Journal of Law, Information and Science
|
|
Home
| Databases
| WorldLII
| Search
| Feedback
Journal of Law, Information and Science |
|
P.S. SANGAL[*]
Electronic commerce law in Malaysia is examined here in the light of the Multimedia Super Corridor Project and the objectives of government policy. Six so-called cyber laws are examined here in relation to their impact on electronic transactions. The laws include the Copyright (Amendment) Act 1997, the Computer Crimes Act 1997, Telemedicine Act, 1997, Digital Signatures Act 1997, Communications and Multimedia Act 1998 and the Communications and Multimedia Commission Act 1998. A global e-commerce law is suggested as a means of avoiding problems in the years ahead.
Malaysia is among the first in the southeast Asian region to begin enacting laws dealing with laws related to information technology and the Internet. However these laws have been enacted in instalments.
Electronic commerce (e-commerce) laws in Malaysia are made up of a package of laws going under the name of cyberlaw. These laws have been enacted in a short time in order to fulfil the Prime Minister’s promise given to worldwide information technology (IT) companies which have come to participate in the prestigious Malaysian Multimedia Super Corridor (MSC) Project. Covering an area of 15 kms by 50 kms stretching from the Kuala Lumpur City center to the new International Airport at Sepang, the MSC is being developed with the best physical infrastructure facilities. In the words of the Prime Minister of Malaysia, Dr Mahathir Mohamad, “ a global bridge to Asia for the new millennium which will be a huge testbed for trying out not just the technology, but also the way of life, in this age of instant and unlimited information.”[1]
The MSC is a unique experiment that Malaysia has embarked upon. It is expected that this region will become the ‘Silicon Valley’ of Malaysia. To make the MSC concept take concrete form, seven primary areas for multimedia applications have been identified. These ‘flagship applications’ offer an unprecedented opportunity to local and international business through the provision of concessions and guarantees.
The development of flagship applications are facilitated by government ministries and agencies that report directly to the MSC Implementation Council, chaired by the Prime Minister of Malaysia. These agencies work in close partnership with leading international and Malaysian multimedia companies to clarify the concepts and create detailed implementation plans. Joint government private sector teams that developed proposals for each flagship application between December 1996 and June 1997 are now being implemented.[2]
Through the flagship applications, the Government of Malaysia has extended an open invitation to the multimedia community in Malaysia and throughout the world to participate in the Multimedia Super Corridor (MSC) Project.
Table 1. Flagship Applications and Lead Agencies responsible for their development.[3]
|
Flagship Applications
|
Lead Agency
|
|
Electronic Government
|
Malaysia Administrative Modernisation & Planning Unit (MAMPU)
|
|
MultiPurpose Card
|
Bank Negara [Central Bank]
|
|
Smart School
|
Ministry of Education
|
|
Telemedicine
|
Ministry of Health
|
|
Worldwide Manufacturing Webs
|
Ministry of International Trade & Industry
|
|
R & D Cluster
|
Ministry of Science, Technology & Environment
|
|
Borderless Marketing
|
Multimedia Development Corporation (MDC)
|
Till 12 March 1999, a total of 203 companies, including 29 world class corporations, had been given MSC status,[4] including Microsoft and Sun Microsystems. Up to July 20, 2000 a total of 347 companies, including 36 world class companies, had been given MSC status, the target being to have 500 MSC status companies by 2003.[5]
Cyberjaya was officially launched in June 1999. The Multimedia Development Corporation Sdn. Bhd. (MDC), the agency responsible for implementing the MSC project, has given companies with MSC status one year from June 1999 in which to relocate their operations to Cyberjaya. Companies who fail to do so would lose their MSC status. This is a condition of the award of MSC status.
The relocation deadline was imposed to ensure that the MSC status companies would not operate in isolation from the others. “Technology had enabled the realisation of some of the applications developed by some of our MSC companies. Thus, one should leverage on the presence of the others. That is what Silicon Valley in the United States has been doing over the years”.[6]
As noted above one important flagship application is that of Borderless Marketing within which one finds e-commerce. In order to ensure the sanctity of e-commerce, particularly global e-commerce, and in order to protect IT and its products generally, and which may have a direct impact on the flow of e-commerce, a number of laws have been enacted which may broadly be described as cyber laws.[7]
Malaysia amended its copyright laws through the Copyright (Amendment) Act 1997, and has enacted the Computer Crimes Act 1997, Telemedicine Act 1997, the Digital Signatures Act 1997, the Communications and Multimedia Act 1998 and the Communications and Multimedia Commission Act 1998. Malaysia is extremely keen to protect IT as can be judged by the following paragraph in the Explanatory Statement of the Copyright (Amendment) Bill 1997.
Technology development, especially information technology, has challenged traditional concepts of copyright protection. The proposed establishment of Multimedia Super Corridor (MSC) will generate both challenges and opportunities for Malaysia. The success of the MSC will, to a certain extent, be determined by the contents that move through it. These include educational works, entertainment products and information that are protected under the copyright law. For the MSC to realise its full potential, it is essential that adequate legal protection be made available to these works. It is proposed the Act be amended to this end, taking into account recent international developments in respect of certain copyright works.
At a diplomatic conference in Geneva, convened by the World Intellectual Property Organisation (WIPO) on 20 December 1996, two new Treaties, the WIPO Copyright Treaty (WCT 1996) and the WIPO Performances and Phonograms Treaty (WPPT 1996) were adopted. The WCT, according to its Preamble, was a response to the recognition of “the need to introduce new international rules and clarify the interpretation of certain existing rules in order to provide adequate solutions to the questions raised by new economic, social, cultural and technological developments” and also a response to “the profound impact of the development and convergence of information and communication technologies on the creation and use of literary and artistic works”[8].
