, several other cyber laws were enacted. However, based on our findings, most of the cybercrime and cyber related crime had been tried under other Acts as identified in Table 3.1. Table 3.1: Present Laws and challenges in relation to cybercrime cases Act, Clauses and Penalties
Present Issues and Challenges
Computer Crime Act 1997 (CCA) Sec 10(1)(a) CCA 1997
The CCA covers the following offences: • Unauthorised access to computer materials • Unauthorised access to computer with intent to commit/facilitate further offence • Unauthorised modification of content • Wrongful communication of access credentials
Analysing Evidence Sec 10(1)(b) CCA 1997 Power To Compel Assistance In Analysing The Evidence Note: Maximum RM150k and/or 10 years
And the underlying challenges are in identifying the identity behind the cybercrime.
Evidence Act 1993
• Challenges in handling exhibits in electronic evidences and digital formats, which includes preserving and presenting the evidence in a form that is acceptable by the court.
Subsection 90A(2) and 90A(6) of the Evidence Act 1950 (Amendment 2012) - admissibility of documents produced by computers.
• Compliance to international standards such as the ISO/IEC 27037 that provides guidelines in handling digital evidence.
Communications and Multimedia Act 1998 (CMA)
• Require additional provisions to address data retention and data preservation requirements to assist investigations
Consumer Protection • 5th National Policy Objectives – Consumer Confidence Forum, Content Code & Consumer (Sections 94 – 103)
• Need to continue to address data accuracy and integrity of subscribers of telecommunications services through regulatory measures (BERNAMA, 2016)
Cyber Criminals • Offensive content (Sections 211 & 233) • Fraud and related activities (Section 236) • Provisions for the powers of entry, investigations into offence and prosecution (Sections 245 – 262)
• The use of social media and the Internet to spread false contents that could destabilise the country.
Information Infrastructure • 10th National Policy Objectives – Network Security • Technical Standards (Sections 183 & 184) • General duty of Licensee (Section 263) • Special Powers in Emergency (Section 266) • Disaster Plan (Section 267) 37