Laws to deal with computer crimes
By Prasanna Raman
12th July 2001 (Computimes)

IF Sherlock Holmes were to investigate today's crimes, he would turn to Dr Watson and remark, "It's binary, my dear Watson, binary".

Computer crimes, carried out in cyberspace, is becoming the way to cause massive losses to organisations, disrupt work, and create havoc.

This new crime wave, which is on the rise, is the work of intelligent minds with motives ranging from doing the crime just-for-thrills to causing millions of dollars in losses out of vendetta.

Expert hackers, says Singapore lawyer Rajesh Sreenivasan, are never really caught.

"It's the mediocre ones that are tracked down and arrested, and this paints the picture that hackers are mostly juveniles. As hackers can also be professional criminals and people with political agendas, it is difficult to have a uniform profile of an average hacker," he says.

Among the crimes committed in the cyberspace include snooping, spoofing, hacking, denial of service, mailbombing, spamming, domain name hijacking, server takeovers, Internet money laundering, destruction of data, electronic funds transfer fraud, electronic vandalism and terrorism, as well as sales and investment fraud.

Rajesh says due to the transnational nature of computer crimes, offenders are able to commit crimes in one country and affect individuals in a variety of other countries.

"The physical problems that arise from dealing with computer criminals are the difficulty in tracing, prosecuting, and reaching a desired verdict. If a crime crosses borders, it may be almost impossible to secure extradition or decide which country deserves ultimate jurisdictional power over a given case," he explains.

As such, laws concerning computer crimes need to be made extra-territorial as well as specific.

As the present legislation is inadequate for dealing with computer crimes, laws that allow for practical enforcement is greatly needed. The law, Rajesh says, must take into consideration the admissibility of digital evidence which may be transient.

Malaysia's Computer Crimes Act 1997, which is based on UK's Computer Misuse Act 1990, Rajesh says, basically deals with three key crimes. They are unauthorised access to computer material, unauthorised modifications, and wrong communication.

The Act, he adds, applies within and outside the country as well as to any person regardless of his nationality or citizenship. The police force, he adds, have been given wide powers in the investigation of offences in the Computer Crimes Act.

He then went on to cite Singapore's legislation, the Computer Misuse Act, and the amendments made which include enhanced penalties for protected computers, increased penalties for the three existing offences, and three new offences that recently surfaced in the island nation.

In conclusion, Rajesh says the dynamic nature of the Internet and technology will give rise to different types of computer crimes and the law must remain vigilant to keep up with such innovations and criminal activities which develop as a result.

Rajesh, a partner at Rajah & Tann law firm, shared his views in his commentary on the Computer Crimes Act at the recent MSC International Cyberlaws Conference organised by Multimedia Development Corporation, the Malaysian Bar Council, and the Asian Strategy and Leadership Institute.