Attending Microsoft executive briefing at its Seattle headquarters
Dear Friends and clients,
For those who are observing the fast during the Ramadhan month, I hope it has been a fulfilling endeavor especially the change in routine and eating habits . Fasting is not just about abstinence from food and drinks but it is more for the cleanliness of the soul and supplicating it with prayers and good deeds . In Malaysia, we are fortunate to have the peace and prosperity for us to enjoy Ramadhan in a tranquil manner .

In this month’s Firasat article , our associate Siti Fatin writes on 5G to conclude Part 3 of the series of articles on technology and data . The race is on and it may get bloody as the temperature is rising between continents and economic superpowers .

As a law firm, we shall continue to stay ahead on the progress and development of technology to enable us to serve our clients better . Do look forward to the next Firasat edition where I plan to share some interesting developments the firm is undertaking in this space .

To my Muslim friends and clients , Selamat Hari Raya Aidil Fitri, Eid Mubarak. For those travelling to their hometowns during the break , drive carefully and see you after the holidays .

Yours truly,
Mohamed Ridza
Managing Partner
MRCO

05/2019

5G – Bach C minor
It was just amazing when I watched a video recently witnessing 6 musicians in 6 different countries performing an ensemble of Bach C minor synchronizing around the world with no delays.

Far across the Atlantic, a businessman turned President of a country said “The race to 5G is a race America must win”. Donald Trump said those exact words, determined to win the race. What exactly is the big deal with 5G and why are the United States and China in a race to further develop and control this technology?

The 5G technology will reportedly be up to twenty times faster than the current 4G standard. To put things in perspective, downloading a two-hour long movie takes 26 hours on a 3G network and six minutes on a 4G network, while it will only take 3.6 seconds on a 5G network. 5G technology is not just about the downloading speeds. It will inter-connect millions of devices and enabling everything from driverless cars, smart homes and even smart cities.

One of the main reasons the United States and China are in a race is the economic boost. If the United States wins, 3 million jobs are estimated to be created and it will add $500 billion to its Gross Domestic Product. Another main reason is power as the country who is in control of this technology will have access to everything people are doing online. The United States is concerned that if China wins the race, the Chinese could spy on or switch off the flow of data we would all depend on.

Regardless of which country will win, the development of this new technology is inevitable and it will have effect on the security of our data. As discussed in the previous Firasat article titled “Cybersecurity – From Fear to Confidence” (“Part 1”), cyber threats are one of the most pressing concern in this day and age. With the development of this new technology, massive amount of personal information is being transmitted, conveyed, collected, stored and used daily. This in turn opens up an opportunity for processing and also mis-processing of personal data.

With the emergence of new technologies, it is important for individuals and companies to understand their rights under the applicable laws in Malaysia in respect of cyber security. As highlighted in Part 1, Malaysia has a set of cyber security laws to counter cybercrimes such as the Computer Crimes Act 1997 (“CCA”) which is utilised to criminalise certain forms of conduct targeted at computers, the Communications and Multimedia Act 1998 (“CMA”), the Digital Signature Act 1997 (“DSA”) which provides an identity verification procedure using encryption techniques to prevent forgery and interception of communication and the Personal Data Protection Act 2010 (“PDPA”). The Firasat article titled “Data Protection: Is our information worth protecting?” (“Part 2”) has highlighted the seven personal data protection principles which must be complied with and observed by all data users. However, with the rapid growth of technological advances which causes massive amount of personal information being transmitted, conveyed, collected, stored and used daily, is our current data protection law sufficient to protect us?

According to 2018’s Kaspersky report on information technology security budgets, the average cost of a data breach for companies today is just over $1.2 million, representing an increase of 24% compared to 2017 and 38% compared to 2016. The loss caused by data breach is expected to increase with the development of 5G technology. As technologies are growing at a rapid pace, we need to further understand how data can be stolen in order for individuals and companies to prevent or minimise the risk of data breaches. In this article, we will focus on the development of 5G which causes the hazard to privacy interests to grow exponentially. As stated above, the development of 5G will inter-connect millions of devices and therefore, the usage of Internet-of-Things (“IoT”), artificial intelligence (“AI”) and cloud computing and storage will be widely used in a bigger context.

