The Constitution of Malaysia
does not specifically recognize the right to privacy, but does provide for
several related rights, including freedom of assembly, speech and movement. Historically, the
government has circumscribed all of these rights by law or practice;
increasingly so in the name of anti-terrorism.
The most controversial of these
laws remains the Internal Security Act (ISA),
which was originally enacted in the 1960s in response to Communist insurgency.
The ISA allows police to enter and search without a warrant the homes of
persons suspected of threatening national security; they may also seize
evidence. The lack of independent judicial oversight is the most poignant
criticism of the ISA. Judicial reviews of arrests under the ISA are limited to
questions of procedure: at no point are authorities required either to produce
evidence or detailed charges. Police regularly use the ISA to search homes and
offices, seize books and papers, monitor conversations, and take persons into
custody without a warrant. Persons arrested under the ISA can be held for up to two years
without being charged. The government does not disclose the number of people so
held, but civil rights groups still estimate it is in the hundreds. Most of
these are allegedly connected to Islamic terrorist groups, but the use of the
phraseology "terrorist threat" or "terrorist" has increased
markedly since September 11, 2001, and is now used to describe a litany of
individuals or actions that previously would not have been classified. Many
alleged terrorists are coincidentally connected to political opposition
parties.
In 2003, the ISA has been used
to arrest and detain persons without charge or trial. In August 2003, there were 99 persons in detention under the ISA,
79 of whom are suspected of involvement in terrorism. According to news
reports, the government did not use the ISA against political opponents during
2003, although the Act has been used in the past to intimidate and restrict
political dissent.
Prior to September 11, 2001,
there had been much public pressure – both from inside and outside the country
– to repeal the ISA in favor of a more constrained security law, but the
government has taken no action to date and is now unlikely to do so anytime
soon. Minister Yatim has stated that laws like the ISA are even more relevant post-September 11, and that "submission
to idealistic rights was not realistic . . . in safeguarding domestic integrity
and security." The Prime Minister responded to criticism of the ISA by
stating that "if someone commits an act that violates the human rights of
the majority, then he . . . will lose his basic rights." In 2003, opposition leaders and human rights organizations went on
calling on the government to repeal the ISA and the other laws that deprive
persons of the right to defend themselves in court. The National Human Rights Commission (Suhakam) publicly recommended the government to rewrite the ISA to
ensure that the government does not use it against political opponents.
Other laws with implications for
privacy include the Communications and Multimedia Act (CMA), the
Anti-Corruption Act, the Companies Act, the Computer Crimes Act (CCA), modeled
after the United Kingdom's Computer Misuse Act of 1990, and the Penal Code. The CMA prohibits unlawful interception of communications,
establishes rules for searches of computers, mandates access to encryption
keys, and authorizes police to intercept communications without a warrant if a
public prosecutor believes a communication is likely to contain information
relevant to an investigation. In practice the provisions of the CMA restricting telecommunications interception appear to be regularly
ignored or overridden by other statutes, including the ISA and the CCA. There are regular reports of illegal wiretapping, including of the
former Deputy Premier, Anwar Ibrahim, in 1998. Later that same year, police
detained four people under the ISA on suspicion of spreading rumors of
disturbances in Kuala Lumpur. Inspector General of Police Tan Sri Abdul Rahim
Noorsaid told the media then that the suspects were detained after police
tracked their activities on the Internet with the assistance of Internet
service provider (ISP) Mimos Berhad. The provider later claimed that it did not monitor the activities
of its subscribers. In 2003, the government did not use the CMA's licensing provisions
to interfere with Internet access or to restrict its content.
