爱FM法律节目, 中文文章

我有办法:假勛衔,真犯罪

点击:东方日报-我有办法《假勋衔,真犯罪》

马来西亚的授勛与嘉奖制度源自英国,早在英国殖民时期,殖民政府就在海峡联邦和殖民地落实授勛制度,直到1941年才停止。

大马在独立后,联邦执行委员会计划设立新的荣誉制度,因此国会在1958年8月宣佈通过「联邦勛章、星章和奖章荣誉制度」以取代英国的授勛和嘉奖制度。

陈键汉律师指出,全国只有9位苏丹和4位州元首有权册封有功人士,册封的头衔包括:拿督、拿督斯里。至于敦和丹斯里等头衔,只能通过国家元首册封,並有人数限制,如同一时间全国不能有超过50名敦和325名丹斯里。

他指出,州苏丹和州元首是有权自行册封有功人士,如拿督和拿督斯里,而两者之间存有细微的分別,即苏丹册封的是「Dato」,州元首则是「Datuk」。

他提到,就算是敦或丹斯里,都是没有刑事免控权的,即这些人即便有勛衔也不能够任意妄为。但这些受封的有功人士仍有一定的好处,如免费试用吉隆坡国际机场的贵宾室、名片上也能印製头衔以及拥有社会地位。

他说,如今假勛衔的情况越来越氾滥,因此国会在2016年11月通过《2016年勛衔相关罪行法令》,而国家元首则在今年2月3日宪报颁布。

「此前,我们只有根据反贪会法令来提控,有了这个法令后,我们就有专门用作勛衔相关问题的法令,以阻止偽造假勛衔的现象。」

陈键汉指出,使用假勛衔者,可面临最高3年监禁,而购买或贩卖假勛衔者则面临最高20年的监禁。

他提到,其他州也有相关的法令来阻止偽造假勛衔的情况,如雪州和柔州政府也先后制定法令。

「看过有很多不同的勛衔和名號,大家都可以到各州政府的网页確认和查看该州有什么合法的勛衔。」

另外,有关「准拿督」和「准拿督斯里」的现象,陈键汉指出,我国並没有「准拿督」的封號,这只是个虚构的头衔。

他表示,这情况类同「准新娘」,即將来会发生的意思,但实际上很多人误以为受封拿督以下的头衔后,「拿督」的勛衔就会隨之而来。

「另一个情况是,拿督以下的头衔,我们都会尊称为『准拿督』,这情况主要出现在华人社会。而实际上,在官方活动中并没有准拿督这个称號的。」

嘉宾DJ:陈键汉
电台主持人:丘淑霖

English Articles

Recent Top 10 Data Breaches – No. 9: UCLA Health

Online Platform     :       UCLA Health Network System

Year                          :       July 2015

Affected Patients :       4.5 million

Incident                   :       System hacking and leakage of health data

Introduction

UCLA Health, stands for University of California, Los Angeles Health, is a medical group comprised of 4 hospitals, claiming that they are providing the best healthcare and medical technology to the people in LA and the world.

Interestingly, according to the UCLA website, they have more than 200 physicians are listed among the Best Doctors in America. Each year, there are more than 100,000 patients are admitted into their hospitals.

But that’s not the point.

Internet Hacking, still

It was reported that in May 2015, hackers had hacked into the UCLA Health network system. There was about 4.5 million patients’ personal data and sensitive information on their health records had been compromised.

It would essentially mean that the 4 hospitals and other medical offices that inter-connected to the network system had been exposed to the internet hackers.

The data that had been accessed and potentially being “hacked” by the cyber-attackers comprised of social security numbers, dates of birth, addresses and medical information such as lab test results, diagnoses, medications and other health data.

So What’s The Issue Here?

Number 1 – Data Profiling.

The health records that were stored electronically would be beneficial in profiling a patient’s medical record, possibly enable related industry player such as pharmaceutical company to advertise and sell their products to such patient.

