The slide set gives a brief idea as to what is computer crime,types of computer crimes, Existing Legal Framework on Computer Crimes in Sri Lanka, Effectiveness of the current legal framework and also provides few recommendations for further advancement in law.
You can access the video in the second page via the following link:
https://www.youtube.com/watch?v=JDRIGOJk0D4&t=7s
4. One can say..
“It is a form of white-collar crime committed
inside a computer system.”
Or that..
“It is the use of the computer as the instrument
of a business crime.”
5. “Computer related crimes are any violations of
criminal law that involve a knowledge of
computer technology for their preparation,
investigation or prosecution.”
Although computer-related crimes are primarily
white-collar offences, any kind of illegal act based
on an understanding of computer technology can
be a computer-related crime
13. What needs to be looked at??
Penal Code
Criminal Procedure Code
Computer Crime Act No.24 of 2007
Computer &Information Technology Council
of Sri Lanka Act 1984
14. Penal Code
• Offences under the Penal Code deals only with “movable
property”. Accordingly, section 20 of the Penal Code
provides that,
“The words “movable property” are intended to include corporeal property
of every description, except land and things attached to the earth or
permanently fastened to anything which is attached to the earth.”
• It doesn’t discuss offences against immovable property or
intangible property
• However,
Nagaiya vs. Jayasekera case – the accused was
prosecuted for theft of electricity under section 366 of the
Penal Code
15. Penal Code contd..
• However, Penal Code (Amendment) Act, No. 16 of 2006, has
inserted new sections 286B to the principal enactment.
• Accordingly,
286B.
(1) A person who provides a service by means of a computer shall take all
such steps as are necessary to ensure that such computer facility is not
used for the commission of an act constituting an offence relating to
the sexual abuse of a child.
(2) A person referred to in subsection (l) who has knowledge of any such
computer facility referred to in subsection (l) being used for the
commission of an act constituting an offence relating to the sexual
abuse of a child, shall forthwith inform the officer-in-charge of the
nearest police station of such fact and give such information as may be
in his possession with regard to such act and the identity of the alleged
offender.
(3) Punishment - imprisonment of either description for a term not
exceeding two years or to a fine or to both
16. Accordingly..
Penal Code deals only
with one segment of
content-related
computer crimes
It only provides for the prevention of sexual
abuse of children using computer..
18. Computer Crime Act No.24 of 2007
Preamble
For the identification of Computer Crime.
To provide the procedure for the investigation and
prevention of such crimes.
19. Application of the Computer Crime Act
No.24 of 2007
A person being
present
Computer,
computer
system or
information
affected or
being affected
was at the time
Facility or
service used in
the commission
of the offence
was at the time
situated
Loss or damage
is caused to the
state or to a
resident
Within or outside Sri Lanka
20. Computer Crimes recognised under the
Computer Crime Act No.24 of 2007
• Section 3 :
Unauthorised access to a computer
• Section 4:
Unauthorised access in order to commit an offence
• Section 5:
Causing a computer to perform a function without lawful
authority
• Section 6:
Offences committed against national security
21. Computer Crimes recognised under the
Computer Crime Act No.24 of 2007
• Section 7:
Dealing with unlawfully obtained data
• Section 8:
Illegal interception of data
• Section 9:
Using of illegal devices; computer or computer
programme
• Section 10:
Unauthorised disclosure of information enabling access
to a service
22. To commit
any of the
offences
mentioned
Attempt
Conspire
Abetment
Also..
Under
section 11,
12 and 13..
23. Investigations in Relation to
Computer Crimes..
• Except for the special procedures provided under
the Computer Crimes Act No.24 of 2007, all
offences under the act shall be investigated, tried
or otherwise dealt with in accordance with the
Criminal Procedure Code Act No.15 of 1979.
24. Some Special Procedures under the
Act..
Search and Seizure
• On application made, for the purpose of investigation, a magistrate
would grant an expert or a police officer the authority to search and
seizure with warrant
• Any Police Officer may in the course of investigating, exercise power
of arrest, search or seizure of any information accessible within any
premises.
Confidentiality of information obtained
• Every person engaged in an investigation under this act shall
maintain strict confidentiality with regard to all information
obtained in the course of an investigation
Section 18
Section 21
Section 24
25. Computer & Information Technology
Council of Sri Lanka Act 1984
• The act establishes Computer and Information
Technology Council with one of its primary functions
being the formulation and implementation of a
national policy on computer and information
technology
• Pursuant to section 22 of the Act, the Council may
make rules in respect of national policy on computer
and information technology .
27. UK Legal Framework on Computer
Crimes..
What are the statutory instruments that govern the law on
Computer Crimes in UK?
Computer Misuse Act 1990
Police & Justice Act 2006
Fraud Act 2006
Theft Act 1968
Protection of Children Act 1978
Criminal Damage Act 1971
Human Rights Act 1998
28. Unlike in Sri Lanka, the UK legal framework has
not specifically recognised each and every
computer crime under the Computer Misuse Act
1990. But they have adopted the general
principles of substantive law in force in matters of
the offences committed with the use of computer.