A provision of the
Anti-Corruption Act empowers the Attorney General to authorize the interception
of mail and the wiretapping of telephones in corruption investigations. The
Companies Act grants the Registrar of
Companies broad powers to block or disband organizations deemed prejudicial to
national security or the national interest. This authority has been used to
prevent international human rights organizations from establishing domestic
operations. The Computer Crime Act allows police to inspect and seize without a
warrant a suspect's computer equipment. Suspects are also required to turn over
all encryption keys for any encrypted data on their equipment. In July 2001, the Chief Inspector of the technology crime
investigation team (a unit under the Royal Malaysian Police) called for updates
to the CCA, claiming that it was outdated and that even more sweeping powers
are required. In the same vein, Prime Minister Datuk Seri Dr Mahathir Mohamad has stressed the need for greater
security measures to tackle "the rising number of cybercrime incidents and
the increased use of the Internet for misinformation." In January 2001, following a high profile hack into the
Parliament's web site, it was reported that the government may extend the ISA
to hackers of government web sites.
Section 509 of the Penal Code
provides criminal penalties for insulting "the modesty of any person"
or "intruding upon the privacy of [any] person" by uttering any word,
sound or gesture, or exhibiting any object, intending that such word or sound
shall be heard, or that such gesture or object shall be seen by such person.
Since September 11, 2001, the
Malaysian government has made money laundering detection and enforcement a
priority and has enlisted regional and international cooperation. The
government recently concluded an agreement to exchange financial intelligence
information with several countries, including Australia and the United States, and facilitate data and intelligence exchange with the Anti-Money
Laundering Act.
Under the Constitution, freedom
of assembly may be limited in the interest of security and public order. The
government regularly monitors public assemblies through the issuance of permits
under the Police Act. While the decision to grant permits theoretically rests
with district police chiefs, in practice senior police officials and political
leaders influence grants and denials. In July 2001, the government ceased
issuing permits for all political meetings throughout the country. This significantly
impeded the ability of opposition parties, particularly the Islamic party, to
communicate with their supporters and to fundraise. In October 2002, police
prevented a public protest of the government's refusal to release six persons
detained under the ISA, despite the Federal Court's ruling that the detentions
were unlawful.
The Constitution provides that
freedom of speech and of the press may be restricted by legislation "in
the interest of security [or] public order." In practice, the law is frequently used to restrict or intimidate
dissenting political speech. All newspapers and magazines must be licensed by
the government and the Sedition Act prohibits public comment on issues defined
as sensitive, such as racial and religious matters. In January 2003, an
independent news web site, Malaysiakini.com, published an anonymous letter critical of the government and was
subsequently raided by police. The police seized about 20 computers containing
potentially sensitive information, including the addresses of letter writers
who had requested confidentiality. It appears that the government's 1999 pledge to not regulate
content on the Internet, in part to attract international investment to its
high-tech sector, was a hollow one. Before that, in 1996, Malaysia had already
introduced the Multimedia Super Corridor Bill of Guarantee, which stated that
the government would "ensure no Internet censorship." On October 6, 2003, the government announced that it had forwarded
its nine-month-long investigation to the attorney general for a decision on
whether to prosecute. The government continued to deny Malaysiakini journalists formal
press accreditation, although its reporters were reportedly allowed to cover
government functions and ministers' press conferences.
The government places some
restrictions on academic freedom, particularly regarding the expression of unapproved
political views, and the government enforced restrictions on teachers and
students who expressed dissenting views. In March 2002, the government began to
require that all civil servants sign a pledge of loyalty to the government, and
in May it required that university faculty and students sign the same pledge.
Opposition leaders and human rights activists claimed that this was intended to
restrain political activity among civil servants, academics, and students. Earlier, in August 2001, the Malaysian Bar Council had ruled that
body searches by school authorities to look for tattoos on students were a
gross violation of privacy and should only be conducted if a student is
suspected of having committed an offense. The searches had been mostly carried out
on students in religious and residential schools who were believed to have been
targeted by occult groups.
Malaysians generally have the
right to travel, live, and work where they please, however the government
restricts these rights in some circumstances. The eastern states of Sabah and
Sarawak have the right to control immigration and to require citizens from
peninsular Malaysia and foreigners to present passports or national identity
cards for entry. The adoption of a national identity smart card makes tracking
citizens easier.
