Cyber Law and the Quest for the Information-Age Legal Education

By Sonny Zulhuda

Talk about the Information Age has filled many seminars, newspapers, books, web-pages, blogs, etc. But has it invited law students and law academia too? Have our students be adequately equipped by the understanding (conceptually, technically and so on) of what Information Age is, and how it challenges the notion of law taught in law schools? These are the questions that preoccupy many legal minds concerned of legal education.

Information Age is about the change, not only on gadgets, but also on the way we live as well as change of perspectives. For legal fraternities (i.e. lawyers, attorneys, judges and legal academia), it is critical to acknowledge this change, and not leaving it only to the hands of computer scientists. This is because the Information Age is a discourse of a cross-disciplinary realm. No less than information scientists, engineers, lawyers, accountants, sociologists, political scientists and business people are all concerned. They could even find themselves incapacitated if they choose to work separately. In the word of Boyle, this is called the collapse of disciplinary boundaries.

The above forms the background of my paper in the international seminar on Cyberlaw soon to be organised by the Faculty of Law, Islamic University of Sultan Agung (UNISSULA), Semarang, Indonesia on Wednesday, 26th October 2011.  Hopefully this can invite a fruitful discussion among the faculty members and the seminar attendees.

The paper basically hypothesizes that in order to capably address legal issues and challenges in future, our legal education should be re-looked at and reformed. The Information Age environment should become an integral consideration in learning law (regardless the area; commercial, civil, criminal, constitutional, administrative, etc.). It argues not only for the introduction of cyber law in the law syllabus, but also the integration of the issues and discussion with other major and disciplines. On top of that, we can borrow Prof Palfrey’s thesis on ‘digital native‘ and ‘digital migrant’ so as to allow law to improve and deliver in the future.

 

Incidents on personal data abuse affecting banks

by: Sonny Zulhuda

In my last post I made note about why banks should or must care to protect the personal data with them. In this post I just want to put that note in real perspective, learning from real cases and incidents involving major banks in the world.

First, it was reported that Citigroup breach exposed data on 210,000 customers (here for the full report)

Citigroup admitted Wednesday (June 8^th, 2011) that an attack on its website allo

wed hackers to view customers’ names, account numbers and contact information such as email addresses for about 210,000 of its cardholders in North America. Although hackers may have not gained complete information on cardholders, the contact information is enough for scammers to try and elicit more information through targeted attacks. The email addresses, for example, could be used to send “phishing” messages asking for other sensitive information which could potentially give identity thieves enough to start committing fraud.

Second,  you’ll see how Data breaches lead to massive fines for three HSBC firms (here for the report)

Three HSBC firms have been fined more than £3 million by the Financial Services Authority (FSA) for failing to secure customer data. The FSA claimed the three firms sent large amounts of unencrypted data – often on discs sent via the post – and staff were untrained on the issue of identity theft. The FSA said that, in April 2007, HSBC Acutaries lost a floppy disk in the post that contained 1,917 pension numbers and addresses. And, in February 2008, HSBC Life lost an unencrypted disk holding data on 180,000 policy holders – also in the post.

Read More…

Bank and personal data protection: Why care?

By: Sonny Zulhuda

pic from: mortgagechiliblog.com

Contrary to the traditional belief, information is no longer a mere business processing tools. It is now the very asset that turns to become the commodity of the business itself – becoming more powerful and valuable than any other physical assets. And this is particularly obvious in financial and banking industries where the acquisition of personal data and the adoption of information technology (IT) have both transformed the banking industry as well as the associated operational risk management.

The demand to protect personal data in banking industry comes mainly from two factors. Firstly, the consumers are getting increasingly aware of their right to data privacy. The bulk of their data such as personal and family data, financial information, credit history, employment records, or legal matters are now the target of many predators who wish to acquire them for their benefit, ranging from unsolicited direct marketing, loyalty program recruitment, credit card applications, and even for malicious intent such as identity theft and fraud (or “phishing”).

Read More…

The Starfish and the Spider

By: Sonny Zulhuda

“The Starfish and the Spider”, or so we were told about ICANN‘s uniqueness by Rod Beckstorm. This is also the title of the book by Rod, the CEO of ICANN, and his co-author that was generously given out to all the Fellows in one of the ICANN’s Fellowship meetings. I did not have chance to grab him after the forum and to get him sign on the book. But here I want to say a big THANKS for the beautiful gift!

The ICANN’s CEO deliberated about how ICANN works as a ‘bottom-up’, decentralized and multi-stakeholders organization. Even though this has been repeatedly mentioned by many previous speakers, to me his presentation wraps up the whole idea of how ICANN has been working.

Read More…

ICANN Fellowship – Notes and Nodes

By: Sonny Zulhuda (an ICANN Fellow)

Twenty-three fellows, from twenty countries, of five continents, of diverse background and affiliations, met and gathered in one room called Morrison in Raffles City Convention Centre, Singapore every 7-9 morning from 19th to 24th June 2011.

