Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Computer crime and the adequacy of the current legal framework in sri lanka

The slide set gives a brief idea as to what is computer crime,types of computer crimes, Existing Legal Framework on Computer Crimes in Sri Lanka, Effectiveness of the current legal framework and also provides few recommendations for further advancement in law.

You can access the video in the second page via the following link:

  • Login to see the comments

Computer crime and the adequacy of the current legal framework in sri lanka

  1. 1. Computer Crime & the Adequacy of the Current Legal Framework in Sri Lanka
  2. 2. What is a Computer Crime ?
  3. 3. One can say.. “It is a form of white-collar crime committed inside a computer system.” Or that.. “It is the use of the computer as the instrument of a business crime.”
  4. 4. “Computer related crimes are any violations of criminal law that involve a knowledge of computer technology for their preparation, investigation or prosecution.” Although computer-related crimes are primarily white-collar offences, any kind of illegal act based on an understanding of computer technology can be a computer-related crime
  5. 5. Types of Computer Crimes..
  6. 6. Types of Computer Crimes.. COMPUTER CRIMES Computer- Related Offences Content-Related Offences Computer- Integrity Offences
  7. 7. Computer-related Crimes.. Computer Related Frauds Theft of Information Forgery
  8. 8. Computer-related Crimes.. Identity Theft Phishing Cyber Squatting
  9. 9. Content-Related Crimes.. Illegal Content Infringement of Right to Privacy Infringement of Freedom of expression
  10. 10. Computer-Integrity Offences.. Unauthorized Access Unauthorized Acts Unlawful Devices
  11. 11. Computer Crimes: Current Sri Lankan Legal Framework
  12. 12. What needs to be looked at?? Penal Code Criminal Procedure Code Computer Crime Act No.24 of 2007 Computer &Information Technology Council of Sri Lanka Act 1984
  13. 13. Penal Code • Offences under the Penal Code deals only with “movable property”. Accordingly, section 20 of the Penal Code provides that, “The words “movable property” are intended to include corporeal property of every description, except land and things attached to the earth or permanently fastened to anything which is attached to the earth.” • It doesn’t discuss offences against immovable property or intangible property • However, Nagaiya vs. Jayasekera case – the accused was prosecuted for theft of electricity under section 366 of the Penal Code
  14. 14. Penal Code contd.. • However, Penal Code (Amendment) Act, No. 16 of 2006, has inserted new sections 286B to the principal enactment. • Accordingly, 286B. (1) A person who provides a service by means of a computer shall take all such steps as are necessary to ensure that such computer facility is not used for the commission of an act constituting an offence relating to the sexual abuse of a child. (2) A person referred to in subsection (l) who has knowledge of any such computer facility referred to in subsection (l) being used for the commission of an act constituting an offence relating to the sexual abuse of a child, shall forthwith inform the officer-in-charge of the nearest police station of such fact and give such information as may be in his possession with regard to such act and the identity of the alleged offender. (3) Punishment - imprisonment of either description for a term not exceeding two years or to a fine or to both
  15. 15. Accordingly.. Penal Code deals only with one segment of content-related computer crimes It only provides for the prevention of sexual abuse of children using computer..
  16. 16. What about the implementation of law with regard to commission of other computer crimes?
  17. 17. Computer Crime Act No.24 of 2007 Preamble  For the identification of Computer Crime.  To provide the procedure for the investigation and prevention of such crimes.
  18. 18. Application of the Computer Crime Act No.24 of 2007 A person being present Computer, computer system or information affected or being affected was at the time Facility or service used in the commission of the offence was at the time situated Loss or damage is caused to the state or to a resident Within or outside Sri Lanka
  19. 19. Computer Crimes recognised under the Computer Crime Act No.24 of 2007 • Section 3 : Unauthorised access to a computer • Section 4: Unauthorised access in order to commit an offence • Section 5: Causing a computer to perform a function without lawful authority • Section 6: Offences committed against national security
  20. 20. Computer Crimes recognised under the Computer Crime Act No.24 of 2007 • Section 7: Dealing with unlawfully obtained data • Section 8: Illegal interception of data • Section 9: Using of illegal devices; computer or computer programme • Section 10: Unauthorised disclosure of information enabling access to a service
  21. 21. To commit any of the offences mentioned Attempt Conspire Abetment Also.. Under section 11, 12 and 13..
  22. 22. Investigations in Relation to Computer Crimes.. • Except for the special procedures provided under the Computer Crimes Act No.24 of 2007, all offences under the act shall be investigated, tried or otherwise dealt with in accordance with the Criminal Procedure Code Act No.15 of 1979.
  23. 23. Some Special Procedures under the Act.. Search and Seizure • On application made, for the purpose of investigation, a magistrate would grant an expert or a police officer the authority to search and seizure with warrant • Any Police Officer may in the course of investigating, exercise power of arrest, search or seizure of any information accessible within any premises. Confidentiality of information obtained • Every person engaged in an investigation under this act shall maintain strict confidentiality with regard to all information obtained in the course of an investigation Section 18 Section 21 Section 24
  24. 24. Computer & Information Technology Council of Sri Lanka Act 1984 • The act establishes Computer and Information Technology Council with one of its primary functions being the formulation and implementation of a national policy on computer and information technology • Pursuant to section 22 of the Act, the Council may make rules in respect of national policy on computer and information technology .
  25. 25. Effectiveness of the Current Sri Lankan Legal Framework on Computer Crimes: Comparative Analysis
  26. 26. UK Legal Framework on Computer Crimes.. What are the statutory instruments that govern the law on Computer Crimes in UK?  Computer Misuse Act 1990  Police & Justice Act 2006  Fraud Act 2006  Theft Act 1968  Protection of Children Act 1978  Criminal Damage Act 1971  Human Rights Act 1998