Since 1999, the Malaysian
government has begun gradually phasing in a multi-purpose national ID smart
card, that it intends all Malaysians to adopt by 2005. The card, known as "MyKad," incorporates both photo
identification and fingerprint biometric technology and is designed with six
main functions: identification, driver's license, passport information
(although a passport is still required for travel overseas), health information
(blood type, allergies, chronic diseases, etc.), and an e-cash function. The card can also function as an ATM card, although it is MyKad's
least attractive feature and banks have discouraged customers from using the
card for such purpose. There are plans for adding additional applications for digital
signatures for e-commerce transactions.
The Malaysian government
originally proposed placing the religious affiliation of all citizens on the
cards, but complaints from the country's non-Muslim ethnic groups prompted the
government to limit identification to Muslims only. In January 1999, it was
announced that Islamic religious authorities in the capital, Kuala Lumpur,
would be equipped with portable card readers in order to instantly verify the
vows of Muslim couples found in "close proximity." In his 2002 budget
speech, the Prime Minister proposed adding marital status and voting
constituency information to the cards for the benefit of religious authorities
and to minimize electoral fraud, respectively. Both proposals were sharply
criticized by opposition Member of Parliament Teresa Kok as being an
unnecessary invasion of privacy. The anonymity of balloting is already a matter of concern for
privacy advocates, even without MyKad. Traditional ballots are marked with a
serial number that can be matched against a voter's name. While there is no
evidence that the government has ever tracked individual votes, some opposition
leaders allege that the potential to do so has had a chilling effect on some
voters, particularly civil servants.
With so much personal
information stored on the MyKad, even proponents of the card have acknowledged
inherent privacy risks: "[h]aving the smart card will probably increase
theft . . . because the attraction is there. There is a lot of personal
information stored [on the card], including buying patterns which would attract
(card cloning) syndicates," according to industry analyst Jafizwaty
Ishahak. Recently, the National Registration Department (NRD) admitted that the
practice of surrendering identity cards to security guards before entering
certain premises may need to be changed because of privacy concerns. The Consumers Association of Penang has argued that the cards make
individuals' personal and confidential information too vulnerable and has
recommended that the proposed Personal Data Protection Act address these risks
specifically.
The Federation of Malaysian
Consumers Associations criticized the government for not implementing clear
guidelines or consulting with the public on how MyKad is to be used, by whom
and for what purpose. The Federation also challenged the security of the
system, contending that the storage of personal information in a centralized
database makes it vulnerable to tampering and sabotage. Later, in 2004, the Bar
Council chief severely criticized the security and privacy risks related to the
use of MyKad, and sought strong privacy laws to protect card holders against
potential misuse, pointing out that personal data contained on the card could
easily be accessed. It is widely known that anyone with a card reader can access all
information contained in the card. In response to such critiques, the government is now reportedly
drafting a bill to ensure the privacy of MyKad users and protect the
information stored against unauthorized use.
Users can access personal
information on their cards at government kiosks and offices, after biometric
authentication of their fingerprint. Access to personal information by others
is hierarchical or compartmentalized. For example, only certain medical officers
have access to sensitive health information. However, access to some personal
information held in the MyKad system seems to be available, remotely via a
network, to a wide range of third parties, including hotels, restaurants and
ticket agents. Determining who has access to what information and for what
purpose remains opaque for Malaysians.
MyKad is currently optional, but
it automatically replaces other forms of expired identification and is quickly
becoming a de facto requirement to
access certain government and private-sector services. In December 1998, the
government began requiring cyber cafés to obtain name, address, and identity
card information from patrons. However it lifted this requirement in March
1999. In some cases there may be penalties for not carrying the card. In
1998, the government announced that persons not carrying identification cards
risk being detained by immigration authorities. It is the government's intention that all of Malaysia's population
over the age of 12 will be registered in the MyKad system by 2005. Those under
the age of 12 are encouraged to apply for a junior version of the MyKad, which
differs only in its lack of a photograph and thumbprint biometric.
