Consolidated Analysis of Draft
Cybercrimes Law
Andy Boname, East-West Management Institute,
Program on Rights and Justice in Cambodia
The views expressed in this presentation are solely those of
the speaker and do not necessarily reflect the views of the
East-West Management Institute, USAID or the U.S.
Government.
What is its purpose?
• Per the draft:
Art. 1: Purpose: “This law has a purpose to
determine education, prevention measures and
combat all kinds of offense commit by computer
system.”
• Per Press and Quick Reaction Unit
spokesman Ek Tha:
 “We need to prevent any ill-willed people or bad
mood people from spreading false information,
groundless information that could tend to
mislead the public and affect national security or
our society. We need to control this.”
Unofficial (leaked) version
• Why do we bother looking at this?
– Ek Tha says purpose will be to control people
spreading information. Matches
– Council of Ministers spokesman Phay Siphan
declined comment, 8 April, on “unofficial
document” but noted number of offences in Draft
based on offences in the Penal Code. Matches
– AIC made analysis in August 2013 that
references articles; their comments line up with
the contents of this draft. Matches
Scope of Review
• Not a technical analysis of mechanisms
applied to cyber activity
• Looks at impacts on stakeholders:
– Criminal liability of ISPs/social media
providers/cloud storage providers, etc. for
unintentional, unknowing acts
– Criminalization of legitimate expressive
conduct (retweeting a criticism of gov)
– Cellphone and computer users subjected to
warrantless searches
– Cambodia diaspora in Lowell, Long Beach . . .
What it pulls together:
• Comments from:
– AIC (Asia Internet Coalition – includes
Google, Twitter, Facebook, etc)
– Electronic Freedom Foundation, International
Center for Not-For-Profit-Law (ICNL), Article
19, East-West Management Institute
– CCHR, LICADHO, CCC, Etc.
– You, perhaps
About legislative analysis:
• Impossible to say how government will
actually use a draft law, if enacted
• Can only identify the powers and
opportunities the words allow
• A good law restrains the ruler
• Comments on this law are about absence
of restraints, limits and controls
• Not about how the rulers will actually use
(or abuse) those provisions
What are sources for the draft?
• Cambodia Anti-Corruption Law – for
structure of Anti-Cybercrime Committee
– But omitting independence features and
making the PM the Chairman
• Council of Europe Cybercrime Convention
– But leaving out HR protections, free
expression and privacy in particular
• Romanian Cybercrime Law –
– But opting to use alternatives, such as lesser
penalties for child pornography
Findings
• Legitimate public expression criminalized
• Criminal offenses defined without “intent”
• Liability for innocent pass-through and 3rd
party carriers
• Global application of law (w/out detail)
• Anti-Cybercrime unit created under PM
• Investigation authority includes
warrantless search and seizure
• Penalties include w/draw of civil rights
Art. 28
• AIC found this article “troubling” because it
criminalizes legitimate expression
• Allows jail terms of 3 years for:
– Having a website that “hinders the
sovereignty and integrity” of Cambodia [KI
Media?]
– “Publications that incite or instigate the
general population that could cause one or
many to generate anarchism” [Note that
information does not have to be false].
– Publications that generate insecurity,
instability . . . [Does criticism qualify?]
Some special features of draft
• Collateral penalties under Arts. 34 and 35
include, for individual, deprivation of civil
rights and/or ban on professional activities;
for legal entities, dissolution and/or barring of
activities;
• Search Art. 19(1) of Draft: Whenever for the
purpose of discovering or gathering evidence
it is necessary to investigate a computer
system or a computer data storage medium,
the prosecutor or court can order a search.
From Art. 16 re NACC
substitution for prosecutor
• “In the framework of these investigations and
contradictory to articles 85 (power of judicial
police officials in flagrant offence investigation),
article 9l (searching) . . . of the code of criminal
procedure, the Secretary General of National
Anti-Cybercrime Committee or officially
assigned representative has the duty to lead,
coordinate and control the mission of those
officials instead of the role of prosecutor to the
point of arresting a suspect.”
Potential for Abuse?
• No provision for protecting (or balancing)
human rights interests in speech or privacy
• Purpose, per Ek Tha, is to control people
who would spread “misleading” information
• Enforcement in hands of PM and political
appointees (determine what’s “misleading”)
• Special investigation powers, with NACC
apparently replacing prosecutor
• Art. 28’s criminalization of legitimate
comment on government conduct
(possible) Conclusion
• Draft law unclear, unbalanced and
unnecessary – and in many instances,
unconstitutional
• Provisions contrary to ICCPR Art. 19
should be eliminated
• Any truly necessary cyber-offences can be
added to the Penal Code
• No need for NACC; use existing agencies
• Need for stakeholder consultation if Draft
persists
Some Stakeholders
• AIC and other purveyors of Internet services;
Cambodian ISPs, Cambodian businesses
pursuing eCommerce, operators of
Cybercafes, persons selling cell phones,
tablets or computers; civil society (CSO)
reps; political parties; journalists and
media managers; bloggers; donors invested
in ICT or governance, Cambodian diaspora,
and the hundreds of thousands of young
people in Cambodia who use social media
every day.
Thank you
for your
attention!