Cyberlaws need to evolve, says security expert
By EDWIN YAPP
26th February 2002 (The Star)

KUALA LUMPUR: Malaysia's existing legislation governing electronic commerce and online transactions does not adequately protect against breach of security, especially in the area of network intrusion, according to an Internet security expert.

Alan See, chief executive officer of Internet security firm e-Cop.net Surveillance Sdn Bhd, noted Malaysia introduced several cyberlaws to govern and legislate cyber transactions and activities.

These laws were formulated in line with the Multimedia Super Corridor (MSC) project, and included the Digital Signatures Act, the Copyright Amendment Act (1997), Computer Crimes Act, Telemedicine Act and Communications and Multimedia Act (CMA).

However, these laws are limited in its scope, according to See.

Most of these laws, which except for the CMA (1998) were all enacted in 1997, are very limited and focus on attempts to regulate pornography, obscenity and copyright infringement.

They were also enacted to regulate the provision of essential online services and telecommunication convergence.

For cases relating to network intrusion and breach of network security, or "hacking" as it is commonly known, existing laws are ambiguous and in most cases outdated, See claimed.

"For instance, we have had cases where we managed to monitor, trace and obtain forensic evidence of the perpetrators who were trying to scan through our client's network.

"We subsequently reported the case to the police cyber crime division at Bukit Aman, but unfortunately, we were told that under existing cyberlaws, the provision for prosecution exists only when there is damage done to the network or the website," he said.

See claimed that the police were not able to take further action on the perpetrators for illegal network scanning.

Many 'try their luck'According to See, 20% of "hacking" originates locally while the other 80% comes from abroad. He said that most of the time, hackers "try their luck" by scanning networks that are connected to the Internet and intruding into only those that they're able to crack through.

"But when the hackers do get detected, for example by our surveillance system, they often withdraw to avoid further detection," he said.

See said that while most of the time no actual damage was done to the client's network, intrusion into the network had nonetheless occurred, and this was potentially dangerous to the client's network.

"They may not have been successful the first time, but who knows, they may succeed several tries later," he said, adding that illegal network intrusion is often a repeated offence.

See said that in the long run, this kind of illegal activity, if permitted to go unchecked, would have a negative impact on the Government's push to move Malaysia into a knowledge-based economy.

"User confidence is a major determinant in the growth of e-commerce and online transactions. If both consumers and the corporate world are not certain that the network in which transactions are conducted is secure and free from intrusion, the growth and the acceptance of e-commerce will be severely retarded," he claimed.

He proposed that the Government and industry regulator the Malaysian Communications and Multimedia Commission (MCMC) continually study the fast-changing needs of IT network security and amend the existing cyberlaws to suit changes.

"Perhaps, one day, cross-border cooperation can be formed within Asean countries so that if crimes were committed in (any of) these countries, the perpetrators can still can be prosecuted," he said.