Efficiency of Legal Mechanisms in Handling the Invasion of Malware, Badware and Bad Cookies

Abstract

This thesis looks at legal issues arising from the invasion of malware, badware and bad cookies (MBC), and critically analyses the efficiency of legal mechanisms in Malaysia in relation to the issues. It starts with a discussion on the nature and technical definition of MBC, followed by an analysis of the recent incidents, statistics and reports. The analysis shows that the MBC problem is ongoing and rising, thus an immediate legislative response is direly required. However, the response has to be in a way that opens up opportunities for the legal community to keep pace with the bad manipulation of computer technology. This is done by providing a flexible approach to the understanding of the legal mechanisms without sacrificing any legal values.

For this reason, this thesis seeks to make full use of the relevant provisions in the Malaysian Penal Code (Revised) 1997 and Computer Crimes Act 1997 to the utmost extent. This is done by synchronising the legal definition of "computer" with the one provided by the fast-paced technology, applying analytical reinterpretation of the Penal Code provisions on damage and deception, and the Computer Crimes Act provision on trespass, and examining the 2006 amendment to the Computer Misuse Act of the United Kingdom to see whether it is viable for Malaysia to adopt the same approach.

In addition to the above analysis, the thesis also examines the government policies and enforcement structures to see whether they are readily responsive to the MBC problem. A brief overview of the ICT policies by the Malaysian government is provided with a special focus on MyMSC which led to the passing of Malaysian Cyberlaws, followed by an evaluation of the limited role of Cybersecurity Malaysia. This is followed by the analysis of the evidential problem in MBC identification and the jeopardising nature of the shortcut provision in the Computer Crimes Act. The thesis further examines remedies embedded in penal provisions based on the United States, Singapore and Indian model, examines the jurisdictional problem governing cybercrimes and evaluates the existing international models.

Throughout all above analysis, comparative overviews, of the relevant legal mechanisms in the United Kingdom, other commonwealth countries and the United States of America are made whenever necessary.