Under the mentoring of one passionate soul Janice, they intensively learned about a new world famously known for its administration and management of the world’s Internet, and infamously known for its excessive use of acronyms and abbreviations (wink) — ICANN (well.. the Internet Corporation for Assigned Names and Numbers, that’s it). Uuh.. about the excessive acronyms, thank God they created the portal, see it here. ^_^

The ICANN Fellowship is indeed more than just the dawn meeting routine. In fact, in every day in the whole week, there were approximately not less than a dozen meetings, briefings or discussions that may go parallel to ensure the fellows are kept busy. At few occasions some fellows (like me) tried to make use of the Remote Participation facility to grab two or more discussions at once — which ended un-impressively mainly due to our incapability to basically follows two things at one time.

But we are all certain that this Remote Participation facility is there not without a reason. There are times where one could not be there but is willing to follow the discussion, retrieve the materials or even ask questions. And that is what has happened, efficiently! Isn’t that awesome?

Read More…

The Problems of Identity Theft in Malaysia in the Light of the Personal Data Protection (PDP) Act 2010: A Hope Rejuvenated?

By: Sonny Zulhuda

Nope, this is not (yet) a ready paper. It’s an ongoing research that I am now conducting, funded by an internal research grant. It takes as the background the revolutionary growth of the information and communications technology and its use in the storing, processing and disseminating personal information.

We all know that such phenomenon (ICT+data processing) has unveiled one huge challenge in the form of identity theft. Described as unlawful acquisitions of personal data that belongs to others, identity theft incidents are reported in Malaysian media on regular basis. The lost, stolen or compromised personal data has not become an incident of its own. Rather, it provides “ammunitions” for further action such as credit cards forgery or impersonated bank accounts that are used as a platform for further crimes.

Recently local newspapers had flooded us with news on these, such as these:

“RM4mil (Rp11.2bil) stolen within first three months”

Malaysians have lost RM4mil through phishing (identity fraud) within the first three months of the year alone. There were 457 cases recorded in the first quarter of the year, exceeding the 353 reported for the whole of last year where the victims lost a total of RM1.2mil. In 2009, only 75 cases were reported with total losses of around RM215,000. Federal Commercial Crime Investigations Department director Commissioner Datuk Syed Ismail Syed Azizan said the number of cases reported this year had reached a record high with authorities and the banking industry being almost powerless to curb it. (Click here for the report)

Read More…

National Security in Digital Economy: Redefinition, Reaction and Legal Reform

By: Sonny Zulhuda

This is my latest paper that I recently presented in the 1st International Conference on International Relations and Development (ICIRD) organised by a consortium of Thai top universities, and held in the beautiful campus of Thammasat University, Bangkok, Thailand.

This paper investigates the need for global government and especially Malaysia to relook at and redefine the concept of national security amid the changing circumstances especially in relation to the country’s increased reliance on the information and communications technology (ICT).

The challenge is, the more a governance system is exposed to the Internet and ICT, the bigger the risks it would face. When the security of the system is not reliable enough to secure the system, information assets are at stake and the country’s critical information infrastructure (such as defence, communications, energy and medical systems) would become loophole that undermines national security.

Read More…

My thoughts and prayers for those affected by the recent Tsunami in Japan

“STAY CLOSE AND CONNECTED”

By: Sonny Zulhuda

“This time a year ago, I was in this land watching snow fading gently and slowly. And the whole nation was in jubilant mood welcoming spring time where the Sakura would start blossoming. This time a year ago, I witnessed an amazing blend of tradition and innovation..

This time a year ago.. I left a chunk of my footsteps on its soil in exchange of a bulk of memory in my mind.The memory that never changes a year later, when I witnessed the land left in pieces by a show-off of the nature…

For all the memories that you left for me here.. I stay close and connected. My thoughts and prayers for you and all who were affected by Tsunami..

Stay strong, there will always be hope..”

~K.L, 12.03.2011~

picture credit to <dark.pozadia.org>

The Casts in PDPA 2010

By: Sonny Zulhuda

Among the first question people would ask about Personal Data Protection Act (PDPA) 2010 is “whether or not this Act applies to me?” or, if one could answer it in affirmative, “in what why the Act implicates me?”

The PDPA 2010 provides for definition of certain entities that would be in one way or another “implicated.” They are (1) Data User; (2) Data Processore and (3) Data Subject. Thus, the PDPA 2010 operates on these classes of person. It is in this frame you can have your answer whether the Act applies to you, or, in what why it implicates you.

Read More…

When you “fly”, does your data fly along or fly away?

By: Sonny Zulhuda

Now everyone can “fly”! Yes we know that. But when you fly, will your personal information fly away in the sky? That, not everyone knows.  This is the simple question that makes the backdrop of my recent paper, to be presented in Singapore’s International Conference of Social Science and Humanities (ICSSH2011) at the end of this month.

The paper is entitled: “Personal Data “Up in the Air” – A Tale of Two Malaysian Airlines in Dealing with Consumers Online Privacy.” It is a joint effort with one of my former students Ms. Maryam Delpisheh.

We know that uncertainties and concerns surrounding the privacy of personal information in Malaysia in the wake of many data abuse incidents had led to the passing of Personal Data Protection Act (PDPA) 2010. In a market where personal data has long been widely traded and unjustifiably exploited, the coming of this law could resemble the arrival of a long-awaited messiah expected to correct the evils and rectify people’s problem in a very immediate manner.

Read More…