Tan Poh Lee 244358

TUTORIAL 3

1. Discuss the process of cryptography asymmetric.

The cryptography process is also known as the ‘science of secret writing’. The two methods of
encryption algorithm are symmetric cryptography and asymmetric cryptography. Symmetric
cryptography requires the sender and the receiver to share a same key that contains secret
information which is used to encrypt and decrypt data. The secret information is a bunch of numbers
known as binary which is complex and difficult to forge. The original message that the sender encode
is known as the ‘plaintext’ and the encoded message the receiver received is known as the
‘chipertext’.

Asymmetric cryptography helps to solve the key exchange problem by using two keys, either of them
can be used to encrypt a message and the encrypted data can only be decrypted by means of the
other key. Messages can be securely received by the sender if it one of the keys was published as a
Public Key and the other key, the Private Key. For the senders who wish to send a secure
communication may choose to encrypt the message with the recipient’s Public Key and only the
intended recipient will be able to decrypt the encrypted text with the Private key to recover the original
message.

Firstly, this process will involve the encrypt process by the sender. The sender will write the message.
Later, the data will crunch down by the software of the sender and digest into few lines. This process
is known as text chipper or hashing. Then, digital signature was formed. Later, the digital signature will
have appended to the documents by the software of the sender, and all data that was hashed has
been signed. Decryption process happen when the receiver receive the documents send by the
sender. The sender will use the public key to decrypt the digital signature. Hence, the few lines will
convert back to the message write by the sender. Finally, the document data will hash the document
data into a message digest to make sure that the document data has not been changed. In my
opinion, the cryptography asymmetric is better than cryptography symmetric because involve two key
that make the things become flexible compare to one key.

2. Discuss five offences under the Computer Crimes Act 1997.

The first offence under the Computer Crimes Act 1997 is unauthorized to access to computer
material. In the case of Public Prosecutor v Vishnu Devarajan, the accused was charged under
section 3 of the Computer Crimes Act 1997. The accused unauthorized access to the server
PAMPISA01 which consist of IP address of 121.123.209.230 that at the All Asia Broadcast Centre,
Technology Park Malaysia. The session court held that the charge was defective because did not
comply with section 153(1) of Criminal Procedure Code. The public prosecutor appeal under the
ground that the session court judge made mistake by acquitted the respondent. The court held that it
will misleading the party to use the IP address to replace the real address, this is because that IP
address was not the real address. The award the order to discharge all the charges against the
respondent and also order the acquittal of the respondent. The appeal from the prosecution was
rejected because there is no any merit or also justification.

Another offence under the computer crimes act 1997 is unauthorized access with the intention to
commit or facilitate commission of further offence. The relevant Malaysia case is Basheer Ahmad
Maula Sahul Hameed & Anor v Public Prosecutor. Both of the respondent work in a bank and was
husband and wife. Both of them charged under section 4 of the Computer Crimes Act 1997 because
they use the debit card belonged to the deceased of MH370 in the ATM machine and also steal the
money of the victim of MH370 by transfer their money manually and without any lawful authorization.
Both of the respondent want to revoke their confession about the crime but the session court judge
held that they confess about their crime voluntarily and yet the respondents always try to extend the
proceeding of the court. Finally, the court imposed six year of imprisonment, two whipping and fine of
RM8000 for the period of 8 months to the first respondent while the second respondent was imposed
7 years of imprisonment.

The third offence is the unauthorized modification of the contents of any computer. In the case of
Kangaie Agilan Jammany v Public Prosecutor. This is an appeal case by the respondent. The
respondent was charged under section 5(1) of the Computer Crimes Act 1997 by unauthorized to
modify the flight ticket booking system of Air Asia. The judge in the lower court impose 5 years of
imprisonment for every offence, and the punishment will enforce at the same time. The respondent
was the Pre-Flight Officer in the Regional Reservation Control. The respondent unauthorized to
change the flight schedule of the customer by using the function of the button which is the button of
‘’move flight function by the booking system of Air Asia which is known as ‘’Air Asia Flight Speed
which later upgrade to the sky speed. Finally, the punishment remain the same to the respondent.