Ex:
Accordingly, using the computer to steal
information would be a crime under the Theft Act
1968
Thereby, the UK legal framework attempts
provide an adequate legal framework governing
the computer crimes
29. Theft Act 1968
• Unlike under the Sri Lankan Penal Code, the
UK’s Theft Act 1968, section 4(1) provides;
““Property” includes money and all other property
real or personal, including things in action and
other intangible property”
• However, in the case of Oxford v. Moss, it was
held that offence of theft cannot be committed
against information.
30. Fraud Act 2006
The three fraud offences recognised under the act are
Fraud by false representation
Fraud by failing to disclose information
Fraud by abuse of position
These include fraudulent activities committed involving
machines as well.
Ex: Computer-related fraud, computer-related forgery,
phishing, cyber squatting
Sections
2,3 & 4
31. Other Instances Where General Principles of
Substantive Law are Adopted in Matters of
the Offences Committed with the Use of
Computer
• Child Pornography – Protection of Children Act 1978
• Computer-related Criminal Damage – Criminal Damage
Act 1971
• Infringement of Right to Privacy
• Infringement of freedom of expression
Human Rights Act
1998
33. Computer Crimes recognized under
the Computer Misuse Act
The Act recognises three types of computer crimes;
Unauthorised access to computer material
Unauthorised access with intent to commit or facilitate
commission of further offences
Unauthorised modification of computer materials
Use of unlawful devices was originally not contained in
the Computer Misuse Act. However, to meet its
commitment under the Cybercrime Convention, the
provision was introduced into the act through the Police
and Justice Act 2006.
34. Jurisdictional Issues
• General principle of International Criminal Law is that a
crime committed within a state’s territory may be tried.
However,
Under the Computer Misuse Act 1990,
• The offences may be committed by any person, British
citizenship being immaterial to a person’s guilt.
• Jurisdiction is asserted through the concept of a
“significant link” being present in the home country
Section 9
Section 4(6)
35. Provisions in relation to Jurisdiction under the
Convention on Cybercrime & EU Draft
Legislation
Jurisdiction should exist when committed:
1. In its territory; or
2. On board a ship flying the flag of the Party; or
3. On board an aircraft registered under the laws of that
party; or
4. By one of its nationals, if the offence is punishable
under the criminal law where it was committed
Ex: CitiBank Fraud
36. Forensic Issues
Interception and Communication Data
Under the Regulation of Investigatory Powers Act 2000,
- Information obtained through interception is not
admissible evidence
However,
- Conversely, interception evidence is admissible where a
service provider carries out the interception under the
Communications Act 2003
- Morgans v DPP [1999] 2 Cr App R 99
- R v P & Others (2001) 2 All ER 58
37. Forensic Issues
Search and Seizure
• Powers to enter and search premises will be granted by a
magistrate
• Under the s 19(4) of Police and Criminal Evidence Act
1984;
Any information which is stored in any electronic form
and is accessible from the premises to be produced in a
form in which it can be taken away
- United States v. Gorshkov 2001 WL 1024026 (WD
Wash, 2001)
38. Effectiveness of the UK Legal Framework
with regard to Sri Lankan Legal Framework
on Computer Crimes
• The statutory instruments governing the criminal law principles give effect
to computer crimes as well even though the offences are not specifically
recognised under the Computer Misuse Act 1990. therefore, the law provides
for all types of computer crimes.
• The issues arising due to the extraterritorial aspect of the jurisdiction are
minimised by the Convention on Cybercrime and EU Draft Legislation.
• Unlike the Sri Lankan Legal Framework, the UK legal framework is full-
fledged with distinctive case law.
• However, it would be more convenient for the law enforcing officers, if they
could find the law governing computer crimes in one statutory instrument.
• Further, unlike in Sri Lanka, the statutory instruments does not provisions
for the police officers to obtain expert assistance, a compensating procedure
for the victims of computer crimes or for the protection of the right to
privacy.
39. Why is the current
Sri Lankan legal
framework on
Computer Crimes
Adequate??
40. Why Adequate?
• The current legal framework on computer crimes recognise most of the
computer crimes and provide an effective mechanism to deal with such
computer crimes.
• The courts have a wide jurisdiction to attend the matters irrespective of
whether the person resides, the crime was committed or the damage was
caused a person or corporation within or outside Sri Lanka
• A panel of expertise shall be appointed in order to assist the police officers in
the investigation process.
• In the process of investigating the police officers and the experts are
required to consider about the protection of information and rights of the
individuals
42. Reasons..
There was no scope for improvement, Since subject was recently
recognised..
Lack of reporting by victims
Organisations avoid adverse publicity
Shortage of resources, expertise and experience
Transnational nature of computer crimes
Associated jurisdictional problems
Significant forensic challenges created by networked computers tot
the LEAs in obtaining evidence and subsequently presenting it
before courts.
