High-tech disruption of “national infrastructure” to be made illegal

The illegal access to computers, disruption of critical national infrastructure and the unauthorized sharing of computer data are to soon become offences punishable by hefty fines and long jail terms.

“A person who, intentionally and without lawful excuse or justification, obtains for himself or another person, computer data which is not meant for him or the other person and which is protected against unauthorised access, commits an offence,” states the Cyber Crime Bill 2015.

If  convicted for illegally securing access to computer data, the Cyber Crime Bill 2015 provides for a fine of GYD$3 million and a three-year jail term in the Magistrates’ Court or a fine of GYD$5 and imprisonment for five years on conviction on indictment.

The draft law, which has been published in the Official Gazette but has not yet been tabled in the National Assembly, also prohibits the illegal wired or wireless interception of subscriber information, traffic data or any communication to, from or with a computer system could be fined between GYD$3 million and GYD$5 million and imprisoned either three or five years by the Magistrates or High Court.

The damaging, deletion, alteration, or the copying, denial of access to any storage data, obstruction, interruption or interference with the lawful use of computer data is also punishable by similar penalties for the previously stated offences.

However, the penalties are stiffer if any of the offences results in hindering, or interference with, a computer system that is exclusively for the use of critical infrastructure or affects the use, or impacts the operation, of critical infrastructure.  Upon conviction on indictment, the penalty would be a fine of GYD$10 million and imprisonment for 10 years.

The Cyber Crime Bill defines “critical infrastructure” as any computer system, device, network, computer programme or computer data so vital to the State that the incapacity or destruction of, or interference with, such system, device, network, programme or data would have a debilitating impact on the security, defence or international relations of the State; provision of services directly related to national or economic security, banking and financial services, public utilities, the energy sector, communications infrastructure, public transportation, public health and safety, or public key infrastructure.

When approved by the National Assembly and signed into law by the President, the legislation will prohibit computer-related fraud. If convicted summarily, a person will be fined five million dollars and imprisoned for five years or fined ten million dollars and imprisonment for ten years indictably.

The law also appears to prohibit spamming in which multiple e-mail are sent out with the intent to  deceive or mislead a user or service provider as to the origin of the message, and causes harm to a person or damage to a computer system commits an offence. A person who intentionally falsifies the header information of an electronic mail message for the purpose of committing an offence will on summary conviction be fined GYD$3 million dollars and imprisoned for three years; and on conviction on indictment to a fine of GYD$5 million dollars and imprisonment for five years.

The production, sale, procuring, importation, exportation, distribution or possession of  a device, including a computer programme that is designed or adapted for the purpose of committing an offence under the Cyber Crime law would be guilty of an offence.

The items may include a computer password, access code or similar data by which the whole or any part of a computer system, computer data storage medium or computer data is capable of being accessed, with the intent that it be used for the purpose of committing an offence under that law.

The  illegal disclosure of a computer password, access code or similar data by which the whole or any part of a computer system, computer data storage device or computer data can be accessed for unlawful gain, whether for himself or another person for an unlawful purpose or knowing that it is likely to cause damage is also an offence. A person on summary conviction will be fined three million dollars and imprisoned for three years or on conviction on indictment to a fine of five million dollars andto imprisonment for five years.

The sending out of multiple email messages that results in the illegal or unjustified alteration, deletion, suppression of computer data, resulting in inauthentic data, with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of whether or not the data is directly readable and intelligible is an offence that carries a penalty of GYD$20,000  and imprisonment for three years, in addition to the penalty

Under the law, corporations can be found guilty of an offence if the court is satisfied that a director, manager, secretary, or other similar officer, of that body corporate connived in the commission of the offence or failed to exercise due diligence to prevent the commission of the offence.

The director, manager, secretary, or other similar officer commits an offenc and shall be liable on summary conviction to a fine of GYD$3 million dollars and to imprisonment for three years; and on conviction on indictment to a fine of GYD$5 million dollars and to imprisonment for five years.

Anyone who advises, incites, attempts, aids, abets, counsels, procures or facilitates the commission of any offence under the Cyber Crime law or conspires with another person to commit an offence under that law commits an offence and shall be punished for the offence as if he had committed the offence as a principal offender.

Law enforcement agencies are also empowered to search any location and seize computers, data and data storage devices.