The fourth offence was wrongful communication. There is no relevant case law regarding this issue.
According to the section 6 of the Computer Crimes Act 1997, A person liable for an offence if he
communicates directly or indirectly a number, code, password or other means of access to a
computer to any person other than a person to whom he is duly authorized to communicate. Besides,
a person that liable of an offence under this section shall on conviction be liable to a fine not
exceeding twenty-five thousand ringgit or to imprisonment for a term not exceeding three years or to
both.

The last offence is abetment. A person who abets the commission of or who attempts to commit any
offence under this Act shall be guilty of that offence and shall on conviction be liable to the
punishment provided for the offence. According to the section7 of the Computer Crimes Act 1997, a
person who does any act preparatory to the commission of any offence under this Act shall be guilty
of that offence and shall on conviction be liable to the punishment provided for the offence Provided
that any term of imprisonment imposed shall not exceed one-half of the maximum term provided for
the offence.

3. Discuss two offences under computer related crimes.

Internet gambling was one of the computer related crimes. Internet gambling can defined as play
games of chance or obtain access to sports or race bookmaking via computer networks. The internet
gambling has generated $10 billion to $15 billion over the past decade. The sports betting, casino
games, poker, lotteries which represent around 35, 25, 20, 17 percent respectively. The internet
gambling is convenient because there is cyber payment instruments that involve internet banking or
known as e-cash that provided the players stakes for initiating internet gambling. The internet
gambling also often relates with the offence of cyber-extortion such as in the case of BetCris. In this
case, BetCris was a Costa Rican-based gambling site. In 2003 year, there was a cyber-extortion that
demanded $40,000 dollars from BetCris. The email stated that ‘’if you choose not to pay for our help,
then you will probably not be in business much longer, as you will be under attack each weekend for
the next 20 weeks, until you close your doors. BetCris website take down in 20 minutes because
refuse to pay the demand. In a nutshell, one cyber-crime can lead another cyber-crime. So, it is
important for the government to take appropriate measure to prevent such cyber-crime from
happening.

Another computer related crimes was obscene material. U.S News & World Report estimates that at
least 40,000 ‘’sex oriented’’ sites exist. The FBI investigated 2,865 cases of online child pornography
in the year of 2000. The number was still increasing every year. The United Nations promulgated the
Optional Protocol to the Convention on the Rights of the Child on the Sale of Children, Child
Prostitution, and Child Pornography on May 25, 2000. The European Union also adopted several
Council Decisions regarding the regulation and prevention of electronic child pornography. In addition,
the Council of Europe also publicized its Draft Convention on Cybercrime which was formally adopted
by the Committee of Ministers on September 19, 2001. That document is the first international, legally
binding instrument which the objective of protect network and user security. The Title 3 Article 9
regarding the document was about the criminalization and definition of child pornograph. The example
of the child pornography sites are ‘’alt.binaries.pictures.erotica.pre-teen and
‘’alt.binaries.pictures.erotica-II-series’’ that contained hundreds of thousands of images. There is also
a child pornography club known as ‘’Wonderland’’ that seized in a series of coordinated raids in the
United States and thirteen other countries. However, the second internet club was discovered during
the investigation of ‘’Wonderland’’ which is the club of ‘’Our Place’’ that formed by the United States
founder of ‘’Wonderland. This kind of club was joined by the pedophiles. There is a relevant case law
name Handyside v United Kingdom. In this case the issue is whether a conviction for possessing an
obscene article could be justified under Article 10(2) as a limitation on the right to freedom of
expression. In this case, a book named The Little Red Schoolbook published for school children
contained diverse controversial material which included large chapter on sex. The British publisher
was successfully prosecuted under the Obscene Publication Acts of 1959 and 1964 and over a
thousand copies of the books were seized. The defendant plead for Article 10(2) but the court held
that the right was ‘’curtailed’’ because the Article 10(2) also mentioned prescribed by law and…
necessary in a democratic society for the protection of morals. So, the protection of morals prevailed
the freedom of the defendant.

