Dr BAHMA SIVASUBRAMANIAM
It is a myth that cyberspace is a lawless wilderness. Conventional laws can and do apply to cyberspace activities.
CYBERSPACE is a beehive of activity: communications take place, transactions are completed and even wars are conducted!
It is therefore a myth that cyberspace is a lawless wilderness. Cyber users harbour a delusion that cyberspace accords them anonymity and therefore out of reach from the arms of the law.
Nothing could be further from the truth. Illegal and unlawful activities can be detected and perpetrators can be identified and prosecuted or sued, as the case may be.
Conventional laws can and do apply to cyberspace activities. Where there are no adequate conventional laws that apply to such activities, special laws have been promulgated. In Malaysia, these include the Computer Crimes Act 1997 and the Communications and Multimedia Act 1998. The latest in this series of legislation is the Personal Data Protection Act 2010.
While there is no denying that a netizen cannot escape liability from legal action should there be any breach of law, it must be noted that the same “lifesavers” and defences are available to him as if he had committed the wrongs the conventional manner.
For example, in a conventional defamation action, the maker of the defamatory remarks would usually be asked to apologise before formal legal action is commenced against him.
I do not see why the same should not be applicable to the cyber wrongdoer. Also, defences such as truth/justification and fair comment would be equally as available to him.
This brings me to the next point. The Internet Service Providers (“ISP”) have an important role to play in cyberspace for obvious reasons. It is after all the conduit, the means of access to the Internet.
However, due to the nature of its work and functions, it is sometimes unfair and indeed unrealistic to make the ISPs liable for wrongdoings in cyberspace.
In the United States, liability of an ISP will depend on its role and its functions, especially in defamation suits – whether it is an information carrier or information controller.
Where the ISP’s role is the former, the court does not accord any liability for the ISP is perceived as a postman, merely carrying information from one point to another.
The ISP would be, however, liable if it is an information controller as it exercises a degree of control over the posts made by subscribers of its accounts.
In Malaysia, there is no such distinction. An ISP is deemed to be responsible and/or liable for a commission of any wrongdoing in cyberspace. S. 211 and S. 233 of the Communications and Multimedia Act 1998 (CMA) make an author and its intermediary who knowingly enable the transmission of offensive, false, menacing material to be convicted of an offence under the Act.
Both sections carry penal sanctions.
Safe harbour
An interesting aspect to the position of the ISPs vis-à-vis the law is the unique shield called the “safe harbour” defence. The defence is statutorily provided for in the US under the Digital Millennium Copyright Act 1998 and other pieces of legislation. It simply gives the ISP and even a website owner an opportunity to rectify the wrongdoing complained of.
The defence is not available where the ISP had actual knowledge and/or awareness of the wrongdoing or it did not remove the offending material expeditiously once it had received knowledge or became aware of the wrongdoing.
Also, the ISP cannot rely on the safe harbour provision if it had the right to control the wrongdoing activity or if the ISP stood to gain a financial benefit from the wrongdoing. In other words, the ISP (or anyone who relies on that defence) must have acted in good faith.
The “safe harbour” defence is not a blanket defence. There are cases where parties’ attempt to rely on it have failed – the infamous Napster case being one of them.
Napster provided peer-to-peer networking facilities which allowed file-sharing. The software enabled music to be uploaded and downloaded freely and free of charge and, most importantly, without the consent of the copyright owner.
The courts held that even if Napster fulfilled the requirements of an ISP (which it did not as it was merely a facilitator of sharing of music files), it still could not rely on the safe harbour defence as it did not take appropriate action against infringers by terminating them.
It would be interesting to see a similar Napster-type case in Malaysia.
There are no specific statutory provisions that actually set out the safe harbour defence here but the CMA and the statutory instruments created under it do provide a similar defence to an ISP who unknowingly transmitted prohibited content.
This defence is called the “notice and take down” measure and is provided under the Content Code, which is an instrument created under S. 213 of the CMA.
A few words about the Content Code (the Code). The Content Code Forum, a statutory body created under S. 212 of the CMA, is empowered under S. 213 to create a code which will include model procedures for dealing with offensive or indecent content.
The Code covers a myriad of issues relating to the service of disseminating of content by the service providers in the communications and multimedia industry.
What is interesting about the Code and which is missing from the CMA is that the Code acknowledges the potential problems an ISP may face, especially where the commission of an online offence could take place without its knowledge.
Article 4 of Part 5 of the Code provides: It is recognised that it is impractical, difficult and ineffective to monitor or control a user’s access to Content available Online.
Article 2 of the same Part states anyone who provides access to any Content but have neither control over the composition of such Content nor any knowledge of such Content is deemed an innocent carrier for the purposes of this Code.