Further, this sensitive medical information may as well include high degree sensitivity data such as HIV test result, exposed such patient to unprotected and highly unsecured risk in revealing these data publicly which was meant to be own privacy.

Number 2 – No Data Encryption.

UCLA Health confirmed that their electronic medical records / data had not been encrypted, causing the personal data was exposed in a “naked” manner, by such analogy.

“Encryption” essentially means an extra step to secure and transform the data intended to be protected into another form by using a key (password). The intended recipient could “decrypt” the encrypted data back to original form.

Let’s use a patient’s HIV test record as an example.

Record ABC (HIV record) + Key (Encrypted) –> XYZ (secured data).

XYZ couldn’t be recognised even you have such data on hand.

XYZ (secured data) + Key (Decrypted) –> Record ABC (HIV record).

As such, the hackers that accessed and possibly stole the 4.5 million patients’ data were able to read the information easily without any challenges, as in a “naked” manner, because those data weren’t wearing any clothes.

More Interesting Facts – Identity Theft Insurance Coverage

Following the leakage of the personal data, UCLA announced that they were offering a year of identity-theft insurance protection to those affected patients.

An identity-theft insurance policy means that if your identity is stolen (which mean your personal data) and because of such incident, you suffered financial losses such as the hacker log in to bank account and siphoned out the money, the insurance company will cover the victim’s financial losses up to certain insured amount.

However, a loss of personal data would beyond pure monetary loss. Imagine the HIV test result has been made publicly, it is arguable that the damage on the reputation or image is irreparable and such harm cannot be undone.

What’s More Interesting? – The Hospital Could Be Made Liable!

In United States for example, they have a federal law known as the Health Insurance Portability and Accountability Act 1996 made under the administration of Bill Clinton.

Under HIPAA, the hospital would need to adopt certain protective measures in guarding the patients’ electronic medical records failing which they could be made liable for such breach.

In 2008, there was a medical data leakage caused by UCLA’s internal workers who snooped and then sold the medical records of famous artists such as Britney Spears. UCLA paid $865,500 to the federal enforcers.

English Articles

Recent Top 10 Data Breaches – No. 10: EBay

Online Platform   :       Ebay Online Trading Platform

Year                        :       May 2014

Affected Users    :       145 million

Incident                 :       System hacking and leakage of personal data

Internet Hacking

Ebay is well known for its online trading platform, a venue for global willing buyers and sellers to trade via online equipped with payment gateway system.

In May 2014, EBay announced that according to a cyber-attack launched against the said E-Commerce platform, it was estimated that 145 million users’ personal data has been compromised and leaked to 3rd party. The cyber-attack was reportedly initiated by way of internet hacking between late February and early March 2014.

According to EBay, the involved personal data included users’ email addresses, passwords, birth dates and correspondence address. However, EBay insisted that there was no financial information being affected in the cyber-attack.

EBay has advised all users to change their passwords after the event.

So What’s The Issue?

Many do not realise that EBay users’ accounts were actually linked to social media profile such as Facebook account. To be fair it wasn’t EBay, only, but rather majority of forums, websites, E-Commerce platforms allow login service by way of social media account.

Once such E-Commerce online platform users’ accounts were linked to and/or registered by way of social media account, the hackers or whoever that managed to obtain the personal data from EBay are able to perform data profiling.

So What’s Data Profiling?

The connection that linked with for example Facebook account, would expose and reveal the EBay users’ actual name that shown in their respective Facebook profile, and perhaps other data associated.

It essentially means that the hacker would be able to track and trace a virtual EBay user to an actual individual by looking into the data associated or shown in Facebook account.

In the meantime, data profiling is a type of data examination that allows collection and setting of statistics and summary from an existing information source. The collected, compiled and summarised statistics would help to locate, identify and trace a purchasing record, living or spending habit or even detailed profile of one online user.