4. Explain who can practice the telemedicine according to the Telemedicine Act 1997?

According to the section 3 of the Telemedicine Act 1997, only a medical practitioner that registered or
licensed outside, Malaysia and holds a certificate to practices telemedicine issued by the Council and
practices telemedicine from outside Malaysia through a fully registered medical practitioner holding a
valid practicing certificate and also a fully registered medical practitioner holding a valid practicing
certificate may practice telemedicine.

Besides, a fully registered medical practitioner can make an application permit in writing, subject to
such terms and conditions as that may specified by Director General to allow a provisionally
registered medical practitioner, a registered medical assistant, a registered nurse, a registered
midwife or any other person providing healthcare, to practice telemedicine by the condition of such
person is deemed suitable by the Director General to be so permitted; and the fully registered medical
practitioner will supervise and directing such person. is under the supervision, direction and authority
of the fully registered medical practitioner making the application.

5. Discuss regarding trans-border data flow.

Trans-border data flows have become increasingly important in economic, political, and social terms
over the 30 years since the adoption, in 1980, of the OECD Guidelines on the Protection of Privacy
and Trans-border Flows of Personal Data. Personal data are now crucial raw materials of the global
economy; data protection and privacy have emerged as issues of concern for individuals; and
confidence in data processing and privacy protection have become important factors to enable the
acceptance of electronic commerce. The international transfer of increasing amounts of personal data
and the growth of electronic commerce have resulted in economic growth and efficiencies that have
had a positive impact around the world, while at the same time subjecting the privacy of individuals to
risks that could not have been imagined thirty years ago. 1

In Malaysia, there is different kind of personal information will transmit by electronic transmission
across the boundary and this is also known as trans-border data flow. According to the general rule,
the transfer of data across the boundary only available to the places which can guarantee an
adequate level of protection for the data also the places that enforce any law have the same function
with the personal data protection law. However, there is also some exception to transfer the data
1 Kuner, C. (2011), “Regulation of Transborder Data Flows under Data Protection and Privacy Law:
Past, Present and Future”, OECD Digital Economy Papers, No. 187, OECD Publishing.
across the boundary without follow the general rule. For an example, if there is requirement to transfer
the data between the both parties in order to perform the contract. Besides, the data transfer across
the boundary also valid if involve the legal rights. For an example, if some person wishes to use the
data for the legal proceeding, or exercising his legal rights. Finally, the transfer of data across the
boundary also can be valid if it is for the purpose of the public interest.

6. Explain about “data retention period”?

Data retention period means that the data should be retain in a reasonable period, which means that
as long as there is still have purpose to keep such data. Under this Principle, personal data is not to
be retained longer than is necessary for the fulfilment of the purpose for which it is processed. A duty
is also imposed on the data user to take reasonable steps to ensure that all personal data is
destroyed or permanently deleted if it is no longer required for the purpose for which it was processed.
For an example, the employer has the right to keep the personal data regarding the employee.
However, this right is subject to the data retention period. According to the section 10(1) and 10(2) of
the Personal Data Protection Act 2010, The personal data processed for any purpose shall not be
kept longer than the necessary time for the fulfilment of that purpose and the data user has the duty to
make sure that all personal data is destroyed or permanently deleted if it is no longer required for that
purpose. So, this means that the employer did not have the purpose to keep the data of the employer
that already leave the company anymore because the it was exceed the data retention period once
the employee leave the company. Besides, the data retention period also can be observed from the
legal perspective. For an example, the court has the jurisdiction to keep certain data until there is no
anymore possible legal action.

7. Discuss section 263 of the Communication and Multimedia Act 1998.

Section 263 of the Communication and Multimedia Act 1998 is regarding the general duty of the
licensee or controlling bodies. Reading together with section 3, licensee is defined as a people that
undertakes activities which are subject to a class license or holds an individual license granted under
this act. According to the section 263(1) of the Act, the duty of the licensee is to make sure the
network facilities belongs to him, or any content applications service that he provides did not involve in
any offence under the law of Malaysia. The licensee also have the duty to help the Commission,
which is Malaysian Communications and Multimedia Commission (MCMC) that established under this
Act if MCMC request so in order to prevent the commission of any offence, including, but not limited
to, the protection of the public revenue and preservation of national security.