KUALA LUMPUR: Malaysias existing legislation governing electronic commerce and online transactions does not adequately protect against breach of security, especially in the area of network intrusion, according to an Internet security expert.

Alan See, chief executive officer of Internet security firm e-Cop.net Surveillance Sdn Bhd, noted Malaysia introduced several cyberlaws to govern and legislate cyber transactions and activities.

These laws were formulated in line with the Multimedia Super Corridor (MSC) project, and included the Digital Signatures Act, the Copyright Amendment Act (1997), Computer Crimes Act, Telemedicine Act and Communications and Multimedia Act (CMA).

However, these laws are limited in its scope, according to See.

Most of these laws, which except for the CMA (1998) were all enacted in 1997, are very limited and focus on attempts to regulate pornography, obscenity and copyright infringement.

They were also enacted to regulate the provision of essential online services and telecommunication convergence.

For cases relating to network intrusion and breach of network security, or hacking as it is commonly known, existing laws are ambiguous and in most cases outdated, See claimed.

For instance, we have had cases where we managed to monitor, trace and obtain forensic evidence of the perpetrators who were trying to scan through our clients network.

We subsequently reported the case to the police cyber crime division at Bukit Aman, but unfortunately, we were told that under existing cyberlaws, the provision for prosecution exists only when there is damage done to the network or the website, he said.

See claimed that the police were not able to take further action on the perpetrators for illegal network scanning.

Many try their luckAccording to See, 20% of hacking originates locally while the other 80% comes from abroad. He said that most of the time, hackers try their luck by scanning networks that are connected to the Internet and intruding into only those that theyre able to crack through.

But when the hackers do get detected, for example by our surveillance system, they often withdraw to avoid further detection, he said.

See said that while most of the time no actual damage was done to the clients network, intrusion into the network had nonetheless occurred, and this was potentially dangerous to the clients network.

They may not have been successful the first time, but who knows, they may succeed several tries later, he said, adding that illegal network intrusion is often a repeated offence.

See said that in the long run, this kind of illegal activity, if permitted to go unchecked, would have a negative impact on the Governments push to move Malaysia into a knowledge-based economy.

User confidence is a major determinant in the growth of e-commerce and online transactions. If both consumers and the corporate world are not certain that the network in which transactions are conducted is secure and free from intrusion, the growth and the acceptance of e-commerce will be severely retarded, he claimed.

He proposed that the Government and industry regulator the Malaysian Communications and Multimedia Commission (MCMC) continually study the fast-changing needs of IT network security and amend the existing cyberlaws to suit changes.

Perhaps, one day, cross-border cooperation can be formed within Asean countries so that if crimes were committed in (any of) these countries, the perpetrators can still can be prosecuted, he said.