The Copyright Act 1987 is discussed here as part of the cyber law as part of its provisions seek to punish infringement of copyright on the Internet.
By the Copyright (Amendment) Act 1997, Malaysia changed its law along the lines suggested by the WIPO Treaties of 1996 and has attempted to take care of the special problems created by developments of the Internet.
By adding three new modes of copyright infringement, the Copyright (Amendment) Act 1997 has introduced three new corresponding offences under section 41 of the Copyright Act 1987. These are:
1. Circumventing or causing the circumvention of any effective technological measures that are used by authors in connection with the exercise of their rights and that restrict acts not authorised by them,
2. the removal or alteration of any electronic rights management information without authority, and
3. distributing, importing for distribution or communicating to the public, without authority, works or copies of works in respect of which electronic rights management information has been removed or altered without authority.
Such offences are punishable by a fine of a maximum of two hundred and fifty thousand Malaysian Ringgit (RM250,000) or by imprisonment for a term of a maximum of three years or to both and any subsequent offence, by a fine of a maximum of five hundred thousand Malaysian Ringgit (RM 500,000), or imprisonment for a term of a maximum of five years or to both. It is evident that these new offences are viewed rather seriously by the law given that protecting copyright on the Internet may assist e-commerce.[9]
The Computer Crimes Act 1997 has been enacted to directly strengthen the strategy for prevention of misuse of computers.[10] This Act aims “to provide for offences relating to the misuse of computers”. The following acts in relation to computers are declared as offences and prescribes heavy penalties:
1. knowingly causing a computer to perform any function with the intent of securing unauthorised access to any program or data held in the computer. The penalty is a maximum of RM 50,000 or imprisonment for maximum of five years or both (sections 3);
2. committing an offence referred to in section 3 with intent to commit an offence involving fraud or dishonesty or which causes injury as defined in the Penal Code or facilitating the commission of such an offence whether by himself or by any other person. The penalty is a maximum of RM150, 000 or imprisonment for a maximum of 10 years or both (sections 4);
3. doing an act knowingly which will cause unauthorised modification of the contents of any computer. The penalty is a maximum of RM100,000 or imprisonment for a maximum of seven years or both. But if the act is done with the intention of causing injury as defined in the Penal code, the penalty will be enhanced to a maximum of RM150,000 or imprisonment for a maximum of 10 years or both (section 5);[11]
4. communicating directly or indirectly a number, code, password or other means of access to a computer to any person other than a person to whom he is duly authorised to communicate. The penalty is a maximum of RM 25,000 or imprisonment for a maximum of three years or both (section 6);
5. a person who abets the commission of or who attempts to commit any offence under this Act, or who does any act preparatory to or in furtherance of the commission of any offence under this Act, shall be guilty of the offence and shall be liable to the punishment provided for the offence: Provided that any term of imprisonment imposed shall not exceed one half of the maximum term provided for the offence (section 7).
Here it will be worthwhile to give some details of a recent report of an attempted computer crime involving a bank.[12] The hacking attempt came to light on August 21, 2000 when several Internet users reported that they had received email from some one posing as a Maybank official.[13] The email offered users “Maybank 2 U online tools” that could be downloaded from a website at maybank2u.rvx.net.[14] The “tools” were in fact programme files, one of which was a Trojan horse, a destructive programme that masquerades as benign application. The experts believe that the function of these files was to steal passwords or other login information relating to Maybank’s online banking service Maybank 2U.com.[15] It is believed that the hacking attempt could constitute an offence under sections 3 and 4 of the Computer Crimes Act 1997, stated above.
Looking to the incidence of ever increasing computer crimes the fact can not be overemphasised that curbing computer criminals is a matter of utmost urgency for e-commerce as they can even destroy[16] the Internet which is the backbone of e-commerce.[17]
Section 2 of this Act defines “telemedicine” to mean the practice of medicine using audio, visual and data communications.
Section 3 states that no person may practise telemedicine other than (a) fully registered medical practitioner holding a valid practising certificate, or (b) a medical practitioner who is registered or licensed outside Malaysia and (i) holds a certificate to practice telemedicine issued by the Malaysian Medical Council; and (ii) practices telemedicine from outside Malaysia through a fully registered medical practitioner holding a valid practising certificate.
Section 3 provides that any person who practises telemedicine in contravention of this section, notwithstanding that he so practises from outside Malaysia, shall be guilty of an offence for which the penalty may be a maximum of RM 500,000 or imprisonment for a maximum of five years or both. There is hardly any need to mention here that when telemedicine takes off in Malaysia, there will be lot of sale and purchase of medical services online, involving e-commerce.[18]
This is the lengthiest of the six cyberlaws enacted so far in Malaysia. It has 282 sections and one schedule[19]. Traditionally, broadcasting, telecommunications and computing have been treated separately. If the convergence of technology towards digital modes continues it will be no longer realistic to maintain a separation of consideration of these modes of communication. This law has been enacted to replace the two existing laws on Telecommunications and Broadcasting, namely, the Telecommunications Act 1950 and the Broadcasting Act 1988.
