DIGITAL SIGNATURE BILL 1997
|
PART VII
GENERAL
71. (1) No certification authority, whether licensed or not, shall conduct its business in a manner that activities.creates an unreasonable risk of loss to the subscribers of the certification authority, to persons relying on certificates issued by the certification authority or to a repository.
(2) The Controller may publish in one or more recognised repositories brief statements advising subscribers, persons relying on digital signatures and repositories about any activities of a certification authority, whether licensed or not, which create a risk prohibited under subsection (1).
(3) The certification authority named in a statement as creating or causing a risk may protest the publication of the statement by filing a brief written defence.
(4) On receipt of a protest made under subsection (3), the Controller shall publish the written defence together with the Controller's statement, and shall immediately give the protesting certification authority notice and a reasonable opportunity of being heard.
(5) Where, after a hearing, the Controller determines that the publication of the advisory statement was unwarranted, the Controller shall revoke the advisory statement.
(6) Where, after a hearing, the Controller determines that the advisory statement is no longer warranted, the Controller shall revoke the advisory statement.
(7) Where, after a hearing, the Controller determines that the advisory statement remains warranted, the Controller may continue or amend the advisory statement and may take further legal action to eliminate or reduce the risk prohibited under subsection (1). (8) The Controller shall publish his decision under subsection (5), (6) or (7), as the case may be, in one or more recognised repositories.
72. (1) Except for the purposes of this Act, no person who has access to any record, book, register, correspondence, information, document or other material obtained under this Act shall disclose such record, book, register, correspondence, information, document or other material to any other person.
(2) A person who contravenes subsection (1) commits an offence and shall, on conviction, be liable to a fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.
73. A person who makes, orally or in writing, signs or furnishes any declaration, return, certificate or other document or information required under this Act which is untrue, inaccurate or misleading in any particular commits an offence and shall, on conviction, be liable to a fine not exceeding five hundred thousand ringgit or to imprisonment for a term not exceeding ten years or to both.
74. (1) Where a body corporate commits an offence under this Act, any person who at the time of the commission of the offence was a director, manager, secretary or other similar officer of the body corporate or was purporting to act in any such capacity or was in any manner or to any extent responsible for the management of any of the affairs of the body corporate or was assisting in such management -
(a) may be charged severally or jointly in the same proceedings with the body corporate; and
(b) where the body corporate is found guilty of the offence, shall be deemed to be guilty of that offence unless, having regard to the nature of his functions in that capacity and to all circumstances, he proves -
(i) that the offence was committed without his knowledge, consent or connivance; and
(ii) that he took all reasonable precautions and had exercised due diligence to prevent the commission of the offence.
(2) Where any person would be liable under this Act to any punishment or penalty for any act, omission, neglect or default, he shall be liable to the same punishment or penalty for every such act, omission, neglect or default of any employee or agent of his, or of the employee of such agent, if such act, omission, neglect or default was committed -
(a) by his employee in the course of his employment;
(b) by the agent when acting on his behalf; or
(c) by the employee of such agent in the course of his employment by such agent or otherwise on behalf of the agent.
75. (1) The Minister may in writing authorise any public officer or officer of the Controller to exercise the powers of enforcement under this Act.
(2) Any such officer shall be deemed to be a public servant within the meaning of the Penal Code.
(3) In exercising any of the powers of enforcement under this Act, an authorised officer shall on demand produce to the person against whom he is acting the authority issued to him by the Minister.
(2) For the purposesof subsection (1), the Controller may issue orders to a certification authority to further its investigation and secure compliance with this Act.
(3) Further, in any case relating to the commission of an offence under this Act, any authorised officer carrying on an investigation may exercise all or any of the special powers in relation to police investigation in seizable cases given by the Criminal Procedure Code.
(a) copies of any books, accounts or other documents,including computerised data,which contain or are reasonably suspected to contain information as to any offence so suspected to have been committed;
(b) any signboard, card, letter, pamphlet, leaflet, notice or other device representing or implying that the person is a licensed certification authority; and
(c) any other document, article or item that is reasonably believed to furnish evidence of the commission of such offence.
(2) A police officer or an authorised officer conducting a search under subsection (1) may, if in his opinion it is reasonably necessary to do so for the purpose of investigating into the offence, search any person who is in or on such premises.
(3) A police officer or an authorised officer making a search of a person under subsection (2) may seize, detain or take possession of any book, accounts, document, computerised data, card, letter, pamphlet, leaflet, notice, device, article or item found on such person for the purpose of the investigation being carried out by such officer.
(4) No female person shall be searched under this section except by another female person.
(5) Where, by reason of its nature, size or amount, it is not practicable to remove any book, accounts, document, computerised data, signboard, card, letter, pamphlet, leaflet, notice, device, article or item seized under this section, the seizing officer shall, by any means, seal such book, accounts, document, computerised data, signboard, card, letter, pamphlet, leaflet, notice, device, article or item in the premises or container in which it is found.
