Position through section 9 of the Act. To

Position of Malaysia

The lack of physical boundaries
nature of computers in receiving and transmitting data takes no account of
geographical boundaries. Cybercrimes committed through computers not only
involve people within the same country, it also involve people from different
nations.1
Hence, cybercrimes may expose the person to be sued in any country or foreign
country. For example, if a user in one of the states in Malaysia conducting a
transaction with another user in Thailand through a server in Singapore could
involve the laws of all three countries as they relate to the transaction at
hand. As such, a single transaction through cyberspace may involve the laws of
three jurisdictions2. These
are the laws of the country in which the user occupy; the laws of country where
the server hosting the transaction is located; and the laws of country which
apply to the business or person with whom the transaction occurs.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

The question arises which legal
system might have jurisdiction over this transaction. In Malaysia, the Computer Crime Act 1997 (CCA 1997) answers
the question through section 9 of
the Act. To make it clear, this provision explains that any person in any citizenship
or nationality committed offences at any place outside Malaysia is within the
Malaysian jurisdiction provided that the computer data or data is in Malaysia
or capable of being connected to or sent to or used by or with a computer in
Malaysia at material time. Other than that, section 4 of the Communications and Multimedia Act 19983 (CMA 1998) provides that this Act and
its subsidiary legislation apply both within and outside Malaysia.4

 

Position
in United States

 

 In the United States, the
jurisdiction for cybercrime is referred to as personal jurisdiction5. A court does not have the power over every person in the
world.  The court must determine whether it has “personal
jurisdiction” over the parties before it may decide a case6. Personal
Jurisdiction is the competence of a court to determine a case against a certain
category of persons7.
It determines whether or not a person is subject to the court in which the case
is filed. Personal jurisdiction takes into account the issue of ‘physical
presence’, whether or not the person is a resident or a non-resident. If he is
a resident, then he will be subjected to domestic laws. The issue arises
whether what laws would be applicable if he is a non-resident.

 

In identifying whether the court has personal
jurisdiction over a non-resident, the first step is to determine whether the ‘long-arm
statute’ grants the court jurisdiction over the non-resident defendant8.
The principle ‘long-arm statute’ allows the courts to assert
personal jurisdiction over a non-resident defendant whom is outside the state
on the ground that their actions fall within the nature of activity required to
qualify for jurisdiction9. In Hanson v. Denckla, the court requires
“some act by which the defendant purposefully avails himself of the
privilege of conducting activities within the forum state, thus invoking the
benefits and protections of its laws10.”
In Cybersell, Inc. v. Cybersell, Inc11.,
an Arizona corporation, “Cybersell AZ”, held a registered servicemark for the
name Cybersell. A Florida corporation, “Cybersell FL”, created a web site with
the domain name cybsell.com. The web page had the word “Cybersell” at the top.
Cybersell AZ claimed that Cybersell FL infringed its registered trademark and brought
an action in the court in Arizona. The court held that personal jurisdiction
cannot be exercised over Cybersell FL because it had no contracts with the
state other than maintaining a webpage accessible to anyone over the Internet. However,
in CompuServe, Inc. v. Patterson12,
the court held that a Texas resident who had advertised his product via a
computer information service, CompuServe, located in Ohio, was subject to
personal jurisdiction in Ohio. The court found that the Texas resident had
taken direct actions that created a connection with the state. Moreover, in a recent case, a Russian hacker was
imposed the longest sentence ever imposed in the United States for a cybercrime
case by Federal Court. The Russian hacker was convicted of hacking into more
than 500 U.S. businesses and stealing millions of credit card numbers, which he
then sold on special websites. The hacker was sentenced to 27 years in prison
and ordered to pay nearly 170 millions USD in restitution to the business and
banks that were the victims of his multiyear scheme13.
To make it clear, the court is less likely to
exercise jurisdiction over the defendant which is passive in the transaction.

 

The second step is to assess whether exercising
the jurisdiction in the case infringes due process rights granted under the
United States Constitution14.
The ‘due process of law’ as given in the United States
Constitution controls the powers of the courts to exercise traditional notions
of  fair play and substantial justice.
The United States Constitution provides that “……no state….. shall deprive any
person of life, liberty or property without due process of law.15” Constitutional
due process is satisfied if the defendant has “minimum contacts” with
the forum state so that that state satisfies considerations of “fair play
and substantial justice. In determining whether “minimum contacts”
exist, the court should consider “the relationship among the defendant,
the forum, and the litigation.”16
In determining whether exercising jurisdiction will satisfy “traditional
notions of fair play and substantial justice” the court should focus on
the contacts in light of other factors such as “the burden on the defendant,” “the forum state’s interest in
adjudicating the dispute,” “the
plaintiff’s interest in obtaining the most efficient resolution of the
controversy,” and “the interstate judicial system’s interest in most efficient
resolution of controversies,” and the “shared
interest of the several states in furthering fundamental substantive social
policies.”17

 

To
summarize it, in the United States, in order for a non-resident to be subjected
to personal jurisdiction in a state that is not his domicile, the defendant
must be a person fit under the ambit of the state’s ‘long-arm statute’ and must
established sufficient “minimum contacts” with the forum in a way that the suit
does not offend traditional notions of fair play and substantial justice.

