III. Surveillance policies
Lawful Access Powers of Government Agencies
The Malaysian Anti-Corruption Commission Act 2009 empowers the Attorney General to authorize the phone intercepts and wiretapping in corruption investigations. Information obtained in this manner are admissible evidence in a corruption trial.
The Communications and Multimedia Act 1997 empowers a public prosecutor to allow law enforcement agents to perform a lawful interception on the condition that communications might contain relevant information for the purposes of an investigation or offence under the Act or under subsidiary legislation (section 252).
Intelligence and Surveillance Oversight
The primary intelligence agency in Malaysia is the Royal Malaysian Police's Special Branch. Modeled after the British Special Branch, this department is empowered to acquire and cultivate intelligence on internal and foreign threats to the country, including espionage, subversive activities, extremism and sabotage.
This department is part of the Royal Malaysian Police, which in turn comes under jurisdiction of the Ministry of Home Affairs. It serves not only to gather intelligence in the interest of the nation but also empowered to investigate, analyse and advise the government on the necessary course of action on the police force as well as related agencies.
Malaysia's military intelligence service is Kor Risik DiRaja, also known as the Royal Intelligence Corps. Set up in 1969, it specializes in intelligence gathering, analysis, reconnaissance, surveillance, psychological warfare and counter-intelligence efforts, on top of the propaganda efforts of the Malaysian armed forces. It often operates within the context of defence and national security.
The Special Branch comes under the purview of the Ministry of Home Affairs, which is headed by the Home Minister who is in turn a member of the ruling Cabinet and an elected parliamentarian. The military operates in theory under the aegis of the King, but operationally it has a chain of command that ultimately answers to the Executive (the Prime Minister).
In practice, there are no effective oversight bodies that monitor the legality of their activities and in some respects there are draconian laws in place that empower services, rather than provide a check against possible abuses. There is no single law that restricts these activities and in effect, action is almost nonexistent in the event of transgressions by these agencies.
Immigration and Privacy
As of August 2011, the Malaysian government was undertaking a large scale exercise to biometrically register immigrant workers in the country. This registration is not without glitches because of its large scale. Prior to this, passports and/or working permits of immigrants were deemed sufficient. One of the reasons for this registration is the presence of a large number of illegal workers as well as workers who violate permit conditions.
Travel and Borders
The Malaysian Passport as well as the MyKad (national identity card) contain smart chips with biometric information that is scanned at entry/exit points at all the country borders. The customs/immigration authorities as well as the security authorities routinely check and inspect any cargo, luggage and personal effects of travelers if deemed necessary.
The Personal Data Protection Act 2010 was aimed at regulating the processing of personal data in the context of commercial transactions by data users, and providing a safeguard for the interests of data subjects. This includes commercial transactions and matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance.
The act offers new legal rights and obligations in connection with the employer-employee relationship, mergers and acquisition transactions involving staff issues, and also governs the discharge of certain professional services.
The mandated rights include provisions such as individuals being informed about personal data as well as the right to access, correct and control the processing of their personal data by other parties. There are also rights specifically relating to the processing of personal data for direct marketing purposes.
This Act is expected to have an impact in the practice of data mining (especially for commercial interests) and may change marketing and direct selling strategies.
There is no forensic DNA database in existence. The DNA Identification Act was drafted in 2009, with the aim of establishing a national forensic DNA database. However, this Act is yet to come into force.
This much debated, controversial Act empowers the authorities to compel intimate samples from persons of interest to a case. The Act specifies the following in Section 17:
Where an intimate sample or a non-intimate sample has been taken in accordance with this Act from a person reasonably suspected of having committed an offence and investigations reveal that he was not involved in the commission of any offence, the charge against him in respect of any offence is withdrawn, he is discharged by a court of an offence with which he has been charged, at trial or on appeal, he is acquitted of an offence with which he has been charged, at trial or on appeal, or he is not charged in any court for any offence within a period of one year from the date of taking of such sample from him, the Head of DNA Databank shall, within six months of so being notified by the Officer in Charge of a Police District of the fact, remove the DNA profile and any information in relation thereto of such person from the DNA Databank."
Communications Surveillance and Data Retention
Section 73 of the Communications and Multimedia Act 1998 empowers the gathering of all relevant communications from individuals and organisations. This section applies to any person if the Commission has reason to believe that the person:
- has any information (including but not limited to accounts and records) or any document that is relevant to the performance of the Commission's powers and functions under this Act or its subsidiary legislation; or
- is capable of giving any evidence which the Commission has reason to believe is relevant to the performance of the Commission's powers and functions under this Act or its subsidiary legislation.
Section 77 of the Communications and Multimedia Act 1998 provides for the retention of data and documents as long as the Multimedia Commission deems necessary. No time frame is provided for the retention of such data.
CCTVs are used is many public spaces, including government buildings, banks, hotels, public spaces and pedestrian malls and roads. In mid-2004, the government introduced CCTVs in many public spaces in an effort to curb snatch thefts.
The Government is considering rolling out Facial Recognition (FR) and Automated Plate Number Recognition (APNR) systems to boost crime prevention, border control and enforcement of traffic laws. The biggest concern on the FR and the APNR system is the privacy concern that the governments would abuse the ability to track their citizens at all times. In the APNR system, data could be obtained illegally by hackers and used for other purposes.
The policy is under consideration, and there have been no recent developments regarding both systems from the Government.
Cybercafes and Internet Services
There are no identity requirements for access to cybercafes. Individuals are not required to provide identity when accessing services, and bloggers and social networkers are not required to identify themselves using government identification.
Cyber security is governed by the Malaysian Communications and Multimedia Commission (MCMC) via a two-pronged approach. The Communications and Multimedia Act 1998 empowers instruments to be issued either by the Minister or the Commission in the form of a Direction or a Determination. The Minister in charge can issue a Determination on any matter specified in the Communications and Multimedia Act 1998 as being subject to Ministerial Determination without consultation with any licensees or persons.
The MCMC can also issue Directions to any person regarding the compliance or non-compliance of any licence condition, and including but not limited to the remedy of a breach of a licence condition.
The government has the ability to block a website or websites if they deem the content sensitive (Section 211 of Communications and Multimedia Act 1998).