The Communications and Multimedia Act 1998 establishes a framework for regulatory intervention to promote Malaysia’s national policy objectives for the communications and multimedia industry. This is an evolving industry in which a range of traditionally stand alone industries are converging. The activities and services regulated under this Act include traditional broadcasting, telecommunications, and online services, including the facilities and networks used in providing such services, as well as the content, which is supplied via the facilities and networks.
The key participants in the industry who are to be regulated under the Act include the following:
• network facilities providers, who are the owner of facilities such as satellite earth stations, broadband fibre optic cables, telecommunications lines and exchanges, radio communications transmission equipment, mobile communications base stations and broadcasting transmission towers and equipment;
• network services providers, who provide the basic connectivity and bandwidth to support a variety of applications;
• applications service providers, who provide particular functions such as voice services, data services, content based services, e-commerce and other transmission services; and
• content applications service providers, who are a special subset of applications service providers including traditional broadcast services and newer services such as online publishing and information services.
Section 126 of the Act states that subject to exemptions granted by the Minister, no person shall:
(a) own or provide any network facilities;
(b) provide any network services; or (c) provide any applications services, except under and in accordance with the terms and conditions of a valid individual licence or a class licence[20], granted under this Act, expressly authorising the ownership or provision of the facilities or services.
Contravention of this section will entail penalty of a fine not exceeding five hundred thousand Ringgit or imprisonment not exceeding five years or both and a further daily fine of one thousand Ringgit for every day or part of the day during which the offence is continued after conviction.
In Part X (Chapter 2 Additional offences and Penalties), Sections 231 and 241, enumerate some offences which are relevant for the purposes of e-commerce.
Section 231 declares it to be an offence for a person to use any apparatus or device, without authority, with intent to obtain information regarding the contents, sender or addressee of any communication. Section 232 declares it to be an offence for a person to fraudulently use network facilities, network Services, etc. Section 233 declares improper use of network facilities, etc, to be an offence.
The following acts have also been declared as offences under this law:
• Section 234 Interception and disclosure of communications without lawful authority.
• Section 235 Damage to network facilities, etc.
• Section 236 Fraud and related activity in connection with access devices, etc.
• Section 239 Unlawful use, possession or supply of non standard equipment or device and
• Section 240 Distributing or advertising any communication equipment or device for interception of communication.
This law provides for the appointment of Malaysian Communications and Multimedia Commission as a body corporate with perpetual succession and common seal. This is the main body, a mention of which is to be found everywhere in the Communications and Multimedia Act 1998.
Under section 16 of this Act, the Commission shall have all the functions imposed on it under the Communications and Multimedia Act 1998 and, without prejudice to the generality of the foregoing, the Commission shall also have the following functions:
(a) to advise the Minister on all matters concerning the national policy objectives for communications and multimedia activities;
(b) to implement and enforce the provisions of the communications and multimedia laws;
(c) to regulate all matters relating to communications and multimedia activities not provided for in the communications and multimedia laws;
(d) to consider and recommend reforms to the communications and multimedia laws;
(e) to supervise and monitor communications and multimedia activities;
(f) to encourage and promote the development of the communications and multimedia industry including in the area of research and training;
(g) to encourage and promote self-regulation in the communications and multimedia industry;
(h) to promote and maintain the integrity of all persons licensed or otherwise authorised under the communications and multimedia laws;
(i) to render assistance in any form to, and to promote cooperation and coordination amongst, persons engaged in communications and multimedia activities; and
(j) to carry out any function under any written law as may be prescribed by the Minister by notification published in the Gazette.
This Commission being the main body “ to implement and enforce the provisions of the communication and multimedia laws” is likely to play a significant role in helping and regulating e-commerce. Under the Communications and Multimedia Act 1998, the following regulations have been formulated.
1. Communications and Multimedia (Licensing) Regulations 2000, under section 16 of the CMA 1998. These regulations came into operation on April 1, 2000.
2. Communications and Multimedia (Spectrum) Regulations 2000, under sections 16 and 158 of the CMA 1998. These regulations came into operation on April 1, 2000.
3. Communications and Multimedia (Technical Standards) Regulations 2000, under sections 16 and 158 of the Act. These regulations came into operation on April 1, 2000, except sub-regulation 26(4) and the Fifth Schedule, which shall come into operation on April 1, 2001.
4. Broadcasting (Licenses for Television Broadcast Receivers) and (Dealing in Radio and Television Broadcast Receivers) (Revocation) Regulations 2000 under section 273 (2) of the CMA. These regulations came into operation on April 1, 2000.
Besides these Regulations, which are made by the Minister in consultation with the Commission, the following guidelines have also been formulated by the Malaysian Communications and Multimedia Commission:
1. Guidelines on Substantial Lessening of Competition under section 134.
2. Guidelines for Development of Codes of Conduct for the Communications and Multimedia Industry.
3. Forum Handbook: A Guide for Forums under the Communications and Multimedia Act. In addition, the Commission under section 169 has also issued a Notification of Issuance of Class Assignments. This Notification came into operation on April 1, 2000.
New communication systems and digital technology have made dramatic changes in the way people live and act. Businesses and consumers are increasingly using computers to create, transmit and store information in the electronic form instead of traditional paper documents. Information stored in electronic form has many advantages. It is cheaper, easier to store, retrieve and speedier to communicate. At present most legal provisions assume the existence of paper-based records and documents and records which must bear signatures. Since electronic commerce eliminates the need for paper based transactions, the need for granting legal recognition to electronic records and electronic signatures has became very urgent, if countries want to promote electronic commerce. The Digital Signature Act, 1997 (DSA) came into force on October 1, 1998 together with the Digital Signature Regulations 1998.
