How Section 114A of EA 1950 has violated the freedom of internet users in Malaysia?

What’s the effect of Section 114A?

This amendment will significantly impact the law governing internet publications by persons in Malaysia, including news reporting, blogging and interactions in the social media. The amendment will allow the prosecution or a plaintiff to rely on a presumption of fact to prove the identity of the person responsible for an internet publication. Essentially, the internet user identified in the amendment is deemed to be the publisher of content, unless the user proves otherwise. The burden of proof has shifted.

This amendment to the law of evidence in Malaysia has far reaching consequences for internet users. It will facilitate the proving of offences under the Communications and Multimedia Act 1998, the Computer Crimes Act 1997 and the Sedition Act 1948 against internet users. It will also ease the proving of defamation claims on internet publications. While the Malaysian government has defended the amendment as being necessary to protect the public interest, the internet community in Malaysia has reacted in an uproar.  

Scenario 1: Getting an IP address from Google 

There is an article titled “Azmin makan duit rakyat Selangor”. The author wrote her name as Nazmi. Azmin brings Nazmi to court. Nazmi in her defense said “it was not me Min, sumpah! Bukan I Min! Percayalah…”.

Since the article was written in blogger.com (owned by Google), the police can request the IP of the “mysterious writer” from Google. Every time you log in to your blogger or Goggle account, your IP will be stored in Google system. From the police investigation, they found that the IP does not belong to Nazmi’s account. Turn out the actual writer is: Faekah. This isn’t so easy. Fortunately, Google is very transparent about government request, and have reported that up until 2011, the Malaysian Government have never requested for any user data, we have requested for takedowns but not user data. What that means is that we’re not sure if Google will happily comply with our request, the success rate of these government request range from 0% (in the case of Turkey and Russia) up to 93% in the case of the US Government. So we’re not sure how successful we would be, and to blindly assume it’s a simple matter of asking Google for an IP address is just plain ridiculous.

Secondly, there are various ways to obtain a separate IP address from a separate entity. In my posting about how to activate your Kindle in Malaysia, I advocated using a service like Texasproxy or Hidemyass, proxy servers mask your IP address from Google by substituting it for their own IP address, and you could proxy over proxy providing extra layers of IP address obfuscation.

Finally what if I just used TOR? End of story, it’s not traceable.

Scenario 2: MAC addresses can identify you

There is photo of Izzah painted with the words “Izzah Penipu dan Gila Kuasa”. The account was under the name Chua. Izzah brought Chuato court. Chua in his defense said : “Zah..bukan abang sayang…abang sayang Izzah..takkan la abang nak sabotage syg. Abg ni suka gigit…gigit telinga…sabotage ni tak main”.

Every computer/phone/laptop/Xbox/etc has a MAC address. When you connect to the Internet your ISP can see this. The police check asked Chua whether he has any electronic devices and Chua replied “Only my phone sir” while looking at the officer’s ear. Upon checking the MAC address of the phone, the MAC address did not match.

Turn out the actual writer is: Azmin

First of all this is bullshit. Your ISP never sees the MAC of your phone or Ipod or Laptop, just the MAC address of the ‘last hop’ which in this case is your router or Wi-Fi access point.

Secondly, there is no central repositories of MAC addresses, what’s to stop Chua from buying a separate iPod and ditch it once he’s done the deed.Thirdly, even if this were possible, a tech-savvy perpetrator could spoof the MAC address of your machine for Windows, Macintosh and even Android. There’s a whole wikipedia article on Mac Spoofing.Finally, even if they did conclude that the MAC address didn’t belong to Chua, how did they find out the actual writer?

In the words of Sheldon Cooper, this is HOKUM!

MAC addresses cannot identify a person, merely a piece of equipment. So it’s absolutely impossible to use a MAC address to trace a person. If I identified a MAC address belong to a specific Samsung phone that was purchased from a specific Samsung shop in Mid-valley. Unless the Samsung shop keeps records of who bought their phone, there could be no trace of it. The same applies for much cheaper items like network cards and Wi-Fi dongles.

Scenario 3: Twitter complying with Government request from Malaysia

A tweet goes like this: “@anwaribrahim, you penipu kaum India! You promise macam2 sebelum GTX12 tapi skrg habuk pun tarak ada. @#$%@#%”. The account was tweeted under the account psurendram. In anger, Anwar brought Surendran to court and in Surendran’s defense he said: “Boss…sampai hati boss tuduh saya macam ini…lupakah janji2 kita dahulu? Sebangsa, Sejiwa, Sehidup, Semati? Cuma tak selubang sahaja…tu ka sebab boss marah?”

When a tweet is posted, all our tweets are stored in Twitter’s many servers. Just like Facebook and Google, they also save for each tweet, info associated with that tweet e.g. time, date, location, IP, device name etc. The police can get these associated details of the tweet from Tweeter. Upon investigation, it was found that actually Surendran is innocent. Turn out the culprit was someone who got jealous with Anwar’s attention towards Surendran. He got so jealous that he took Surendran’s phone while Surendran was busy entertaining Anwar and made that tweet. That person was Azizah! This is getting ridiculous. If you take my phone and tweet something, there is NOTHING from twitters server to prove you didn’t do it. As long as you took my phone, to twitter you look like me. That’s it. Twitter doesn’t know someone took my phone. Once again, we see a trend that it’s as easy as asking Twitter for info, and they’ll gladly hand it over to me. Twitter also is very transparent about their Government request, the only difference with Google is that Government request to twitter have a FAR FAR lower success rate , with most countries having a 0% success rate. So going to twitter is not an option. One would think a blogger would know this. Plus how the hell did they find out it was Azizah, probably through good ol’ fashion police work, that’s the point. The burden of proof should be on the prosecution and police, not on the accused, because it’s just impossible for the accuse to prove his innocence without the resources from law enforcement agencies to help him out.

Source: http://www.keithrozario.com/2012/08/evidence-act-114a-technological-misconceptions.html


In my humble opinion, the new amendments pushes an innocent party to show that he is not the publisher. Victims of stolen identity or hacking would be experiencing more mishaps and troubles due to their carelessness and others' mischief. We are well informed that, since computers can be easily manipulated and identity theft is quite raging, it is dangerous yet unfair to put the onus on internet users solely. An internet user will need to give an alibi that it wasn’t him. He needs to prove that he has no access to the computer at that time of publication and he needs to produce call witnesses to support his alibi.
Obviously, it is against our very fundamental principal of “innocent until proven guilty”. With general election looming, I fear this amendment will be used tyrannically by the Malaysians. Fortunately, the amendment is not in force yet. I strongly hope that the government will re-exaine into this amendment and come out with better provision that would not put the internet users' freedom at jeopardy as well as causing speculative issues regarding proving of evidence virtually.