The second part of this paper focuses on efforts being made by particular Commonwealth Caribbean territories in their approach to tackling cybercrime, the impact of cybercrime in the region and recommendations for the region in dealing with cybercrime.
Undertakings made by the Commonwealth Caribbean region in addressing cybercrime
Dominica has made substantial efforts in keeping the spotlight on cyber security and cybercrime in the last few years by tabling a legislative review workshop on cyber security in April 2014. This sought to assess whether their existing legislation was in compliance with the International Convention on Cybercrime. This workshop was also an initiative towards the development of a national cybercrime strategy and the establishment of a national cybercrime policy.[i] This effort is in accordance with HIPCAR’s objective of ultimately having internationally compliant legislation to effectively address cybercrime.
Barbados currently has computer legislation known as the Computer Misuse Act. However, there have been no amendments to this Act since its enactment in 2005 and as such this legislation is woefully outdated since the particular area it seeks to address, that is cybercrime, is constantly changing and evolving and therefore new types of cybercrime and new ways of committing cybercrime offences envisioned by this legislation have arisen since the enactment of this Act. The offences currently addressed by this Act include malicious communications,[ii] illegal access[iii], interference with data[iv] and with a computer system and child pornography[v]. Except for child pornography it is submitted that the provisions creating the offences under this Act are too broad and therefore leave too much room for argument and uncertainty as to whether an offence committed fits within the scope of the particular provision. With the proposed legislation under HIPCAR, for instance, like the Barbados Computer Misuse Act, it also includes the offence of illegal access and interference with data, but as one offence. However, it also goes on to identify other offences which deal with illegal access and interference with data such as data espionage, computer related forgery and computer related fraud. Therefore it is argued that HIPCAR has specifically addressed particular cybercrime offences with the intention that such offences will fall into the scope of the proposed legislation, making it clearer and easier to charge an offender with these offences.
The Cybercrimes Act of Jamaica is more current than its Barbadian counterpart, having come into effect in 2010. The Jamaican legislation provides specifically for offences committed by corporate bodies[vi] and states that the Court has the power, in addition to any other punishment the Court may deem appropriate, to order compensation to the party affected by the defendant’s actions. [vii] This provision provides increased protection and an additional remedy to the aggrieved party. However, this Act could be improved by specifying the offence it is seeking to create which reflects the approach taken in HIPCAR. This would allow more guidance as actions would be an offence attracting a criminal charge.
The Parliament of Trinidad and Tobago is in the process of hearing the Cybercrimes Bill and the Cybercrime Security Bill. One welcomed contemporary aspect of the Bill is that it seeks to make cyber-bullying a crime. The proposed section states the offence as “harassment through the use of electronic means with the intent to cause emotional distress for both adults and children.” [viii] The Bill considers the reputation of the affected person and any person found guilty of this offence would be subject to a fine and/or a term of imprisonment. This proposal wholeheartedly reflects some of the issues and concerns young persons face today enduring attacks on social media sites and the Internet. The Minister of National Security, Gary Griffith, in announcing the Bill, also cited the need to protect children from the dangers associated with Internet use, increase of website hacking and other cybercrimes among the overall need for Cybercrime legislation. [ix]
Impact of Cybercrime on the Region
In the Commonwealth Caribbean much like the rest of the world, cybercrime threatens the livelihood of the largest companies, any business and any individual. It has the potential to negatively impact the socio- economic viability and stability of a country and can affect any electronic system. As acts of cybercrime continue to grow, cyber criminals will become attracted to jurisdictions which are lacking cybercrime or computer crime legislation or where legislation is inadequate or too outdated to properly address new and more advanced cyber attacks. This makes the Commonwealth Caribbean a prime target.
The most severe cyber attack suffered by Barbados to date, was in 2013, when at least two Bulgarian nationals stole over BDS $300, 000 (US $150,000) from several ATMs on the island, affecting countless individuals.[x] Interestingly, they were not charged under the Barbados Computer Misuse Act but with money laundering and intent to commit theft.[xi] There are several reasons why these offenders may not have been charged under this Act. It is submitted that one of these reasons as highlighted earlier is that the offences committed by these persons may not have fit comfortably under the provisions of the Computer Misuse Act thus creating confusion or uncertainty.
