Consolidated Analysis of Draft Cybercrimes Law Andy Boname, East-West Management Institute, Program on Rights and Justice in Cambodia The views expressed in this presentation are solely those of the speaker and do not necessarily reflect the views of the East-West Management Institute, USAID or the U.S. Government. What is its purpose? • Per the draft: Art. 1: Purpose: “This law has a purpose to determine education, prevention measures and combat all kinds of offense commit by computer system.” • Per Press and Quick Reaction Unit spokesman Ek Tha: “We need to prevent any ill-willed people or bad mood people from spreading false information, groundless information that could tend to mislead the public and affect national security or our society. We need to control this.” Unofficial (leaked) version • Why do we bother looking at this? – Ek Tha says purpose will be to control people spreading information. Matches – Council of Ministers spokesman Phay Siphan declined comment, 8 April, on “unofficial document” but noted number of offences in Draft based on offences in the Penal Code. Matches – AIC made analysis in August 2013 that references articles; their comments line up with the contents of this draft. Matches Scope of Review • Not a technical analysis of mechanisms applied to cyber activity • Looks at impacts on stakeholders: – Criminal liability of ISPs/social media providers/cloud storage providers, etc. for unintentional, unknowing acts – Criminalization of legitimate expressive conduct (retweeting a criticism of gov) – Cellphone and computer users subjected to warrantless searches – Cambodia diaspora in Lowell, Long Beach . . . What it pulls together: • Comments from: – AIC (Asia Internet Coalition – includes Google, Twitter, Facebook, etc) – Electronic Freedom Foundation, International Center for Not-For-Profit-Law (ICNL), Article 19, East-West Management Institute – CCHR, LICADHO, CCC, Etc. – You, perhaps About legislative analysis: • Impossible to say how government will actually use a draft law, if enacted • Can only identify the powers and opportunities the words allow • A good law restrains the ruler • Comments on this law are about absence of restraints, limits and controls • Not about how the rulers will actually use (or abuse) those provisions What are sources for the draft? • Cambodia Anti-Corruption Law – for structure of Anti-Cybercrime Committee – But omitting independence features and making the PM the Chairman • Council of Europe Cybercrime Convention – But leaving out HR protections, free expression and privacy in particular • Romanian Cybercrime Law – – But opting to use alternatives, such as lesser penalties for child pornography Findings • Legitimate public expression criminalized • Criminal offenses defined without “intent” • Liability for innocent pass-through and 3rd party carriers • Global application of law (w/out detail) • Anti-Cybercrime unit created under PM • Investigation authority includes warrantless search and seizure • Penalties include w/draw of civil rights Art. 28 • AIC found this article “troubling” because it criminalizes legitimate expression • Allows jail terms of 3 years for: – Having a website that “hinders the sovereignty and integrity” of Cambodia [KI Media?] – “Publications that incite or instigate the general population that could cause one or many to generate anarchism” [Note that information does not have to be false]. – Publications that generate insecurity, instability . . . [Does criticism qualify?] Some special features of draft • Collateral penalties under Arts. 34 and 35 include, for individual, deprivation of civil rights and/or ban on professional activities; for legal entities, dissolution and/or barring of activities; • Search Art. 19(1) of Draft: Whenever for the purpose of discovering or gathering evidence it is necessary to investigate a computer system or a computer data storage medium, the prosecutor or court can order a search. From Art. 16 re NACC substitution for prosecutor • “In the framework of these investigations and contradictory to articles 85 (power of judicial police officials in flagrant offence investigation), article 9l (searching) . . . of the code of criminal procedure, the Secretary General of National Anti-Cybercrime Committee or officially assigned representative has the duty to lead, coordinate and control the mission of those officials instead of the role of prosecutor to the point of arresting a suspect.” Potential for Abuse? • No provision for protecting (or balancing) human rights interests in speech or privacy • Purpose, per Ek Tha, is to control people who would spread “misleading” information • Enforcement in hands of PM and political appointees (determine what’s “misleading”) • Special investigation powers, with NACC apparently replacing prosecutor • Art. 28’s criminalization of legitimate comment on government conduct (possible) Conclusion • Draft law unclear, unbalanced and unnecessary – and in many instances, unconstitutional • Provisions contrary to ICCPR Art. 19 should be eliminated • Any truly necessary cyber-offences can be added to the Penal Code • No need for NACC; use existing agencies • Need for stakeholder consultation if Draft persists Some Stakeholders • AIC and other purveyors of Internet services; Cambodian ISPs, Cambodian businesses pursuing eCommerce, operators of Cybercafes, persons selling cell phones, tablets or computers; civil society (CSO) reps; political parties; journalists and media managers; bloggers; donors invested in ICT or governance, Cambodian diaspora, and the hundreds of thousands of young people in Cambodia who use social media every day. Thank you for your attention!