Many online attacks on LGBTQ Malaysians start with their fellow social media users (although some suspect that political or religious groups may be helping coordinate them). Individual threats can escalate. When a social media post or account is deemed “insulting to Islam” and reported to police, for example, the poster can face state surveillance, arrest, and prosecution. Many of these responses are carried out under the auspices of the controversial Multimedia and Communication Act, a law passed in 1998 that gives authorities broad powers to regulate media and communications in the country.
After the government threatened him with prosecution for organizing an LGBTQ event, Numan Afifi, one of Malaysia’s most high-profile moving, packed a suitcase, quit his job, and fled the country in July 2017. He spent six months moving among six different countries , often sleeping on couchs, with no income and no idea if he would return. He says law firms offered him pro bono support for seeking asylum.
But ahead of the 2018 election, which many hoped would usher in a more progressive government, Afifi headed home instead. “I decided to return believing in my Malaysian dream,” he tweeted of the period in 2019. “I still believe in that dream, for myself, and for thousands of struggling gay kids in our schools that were like me.” Doesn’t he feel at risk? “Yes, all the time,” he says. “But you still have to do it because people need our services. I have to do it.”
Pakatan Harapan, a coalition thought to be on the more progressive end of the political spectrum, did win Malaysia’s May 2018 election. And at first, there were signs the group aimed to fulfill its promise to put improvements in human rights, including LGBTQ, at the top of its political rights agenda. A week into the administration, Afifi himself was appointed to be a press officer by the minister for youth and sports. In July, the newly appointed religious affairs minister called for an end to discrimination against LGBTQ people in the workplace, which was seen as a significant break from the status quo. But within months there were a series of high-profile regressions. Afifi resigned as public backlash grew over the appointment of an LGBTQ activist. Police raided a Kuala Lumpur nightclub popular with gay men. Two women were arrested and caned for “attempting lesbian sex” in a car.
Since the 2018 election, human rights campaigners have warned of a worrying erosion in human rights in the country, one that extends beyond the treatment of LGBTQ communities to the treatment of immigrants and broader questions of censorship and freedom of expression. In June 2021, during Pride Month, a government task force even went so far as to propose widening an existing Sharia law that already allows action to be taken against those who insult Islam, to specifically target people who “promote LGBT lifestyles” online. “Things have just gotten worse, like really, really bad,” says one activist, who asked to remain anonymous for safety reasons. “I don’t know what’s going to happen.”
Despite the risks, many are unequivocal: if online platforms are the latest battleground for LGBTQ rights, that is exactly where they’ll make their stand.
At organizations such as the trans-led SEED Foundation in Kuala Lumpur, for example, experts have been brought in to train members about the intricacies of cybersecurity, teaching them how to prevent devices from being tracked, protect social media accounts from being hacked, and stop emails from being traced.
Malaysian authorities routinely cite their powers under Section 233 of the Multimedia and Communication Act to block access to websites, private blogs, and news articles. The law any content deemed “obscene, indecent, false, menacing, or offensive” to be removed, a definition that has been used to censor international LGBTQ websites, such as Planet Romeo and Gay Star News. Though equally vulnerable, smaller domestic sites have so far avoided this fate. But many remain vigilant about digital security. One activist says the site she’s involved with faces hacks as often as every six months. “We have to think about back-end security all of the time, with risk assessments for everything we do,” she adds.