“The ‘formal’ effect of the provision would seemingly not criminalise investigative journalism, whereas the ‘substantive’ and practical effect would in fact stifle investigative journalism and journalistic independence as a whole. Democratic discourse could be severely trammelled.”
Senior lecturer (Mona) and barrister Dr Emir Crowne, BA, LLB, LLM, LLM, PhD, LEC, points to the perceived wrongs and errors in the Government’s proposed Cybercrime Bill:
Cybercrime is a growing threat to personal and national safety. The Cybercrime Bill, 2017 (the “Bill”), which is intended to repeal the Computer Misuse Act, is an ongoing recognition of these threats. The Bill, however, suffers from several defects—many of which are also present in the Computer Misuse Act.
First, the Bill itself states that it is inconsistent with sections 4 and 5 of the Constitution—and therefore needs to be passed by a special majority. With this recognition in mind, the constitutional elements need not be discussed at this time.
Second, the Bill sets out several offences (sections 5 – 19), but offers little in the way of defences or exemptions. This is where the rub lies with respect to, among other things, journalistic freedom and investigative journalism in particular.
Sub-section 8 (2) states that: “A person who intentionally and without lawful excuse or justification receives or gains access to computer data knowing the same to have been stolen or obtained pursuant to subsection (1) [unauthorised access to a computer system] commits an offence…”
Some have suggested that this would, in effect, criminalise investigative journalism. This is partly true. The sub-section clearly states “without lawful excuse or justification.” It seems self-evident—to me at least—that receipt of such data for investigative purposes is a lawful excuse, or justification.
The problem, however, is the lack of statutory reference to such a defence or exception. In the absence of which, journalists—and others—will need to establish the existence of such a defence or exception through the Courts. Which is utterly unacceptable when one considers the fees involved, the systemic delays in the criminal justice system, and the two – three year term of imprisonment that the offence carries with it.
In other words, the “formal” effect of the provision would seemingly not criminalise investigative journalism, whereas the “substantive” and practical effect would in fact stifle investigative journalism and journalistic independence as a whole. Democratic discourse could be severely trammelled.
Third, and with the greatest of respect, several provisions simply don’t make sense.
For instance, section 6 states: “A person who, intentionally and without lawful excuse or justification, remains logged into a computer system or part of a computer system or continues to use a computer system commits an offence…”
Undoubtedly, the provision is intended to cover situations where persons use a computer system after someone else has logged into it—like a computer terminal in a university or even an ATM. But the provision itself does not say that.
Therefore, by logging into my own laptop and typing this review, I have—evidently—committed a cybercrime.
Sub-section 12(1) is also awkwardly drafted. It states that:
“A person who, through authorised or unauthorised means, obtains or accesses computer data which –
(a) is commercially sensitive or a trade secret;
(b) relates to the national security of the State; or
(c) is stored on a computer system and is protected against unauthorized access,
and intentionally and without lawful excuse or justification grants access to or gives the computer data to another person, whether or not he knows that the other person is authorised to receive or have access to the computer data, commits an offence.”
Indeed, it would seem that sub-section 12(1)(c) covers all of the previous sections. However, the fact that sub-sections (a) and (b) exist suggest that there are trade secrets, commercially sensitive data, and/or matters of national security that are stored on freely accessible computers. This is surely nonsensical and at odds with the definition of “commercially sensitive”, “trade secret” and/or matters of “national security.”
Furthermore, the Canadian-based Centre for Law and Democracy takes aim at sub-section 18(1), which states that: “A person who uses a computer system to communicate with the intention to cause harm to another person commits an offence.”
A senior legal officer for the Centre, states that: “A well-written news article about a war or famine may cause emotional distress. Similarly, an article about corruption would likely inflict harm, emotional and otherwise, on guilty officials.”
However, in fairness, the sub-section requires an intent to cause harm and is followed by sub-section 18(2) which enumerates several factors a Court can take into account in assessing the alleged offence, including “whether the communication is true or false” and “the context in which the communication appeared.”
Aside from the Bill’s offences, it is also extra-territorial in reach. Sub-section 20(1) indicates that it applies to citizens of Trinidad and Tobago “whether in Trinidad and Tobago or elsewhere”, and whether the act in question is done “wholly or partly in Trinidad and Tobago.” The full provision reads that:
“A Court in Trinidad and Tobago shall have jurisdiction in respect of an offence under this Act where the act constituting the offence is carried out –
(a) wholly or partly in Trinidad and Tobago;
(b) by a citizen of Trinidad and Tobago, whether in Trinidad and Tobago or elsewhere; or
(c) by a person on board a vessel or aircraft registered in Trinidad and Tobago.”
Sub-section 20(2) then states that insofar as the person or computer system in question is in Trinidad and Tobago, or “the effect of the act, or the damage resulting from the act, occurs within Trinidad and Tobago” then the local Courts have jurisdiction over the matter.
Foreign and local journalists alike could therefore be hauled into the local Courts on charges of cybercrime for investigating, obtaining and/or sharing surreptitiously-obtained evidence of corruption in football, banking, politics, the list goes on.
Combine these provisions with the State’s ability to obtain “remote forensic tools”—on an ex-parte basis—to investigate alleged cybercrimes (section 28), the impact to journalistic freedom—and general freedom for that matter—are all severely undermined.
Indeed, if politics didn’t govern every single aspect of life in Trinidad, one could argue that such tools are perfectly legitimate in investigating cybercrime. But, this is Trinidad. A country where Supreme Court judges work into the wee hours of the morning only to be accused of political bias.
In sum, the Bill is an ongoing recognition of the need to protect the citizenry against cybercrimes. In many ways, it is a paradigm shift in the way criminality is traditionally viewed.
However, in addressing this new avenue for criminality, care must be taken to draft legislation that is precise, impairs constitutional rights as least as possible, and sets out clear defences and exceptions, especially where personal liberty is at stake.