In Jamaica, credit card and debit card fraud cost commercial banks over J$34 million (US$300,000) during the first 5 months of this year. In 2010, Scotiabank recorded losses of J$150 million (US$1.5 million) due to credit card and debit card fraud. [xii] In 2013, CIBC First Caribbean suffered a data breach when hackers were able to access the bank’s records which potentially exposed the personal information of its customers. This led to concerns of the possibility of fraud. [xiii]The island’s government websites also recently suffered from at least 10 attacks, weeks apart, which prompted the Government to implement a series of cyber security measures in a bid to prevent further attacks[xiv]. Measures included a formal criminal investigation by the island’s Forensics Cybercrime Unit and Jamaica’s Constabulary Force as well as technical assistance from international agencies, in particular the Organisation of American States (OAS) to establish a National Computer Incident Response Team in the island.[xv]
In Trinidad & Tobago, there have been acts of ATM fraud[xvi], credit card security breaches[xvii], and multiple hacks on governmental websites, including Parliament’s website,[xviii] within the last 4 years. The Minister of National Security, Gary Griffith declared earlier this year that many of the island’s infrastructures, such as online banking, financial networks such as online government services, oil, gas and petrochemical structures, water stations, electricity systems, air transport and public ground transportation were all vulnerable to acts of cybercrime.[xix] He urged that strategies be implemented to address the risks associated with Internet use.
Emerging Cyber Issues
Lastly, a growing issue which has been a cause for concern within the last two years has been the act of intentionally uploading nude images of a person on the Internet, without their consent and intending to cause that person harm. This is also a form of cyber-bullying which mostly tends to target and cause harm to females. Earlier this year, a disturbing social trend emerged on the popular social media site Twitter, called “#twitterpurge,” which was aimed at “exposing” nude pictures of persons without consent. This trend unfortunately targeted females[xx] and the offenders of these acts tended to be men with whom these females previously had relationships. There must be laws in place which protect women and teenage girls in particular, from these foul actions.
It is imperative that the region continues to work towards the overall objective set out by HIPCAR that is harmonized legislation, regionally and internationally, as this is the most effective way to adequately tackle cybercrime. There has not been enough discussion, in the last few years, between regional leaders towards making harmonized legislation a reality in the near future.
Secondly, in countries where legislation already exists, legislatures should make the effort to update such laws every five years to ensure they remain effective as Information Technology continues to rapidly change. Therefore, in the case of Barbados, the Computer Misuse Act which was enacted almost ten years ago is in dire need of amendments to reflect current cybercrime concerns. Additionally, countries should not wait until they are devastated by new cybercrime threats before taking meaningful steps to update legislation or create new policies.
In relation to current legislation, such as the Jamaican Act highlighted earlier, future Acts and or amendments should aim to provide more clarity when seeking to create cybercrime offences similar to the approach taken by HIPCAR.
New cyber threats such as cyber bullying, which Trinidad’s proposed Cybercrime Bill seeks to make an offence, is applauded, as it has been recognized by that country that cyber-bullying is a very real and growing issue of concern, especially for children. Therefore, it is highly recommended and hoped that other Caribbean countries follow Trinidad’s example and also incorporate these offences into their legislation. Furthermore, in addition to cyber-bullying provisions, another provision which specifically speaks to the intentional or malicious, unauthorized uploading of nude images of a person with the intent to cause harm to their reputation, should be created under cybercrime legislation or, cyber-bullying provisions should be expansive enough to encompass this offence.
Shari-Ann Walker is a First Year student at the Norman Manley Law School
[ii] Section 14 Barbados Computer Misuse Act
[iii] Section 4
[iv] Section 5
[v] Section 13
[vi] Section 11 Jamaica Cybercrimes Act
[vii] Section 12