Digital Signature Act 1997 is “an Act to make provisions for, and to regulate the use of, digital signatures and to provide for matters connected therewith”. Thus, it deals only with digital signatures and does not provide for electronic contracting.[21] It means that for e-commerce, contracts will be governed by the Contracts Act 1950. But this Act is not in a position to adequately cover electronic contacts. Thus, there is an urgent need to amend the Contracts Act 1950 so that it may properly accommodate e-contracts.
Section 2 (Interpretation section) of the DSA defines a digital signature as follows:
“Digital signature” means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine whether the transformation was created using the private key that corresponds to the signer’s public key; and whether the message has been altered since the transformation was made.
Let us now take up the various terms used here.
(1) “Message” means a digital representation of information.
(2) “Asymmetric Cryptosystem” means an algorithm or series of algorithms, which provide a secure key pair.[22]
(3) “Key Pair” means a private key and its corresponding public key in an asymmetric cryptosystem, where the public key can verify a digital signature that the private key creates.
(4) “Private Key” means the key of a key pair used to create a digital signature.
(5) “Public Key” means the key of a key pair used to verify a digital signature.
The main thrust of Part II[23] of the Digital Signature Act is the appointment of a Controller of Certification Authorities by the Minister for the purpose of “monitoring and overseeing the activities of certification authorities”.[24] The main function of a certification authority is to issue digital signature certificates to persons who wish to subscribe to a certificate containing the keys for the purpose of securing the confidentiality of the information.[25] The Controller is required by section 3(5) to maintain a publicly accessible data base containing a certification authority disclosure record for each licensed certification authority. The Controller is also required to publish the contents of the database in at least one recognised repository[26].
In order for a person to operate as a certification authority, he must hold a valid licence issued under the DSA. If a person operates as a Certification Authority without a valid licence, he commits an offence and, if convicted, shall be liable to a fine not exceeding five hundred thousand ringgit or to imprisonment for a term not exceeding ten years or both[27]. However, the Minister may exempt any certification authority from taking a licence where the certificates and key pairs are issued to members of the organisation for internal use only[28].
The licensing procedure is dealt with in detail by both the Act and the Regulations. Regulation 5 of the Digital Signature Regulations 1998, lays down that a licence to operate as a certification authority shall be issued in two stages, namely, (a) the establishment stage[29]; and (b) the operation stage.
This company claims that no matter what the electronic security needs are, they have just solutions for the unique situation of every customer. Digicert Sdn Bhd offers four classes of products to suit the business requirements. From securing the day to day email exchange to protecting the company’s new server system, Digisign Certificate offers, according to Digicert, the most comprehensive online security coverage[30].
Table 2 Digicert Product Details
|
Product
|
Uses
|
Reliance limits
|
Storage
|
Registration
|
Annual Price
|
|
Digisign ID
|
General email signatures & encryption
|
medium
|
User’s hardisk
|
From this homepage
|
RM20
|
|
Digisign ID Basic
|
Legal transactions/communication
|
higher
|
Smart card virtual card
|
In person from RA or Digicert
|
RM40
|
|
Digisign ID Enhanced
|
Legally binding business applications
|
highest
|
Smart card
|
In person from RA or Digicert
|
RM100
|
|
Digisign Server ID
|
Secure web server for all functions above
|
highest
|
|
In person from RA or Digicert
|
RM500
|
Digisign ID is the least secured and Digisign Server ID is the most secured. Both IDs will be more like an identity card for daily interaction for the purpose of proving one’s identity. Both ID’s use a Public Key Infrastructure (PKI) system, which has a matching pair of decryption encryption keys. Each key performs a one way transformation of data and each key is the inverse of the other. For instance, whatever one does, only the other can undo. The owner keeps the private key secret while the public key is made accessible by everyone. Private key is made with a high degree of security and is legally a valid proof of identity. Smart Card will be the highest possible security for storing and executing to avoid private key being exposed to theft, tampering, unauthorised use.[31]
Trustgate has been established as Malaysian Certification Authority of choice under the Digital Signatures Act 1997. This company officially received its operational licence on September 20, 2000 and announced that the company was now fully operational.[32] Products offered by this company include Verisign digital IDs, client certificates the only scaleable technology which has been proven to produce more than a million certificates and Verisign secure server IDs, currently in use at 95 per cent of sites providing secure sessions for their users and spanning virtually every major industry.[33]
Section 19 authorises the Controller of Certification Authorities to recognise certification authorities licensed by governmental entities outside Malaysia that satisfy the prescribed requirements. Part X of the Digital Signature Regulations 1998 consisting of regulations from 71 to 76 prescribe the detailed rules in this regard. There are some efforts being made in this regard to forge links with ASEAN countries in the first instance.
Part V of the DSA (consisting of sections 62 to 67) deals with effect of digital signature. Section 62(1) declares that where a rule of law requires a signature or provides for certain consequences in the absence of a signature, that rule shall be satisfied by a digital signature if:
(a) that digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
(b) that digital signature was affirmed by the signer with the intention of signing the message;
(c) the recipient has no knowledge or notice that the signer
(i) has breached a duty as subscriber;
(ii) does not rightfully hold the private key used to affix the digital signature.[34]
Section 62 is followed by two deeming provisions in Section 64 (digitally signed message deemed to be written document) and section 65 (digitally signed message deemed to be original document). After this, section 67 lays down a presumption[35], namely, that in adjudicating a dispute involving a digital signature, a court shall presume that a certificate digitally signed by a licensed certification authority and (i) published in a recognised repository; or (ii) made available by the issuing licensed certification authority or by the subscriber listed in the certificate, is issued by the licensed certification authority which digitally signed it and is accepted by the subscriber listed in it.