It acknowledges also that an innocent carrier cannot be held responsible for the content provided or transmitted. This is akin to the role of the ISP as information carrier in the US.
Articles 2 and 4, read together, provide the base for the “notice and take down” mechanism mentioned above.
The upshot of the Code is simply this. The ISP will be notified of the offending material by the Complaints Bureau of the Content Forum (the notice).
The ISP then has two (2) working days from the date of notification to inform the subscriber of the offending content and request him to remove the content (take down).
If the subscriber refuses to do so, the ISP has the right to suspend his account: Article 7. If the ISP takes all these steps, then it can rely on this as a defence in any prosecution, action or proceeding of any nature, whether in court or otherwise since it had complied with the Code.
This is not only set out in Article 6.3 of the Code but also is a statutory defence provided under S. 98 of the CMA.
I would venture to suggest that this defence should be equally available to anyone who has or had inadvertently posted indecent, false, menacing or offensive in character content even though the Act and the Code provide this defence to the ISP and others of its ilk only.
However, this defence should not be seen as a carte blanche for would-be abusers of the Internet, for the law will not allow perpetrators of online abuses to easily escape liability, as demonstrated by many cases involving social networking websites such as Friends Reunited and Facebook.
The earliest reported case arising from an online wrong was a defamation suit filed in England. Reputed to be the first of its kind, this action arose out of a post made in the Friends Reunited website.
A retired teacher, Jim Murray, brought an action in libel against a former student called Jonathan Spence. (He had initially considered suing the Service Provider but decided against it.
Friends Reunited had promptly removed the offending material).
Spence posted remarks alleging that his former teacher Murray was dismissed from school for “making rude remarks about a girl” and strangling a pupil.
Murray disputed these claims and pointed out that he had retired and was not dismissed. The Lincoln County Court agreed with Murray and ordered Spence to pay damages. That was in 2002.
As recently as July 29, 2010, the High Court in England awarded £10,000 damages to Raymond Bryce, a law student who brought an action against a friend (now-ex) for defamatory remarks posted on his page in Facebook.
Jeremiah Barber implied that Bryce was a paedophile and posted indecent photographs of children, superimposed with Bryce’s photograph.
The Court was mindful of the fact that defamatory remarks published in an online medium could reach a wider circle of audience, unlike the traditional medium such as newspapers.
Interesting tests
In Malaysia, aside from the defamation suits that arose from blogging (the Jeff Ooi and Rocky Bru cases being two examples), two prosecutions of online postings provide interesting tests of the law. Both prosecutions are under the CMA. In the first case, Mohammad Tarysif Tajudin was charged in the Sessions Court in January this year under S. 233 of the CMA for making a post on Facebook.
S. 233 caters for improper use of network facilities or network services and states that any person who knowingly makes, creates or solicits AND initiates the transmission of any comment, request, communication, etc, which is indecent, false, menacing with intent to annoy, abuse, threaten or harass commits an offence. Mohammad Tarysif, allegedly under a pseudonym, is accused of posting offensive comments in his Facebook page, offering his “services” to throw petrol bombs at churches for a negotiable price.
The trial is yet to begin.
The second case of prosecution under the CMA is the case of Irwan Abdul Rahman, also known as Hassan Skoedeng. He was charged in the Sessions Court on Sept 2, 2010, over an allegedly tongue-in-cheek post called “TNB to sue WWF over Earth Hour”.
The charge was also under S. 233. This case is not straightforward.
Is the “offending” article satirical or tongue-in-cheek? If it was, it is not an offence.
However, the Malaysian Communications and Multimedia Commission (MCMC), who is tasked with the prosecution of Irwan, must prove that the accused’s post was “obscene, indecent, false, menacing or offensive in character” and that he had the INTENTION “to annoy, abuse, threaten or harass any person at any number or electronic address”.
The proceedings are of interest not just to lawyers but also to anyone who writes in cyberspace.
What is “annoying”? Should “annoying” under the CMA have a more complex interpretation and a higher degree of proof than “annoying” as a common parlance? Who decides what is abusive or threatening or harassing? What is the standard of proof?
Interesting questions that demand firm and irrefutable answers.
The overall conclusion is simply this: your actions in cyberspace will not go unnoticed, particularly if those actions are illegal or unlawful. Article 3.5 of Part 5 of the Content Code states very aptly: The online environment is not a legal vacuum. In general, if something is illegal “offline”, it will also be illegal “online”.
In this matter, the relevant existing laws apply.
Those of us who are avid users of the Internet should be mindful of this provision.
> Dr Bahma Sivasubramaniam is head of Law Unit, Faculty of Management, Multimedia University. He is also advocate and solicitor, High Court of Malaya.
M2M means data communication between machines.