(6) A person who, without lawful authority, breaks, tampers with or damages the seal referred to in subsection (5) or removes any book, accounts, document, computerised data, signboard, card, letter, pamphlet, leaflet, notice, device, article or item under seal or attempts to do so commits an offence.
78. If a police officer not below the rank of Inspector in any of the circumstances referred to in section 77 warrant. has reasonable cause to believe that by reason of delay in obtaining a search warrant under that section the investigation would be adversely affected or evidence of the commission of an offence is likely to be tampered with, removed, damaged or destroyed, such officer may enter such premises and exercise in, upon and in respect of the premises all the powers referred to in section 77 in as full and ample a manner as if he were authorised to do so by a warrant issued under that section.
79. (1) A police officer conducting a search under section 77 or 78 or an authorised officer conducting a search under section 77 shall be given access to computerised data whether stored in a computer or otherwise.
(2) For the purposes of this section, "access" includes being provided with the necessary password, encryption code, decryption code, software or hardware and any other means required to enable comprehension of computerised data.
80. (1) Except as provided in subsection (2), where any book, accounts, document, computerised data, signboard, card, letter, pamphlet, leaflet, notice, device, article or item is seized under section 77 or 78, the seizing officer shall prepare a list of the things seized and immediately deliver a copy of the list signed by him to the occupier of the premises which have been searched, or to his agent or servant, at those premises.
(2) Where the premises are unoccupied, the seizing officer shall whenever possible post a list of the things seized conspicuously on the premises.
81. Any person who obstructs, impedes, assaults or interferes with any authorised officer in the performance of his functions under this Act commits an offence.
(a) to require the production of records, accounts, computerised data and documents kept by a licensed certification authority and to inspect, examine and copy any of them;
(b) to require the production of any identification document from any person in relation to any case or offence under this Act;
(c) to make such inquiry as may be necessary to ascertain whether the provisions of this Act have been complied with.
(2) For the purposes of this section, "this Act" does not include the regulations made under this Act.
86. (1) No prosecution for or in relation to any offence under this Act shall be instituted without the written consent of the Public Prosecutor.
(2) Any officer of the Controller duly authorised in writing by the Public Prosecutor may conduct the prosecution for any offence under this Act.
88. No action or prosecution shall be brought, instituted or maintained in any court against -
(a) the Controller or any officer duly authorised under this Act for or on account of or in respect of any act ordered or done for the purpose of carrying into effect this Act; and
(b) any other person for or on account of or in respect of any act done or purported to be done by him under the order, direction or instruction of the Controller or any officer duly authorised under this Act if the act was done in good faith and in a reasonable belief that it was necessary for the purpose intended to be served thereby.
89. (1) The Minister may, by order published in the Gazette, exempt any person or class of persons from all or any of the provisions of this Act, except section 4.
(2) The Minister may impose any terms and conditions as he thinks fit on any exemption under subsection (1).
90. Unless it is expressly provided for under this Act, no person may disclaim or contractually limit the application ofAct.application of this Act.
91. (1) The Minister may make regulations for all or any of the following purposes:
(a) prescribing the qualification requirements for certification authorities;
(b) prescribing the manner of applying for licences and certificates under this Act, the particulars to be supplied by an applicant, the manner of licensing and certification, the fees payable therefor, the conditions or restrictions to be imposed and the form of licences and certificates;
(c) regulating the operations of licensed certification authorities;
(d) prescribing the requirements for the content, form and sources of information in certification authority disclosure records, the updating and timeliness of such information and other practices and policies relating to certification authority disclosure records;
(e) prescribing the form of certification practice statements;
(f) prescribing the qualification requirements for auditors and the procedure for audits;
(g) prescribing the requirements for repositories and the procedure for recognition of repositories;
(h) prescribing the requirements for date/time stamp services and the procedure for recognition of date/time stamp services;
(i) prescribing the procedure for the review of software for use in creating digital signatures and of the applicable standards in relation to digital signatures and certification practice and for the publication of reports on such software and standards; (j) prescribing the forms for the purposes of this Act; (k) prescribing the fees and charges payable under this Act and the manner for collecting and disbursing such fees and charges;
(l) providing for such other matters as are contemplated by, or necessary for giving full effect to, the provisions of this Act and for their due administration.
(2) Regulations made under subsection (1) may prescribe any act in contravention of the regulations to be an offence and may prescribe penalties of a fine not exceeding one hundred thousand ringgit or imprisonment for a term not exceeding two years or both.
92. (1) A certification authority that has been carrying on or operating as a certification authority before the commencement of this Act shall, not later than three months from such commencement, obtain a licence under this Act.
(2) Where a certification authority referred to in subsection (1) fails to obtain a licence after the period prescribed in subsection (1), it shall be deemed to be an unlicensed certification authority and the provisions of this Act shall apply to it and the certificates issued by it accordingly.
(3) Where a certification authority referred to in subsection (1) has obtained a licence in accordance with this Act within the period prescribed in subsection (1), all certificates issued by such certification authority before the commencement of this Act, to the extent that they are not inconsistent with this Act, shall be deemed to have been issued under this Act and shall have effect accordingly. |
