New law critical to cybersecurity

One of the most recent legislative achievements was the adoption of a specific legislation on cybercrimes.

The new law on prevention and punishment of cybercrimes is relevant and timely, given the sophisticated nature and proliferation rate of these crimes.

The criminal abuse of information technology and the necessary legal response are issues that have been discussed ever since the technology was introduced.

Over the last three decades, various solutions have been implemented at national and regional levels.

One of the reasons why the topic remains challenging is the rapid technical development, as well as the changing methods and ways in which the offences are committed.

As a consequence, there was need for a comprehensive legislation to deal with cyber-related offences because the existing legal regime was not flexible enough to effectively deal with this new form of criminality.

A new proliferation of crimes has cropped up by the advent of the Internet. New problems emerging on the scene include credit card fraud, cyber terrorism, and cyber laundering and criminal use of secure internet communications.

The aforesaid cybercrimes law applies to all cybercrimes, which are committed in Rwanda or outside Rwanda if such offences have produced effect in Rwanda.

While it is possible to commit cybercrimes outside the country, which obviously have chilling effects on the country’s economy and security, it is vitally important to have a cybercrime law given that the Internet usage does not recognize sovereignty and territorial limitations.

Moreover, there’s no uniformity to international jurisdictional law of universal application to cybercrimes.

For instance, contents of a website are legal in one country and illegal in another. In the absence of a uniform jurisdictional code, legal practitioners are generally left with a conflict of law issue.

New cybercrimes law classifies cyber-crimes on the basis of the nature and purpose of the offence and have been broadly grouped into three categories depending upon the target of the crime.

There are: Offences against the confidentiality, integrity and availability of computer data and systems; Content-related offences; and Computer-related offences.

In particular, the new cybercrimes law, which is an important tool in enhancing cybersecurity, accommodates some of new cybercrimes not envisaged in the ICT law governing information and communication technologies].

To begin with, Article 27 of law on prevention and punishment of cybercrimes prescribes cybersquatting as an offence of registering a domain name over the internet, with bad intent, to profit, mislead, destroy reputation, or deprive others from registering the same, if such a domain name.

It constitutes similar, identical, or confusingly similar to an existing registered trademark; identical or in any way similar with the name of a person other than the registrant, in case of a personal name; an electronic communications network; a critical information infrastructure.

Cybersquatting is punishable by an imprisonment of not less than one year and not more than two years and a fine of not less than Rwaf1 million and not more than Rwf3 million.

Article 35 of the preceding law envisages cyber-stalking, which is interchangeably referred to as cyber-harassment or cyber-bullying, as a criminal act ofintentionally using a computer or a computer system to harass or threaten with the intent to place another person in distress or fear through one of the following acts when: “he/she displays, distributes or publishes indecent documents, sounds, pictures or videos; in bad faith, he/she takes pictures videos or sounds of any person without his/her consent or knowledge; he/she displays or distributes information in a manner that substantially increases the risk of harm or violence to any other person”.

Cyber-stalking is punishable by an imprisonment of not less than six months and not more than two years and a fine of not less Rwf1 million and not more than Rwf2 million.

Article 36 of the same law envisages phishing, as an offence of using a website or sending an electronic message by a computer or a computer system in order to have access to confidential information from a visitor of the website or recipient of the message with intent to use them for unlawful purposes, especially for the purpose of stealing money or obtaining access to a computer or a computer system, commits an offence.

Phishing is punishable by an imprisonment of not less than one year and not more than two years and a fine of not less than Rwf1 million and not more than Rwf3 million.

Another new computer-related crime under Article 37 is spamming. Spam is a slang that describes unsolicited commercial advertisements sent by e-mail over the Internet.

Spam is better known as junk e-mail or unsolicited bulk e-mail. Spamming is punishable by an imprisonment of not less than three months and not more than six months and a fine of not less than Rwf300,000 and not more than Rwf500,000.

The writer is a law expert.

The views expressed in this article are of the author.