The prevalence of cyber technologies into every facet of
modern-day life has necessitated the introduction of specific laws
dealing with cyber crimes. This is particularly so given that such
crimes not only have a tangible impact on most modern-day
industries and trade, but also have a profound effect on matters of
national security.
Given the need to balance between the right to protect confidential
information and fears of transgressing on one's freedom of
speech rights, the drafting of such legislation has proven tricky
at best. On 29/08/2010, the Council of Ministers approved the final
draft of the Information Systems Crimes Law (Temporary Law) No.30
of 2010 (hereafter referred to as 'the Law'). The Law was
published in the Official Gazette No. 5056, and is scheduled to
come into force on 16/10/2010.
The Law provides for the criminalization of the use of an
information system or an information network, or the setting up of
a website, in order to facilitate terrorist activities or to
contact with a group, organization or association undertaking
terrorist activities, or to promote their ideas, or to finance
their projects (Art.10); punishable by a term of imprisonment
including hard labor. Moreover, Art.11 provides for the
criminalization of any entry intentionally, and without a permit or
in contravention of or beyond the limits of the permit, into a
website or information system to access data or information not
available to the public, and which relates to matters of national
security, foreign relations, public safety, or to the national
economy. The above is punishable by a term of imprisonment for not
less than four months and a fine of not less than five hundred
Dinars and not exceeding five thousand Dinars. The punishment is
increased to a term of imprisonment including hard labor and a fine
of not less than one thousand Dinars and not exceeding five
thousand Dinars, if the entry was made with the intent to copy,
transfer, alter, damage, or abolish any such data or
information.
In drafting the Information Systems Crimes Law, the government had
intended to 'fill a vacuum' in our laws, and not allow
advancements in technology to circumvent the criminalization of
certain acts. As such, the Law does not only tackle issues relating
to national security, but rather attempts to provide a legal basis
for combating all cyber related crimes; irrelevant of their form or
substance.
Before exploring the substantive provisions of the Law, two points
are worth mentioning. Firstly, the Law provides that any person who
intentionally aids, abets or incites another to commit any of the
crimes stipulated in the Law is equally punishable under the same
conditions and for the same term as the principal perpetrator
(Art.13). Moreover, Art.15 provides that in the event that a person
repeats any of the crimes stipulated in the Law, the penalty
imposed is multiplied.
As regards the substantive changes brought about by the Law. The
Law provides provisions for the criminalization of the following
cyber related acts:
- Arts. 3 & 4 of the Law provide for the criminalization of any intentional entry into a website or information system, by whatever means, and without a permit or in contravention of or beyond the limits of the permit; punishable by a term of imprisonment for not less than one week and not exceeding three months, or a fine of not less than one hundred Dinars and not exceeding two hundred Dinars, or both. Moreover, the Articles provide for the criminalization of any entry (whether legally or illegally) into a website or information system with the intent to copy, delete, add, destruct, disclose, obscure or modify data or information belonging to another without said person's consent. Finally, the Articles deal with the criminalization of any entry with the intent to obstruct, interfere, shut down or disrupt the work of an information system or website, or to impersonate its owner, without said person's consent. Each of these acts being punishable by a term of imprisonment not less than three months and not exceeding one year, or a fine of not less than two hundred Dinars and not exceeding one thousand Dinars, or both.
- With regards to any person who intentionally, and without just cause, captures, intercepts or eavesdrops on any data or information sent through the web or any other information system, Art. 5 of the Law imposes a term of imprisonment for not less than one month and not exceeding one year, or a fine of not less than two hundred Dinars and not exceeding one thousand Dinars, or both.
- Art. 6 provides for the criminalization of a variety of credit card and electronic banking scams; the penalties ranging from a fine to a term of imprisonment to both depending on the crime committed, and the applicable paragraph.
It should be noted that the penalty is doubled for any person
who commits any of the the crimes mentioned during his line of
work, or as a result of any information he became privy to as a
result of his work (Art.7).
In addition to these crimes, the Law further provides a legal base
for dealing with issues relating to online prostitution, child
pornography and the exploitation of mentally or emotionally
disabled persons (Arts. 8-9). The penalties range from a fine to a
term of imprisonment to a term of imprisonment including hard labor
or any combination of the above, depending on the crime committed
and the applicable paragraph.
Art.14 provides that any crime punishable under any other act would
be equally punishable under the same conditions and for the same
term, even if committed through cyber means. Thus, the Law, while
not explicitly dealing with acts such as defamation and slander
committed via cyber modes, ensures that offenders are not able to
escape liability by utilizing advancements in technology.
In addition to the substantive changes introduced by the
Information Systems Crimes Law, the Law further assists law
enforcement personnel in their efforts to properly detect and
prosecute any of the cyber crimes listed above. As a result, the
Law grants law enforcement personnel a variety of powers ranging
from the ability to enter suspected premises, to the right to
search and confiscate equipment, tools, programs, systems and means
suspected of being used to commit any of the aforementioned crimes;
as well as the power to confiscate any money generated as a result
of such crimes and the right to retain any information and data
concerning the perpetuation of these crimes (Art.12).
During the drafting process, there was a marked fear that the
powers granted to such law enforcement agencies might be
misconstrued or even abused. As a result, the Law confirms that a
warrant signed by the public prosecutor or the relevant court is
needed before any of the powers listed above can be legitimately
exercised. The Law also requires that law enforcement personnel
prepare and submit to the relevant public prosecutor a record of
their actions. Finally, the Law provides that the exercise of any
of the aforementioned powers should always be carried out with
deference to any other legislation in force, to the rights of the
accused, and particularly to the rights of any innocent third
parties. The safeguards put into place by the Law are a necessary
step in ensuring that the principles of due process and the rule of
law are properly observed.
It should be mentioned that the Law not only assists law
enforcement personnel in the execution of their duties but also
grants the relevant courts similar powers. Art. 12(C) grants the
competent court the right to issue precautionary measures. In
addition to this, it has the right to decree the arrest or
inhibition of any information system or website used in the
commission of any of the crimes stipulated in this Law; as well as
the confiscation of any money generated as a result. Finally, the
court has the right to demand the removal of any violation at the
expense of the perpetrator.
The introduction of the Information Systems Crimes Law 2010 was a
necessary step in ensuring that our laws are well equipped to deal
with new technological advancements and the subsequent crimes that
spring up as a result.
However, given that cyber technologies are an ever-growing,
ever-changing field, it is likely that further amendments to the
Law will need to be introduced to ensure that the Law remains
capable of dealing with all related contingencies.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.