PETALING JAYA: The Malaysian Communications and Multimedia Commission’s (MCMC) reminder to Internet service providers (ISPs) that they are obligated under law to prevent the abuse of their network facilities and services will push them to be proactive rather than reactive, says an expert.
Cybersecurity law expert and lawyer Derek Fernandez said: “Simply put, Section 263 of the Communications and Multimedia Act 1998 (CMA 1998) was designed to adopt a proactive approach to cybersecurity in relation to online harms and information security rather than a reactive approach, which has been practised for so many years.”
He said that currently ISPs take action to resolve a threat only when the public complains to the ISP or the regulator, adding that Section 263 requires ISPs and any licence holder to use their best efforts to eliminate criminal threats on their network.
This reactive approach, he continued, is inadequate to combat today’s cybercrime and online harms, adding that technologies such as threat intelligence, web filtering, anti-scam, and reporting systems are available to assist compliance.
According to MCMC, the main areas of concern regarding online harms are child sexual abuse material, online gambling, content inciting racial or religious discontent, scams and phishing attacks, content with illegal drugs and prohibited substances, impersonation, disinformation and fake news, and unlicensed health products.
The MCMC notice comes after both Facebook-owner Meta (July 4) and messaging service Telegram (June 20) agreed to cooperate with the MCMC in clamping down on online crime.
Both companies had received warnings of legal action due to the significant amount of harmful content on their platforms.
In a statement, Maxis said it has always worked closely with MCMC and the relevant authorities on managing harmful or unlawful content.
“In fact, Maxis is part of the Content Forum and adheres to MCMC’s Content Code, with resources in place to comply with the regulator’s directives and information requests from authorities, where needed,” it said.
Maxis added that it has internal SOPs in place for website blocking, which is undertaken based on instructions by MCMC, the police, and the Domestic Trade and Cost of Living Ministry within the stipulated timelines given.
CelcomDigi also said it strictly follows operating procedures based on the obligations prescribed under the CMA 1998 in a statement.
“We take pride in protecting our customers’ safety and ensuring that all Malaysians can safely derive the full benefit of the digital society,” said a CelcomDigi spokesperson.
When contacted, Telekom Malaysia said it adheres to high standards of governance and policy and works closely with relevant authorities to mitigate any issues.
The co-chair of the Bar Council’s intellectual property committee, Foong Cheng Leong, said there are concerns that Section 263 could be used to infringe users’ rights to freedom of speech online.
“As we have seen in the past, ISPs generally comply with such requests, and we have seen it being used to protect the rights of individuals,” he said.
As written requests under Section 263 to the ISP are not made public, Foong said there is no way to gauge the level of compliance by ISPs.
“We know that MCMC does issue press releases on fines or compounds issued against ISPs for non-compliance with other guidelines,” he added.
Foong also added that this can be addressed by creating better regulations, rules and guidelines in relation to any blocking order.
“It must be exercised sparingly, and there must be a predefined outline of what can be blocked,” he said.
He also said there must be an avenue for appeal for those affected, whether directly or indirectly.