The Electronic Commerse Act (ECA) 2006 (Act 658) provides for legal recognition of electronic messages in commercial transactions, the use of the electronic messages to fulfil legal requirements and to enable and facilitate commercial transactions through the use of electronic means and other related matters. The Act applies to any commercial transaction conducted through electronic means including commercial transactions by the Federal and State Governments. Nevertheless, the use of such means is not made mandatory. From the outlook of this Act, one can see that it is modelled to a great extent on the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerse (Model Law)1996. Certain legal principles adopted including the principles of functional equivalence and technology neutrality.
With the passing of ECA 2006, e-commerce in Malaysia is not what or how it was before the existence of this statute. One fundamental task is fulfilled, namely, providing legal certainty as to the validity and legality of electronic transactions. IT users and the owners of information assets ought to get some assurance that their activities are lawful, their communications and transactions valid and their transactions are protected.
Information Security Standards under ECA 2006
It is note-worthy that ECA 2006 sets up certain information security standards to be applied on the e-commerce activities, among others, on legal recognition of electronic message, writing, and originality of document. The effect of this is indirectly making an information security best practice as an incentive for the legality of e-commerce itself.
Many legal concepts are being tied with the requirement of accessibility of the information or the information system. For example, for the purpose of granting legal recognition of an electronic message, section 6(2) of the Act expressly provides that:
‘Any information shall not be denied legal effect, validity or enforceability on the ground that the information is not contained in the electronic message that gives right to such legal effect, but is merely referred to in that electronic message, provided that the information being referred to is accessible to the person against whom the referred information might be used’ [emphasis added].
As a practical illustration, people who are parties to an e-transaction such as online auction are bound by the terms of contract stipulated in an electronic format such as those on the auction provider’s website, as long as that information (i.e. the online terms) are accessible and available for subsequent reference. This requirement of ‘accessibility’, it is submitted, indicates that the purported user of electronic message must make sure that there is in place and under his control a system from which an electronic message at issue can be accessed and provided. This is exactly what the principle of information availability is all about. Therefore in order to achieve the protection under these provisions, efforts must be made to ensure the information system is neither intruded nor compromised so that access not denied whenever it is required.
Similar information availability principle can be found in the provision on the originality of a document, albeit that it also imposes other measures on information integrity and confidentiality. Section 12(1) of ECA 2006 provides that:
‘Where any law requires any document to be in its original form, the requirement of the law is fulfilled by a document in the form of an electronic message, if –
(a) There exists a reliable assurance as to the integrity of the information contained in the electronic message from the time it is first generated in its final form [emphasis added]; and
(b) The electronic message is accessible and intelligible so as to be usable for subsequent reference [emphasis added].
Section 12(2) went on saying that the integrity of the information depends very much on whether the information has remained complete and unaltered; and the standard of reliability shall be assessed in the light of the purpose for which the document was generated and in the light of all other relevant circumstances.
Reading the whole provisions would enable us to suggest that the standard of information security required for ascertaining the originality of an electronic message will vary according to the context of every given communications and can also depend on the nature of harm and threats to any electronic message in any given information system. Thus, the more sensitive communication and information system is, the higher level of measures will be required to achieve a reliable assurance of an information integrity. This particular provision is arguably very central to the idea of setting information security standard for the e-commerce to work effectively.
To conclude, it is noted that ECA 2006 has paid a serious attention to information availability being a central prerequisite for e-commerce players in Malaysia. While the Act may not be a comprehensive ‘masterpiece’, it could arguably play vital role for the information security legal framework in Malaysia.
No comments:
Post a Comment