By Amin Kef Sesay
Cybercrime law identifies standards of acceptable behaviour for information and communication technology (ICT) users; establishes socio-legal sanctions for cybercrime; protects ICT users, in general, and mitigates and/or prevents harm to people, data, systems, services, and infrastructure, in particular; protects human rights; enables the investigation and prosecution of crimes committed online (outside of traditional real-world settings); and facilitates cooperation between countries on cybercrime matters (UNODC, 2013, p. 52).
Cybercrime law provides rules of conduct and standards of behaviour for the use of the Internet, computers and related digital technologies, and the actions of the public, Government and private organizations; rules of evidence and criminal procedure, and other criminal justice matters in cyberspace; and regulation to reduce risk and/or mitigate the harm done to individuals, organizations, and infrastructure should a cybercrime occur. Accordingly, cybercrime law includes substantive, procedural and preventive law.
Some countries, instead of developing new special laws against cybercrime, amended their national legislation or codes, adding specific paragraphs to address cybercrime.
With this practice, an interesting consequence for consideration has been that some countries decided to criminalize separately the illegal use of information and communication technology to commit any crime. Thus, if the perpetrator used illegal access in order to commit forgery or fraud, such behaviour would constitute two crimes at the same time.
Substantive cybercrime law includes laws that prohibit specific types of cybercrime and punishes non-compliance with these laws.
Cybercrime includes traditional, real-world (offline) crimes (e.g., fraud, forgery, organized crime, money-laundering, and theft) perpetrated in cyberspace that are ‘hybrid’ or ‘cyber-enabled’ crimes, as well as ‘new’ or ‘cyber-dependent’ crimes that have been made possible with the advent of the Internet and Internet-enabled digital technologies.
For these reasons, many countries have developed laws that are specifically designed to deal with cybercrime.
For example, Germany, Japan, and China, have amended the relevant provisions of their criminal code to combat cybercrime.
Countries have also used existing laws that were designed for real-world (offline) crime to target certain cybercrimes and cybercriminals.
As another example, in Iraq, the existing civil code (Iraqi Civil Code No. 40 of 1951) and penal code (Iraqi Penal Code No. 111 of 1969) are used to prosecute real-world crimes (e.g., fraud, blackmail, identity theft) perpetrated via the Internet and digital technology.
Cybercrime presents certain unique challenges regarding procedure, especially with respect to jurisdiction, investigations, and digital evidence.
Given that there are no geographic boundaries and territories in cyberspace, the location cannot be used to determine jurisdiction.
Digital evidence of cybercrimes presents particular challenges both in terms of its handling and use in court proceedings.
According to the 2013 UNODC Draft Comprehensive Study on Cybercrime, “[w]hile some of these investigative actions can be achieved with traditional powers, many procedural provisions do not translate well from a spatial, object-oriented approach to one involving…[digital] data storage and real-time data flows” (p. 122), thus requiring specialized powers for the investigation (UNODC, 2013, p. 54).
These specialized powers are prescribed by law and cover not only access to information needed but also include safeguards to ensure that the data is obtained pursuant to appropriate legal orders and accessed only to the extent necessary and authorized by law.
In Tanzania, the Cybercrimes Act of 2015 provided Police with excessive, unrestrained investigatory powers in cybercrime. Particularly, Police authorization is the only requirement to enable the search and seizure of evidence and to compel the disclosure of data.
Ultimately, the powers and procedures in place for the purpose of cybercrime investigations and proceedings must be in accordance with the rule of law and human rights (see, for example, Article 15 of the Council of Europe’s Convention on Cybercrime of 2001).