Let’s take EBay for example. Purchasing data for condom or pregnancy test or even HIV test would benefit or useful to pharmaceutical company or related advertisers.

Another aspect from such data leakage is the investigation of the authority. Imagine that the data or purchasing record on purchasing gun-related accessories would enable one to profile the user as firearm user (could be registered or unregistered user in United States). Such privacy loophole would enable the law enforcers to run a “free” background check especially on unregistered gun users that go dark.

-Please stay tune for the next Recent Top 10 Data Breaches – No. 9-

爱FM法律节目, 中文文章

我有办法:真假消息,如何辨明真偽

东方日报:我有办法:真假消息,如何辨明真偽

身处于这个资讯爆炸的时代,报章、网络、社交媒体充斥著大量的资讯及信息;可是,这些读到、看到或听到的一切是否属实呢?一旦你所相信的资讯是假资讯,你针对此进行评论或转发,法律角度而言,又会构成什么罪名呢?

陈键汉律师指出,在大马,当局针对假消息及新闻,制定了数条相关的法律条文。

他解释,在大马,誹谤可以是民事案,也可以是刑事案(刑事法典499条文刑事誹谤)。

「一般上我们在报章上看到的誹谤案件都属于民事案,即在《1957年誹谤法令》下被控。」

他指出,若要起诉一人誹谤,至少需证明3个条件:一、证明那个人所说的话、或所用的文字,具有誹谤成份;二、誹谤的言论清楚指向或辨认所指之人,乃是起诉人;三、誹谤的言论已被刊登(包括纸媒及社交媒体),让第三者得知。

AiFM主持人邱淑霖举例,当A说所有政治人物都是骗子,不能起诉他誹谤,因为这句话过于笼统,同时也未指名道姓;惟她强调,若A说,某某政党的第二领导人是骗子,儘管A没有指名道姓,但只要大多数读者能够確认被誹谤者是谁,就已经符合誹谤的元素。

陈键汉补充,若A指责B愚蠢,但是没有第三者在场,即不符合第三个元素,不构成誹谤。

他指出,一旦被起诉誹谤,答辩人可以提出言论属实、合理评论、无意誹谤、特权等理由为自己辩护。

他举例,A指B贪污,並受贿5万令吉,如果能够证明这件事是真的,即言论属实,A无罪。

至于合理评论,即A所说的誹谤性言论,必须出自于出自于內心深处最诚实的表达,同时所说的话涉及公眾利益。

针对特权这辩护理由,陈键汉举例,若A引述法官判词评论B,A即拥有绝对权利;至于有限特权(也称有条件特权),A是以道德义务及法律层面说出一番涉及公眾利益的话。

「比如,A公司的某员工B犯下欺骗及偷窃,A把此事记录在案;当B的新雇主打电话来询问关于B的事情时,A可以告知B曾经欺骗及偷窃的事情。若A被起诉,A能够以这理由辩护,因为他是为了未来雇主的利益著想。」

同时,刑事法典499(誹谤)条文阐明,任何人通过说话或阅读或看得见的形式,製作或刊登任何伤害某一个人的声誉,已誹谤他人,一旦罪成,最高刑罚为两年监禁或罚款,或两者兼施。

他举例,A说B是个很诚实的孩子,他从来没有偷过C的手錶。他指出,A这样的举动有意图促使他人相信B曾经偷过C的手錶,以这样的情形而言,A已经构成誹谤罪。

陈键汉补充,若A被问及谁偷了C的手錶时,A指向B;或是A花了一幅画显示B拿了C的手臂在逃跑,都属有意图促使他人相信B偷了C的手錶,已属誹谤。

他总结说,无论是应付来自国內还是国外的假消息和偽新闻,民眾应该先检查事实,並把事实和意见分开,切勿立刻转发,最好向有关部门求证。

嘉宾DJ:陈键汉律师
电台主持人:丘淑霖