Section 70 of DSA and Part IX[36] of the Regulations lay down rules in regard to according recognition to date/time stamp services and effect of the timestamp by the recognised date/time stamp services. Speaking about the effect, regulation 59 (1), says that the date and time stamped on a document and digitally signed by a recognised date/time stamp service shall, unless it is expressly provided otherwise, be deemed to be the date and the time at which the document is signed or executed[37]. Also regulation 59(2) states that the date and the time stamped on a document and digitally signed by a recognised date/time stamp service shall be admissible in evidence in all legal proceedings without further proof.
A licensed certification authority shall, in issuing a certificate to a subscriber,[38] specify a recommended reliance limit in the certificate.[39] The licensed certification authority may, however specify different limits in different certificates as it considers fit.[40] When the Digital Signature Bill was being considered by the Malaysian Parliament, Opposition Members had complained that no safeguards had been provided to protect the subscriber who is the consumer here. The Minister had then given the assurance that this aspect would be taken case of in the Regulations under the DSA. This assurance has been redeemed in the form of Part IV, entitled, ‘Suitable Guarantees and Claims’, of the Digital Signature Regulations 1998.[41] The relevant Regulations, which are self-explanatory, are reproduced below:
23 (1) A suitable guarantee shall satisfy the following requirements:
(a) it is in a form approved by the Contro1ler;
(b) it is issued payable to the Controller for the benefit of persons holding qualified rights of payment[42] against the licensed certification authority;
(c) it is in an amount specified in subregulation (2) or (3), as the case may be;
(d) it states that it is issued for the purposes of the Act and these Regulations; and
(e) it specifies a term of effectiveness extending at least as long as the term of the licence to be issued to the certification authority.
(2) A suitable guarantee shall be in an amount equal to or exceeding the greater of either—
(a) 100 per centum of the largest recommended reliance limit of a certificate to be issued by the certification authority during the term of the certification authority’s licence; or
(b) 35 per centum of the total recommended reliance limits of all certificates issued by the licensed certification authority, which certificates have not expired or been revoked.
(3) Notwithstanding sub-regulation (2), the Controller may, on a request in writing by the certification authority and if the Controller thinks it is reasonable in the circumstances to do so, specify an amount that is less than the amount determined under sub-regulation (2) to be the suitable guarantee provided that the amount so specified shall not be less than two million ringgit.
(4) A suitable guarantee may in addition provide that the total annual liability on the guarantee to all persons making claims based on it may not exceed the face amount of the guarantee.
(5) The Controller shall hold the suitable guarantee for the period for which the licence is issued and as provided under regulation 24.
24 (1) If a licence has expired and will not be renewed or has sooner been revoked or surrendered, the Controller shall return the suitable guarantee or the balance of the suitable guarantee, if any, as the case may be, to the certification authority concerned after all claims on it are settled or after the expiry of a period of three years after such expiry, revocation or surrender, whichever is the later.
(2) If the term of the suitable guarantee would expire in the period referred to in subregulation (1), the Controller shall require the certification authority concerned to renew or extend the term of the suitable guarantee for that period or submit a new suitable guarantee for the period.
(3) A person who contravenes the Controller’s request under sub-regulation (2) commits an offence and shall on conviction be liable to a fine not exceeding fifty thousand ringgit or to imprisonment for a term not exceeding one year or to both.
25(1) Notwithstanding any provision in the suitable guarantee to the contrary, a person may recover from the issuer of the suitable guarantee the full amount of a qualified right to payment against the person named in the suitable guarantee, or, if there is more than one such qualified right to payment during the term of the suitable guarantee, a rateable share, up to a maximum total liability of the issuer of the suitable guarantee equal to the amount of the suitable guarantee.
(2) Claimants may recover successively on the same suitable guarantee, provided that the total liability on the suitable guarantee to all persons making qualified rights of payment during its term shall not exceed the amount of the suitable guarantee.
(3) In addition to recovering the amount of a qualified right to payment, a claimant may recover from the proceeds of the suitable guarantee, until depleted, legal fees, reasonable in amount, and court costs incurred by the claimant in collecting the claim, provided that the total liability on the suitable guarantee to all persons making qualified rights of payment or recovering legal fees or court costs during its term shall not exceed the amount of the suitable guarantee.
26 (1) Subject to regulation 27, a person who asserts that that person has a qualified right to payment against the issuer of a suitable guarantee shall, within thirty days of the judgment of the court on which the qualified right to payment is based, submit a written notice of the claim in Form 4 to the Controller.
(2) A notice under sub-regulation (1) shall be accompanied by
(a) the prescribed fee; and
(b) such information or document as the Controller may require.
If the Controller finds that the claim is in order, the Controller may order the payment and satisfaction of the claim.
27(1) No claim to recover a qualified right to payment from the proceeds of a suitable guarantee shall be made to the Controller under regulation 26 after the Controller has returned the suitable guarantee to the certification authority under regulation 24.
(2) Nothing in sub-regulation (1) shall be construed as limiting the rights of the claimant to recover a qualified right to payment from the certification authority concerned in execution of the judgment of the court by any other means.
