It was reported recently that PDRM’s Malaysia Internet Crime Against Children Investigation Unit (Micac) has the ability to monitor traffic at pornographic websites, especially those offering child porn.
NST reported about Micac- “It would locate and pinpoint in real time, 24/7, Internet users surfing these sites and build a “data library” of these individuals — what portals they frequent, how long they spend on the sites, and the files they upload and download — that will help the authorities in prosecuting them.”
“We will pick up those who visit these sites regularly. We use a software that was specially developed to allow us to identify, locate and track visits to porn sites, especially those involving child porn.
“The intelligence we get will be passed on to the Malaysian Communications and Multimedia Commission (MCMC), so we can obtain the Internet users’ details.
The monitoring software, known as the Internet Crime Against Children — Child Online Protective Services (ICACCOPS) is developed in the United States, would, among others, show the online user’s IP address, location, the name of the website where he/she uploaded or downloaded pornographic material, the actual time the user surfed the sites and the duration spent- all these in real time.
It could also detect users surfing on a smartphone.
Personally, I am completely against pedophile and I think they are mentally sick people and should be locked away from the public.
While I am grateful that PDRM has a special unit focused on this issue, I have a few questions about how they operate and, if they are violating our privacy online.
- Does PDRM have a warrant to track and monitor all user activities online, especially Malaysians? How are these Malaysians targeted online or is mass surveillance in place?
- Is the ICAC COPS monitoring software installed within the Internet network of Telekom Malaysia, Maxis, Digi, Celcom, U Mobile, TIME dotCom involved? If yes, is this even legal to monitor and track all Malaysians online and on what basis?
- Since PDRM claimed (via the NST report) it could track files that Malaysians upload and download from the Internet, does it include but not limited to P2P, emails, personal files, not-porn videos, not-porn-images, chat messages, Facebook/Instagram/Twitter and others? If it is just P2P, will it be expanded to track other type of activities/files in the future?
- Is Micac allowed to hack into user’s notebook, personal computer or Facebook profiles? Does it use or operate a spyware called FinSpy or anything similar?
- Since the ICAC COPS monitoring system is developed in the US and now tracking Malaysians activities online, can PDRM guarantee that the software is free from vulnerabilities and has no backdoor for the US developer to access it?
- Will PDRM be held responsible if the ICAC COPS is hacked and private data of Malaysians are leaked online? If yes what are the penalties? How are any of these data handled, protected and processed by PDRM?
- Has Micac been operating since 2014? If yes, why is PDRM only officially announcing this now, almost 4 years later? Was Micac operating in secret (Official Secrets Act?), silently tracking Malaysians for the past 3-4 years?
- “Micac can seize and confiscate handphones, computers or laptops to check for pornographic materials,”- Don’t PDRM need a warrant for this? Can it —“seize, confiscate, inspection”—— be done on anyone with absolutely no reason?
- Can the data obtained via ICAC COPS be used in court? Or PDRM only uses the devices that are seized/confiscated in raids as evidence- following data obtained via ICAC COPS?
- What other powers/activities of Micac that has yet to be revealed? Can Micac track and monitor users who visit anti-Government websites as well?
In the US, the FBI amongst many other agencies frequently sought out for warrants in order to unravel illicit activists and potential criminals online and in the dark web. However, in one case, the FBI essentially dropped a case solely to prevent the leak of the technology they used to crackdown on a pedophile. Some of the suspects have also challenge the tenuous legal basis for the FBI’s warrant and its refusal to disclose exactly how it obtained the evidence- threaten to undermine individuals’ constitutional privacy protections in personal computers.
There are many ways to catch a pedophile, the legal way. PDRM could work with organizations such Facebook, WeChat and others to set up fake children profiles and lure these possible offenders to contact those fake profiles.
In Netherlands, a “virtual” 10-year-old girl named “Sweetie” lured hundreds of alleged pedophiles — including 254 Americans — into offering money to have the girl perform online sex acts, a group that fights child sex abuse claimed. It was able to obtain the names, IP computer addresses and online contact details of more than 1,000 suspected perpetrators in 65 countries in just over 10 weeks. It passed the information on to Interpol.
PDRM could also set up fake websites (honeypots) to lure these predators for them to upload their “contents”.
Education on these issues should also be made compulsory for all kids, in schools. Children must be thought on how to be safe online and teachers must also be aware if any of their students are suddenly behaving abnormally. Micac could train teachers on how to handle these issues and manage all counseling activities in schools. Children must be encouraged and feel comfortable to report any problems at home or in school.
Pornographic websites are actively being blocked by MCMC in Malaysia, 3,781 pornographic websites blocked since 2014. PDRM and MCMC could work with popular DNS and VPN providers such as Google, OpenDNS, Cloudflare DNS, PureVPN and others to completely block all pornographic websites within their network. I am pretty sure these organization or most of it would do their part to protect children online.
Since Internet Service Providers generally impose network restrictions on downloading and uploading Peer-to-peer (P2P) contents in their network, PDRM could propose a law that would completely block P2P or a law that allows them to legally investigate users who consume huge amount of data on P2P.
PDRM should also improve our existing law- held parents responsible for the actions of their children. Ultimately, parent are responsible for the safety, education and actions of their children, especially kids below the age of 18. Parents/guardians who failed to protect their kids must be punished as well. I honestly believe if parents/guardian keeps an eye on their children (online and offline) and educate them well, pedophile won’t get easy access to these kids in the 1st place.
In the end of the day, privacy of Malaysians must not be violated, even if they are online, and I believe this is protected under the Federal Constitution.
P.s: With the new Malaysia, I hope it is still OK to ASK QUESTIONS in this country and since PDRM has a sworn duty to serve Malaysians, I believe these questions will be answered.