Prime Minister Dr Mahathir
Mohamad has characterized data protection principles as a burden on business
and an impediment to effective policing. However, e-commerce concerns and the
desire to comply with the adequacy provisions of the European Union Data
Protection Directive, have led the Malaysian Ministry of Energy, Communications
and Multimedia (MECM) to begin drafting a new personal data protection bill.
The Personal Data Protection Act
was supposed to be enacted by 2004, but has been repeatedly delayed. The bill has been submitted to the
Attorney-General Chambers. The legislation promises to regulate the transfer of consumer data
to third-parties by institutions whether during the collection, use or further
processing of the data. Under the Act, the type of data that could be disclosed
to third parties and those which required the owner's permission before it
could be released, would be clearly specified. The proposed law sets out nine data protection principles governing
the collection, use, disclosure, accuracy, retention, access to and security of
personal data. If enacted, it will establish a government-appointed data
protection commissioner with the power to monitor and enforce compliance,
promote public awareness of the law, encourage trade bodies to prepare industry
codes of practice; and cooperate with counterparts in foreign countries. Proposed penalties for violating the law will include punitive
fines of up to MYR 250,000 (~USD 65,790) and imprisonment for up to 12 years
for a serious offense.
Part III of the draft bill
provides for the establishment of a tribunal to assist in the exercise of
performance of the Commissioner's powers and functions in the public interest.
While the detailed operation of the tribunal will be left to regulation, it is
presumed it would function as an appellate body.
Although its ramifications and
effects are far-reaching, legal observers have emphasized that the proposed
bill does not attempt to prohibit the collection, holding, processing or use of
personal data, nor does it deal with access to any information collected. In
other words, the proposed law is not a law relating to privacy or freedom of
information.
Malaysia announced plans in
November 2001 to provide data protection and Internet law training for its
judges, public prosecutors and police officers in anticipation of the enactment
of the data protection bill. The Prime Minister's Department said training for the judiciary and
law enforcement would "better equip them to deal with computer-related
crimes."
Two new additional acts have
also been proposed recently: the Electronic Transaction Act (ETA) and the
Electronic Government Activities Act (EGAA). The ETA is a law of general
application that provides a legal framework for electronic transactions, while
the EGAA aims at removing all procedural and administrative impediments for
e-government activities. This last bill should enable the government to conduct
electronic transactions or issue approvals that have the same legal standing as
a manual transaction or approal by letter.
The Asia Pacific Coalition Against
Unsolicited Commercial E-mail (APCAUCE), which includes member groups from
Australia, Hong Kong-China, India, Korea, Malaysia and New Zealand, held a Net
Abuse Workshop in Kuala Lumpur in February 2004, and is planning a July
workshop in Kathmandu, Nepal, and a 2005 workshop in Kyoto, Japan.
The government decided in 2004
to install closed circuit television (CCTV) cameras in major cities with the
purpose of curbing snatch thefts. Local councils have until September 18 to
install the cameras at public spaces such as bridges, light rail transportation
or bus stations, night markets and dark lanes. CCTV systems will be connected
to district police stations where images will be monitored. Some critics assert
that CCTV could be used not only against snatch thieves but also to spot and
nab courting couples caught on camera displaying affection in public, which is
not allowed in Malaysian society.
Malaysia is a signatory to the
Universal Declaration of Human Rights, but the legislation that created the National
Human Rights Commission (Suhakam),
also restricts the application of the Declaration to those "fundamental
liberties provided for" in the Constitution and to those provisions
consistent with the Constitution. In 1999 prior to Suhakam's creation, opposition leaders and non-governmental
organizations, including the Bar Council, criticized the definition of human
rights as too narrow.
However, following former Suhakam Chairman Musa Hitam's October
2001 statement that human rights would need to take a back seat in the fight
against terrorism, the Commission has assumed a lower profile in carrying out
its mission and has not often publicly challenged the government on sensitive
subjects. The new Chairman of the Commission, former Attorney General Abu Talib,
appears to favor a low-key, behind-the-scenes approach to promoting human
rights.