It means that if the subscriber is able to prove before the Court that he has suffered loss inspite of his taking reasonable care, as required under section 43[43] of DSA, then the court may grant him “ qualified right to payment”, on the basis of which he may recover compensation from his licensed certification authority. Similarly a person who has relied[44] on the certificate and suffered loss even after taking reasonable care may claim compensation out of the amount of “suitable guarantee”.
Of further relevance here, is a provision of the Consumer Protection Act 1999, which lays down[45] that if so prescribed[46] by the Minister, any trade transaction effected by electronic means, may be covered by this Act, thus presumably ensuring better consumer protection.
1. Operating as a Certification Authority without a valid licence. Penalty: fine not exceeding RM 150,000, imprisonment not exceeding 10 years or both. In the case of continuing offence, daily fine not exceeding RM 5,000 (section 4).
2. A Certification Authority not returning the licence to the Controller of Certification Authorities within 14 days of the revocation, expiry, etc. of the licence. Penalty: fine not exceeding RM 500,000, imprisonment not exceeding 10 years or both. In the case of continuing offence, daily fine not exceeding RM 500,000 (section 14).
3. Unauthorised disclosure of information obtained under this Act (Obligation of Secrecy).
Penalty: fine not exceeding RM100,000, imprisonment not exceeding 2 years or both (section 72).
4. Signing or furnishing any declaration, return, certificate or other document or information required under this Act which is untrue, inaccurate or misleading.
Penalty: fine not exceeding RM 500,000 or imprisonment not exceeding 10 years or both (section 73).
5. Committing an offence under this Act for which no penalty is expressly provided. Penalty: fine not exceeding RM 200,000 or imprisonment not exceeding 4 years or both.
It is well known that increased level of e-commerce means more data stored and transmitted online which will be vulnerable to unsanctioned access and use. Therefore non-enactment of a law on privacy is rather puzzling and difficult to explain. But it appears that enactment of a law on privacy is in the offing.
A recent example of global e-commerce is the webcast auction of the assets of Applied Magnetics Sdn Bhd (an American Multinational) on September 20-21, 2000. Some 10,000 industrial items belonging to the recently wound up American multinational disk drive factory were sold in clustered lots, with bids coming from a group of buyers from Sheraton Hotel in Penang (Malaysia), the DoveBid Auction Studio in California and buyers from all over the world via the company’s website, www.dovebid.com, using personal computers. DoveBid Inc. was engaged by a court appointed liquidator to conduct the auction in association with a Malaysian auctioneer. With the webcast, the equipment was photographed with a digital camera and, the brochure supplied was electronic. The total time taken for the auction on two days was about 8 hours.[47]
So far as transactions involving parties from a number of countries are concerned, what is true of Malaysia is probably more true of Australia[48] and several other countries. Obviously, the disputes, if any, arising out of this auction and the activities of the Australian Casino cannot be resolved under the e-commerce laws of any one country.
Disputes have already arisen elsewhere involving the legal system of more than one country. One recent illustration is the following dispute between Yahoo and the French Government:
Paris: Yahoo! France said Tuesday a court ruling to stop the French from accessing online sales of Nazi memorabilia could set a dangerous precedent for Internet users worldwide.
The French subsidiary of Yahoo! Inc also warned that it was technically impossible to fully comply with the ruling and did not discount lodging an appeal.
In the first verdict of its kind in France, a Paris court accused Yahoo on Monday of offending “the collective memory of the country” by allowing Nazi Souvenirs to be sold on one of the English language sites it hosts.
It gave the California based company until July 24 to “make it impossible” for Web surfers here to access the auctions.
“The whole question goes above Yahoo,” said Yahoo France Director General Philippe Guillanton.
“The point is whether we want to condemn the Internet to be closed in the same way that the media have traditionally been closed by frontiers,” he told Reuters in an interview.
“The Paris based court has dropped a bomb on the Web by condemning Yahoo,” Liberation newspaper said Tuesday.
Guillanton said he understood people’s revulsion at the sales, but did not seem to think Yahoo would ban them.
“To comply with a non-U.S. legal position, we would put ourselves in a censorship position in the U.S.,” he said, adding that company lawyers were considering an appeal.
Earlier this month, another French court moved against an auction Web site run by Nart.com, saying online sales operating from the United Sates were illegal here where state auctioneers still hold a monopoly on public auctions.
Nart.com chairman Antione Beaussant has appealed.
“They are saying that French law should apply to American companies,” he said.[49]
The types of problems demonstrated here will need to be expeditiously resolved if global e-commerce has to make a real headway.
The remedy therefore lies in having a global e-commerce law. It is not without reason that the most advanced country in the world, the U.S., has been making lot of efforts in this direction, starting from President Clinton and Vice President Al Gore’s declaration of A Framework for Global Electronic Commerce[50]
in July 1997 and up to the present day.[51]
Because of rapid advance of technology, the world is fast heading to become a global village. E-commerce is expanding fast and in order to facilitate global e-commerce, the laws of different countries will have to be harmonised.
The UN General Assembly on 16 December 1996, recommended[52] that all States give favourable consideration to the UN Commission on International Trade law (UNCITRAL) drafted Model law on Electronic Commerce and since then the Model Law (which was in incomplete form) has inspired the drafting of Law of Electronic Commerce in a large number of countries, including several countries in this region itself like Australia, Hongkong, India, Malaysia and Singapore.