44. Recognizing the computer crimes that are
not recognised under the current Computer
Crime Act No.24 of 2007.
Following are the crimes that are not recognised under the Act;
• Computer-related fraud
• Computer-related forgery
• Identity theft
• Illegal gambling
• Spam
• Publication of libel and false information
• Promotion of Racism and Hate speech
-UNAFEI Report on Issues and Measures Concerning the Legal Framework to Combat Cybercrime
1
45. Adoption of basic international standards
regarding both substantive and procedural
criminal law
• Sri Lanka itself cannot adopt basic international standards
regarding both substantive and procedural criminal law.
• But representatives of various international organizations can
suggest the implementation of such basic international
standards.
• Through the implementation of such basic international
standards, Sri Lanka will be able to increase the efficiency of
its current legal framework.
• Also the confusions in relation to jurisdiction can be minimized
by introducing specifications as to the jurisdictions.
2
46. General principles of substantive law in force
in Sri Lanka may be adopted in matters of the
following offences committed with the use of
computer.
As it is in the UK, Sri Lankan legal framework may also adopt
general principles of substantive law in force, in relation to
matters of the following offences committed with the use of
computers.
• Illegal gambling
• Identity theft
• Libel
• Slander
• Publication of false information
3
47. Protection of private communication as civil
right against methods of computer crime
investigations
• One reason for the lack of reporting by the victims of
computer crimes is that, their fear of imminent
infringement of their right to privacy.
• It would be much effective if procedures could be adopted
to conduct crime investigations while protecting private
communication as a civil right.
4
48. Implementation of laws requiring the
identification of users accessing internet
through public terminals
• Most of the criminals access internet through public
terminals or use the computers of the public terminals
such as cyber-cafes in the process of commission of
computer crimes.
• Therefore..
It would be an effective measure to require the
identification of the users accessing the internet and
computers through public terminals, which would
increase the convenience of the police officers and panel
of experts in the investigating procedures.
5
49. Strengthen the Co-operation between
local officers of Transnational Service
Providers and the authorities
• Information technology is a subject which gets updated
every second.
• With its constant updates, the scope for commission of
computer-crimes also increases.
• Therefore there should be a good corporation between
local officers and the Transnational Service Providers to
provide for the preventive measures on possible
commissions of crimes.
6
50. Creating public awareness on the remedies
available to the affected parties of computer
crime.
• Computer crimes were recently recognised by the Sri
Lankan law.
• Therefore, most of the individuals are unaware about the
remedies available to them, such as compensation.
• By creating awareness, the victims may tend to report
computer crimes which will create scope for the
improvement of law relating to computer crimes
7
51. Creating public awareness on the
punishments available for the offenders of
computers crimes.
• Prevention is better than cure..
• Therefore, by creating public awareness about the
available punishments for the offenders of computer
crime, it would create a fear among the public commit
computer crimes.
8
52. Conducting training programmes to provide
the officials involved with the process
expertise and experience.
• The scope for the improvement of law in relation to
computer crime has declined with the lack of expertise
and experience.
• By conducting training programmes the lacuna between
the effectiveness of the system and the expertise and
experience can be filled
9
55. References
Cases
Morgans v DPP [1999] 2 Cr App R 99
Nagaiya vs. Jayasekera (1997) 28 NLR 467
Oxford v. Moss (1979) 68 Cr App Rep 183
R v P & Others (2001) 2 All ER 58
United States v. Gorshkov (2001) WL 1024026 (WD Wash, 2001)
Statutory Instruments
Communications Act 2003
Computer & Information Technology Council of Sri Lanka Act 1984
Computer Crime Act No.24 of 2007
Computer Misuse Act 1990
Criminal Damage Act 1971
Criminal Procedure Code Act No.15 of 1979
Fraud Act 2006
Human Rights Act 1998
Penal Code Ordinance No.2 of 1883
Police and Criminal Evidence Act 1984
Police & Justice Act 2006
Protection of Children Act 1978
Regulation of Investigatory Powers Act 2000
Theft Act 1968
56. References
EU Legislation
Convention on Cybercrimes 2001
Books
Lloyd I, Information Technology Law
Reed C, Computer Law (7th edn, Oxford University Press 2011)
Stewart J, Computer Crime: Criminal Justice Resource Manual (2nd edn, National Institute of
Natural Justice 1998)
<https://books.google.lk/books?id=fu_luYURcWIC&printsec=frontcover&source=gbs_ge_summar
y_r&cad=0#v=onepage&q&f=false> accessed 7 November 2016
Journal Articles
Jayasekara A, 'Internet And Law (Special Reference To Sri Lanka)' (University of Kelaniya 2015)
Reports
UNAFEI, 'Issues And Measures Concerning The Legal Framework To Combat Cyber Crime'
(UNAFEI 2008)
Newspaper Articles
Nafeel N, 'New Laws To Curb Cyber Crimes' Daily News (2015)
<http://dailynews.lk/2015/11/05/features/new-laws-curb-cyber-crimes-0> accessed 20 November
2016