United Arab Emirates: Recent Legislative Updates - Information Systems Crimes Law 2010

The prevalence of cyber technologies into every facet of modern-day life has necessitated the introduction of specific laws dealing with cyber crimes. This is particularly so given that such crimes not only have a tangible impact on most modern-day industries and trade, but also have a profound effect on matters of national security.

Given the need to balance between the right to protect confidential information and fears of transgressing on one's freedom of speech rights, the drafting of such legislation has proven tricky at best. On 29/08/2010, the Council of Ministers approved the final draft of the Information Systems Crimes Law (Temporary Law) No.30 of 2010 (hereafter referred to as 'the Law'). The Law was published in the Official Gazette No. 5056, and is scheduled to come into force on 16/10/2010.

The Law provides for the criminalization of the use of an information system or an information network, or the setting up of a website, in order to facilitate terrorist activities or to contact with a group, organization or association undertaking terrorist activities, or to promote their ideas, or to finance their projects (Art.10); punishable by a term of imprisonment including hard labor. Moreover, Art.11 provides for the criminalization of any entry intentionally, and without a permit or in contravention of or beyond the limits of the permit, into a website or information system to access data or information not available to the public, and which relates to matters of national security, foreign relations, public safety, or to the national economy. The above is punishable by a term of imprisonment for not less than four months and a fine of not less than five hundred Dinars and not exceeding five thousand Dinars. The punishment is increased to a term of imprisonment including hard labor and a fine of not less than one thousand Dinars and not exceeding five thousand Dinars, if the entry was made with the intent to copy, transfer, alter, damage, or abolish any such data or information.

In drafting the Information Systems Crimes Law, the government had intended to 'fill a vacuum' in our laws, and not allow advancements in technology to circumvent the criminalization of certain acts. As such, the Law does not only tackle issues relating to national security, but rather attempts to provide a legal basis for combating all cyber related crimes; irrelevant of their form or substance.

Before exploring the substantive provisions of the Law, two points are worth mentioning. Firstly, the Law provides that any person who intentionally aids, abets or incites another to commit any of the crimes stipulated in the Law is equally punishable under the same conditions and for the same term as the principal perpetrator (Art.13). Moreover, Art.15 provides that in the event that a person repeats any of the crimes stipulated in the Law, the penalty imposed is multiplied.

As regards the substantive changes brought about by the Law. The Law provides provisions for the criminalization of the following cyber related acts:

• Arts. 3 & 4 of the Law provide for the criminalization of any intentional entry into a website or information system, by whatever means, and without a permit or in contravention of or beyond the limits of the permit; punishable by a term of imprisonment for not less than one week and not exceeding three months, or a fine of not less than one hundred Dinars and not exceeding two hundred Dinars, or both. Moreover, the Articles provide for the criminalization of any entry (whether legally or illegally) into a website or information system with the intent to copy, delete, add, destruct, disclose, obscure or modify data or information belonging to another without said person's consent. Finally, the Articles deal with the criminalization of any entry with the intent to obstruct, interfere, shut down or disrupt the work of an information system or website, or to impersonate its owner, without said person's consent. Each of these acts being punishable by a term of imprisonment not less than three months and not exceeding one year, or a fine of not less than two hundred Dinars and not exceeding one thousand Dinars, or both.
• With regards to any person who intentionally, and without just cause, captures, intercepts or eavesdrops on any data or information sent through the web or any other information system, Art. 5 of the Law imposes a term of imprisonment for not less than one month and not exceeding one year, or a fine of not less than two hundred Dinars and not exceeding one thousand Dinars, or both.
• Art. 6 provides for the criminalization of a variety of credit card and electronic banking scams; the penalties ranging from a fine to a term of imprisonment to both depending on the crime committed, and the applicable paragraph.

It should be noted that the penalty is doubled for any person who commits any of the the crimes mentioned during his line of work, or as a result of any information he became privy to as a result of his work (Art.7).

In addition to these crimes, the Law further provides a legal base for dealing with issues relating to online prostitution, child pornography and the exploitation of mentally or emotionally disabled persons (Arts. 8-9). The penalties range from a fine to a term of imprisonment to a term of imprisonment including hard labor or any combination of the above, depending on the crime committed and the applicable paragraph.

Art.14 provides that any crime punishable under any other act would be equally punishable under the same conditions and for the same term, even if committed through cyber means. Thus, the Law, while not explicitly dealing with acts such as defamation and slander committed via cyber modes, ensures that offenders are not able to escape liability by utilizing advancements in technology.

In addition to the substantive changes introduced by the Information Systems Crimes Law, the Law further assists law enforcement personnel in their efforts to properly detect and prosecute any of the cyber crimes listed above. As a result, the Law grants law enforcement personnel a variety of powers ranging from the ability to enter suspected premises, to the right to search and confiscate equipment, tools, programs, systems and means suspected of being used to commit any of the aforementioned crimes; as well as the power to confiscate any money generated as a result of such crimes and the right to retain any information and data concerning the perpetuation of these crimes (Art.12).

During the drafting process, there was a marked fear that the powers granted to such law enforcement agencies might be misconstrued or even abused. As a result, the Law confirms that a warrant signed by the public prosecutor or the relevant court is needed before any of the powers listed above can be legitimately exercised. The Law also requires that law enforcement personnel prepare and submit to the relevant public prosecutor a record of their actions. Finally, the Law provides that the exercise of any of the aforementioned powers should always be carried out with deference to any other legislation in force, to the rights of the accused, and particularly to the rights of any innocent third parties. The safeguards put into place by the Law are a necessary step in ensuring that the principles of due process and the rule of law are properly observed.

It should be mentioned that the Law not only assists law enforcement personnel in the execution of their duties but also grants the relevant courts similar powers. Art. 12(C) grants the competent court the right to issue precautionary measures. In addition to this, it has the right to decree the arrest or inhibition of any information system or website used in the commission of any of the crimes stipulated in this Law; as well as the confiscation of any money generated as a result. Finally, the court has the right to demand the removal of any violation at the expense of the perpetrator.

The introduction of the Information Systems Crimes Law 2010 was a necessary step in ensuring that our laws are well equipped to deal with new technological advancements and the subsequent crimes that spring up as a result.

However, given that cyber technologies are an ever-growing, ever-changing field, it is likely that further amendments to the Law will need to be introduced to ensure that the Law remains capable of dealing with all related contingencies.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.