To top off a year of innovative and advanced legal instruments, the Anti-Cyber and Information Technology Crimes Law (Law No. 175 of the year 2018) has been ratified and published in the official Gazette. The new law addresses issues such as hacking state information systems, committing crimes through information systems, technology, or e-mail, or publishing material online that threatens the country's security or economy. It is a much-needed update from the out dated its 2004 counterpart, which only addressed telecommunications. This made the law inadequate to address modern cybercrimes, which often gave judges difficulty in finding the appropriate legislation to fit alleged crimes. This undermined key principles such as legal certainty and fairness. Now, this law, even if not directly nor clearly an economic law can be used to provide assurance for investors and potential business people, as it is a key tool in any modern legal system.
The law, made up of 45 articles, revolves around ensuring the safe and secures use of technology – not around restraining its users. Accordingly, below is a summary of the new liabilities that the law enforces:
- People who publish a picture of someone without their consent get a minimum of 6 months in prison and a fine of 50 – 100K.
- Any content posted that may be viewed as "against family principles and values upheld by Egyptian society", is also punishable by law under Article 25.
- Making fun or making parody accounts of public figures is also punishable under the new law yet under Article 24.
- Anyone creating an email, website or personal account on social media and falsely attributes it to a registered individual or organization also faces a fine and prison time.
- VPNs, or anonymous browsers used to privatize users' browsing habits are now illegal as well, if the motive of using them is proven to be unlawful or cannot be determined.
- Sharing internet connections, or wireless networks and Cable TVs have also been included in the law under Article 13.
- Hacking also is now punishable whether intentionally or not. Act of accessing files by any individual without permission are penalized by prison time & any damages to those files extends the sentence.
- All original content posted that violates privacy of others without their consent is subject to punishment regardless of the validity of information involved.
For Editors or Publishers of the Media
- For website where the picture is published considered as the facilitator for a crime, the perpetrator gets a minimum 2 years in prison and a fine of 20-200k.
For Internet Service Providers (ISP)
- They should not collect browsing data for website or publisher or they will be subject to a fine of up to 5-10 million and a ban of license. - Censorship orders issued and not properly enforced are punishable by a considerable fine under Article 30.
- Eavesdropping or intercepting browsing activities of clients which are supposed to be private is also punishable by a fine of 50,000 to 250,000 thousand EGP and a year in prison under provisions of article 16.
- Censoring or redirecting users from certain websites is also illegal without an order or directive by a competent authority. Censorship orders are issued through court, or through the NTRA.
- Service providers also have to get user approval before using their data for marketing, but the law does not define the terms for the client, or user to give consent or take it back.
- Companies also providing services to others, such as website hosts, are liable to punishment if they do not report any crimes committed.
For Telecom Companies
- New regulations defines storing and sharing client data where they have to retain data on users& traffic information for up to 180 data and be able to provide it when prompted. Penalties regarding this issue stipulated in article 33 are in between 5 million and 10 million, with risk of revoking license of operating in Egypt. The data should be secured from potential loss or hacking, as such measures could make it vulnerable.
- Telecom companies are also responsible for providing the technology needed that allow the government to investigate.
For Digital Security Experts
- Accessing a website, private account of information system for a longer time than permitted by the security clearance is subject to punishment regardless of their intention. There is a separate sentence for perpetrators depending on their intentions, whether they intended malicious actions or not, but both are punishable, regardless. This article is exclusive for government entities.
- For credit data, different punishments are defined. Individuals who access credit data get a less sentence than those who use credit data to make purchases or benefit from them. However, there is no language in the article to define acts of those discovering vulnerability in the system without causing harm to the party to whom the data belongs.
- Lighter penalties are defined for hacking into emails or personal accounts, but the motive is not important. Harsher penalties are set for hacking into individuals of legal occupations. - Changing the design of a website in any way is also an offence, punishable per article 19.
For Web, Account, Email or Information System Administrators
- All content published in social media or web by the account held by this individual is under their responsibility. If the content is illegal or against society values, the administrator is held accountable.
- A website, private account or information system involved or facilitating a crime penalizes the administrators or owners of the website. - Erasing evidence to a crime is also punishable. Comments, emails, or any other digital evidences may not be erased or concealed in case of involvement in a crime.
For Government Employees
- Courts may issue a suspension ruling if an employee commits any act that is punishable by law.
- The suspension is mandatory if an object of any act as punishable by the cybercrime law belongs to a website, email account or information system that is administered by this individual. The law also leaves room for conciliation, which is reaching an agreement between the perpetrator and the victim with some offences. It does not, however, apply to all punishable offences. Here are the main rules of how the law allows reconciliation:
- Recourse is possible at any stage, as long as a final ruling has not been issued, up to cassation.
- In some cases, conciliation must be mediated through the NTRA (National Telecom Regulatory Authority). This is for offenses that involve cancellation of operating licenses, as the NTRA is the authority which grants the licenses to begin with.
These laws come in a time much needed with the digital age already set in Egypt and many crimes are still not punishable by law. Andersen Tax & Legal Egypt has an expert team of professionals who can help you comply with the new laws and deal with any repercussions resulted.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.