 

            The jurisdiction issues over the
Internet issues in Malaysia are much more wider and remote compared with the
the position in United States as explained under s.9 of CCA 199718  that any person in any citizenship or
nationality committed offences at any place outside Malaysia is within the
Malaysian jurisdiction provided that the computer data or data is in Malaysia
or capable of being connected to or sent to or used by or with a computer in
Malaysia at material time. This provision explains that any person in any
citizenship or nationality committed offences at any place outside Malaysia is
within the Malaysian jurisdiction provided that the computer data or data is in
Malaysia or capable of being connected to or sent to or used by or with a
computer in Malaysia at material time. Whereas in United States, in order to
exercise the jurisdiction over a non-resident, the courts need to show that the
defendant satisfied the ambit of the state’s ‘long arm statute’ and
sufficiently met the “minimum contacts” test.

 

Thus, if Malaysia were to apply the
same method as in the United States which is the personal jurisdiction method,
the Malaysian courts must first determine whether or not they have the
jurisdiction upon the non-citizens of Malaysia. The courts have to determine if
the offender have satisfied the elements under the personal jurisdiction method
before they may commence an action.  Lastly,
there will be lesser cases involving with non-resident defendant as the court
will now examining whether the defendant committed a
tortious act within the state; and whether the defendant sufficiently met the
minimum contact with the forum state so that that state satisfies
considerations of “fair play and substantial justice.” In short, as the
jurisdiction issues in United States are in stricter and narrow approach, hence
there will be lesser cases involving cyber issues and the proceedings are more
time consuming.

           

 

 

 

 

1 Nazura Abdul
Manap. (2012, May). Cyber Crimes: Lessons from the Legal Position of Malaysia
and Iran. Retrieved from: http://www.ijiee.org/papers/125-I148.pdf

2 Suneet Dwivedi.
Jurisdiction Issues in Cyber Crimes. Retrieved from: https://www.academia.edu/3700793/Jurisdictional_Issues_in_Cyber_Crime?auto=download

3 Communications and
Multimedia Act 1998. Retrieived from:
https://www.unodc.org/res/cld/document/mys/communications_and_multimedia_act_html/Malaysia_Communications_and_Multimedia_Act_1998.pdf

4 Ibid.

5 Jurisdiction in
Cyberspace. Retrieved from:
http://corporate.findlaw.com/law-library/jurisdiction-in-cyberspace.html

6 Betsy Rosenblatt.
Principles of Jurisdiction. Retrieved from:
https://cyber.harvard.edu/property99/domain/Betsy.html

7 Personal
Jurisdiction in Cyberspace. Retrieved from:
http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/14/14_chapter%205.pdf

8 Jurisdiction in
Cyberspace. Retrieved from:
http://corporate.findlaw.com/law-library/jurisdiction-in-cyberspace.html

9 Personal
Jurisdiction in Cyberspace. Retrieved from:
http://shodhganga.inflibnet.ac.in/bitstream/10603/7829/14/14_chapter%205.pdf

10 Hanson v. Denckla, 357 US 235, 253 (1958)

11 Cybersell, Inc. v. Cybersell,
Inc., 130 F.3d 414 (9th Cir.1997).

 

12 CompuServe, Inc. v. Patterson,
89 F.3d 1257 (6th Cir.1996). 

13 Martha Bellisle.
(2017, 24 April). Retrieved from: Russian Man Sentenced to 27 Years in U.S.
Cybercrime Case
https://www.forensicmag.com/news/2017/04/russian-man-sentenced-27-years-us-cybercrime-case

14 The US
Constitution; 5th Amendment

15 Ibid; 14th Amendment

16 Shaffer v. Heitner,
433 U.S. 186, 204, 97 S. Ct. 2569, 53 L. Ed. 2d 683 (1977).

17Burger King v. Rudzewicz, 471 US 462 (1985)

18 Computer Crime Act
1997. Retrieved from: http://ccid.rmp.gov.my/Laws/Computer_Crime_Act_1997.pdf