Eric Holder in Singapore. Balance and Values

Attorney-General Eric Holder's speech on "Asymmetrical Threats: Responding to Terrorism and Cybercrime while Protecting Civil Liberties" sounded largely like a diplomatic speech addressing common values and co-operation between countries in Asia in fighting cyber-crime and terrorism. He repeated a number of times the need to continue to uphold or honour basic and fundamental freedoms while still engaging in law enforcement and protecting citizens' lives and security. Trying to quote him as best as possible: 

And in fighting terrorism we have renewed our commitment to ensuring that protecting the safety of our citizens does not mean, does not mean, compromising our determination to uphold civil liberties ....

We must not abandon democratic values even in the pursuit of public safety. The values are in fact our greatest tools for ensuring peace and security ...

He did call out the Budapest Convention on Cyber Crime as a critical instrument in confronting copyright infringement, child pornography, network security and computer related fraud. In that he also called other nations like Singapore to accede to the Budapest Convention.

He stressed the importance of international frameworks (like the Budapest Convention and the Interpol Centre) in preventing and combating cybercrime as no nation can tackle this by themselves.

Expectedly, he referred to the "layered oversight" in the US which helps in safeguarding civil liberties (e.g. the Constitution establishing a federal government with extensive checks and balances, bill of rights, protection against self-incrimination, protection against unreasonable search and seizures).

The more interesting part was the panel discussion moderated by Professor Simon Chesterman, with AG Holder, Foreign Minister Shanmugam and Judge of Appeal designate Sundaresh Menon.

When asked about the tension between security and liberty (especially after the events of September 11), and whether the balance between the two can ever be stable, A-G Holder mentioned that we should always aspire to a balance. He did acknowledge that in US history there were situations where those values have been sacrificed in trying to protect its citizens, and he described (and I think rightly so), that the enduring thing of the US is that they have always self-corrected, and they have always gotten back into that balance.

I thought that Mr Sundaresh Menon also characterised this balance very well. Paraphrasing: Balance is not a static concept. Events like September 11 were cataclysmic events that affected our perspective on a whole array of issues, and inevitably when you have an incident like that, you have dramatic changes or reactions to it, and after a period time, you evolve to find a balance that is appropriate to your society and to the peculiar challenges that you face. And that hopefully this balance will be guided by the values which you subscribe to.

On the topic of the detention facility at Guantanamo Bay, A-G Holder said that he was "cautiously optimistic" that Guantanamo Bay will not be in operation in five years time.

The question and answer session was interesting with questions about drone strikes, and the Singapore internal security act.

I asked a question as well on what A-G Holder's views were on companies moving towards unilateral action to actively interrupt or disrupt the systems or activities of hackers (i.e "active defence" or "hack the hacker"), considering that such activity is likely to be illegal, and whether Mr Sundaresh Menon and Minister Shanmugam thought that it would be worthwhile considering looking at Singapore's Computer Misuse Act and whether a carefully crafted exemption relating to active defense measure could be included so that companies protecting themselves will not fall foul of the law. I had asked that question because of news recently with Google mentioning that they were going to use technology to target illegal networks, and a UK parliamentary commission suggesting that proactive first-strike measures be taken in the event of a cyber attack. For the answer from the panelists and my further thoughts on this, I am going to leave it to a next post as it is a whole topic by itself.

UPDATE: the US Department of Justice has put up the actual text of A-G Holder's speech here. Someone asked me whether he actually said "does not mean" twice in his speech. Yes he did. I heard it, and I think that he did it for emphasis.

Eric Holder in Singapore. Ask him a question

Eric Holder, the US Attorney General is coming to Singapore to speak on "Security, Privacy and Rights in an Age of Asymmetrical (or Unconventional) Threats" "Asymmetrical Threats:
Responding to Terrorism and Cybercrime while Protecting Civil Liberties" on 19 July at 5pm Singapore time. He will also be on a panel discussion with Singapore's Minister of Law, Mr K Shanmugam, and Judge of Appeal-Designate, Mr Sundaresh Menon.

[UPDATE: the title of the speech has been changed. It appears that security, privacy and rights has been subsumed under the general heading of "civil liberties". The word "protecting" in front of civil liberties is encouraging ... ]

Sounds like a great topic which will probably be about the balance which authorities need to adopt in ensuring security of citizens/residents within their countries and protecting and respecting the privacy and rights of individuals. The discussion will probably be against the backdrop of the multi-threat, multi-vector environment where physical and/or financial loss can be initiated by states, individuals or groups of individuals (who may not be playing by the same rule-book).

We can probably see discussions around drones, license reading cameras, sting operations (e.g. the recent Operation Card Shop), surveillance, access to telecommunication service provider and communication service provider records, and the role of judicial, executive and law-maker oversight.

I will be there at the talk. If you have any interesting questions to ask, let me know and I will see whether I can get them in (and post the answers up) - subject of course to time, decency and relevance : )

New Page: Privacy and Data Protection regulators

I have created a new page which lists the privacy and data protection regulators in Asia. As usual, I will try to keep it up to date, but no promises.

Mosey over to the page. Hope you find it useful.

Malaysia's Personal Data Protection Act. Is it in force yet?

So, is the Malaysia Personal Data Protection Act in force yet? That is a question I am starting to ask, but not getting very clear answers.

Here is the website of the regulator in Malaysia, Jabatan Perlindungan Data Peribadi (Department of Personal Data Protection). I believe that it was launched last month. Some other websites refer to June 2012 as the expected time when the Act would come into operation.

However, it is not clear from the website whether the Act has actually come into effect. The website itself also seems to be a work in progress as some of the links did not seem to reflect the correct content or appeared to be placeholders (e.g. clicking on pemeriksaan, aduan & penyiasatan brings you to the home page instead of a page which related to investigations and complaints; the page on rights of data subjects (hak subjek data) brought you to a page which just displayed the word "kajian", which means study).

Either the Act is already in force (and everybody is expected to know about it), or it isn't. Whatever the case, it seems that Malaysia is coming very close to implementing the PDPA, and companies should take the extra time to get in line.

UPDATE: So, the answer to my initial question is "No". I made a call to the Department of Personal Data Protection, and was informed that the Act is not yet in force, and that it will probably come into force before the end of this year. Stay tuned.