The DSA, in providing for the licensing and regulation of Certification Authorities, attempts to cater for the rising need for transacting parties over the Internet to ascertain each other’s identities and the integrity of the messages. A further effect of this Act is to make a digital signature as legally valid and enforceable as a traditional signature. The CCA has been enacted to ensure that misuse of computers is a criminal offence.
The Act makes it an offence for a person(s) to enter or attempt to enter into computers and computer systems without authorisation as well as damage or alter data in computers by planting viruses or other means. It also makes it an offence for anyone to assist the perpetrator(s). Although the Act applies within and outside the country regardless of nationality or citizenship, this power will be limited to the practicalities of enforcement beyond its borders.
Under this Act, the authorities have also reclassified credit card fraud as computer crime. It had been originally classified as a cheating offence under Section 420 of the Penal Code. Other related-cyber laws passed subsequently include the Telemedicine Act 1997, the Copyright (Amendment) Act 1997 and the Communications and Multimedia Act 1998. In the pipeline currently is the Personal Data Protection Act, which will provide for the protection of the individual’s privacy.
For example, it would make it an offence for people who collect data on individuals to use that data other than for the purpose specified during collection. In 1997, the Malaysian Administrative Modernisation and Management Planning Unit introduced the Malaysian Computer Emergency Response Team (MyCert) to assist public and private organisations as a point of reference of expertise on network and security matters.
While Malaysia has made a good start in regulating the IT environment, the legal and regulatory framework must be constantly reviewed and tightened up, to cater for new technology, including the efficiency of the police, prosecution and judiciary. There has been a paradigm shift in the sense that perceived threats were National Security related and hence there was a reliance on the government to combat cyber crime. However, greater volumes of threats are now solely directed at corporations, which means that corporations will need to police themselves.
According to the Asia Computer Weekly magazine, computer crimes in Malaysia has risen. The sharpest increases were hack threats, rising from 95 in 1998 to 343 cases last year while spam cases grew from 146 to 201. The police believe that many cases go unreported as victims, be it individuals or organisations do not wish to publicise any incidents for fear of embarrassment and adverse reaction by their clients. One of the problems businesses face is the change in criminal profile.
The easiness of appropriating money, assets or legal rights (do not have to physically remove the object), means that there is no discrimination against sex, race or class. A fraudster is just as likely to be female as male. People are educated and they are smarter and increasingly IT savvy. As corporations come out with more sophisticated and enhanced systems, people are educationally armed and encouraged to be innovative, to challenge the system. And it is some of these people who do actually beat the system.