Cybercrime Legislation Worldwide

Cyber criminals make use of exiting loop holes in security measures in developed and developing countries, and due to apparent lack of co-operation between them are potentially susceptible and vulnerable to cyber intrusions. The consequences of cyber hacking do not necessarily cause physical harm to humans but it has a detrimental impact on the society. Generally, a number of countries have already taken steps to develop systems in response to growing cyber threats.

The use of cyber space and the threats originated from cyber space are not new phenomena for developed countries when compared to developing countries. Most of the developed countries have mechanisms in place to tackle cyber crimes, and developing countries are in the process of taking necessary measures to address cyber threats. USA and UK take a lead in developing their cyber security policies that are a model for other nations. Whilst many other national governments continue to struggle, some have been able to successfully establish national organisations to respond to cyber threats. In August 2009, the government of Brazil established the Critical Infrastructure Protection Information Security Working Group, under its Department of Information and Communications Security. Australian government announced in 2009 the establishment of a national Cyber Security Operations Centre within the military’s Defence Signals Directorate. The Scientific and Technological Research Council of Turkey is tasked as a coordinator organisation on cyber security. They have been able to form the national cyberspace security policy in 2009.

Most of the Asian countries have taken, or are in the process of taking necessary steps to address cyber threats. India is classified as a lower middle income economy by the World Bank but due to the high volume of threats faced by India, it enacted the Information Technology Act 2000 following the United Nation’s Model Law of 1997. The greatest cyber threats to India are phishing attacks and email spoofing, and it has taken actions on both under the Indian Penal Code and IT Act. The Information Technology Act, 2000 under specific Sections deals with hacking and unauthorised access to computers, computer systems and computer networks but notably the term “cyber fraud” is not defined in it.

Thailand has developed cyber laws very recently, similar to that of Singapore’s cyber-security law. Similar legislation in Thailand, the authorities do not require a court order to seize, search, and make copies of equipment and data. Vietnam has also developed cyber laws very recently. The international community has emphasised that the law requires internet companies to set up and store their data inside the country, and mandates service providers to remove content that are prohibited by the state within 24 hours of receiving the request, and the internet companies and service providers had been given a grace period of one-year to comply with Vietnam’s recently minted cyber-security law.

In the Philippines, the Cybercrime Prevention Act of 2012 contains provisions criminalising libel and the inclusion of such provisions has drawn opposition from groups concerned about such actions. Three laws in Myanmar, the 1996 Computer Science Development Law, the 2000 Web Regulations, and the 2004 Electronic Transactions Law (ETL) are currently applied to suppress online free expression. In Cambodia, a draft Cybercrime Law is currently under consideration by the government, and subject to approval, it will form part of the state’s current legal framework, comprising the Cyber War Team and the Telecommunications Law, that allows surveillance and monitoring of content seen to be harmful to national security.

Compared with other countries, Indonesia lagged behind in ICT security policy and regulation, and government has initiated a several actions to protect cyberspace from cybercrime related threats. ICT security being Telecommunication Act and Information and Electronic Transaction Act are two that are directly related to cybercrime. Added to that, under consideration is to participate in International cooperation or to enter into an international agreement, in doing so, Indonesia is working to ratify European Union Convention of Cybercrime.

In contrast, Malaysia has put in place a number of legislative acts, such as the computer crime act (1997), digital signature act (1997), telemedicine act (1997), communication and multimedia act (1998), payment system act (2003), personal data act (2010).

Amongst others, Slovenia have PDP act (2004) and E-commerce & E-signature act (2004), Estonia have Estonia-Digital Signature Act (2000) and Electronic Communication Act (2004).

African states

Cybercrime Act, 2015 in current legislation is Nigeria is an enactment of the National Assembly. It is considered to be a symbolic legislation to reassure the public indicating that lawmakers are taking firm actions on cyber-crimes. But questions have been asked by some as to whether the Cybercrime Act, 2015 is an effective mechanism in solving problems, the reason being that whilst only a limited number of cyber cafes are registered, many in the country are operating without a license. The reports suggest that raids on cyber cafés in major cities in Nigeria have made cybercriminals move to remote areas to continue their operations. The unsecured penetrable national territorial borders and border controls have resulted in cybercriminals easily migrating from one territory to another where jurisdiction and law enforcement is weaker.

Middle East

To most countries, cyber threats were unfamiliar ground when their military strategies were developed. Therefore in recent years many countries have reviewed and updated their military strategies to meet the challenges from the cyber space. Turkey is one of those who revised their military strategy taking into account cyber-security threats, also established a cyber defence unit within the armed forces. Israel is also looking for possible mechanisms to tackle increase in cyber attacks. In response, in September 2014, the government created a National Authority for Cyber Defence aimed at protecting civilians against cyber attacks, and an elite cyber-defence unit was set up within the Israeli Secret Service Israel. Iran for instance use co-operation between the security forces in challenging threats from the cyber space, and has established a centralised operations cyber command for the armed forces to act as a defence against cyber attacks.

South Korea has faced significant threats, and has started developing cyber security mechanisms in response. The Ministry of Defence established the Cyber War Centre in 2010, to enhance security of government and financial information networks, and an independent Cyber Warfare Command with over 200 personnel, for defensive and offensive operations in cyberspace. Apart from that the National Cyber Security Centre (NCSC) coordinates civilian response to cyber incidents.

Traditional area of regulatory work may become subjected to criminal sanctions due to grave violations of obligations. The criminal law is not an unknown field for regulators.