KUALA LUMPUR, Nov 25 — The introduction of Malaysian cyber law must be prioritised to address the legislative gaps and weaknesses in tackling cyber crimes such as scams, experts said.

Global Centre for Cybersafety director Datuk Husin Jazri told Malay Mail that artificial intelligence (AI) programmes can be used to counter bad AI programmes, which necessitates the formation of a cyber safety commission alongside any specific law.

“The introduction of a Malaysian cyber law should be enacted speedily to address current gaps and weaknesses.

“And many more initiatives can be introduced at all levels to improve the existing situation,” he said, adding that such initiatives need to be planned and executed with urgency by leaders with good vision.

Law enforcement agencies should also cover both proactive and reactive measures through effective coordination and consolidation, the Taylor’s University Malaysia cybersecurity professor said.

Although these agencies are doing their best, he said that factors such as lack of cross-border support as well as outdated laws and gaps in legislation make their work harder.

At the same time, the public is insufficiently educated on scams, which is a matter that advocacy agencies such as CyberSecurity Malaysia should act on with the help of the relevant ministries and agencies, he added.

Meanwhile, CyberSecurity Malaysia chief executive officer Datuk Amirudin Abdul Wahab also called for the revision and update of existing legislation and policies as part of measures to adapt to evolving scam tactics and technologies.

Beyond that, what else is needed is support for victims, partnerships with the technology industry as well as collaboration and information sharing.

Progress in AI and deepfake technology is making online scams more sophisticated, he explained.

“To tackle these issues, we need smarter security tools that use AI too, plus more education about these new scams.

“It’s about adapting our defences to stay ahead of scammers who are using these advanced tricks to deceive us online,” he said.

Similarly, Universiti Sains Islam Malaysia’s Tamhidi Centre head of human digital twins research professor Mohamed Ridza Wahiddin agreed on the need for a specific law to combat the problem.

Although the Communication and Multimedia Act 1998 will be amended in early 2024, he said that for now Section 233 of the Act is acceptable for the prosecution of cyber crimes.

Section 233 criminalises online content that is obscene, indecent, false, menacing or offensive in character with the intent to annoy, abuse, threaten or harass another person, which is especially relevant in dealing with cyber crimes.

A conviction will lead to a fine of not more than RM50,000 or imprisonment for up to one year, or both.

However, Section 233 of the Act has been criticised as problematic by free speech activists due to the ambiguous language and unclear definition of “annoy, abuse, threaten or harass another person”.

Mohamed Ridza’s research is on human digital twins: computer-generated twins of real persons due to deepfake technology’s need for a real person to impersonate the target victim.

“Despite the obvious wrong of committing phishing or identity theft or fraud, in Malaysia, there is no specific provision against such crime.

“However, Section 416 of the Penal Code, which provides against ‘cheat by impersonation’, or rather, pretending to be someone else with intention to cheat, serves to counter such crime,” he added.

According to Novem CS chief executive officer Murugason R. Thangaratnam, another issue faced by cybersecurity teams is the rapid advancement of technology.

“Computer-generated voices are so realistic they fool friends and family. Masks created with photos from social media can penetrate a system protected by face ID.

“Sounds very dramatic and from something out of a sci-fi movie. Well, it’s more real than you imagine!

“AI and deep fake technology have just changed the rules of the game if there were any rules in the first place,” he told Malay Mail.

He explained how deepfake technology is a powerful tool to conduct identity fraud as it manipulates media created using AI algorithms to enable fraudsters to convincingly alter or fabricate media.

Besides that, those in the business of collecting data, whether it is in the private or public sector, must be held to higher standards, he added.

On Tuesday, Penang Chief Minister Chow Kon Yeow told the state legislative assembly that there is a 45 per cent increase in online scam cases in Penang compared to last year.

Last year, Selangor Mentri Besar Datuk Seri Amirudin Shari revealed the formation of a Cyber Emergency Response Team Selangor (CERT Selangor) during the presentation of the state 2023 Budget, in hopes that it will increase confidence in its digital economy.