The rise of the popularity of IoT connected devices comes with its fair share of security challenge and higher risk of virtual data theft. IoT is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. In this day and age, there are many devices connected to IoT including routers, printers, smart watches, webcams and home automation hubs. We cannot deny that the creation of such devices are making our lives easier. However, the security implications are even greater. One of the security implications is the devices can be hijacked and it can be turned into an email server. In a 2014 investigation by Proofpoint, an information security research firm, a smart refrigerator was found to have sent thousands of email spam messages without its owner being aware of the problem. Secondly, the hijacked IoT devices can be forced to join malicious botnets for the purpose of conducting distributed denial-of-service attacks. Further, hackers are able to identify unsecured IoT devices that are leaking internet protocol address which can be used to pinpoint residential locations and may take advantage of this vulnerability by selling this information on underground websites to criminal outfits that operate outside the internet. From a legal perspective, these are liability issues for manufacturers of these devices.

Another challenge to the privacy which trigger the legal concern in IoT environment, AI systems and cloud computing and storage is the lack of control over the information used or processed during the process. As an illustration, an inter-connected objects can automatically communicate without the awareness of the data subjects. Further, the general principle under the PDPA obliges the data user to the the consent of the data subjects. However, the legal validity of IoT’s and AI’s users is problematic as in some cases, users may not know that their devices or systems collect data about them. The next issue is the fact that devices and objects that are inter-connected in IoT environment or the data to be stored in the cloud are not necessarily originating from, located or transferred in one single jurisdiction. In fact, servers and providers are from multiple countries across legal and political boundaries. In Malaysia, the PDPA restricts on trans-boundary transfer of personal information to countries outside Malaysia that do not provide equal protection to the personal data. Therefore, managing data across borders will be challenging to data users and service providers.

In general, Malaysian regulatory framework has not developed specific rules (outside the application of the seven principles in the PDPA) to deal with data privacy issues created by cookies, online tracking, cloud computing, the IoT or AI. The government’s efforts appear to be focused on positioning the country appropriately to benefit from these innovations. For example, the Ministry of Science, Technology and Innovation has unveiled the National Internet of Things Strategic Roadmap (the Roadmap). Under the Roadmap, a centralised regulatory and certification body will be established to address privacy, security, quality and standardisation concerns.

As users, we cannot rely solely on the laws and regulations. We need to protect ourselves from the danger that comes with today’s technological advances. The question is how do we do it? Firstly, users need to use strong and unique passwords for device accounts, Wi-Fi networks and connected devices. Users also need to be aware when downloading any applications by reading the privacy policy of the same and ensure that the applications are updated. Next, as users, we need to take immediate action if we see any suspicious activities or our data is being stolen. It is also imperative for organisations to establish a comprehensive approach to mitigate insider risks, including strong data governance, communicating cyber security policies throughout the organisation, and implementing effective access and data-protection controls.

It is undeniable that technology has revolutionised the way organisations conduct business. However, we also cannot deny that the broader and wide-spread use of technology also brings vulnerability. The question before us is can we promote innovation and the many benefits of the technologies while limiting the potential harm to society, including the loss of privacy and protection of our data? The technology changes come faster than legislation or regulatory rules can adapt. Therefore, we, , need to think fast to adopt a more comprehensive and ambitious approach or we will continue to play a losing game.

Author

Siti NurFatin Shikh Ab Wahab, Associate

Mohamed Ridza & Co

Main tel:+60 3 209 24822
Main fax:+60 3 209 25822

Offices

Kuala Lumpur Office
Unit No 50-10-9, Level 10
Wisma Uoa Damansara
Damansara Heights 50490
Kuala Lumpur
Malaysia
+60 3 209 24822
+60 3 209 25822
ridza@ridzalaw.com.my