It is therefore suggested that in the interest of facilitating e-commerce globally UNCITRAL should be requested to complete the Model law on, among others, the aspects of applicable law, jurisdiction, and payments. Looking to its past achievements, it can be said that UNCITRAL has the capability to accomplish this task by convening meetings globally, and prompting and helping countries to agree to uniform rules by way of international treaties. Since every country seems very keen on e-commerce, countries will agree on uniform rules in their self-interest.
[*] B.Sc., LL.M., Ph.D., Professor, Faculty of Law, National University of Malaysia, formerly Professor, Head and Dean, Faculty of Law, University of Delhi (India).
[1] Dr Mahathir Mohamed’s address to more than 600 invited guests from Europe at a conference on Multimedia Super Corridor in London on May 20, 1997. See The Star of May 21,1997, under the news item, “Dr M. offers MSC global bridge”.
[2] See Ibrahim Ariff and Goh Chen Chuan (1998) Multimedia Super Corridor, Leeds Publications, p.58.
[3] Ibid.,pp.59 - 60.
[4] See a statement of Multimedia Development Corporation (MDC) Executive Chairman, Tan Sri Dr. Othman Yeop Abdullah, published in The Star of March 17, 1999.
[5] See a statement of the MDC Executive Chairman, published in The Star of July 31, 2000.
[6] See a statement of Executive Chairman of MDC, published in The Star of February 11, 1999.
[7] See also P.S. Sangal, “Malaysia Creates Legal Infrastructure for its Multimedia Super Corridor’, (1997) 12 International Company and Commercial Law Review, 428.
[8] WIPO Copyright Treaty http:??www.wip.org/
[9] In the U.S., the Digital Millennium Copyright Act 1998 (DMCA for short) has similar provisions for circumventing copyright protection systems and tampering with copyright management information See 17 U.S.C.A., ss 1201, 1202 and 1204. Specifically, if the circumvention is wilful and for commercial advantage or private financial gain, a first time offender may be fined up to $500,000, imprisonment for five years, or both. For repeat offenders, the maximum penalty increases to a fine of $1 million, imprisonment for up to 10 years or both. The provision of course exempts non-profit libraries, archives, and educational institutions from criminal prosecution. These provisions have been criticised. It is said that the DMCA contrasts sharply with the careful balancing achieved in the criminal copyright penalties of the early 1900s. “Although advances in technology may initially appear to harm copyright owners, legislation strengthening right of copyright owners may not be necessary because technology will offer protection that the law need not. Congress’s overprotection of owners and over deterrence of average users has resulted in an unjust and improper balancing of interests, contrary to the Constitution’s command. See “Notes: The Criminalisation of Copyright Infringement in the Digital Era”, published in the Harvard Law Review, [1999] Vol.112, p.1705 at p.1722.
[10] This Act came into force on June 1, 2000, vide PU(B) 175/2000.
[11] A similar provision of the Computer Misuse Act 1990 (U.K.)has been interpreted by the courts to include erasing a computer programme or introducing a virus.
[12] It is believed that many computer crimes are not reported by the parties involved for fear of adverse publicity about their computer system security.
[13] Maybank is an important Bank in this country.
[14] The site was taken down by its host, Yahoo! Geocities, after being alerted by In.Tech (the Star.com.my/intech/), The Star Newspaper’s Guide to the Information Age.
[15] See a report in The Star of August 29, 2000, under the heading, “Wouldbe hacker faces stiff punishment”.
[16] Researchers at Notre Dame University in the U.S have found that the Internet is not invulnerable. By analysing the structure of the Internet, a three member team of the University researchers have found out that by targeting the networks with the most highly connected nodes (mothercomputers which form the crossroads through which Internet data travel), cyberterrorists can actually dismantle the behemoth. See as quoted in The Hindustan Times of July 30, 2000.
[17] It is probably for this reason that the Information Technology Act 2000 (India), besides prescribing heavy criminal punishments for computer criminals, also provides in s.43 for payment of compensation by the computer criminal to the victim which may go up to 10 million Indian rupees.
[18] Medical Online Sdn Bhd, the developer of the Multimedia Super Corridor (MSC) flagship application in telemedicine, expects to earn RM400mil to RM500mil in revenue during its 5 year concession period. Revenue will be generated mainly via the sale of the application overseas and by licensing the software to end users for consultations or discussions. According to Medical Online president and CEO Dr. Hishamuddin Harun, savings to the national health bill, which runs into the billions of ringgit, could be as much as 20%. The reason is that the application would serve to cut down on repetitive tests and unnecessary administration work generated by patients who seek the same treatment at different hospitals or clinics. For details, see a report “ Flagship telemed firm expects to net RM500m”, in The Star of September 21, 2000. Yuhai Tu: ‘How Robust is the Internet? Nature vol 406/issue no 6794, p353 (27 July 2000).
[19] This Act came into force on 1 April 1999.
[20] The first class licence for applications services category has been issued on August 4, 2000 by the Energy, Communications & Multimedia Ministry as part of a move aimed at liberalising the communications and multimedia industry. Malaysian Communications and Multimedia Commission chairman told a press conference in Kuala Lumpur that the class licence was a new concept introduced under the new licensing regime of the Communications and Multimedia Act 1998 (CMA 1998). The class licence is a simplified procedure intended to encourage more players to enter the market and to promote greater competition within the communications and multimedia industry. Under the new licensing regime, there would be three categories of class licence for network facilities, network services and application services. In the other two categories, class licences would be issued shortly. The applications service class licence is for the provision of audiotext hosting services provided on an option basis and also for directory, Internet access, messaging, private pay phone and telegram services, he said. “Therefore any person who is now providing or intends to provide services under the application service class licence is merely required to register by submitting a registration notice”. According to him, the class licence is a pre-approved licence whereby companies only needed to meet certain criteria before registering themselves with the Commission. Registration is valid for one year and renewable annually while the fee payable for each registration under a class licence is RM2,500.00. See a report in The Star of August 5, 2000 under the heading, “New Class Licence for Multimedia Industry launched”.
[21] Compare with (Singapore) Electronic Transactions Act 1998 and (Indian) Information Technology Act 2000, both of which provide for electronic contracting.
[22] The asymmetric cryptosystem differs from the symmetric system, which utilises a single key to create a digital signature and also decrypt the digital signature with the same key, whereas in the asymmetric cryptosystem two keys are used in the encryption and decryption process.
[23] Part II consists of sections from 321.
[24] A Certification Authority means a person who issues a certificate.
[25] Section 6(1) of DSA.
[26] Section 3(6) of DSA. Repository has been defined as a system for storing and retrieving certificates and other information relevant to digital signatures. Recognised repository has been defined as a repository recognised by the Controller of Certification Authorities under section 68 of DSA.
[27] Section 4(2) of DSA.
[28] Section 4(3) of the DSA.
[29] The establishment stage of a licence may be issued for any period not exceeding one year Regulation 5(4).
[30] See the Digicert homepage at
http://www.digicert.com.my/product.html.
[31] See the Digicert homapage at http://www.digicert.com.my/FAQ.html.
[32] Trustgate is the designated US based Verisign Inc. affiliate in Malaysia and also Asean member countries. It offers a full range of Verisign’s security products as well as its professional and training services.
[33] For fuller details, see a report in The Star of September 21, 2000 under the heading “ Trusgate promoting Net security”.
[34] Further, subsection (2) of section 62 lays down that notwithstanding any written law to the contrary (a) a document signed with a digital signature in accordance with this Act shall be as legally binding as a document signed with a handwritten signature, or a thumbprint; and (b) a digital signature created in accordance with this Act shall be deemed to be a legally binding signature.
[35] Section 90A of the Evidence Act 1950 lays down the rule in regard to “ Admissibility of documents produced by computers, and of statements contained therein” and says that in any criminal or civil proceeding a document produced by a computer, or a statement contained in such document, shall be admissible as evidence of any fact stated therein if the document was produced by the computer in the course of its ordinary use, whether or not the person tendering the same is the maker of such document or statement.
[36] Part IX consists of regulations from 58 to 70.
[37] Speaking about functions of recognised date/time stamp services, regulation 62(1) says that a recognised date/time stamp service shall (a) on receipt of a document for timestamping, immediately timestamp the date and time of its receipt on the document and digitally sign the timestamp; and (b) at the end of each business day cause to be published in at least one recognised repository all documents timestamped by it in that day.
[38] “Subscriber” has been defined to mean a person who (a) is the subject listed in a certificate; (b) accepts the certificate, and (c) holds a private key which corresponds to a public key listed in that certificate. Section 2 of DSA.
[39] See section 60, DSA.
[40] See section 60, DSA.
[41] PU(A) 359/98.
[42] “Qualified right to payment” has been defined to mean an award of damages against a licensed certification authority by a Court having jurisdiction over the licensed certification authority in a civil action under the Act. See regulation 2.
[43] Section 43 lays down that by accepting a certificate issued by a licensed certification authority, the subscriber named in the certificate assumes a duty to exercise reasonable care to retain control of the private key and prevent its disclosure to any person not authorised to create the subscriber’s digital signature. Section 44 further adds that a private key is the personal property of the subscriber who rightfully holds it.
[44] See also section 36 and 37 of DSA.
[45] See section 2(2) (g) of Consumer Protection Act 1999.
[46] It appears that the Minister has already so prescribed. For details, see a report in The Star of September 22, 2000, under the heading, “ Tribunal to handle complaints over Internet purchases”. ‘Tribunal’ here refers to Consumer Claims Tribunal, set up under the Consumer Protection Act 1999.
[47] For details, see the reports in The Star of September 20,21,and 22, 2000 under the heading “ Online auction for defunct disk drive maker’s assets”.
[48] Malaysian-owned Lasseters Casino, Australia’s first regulated Internet casino, has moved to profitability in its second financial year. The site, launched in April 1999, achieved turnover of A$105 mil by June 30, 2000. By August 30, this had risen to A$142.7 mil with over 85,000 players in 210 countries taking part. The marketing had been focused on 10 top countries, which now accounted for 85% of the players and 94% of revenue. The critical factor in the company’s success was the site’s regulated registration procedures and financial safeguards, which had deterred fraud scams and underage access. For details, see a report in The Star of September 21, 2000 under the heading, “Malaysian owned online casino reports profit”.
[49] See Times of India (http://www.timesofindia.com) of May 24, 2000.
[50] For details, see a 23 page statement at http://www.iitf.nist.gov/elecomm/ecomm/htm.
[51] See also statement of Andrew J. Pincus, General Counsel, U.S. Department of Commerce, on the Federal Law, Electronic Signatures in Global and National Commerce Act which will come into force on October1,2000.This statement can be accessed at http://www.ogc.doc.gov/ogc/legreg/testimon/106f/pincus0930.htm.
[52] See UN General Assembly Resolution 51/162 of 16 December 1996.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/JlLawInfoSci/2000/7.html