  27. 27. Unlike in Sri Lanka, the UK legal framework has not specifically recognised each and every computer crime under the Computer Misuse Act 1990. But they have adopted the general principles of substantive law in force in matters of the offences committed with the use of computer. Ex: Accordingly, using the computer to steal information would be a crime under the Theft Act 1968 Thereby, the UK legal framework attempts provide an adequate legal framework governing the computer crimes
  28. 28. Theft Act 1968 • Unlike under the Sri Lankan Penal Code, the UK’s Theft Act 1968, section 4(1) provides; ““Property” includes money and all other property real or personal, including things in action and other intangible property” • However, in the case of Oxford v. Moss, it was held that offence of theft cannot be committed against information.
  29. 29. Fraud Act 2006 The three fraud offences recognised under the act are  Fraud by false representation  Fraud by failing to disclose information  Fraud by abuse of position These include fraudulent activities committed involving machines as well. Ex: Computer-related fraud, computer-related forgery, phishing, cyber squatting Sections 2,3 & 4
  30. 30. Other Instances Where General Principles of Substantive Law are Adopted in Matters of the Offences Committed with the Use of Computer • Child Pornography – Protection of Children Act 1978 • Computer-related Criminal Damage – Criminal Damage Act 1971 • Infringement of Right to Privacy • Infringement of freedom of expression Human Rights Act 1998
  31. 31. Computer Misuse Act 1990
  32. 32. Computer Crimes recognized under the Computer Misuse Act The Act recognises three types of computer crimes;  Unauthorised access to computer material  Unauthorised access with intent to commit or facilitate commission of further offences  Unauthorised modification of computer materials Use of unlawful devices was originally not contained in the Computer Misuse Act. However, to meet its commitment under the Cybercrime Convention, the provision was introduced into the act through the Police and Justice Act 2006.
  33. 33. Jurisdictional Issues • General principle of International Criminal Law is that a crime committed within a state’s territory may be tried. However, Under the Computer Misuse Act 1990, • The offences may be committed by any person, British citizenship being immaterial to a person’s guilt. • Jurisdiction is asserted through the concept of a “significant link” being present in the home country Section 9 Section 4(6)
  34. 34. Provisions in relation to Jurisdiction under the Convention on Cybercrime & EU Draft Legislation Jurisdiction should exist when committed: 1. In its territory; or 2. On board a ship flying the flag of the Party; or 3. On board an aircraft registered under the laws of that party; or 4. By one of its nationals, if the offence is punishable under the criminal law where it was committed Ex: CitiBank Fraud
  35. 35. Forensic Issues Interception and Communication Data Under the Regulation of Investigatory Powers Act 2000, - Information obtained through interception is not admissible evidence However, - Conversely, interception evidence is admissible where a service provider carries out the interception under the Communications Act 2003 - Morgans v DPP [1999] 2 Cr App R 99 - R v P & Others (2001) 2 All ER 58
  36. 36. Forensic Issues Search and Seizure • Powers to enter and search premises will be granted by a magistrate • Under the s 19(4) of Police and Criminal Evidence Act 1984; Any information which is stored in any electronic form and is accessible from the premises to be produced in a form in which it can be taken away - United States v. Gorshkov 2001 WL 1024026 (WD Wash, 2001)
  37. 37. Effectiveness of the UK Legal Framework with regard to Sri Lankan Legal Framework on Computer Crimes • The statutory instruments governing the criminal law principles give effect to computer crimes as well even though the offences are not specifically recognised under the Computer Misuse Act 1990. therefore, the law provides for all types of computer crimes. • The issues arising due to the extraterritorial aspect of the jurisdiction are minimised by the Convention on Cybercrime and EU Draft Legislation. • Unlike the Sri Lankan Legal Framework, the UK legal framework is full- fledged with distinctive case law. • However, it would be more convenient for the law enforcing officers, if they could find the law governing computer crimes in one statutory instrument. • Further, unlike in Sri Lanka, the statutory instruments does not provisions for the police officers to obtain expert assistance, a compensating procedure for the victims of computer crimes or for the protection of the right to privacy.
  38. 38. Why is the current Sri Lankan legal framework on Computer Crimes Adequate??
  39. 39. Why Adequate? • The current legal framework on computer crimes recognise most of the computer crimes and provide an effective mechanism to deal with such computer crimes. • The courts have a wide jurisdiction to attend the matters irrespective of whether the person resides, the crime was committed or the damage was caused a person or corporation within or outside Sri Lanka • A panel of expertise shall be appointed in order to assist the police officers in the investigation process. • In the process of investigating the police officers and the experts are required to consider about the protection of information and rights of the individuals
  40. 40. What debarred the Scope of Improvement of the Law on Computer Crimes?
  41. 41. Reasons.. There was no scope for improvement, Since subject was recently recognised..  Lack of reporting by victims  Organisations avoid adverse publicity  Shortage of resources, expertise and experience  Transnational nature of computer crimes  Associated jurisdictional problems  Significant forensic challenges created by networked computers tot the LEAs in obtaining evidence and subsequently presenting it before courts.
  42. 42. What Needs to be Done?? Recommendations..
  43. 43. Recognizing the computer crimes that are not recognised under the current Computer Crime Act No.24 of 2007. Following are the crimes that are not recognised under the Act; • Computer-related fraud • Computer-related forgery • Identity theft • Illegal gambling • Spam • Publication of libel and false information • Promotion of Racism and Hate speech -UNAFEI Report on Issues and Measures Concerning the Legal Framework to Combat Cybercrime 1
  44. 44. Adoption of basic international standards regarding both substantive and procedural criminal law • Sri Lanka itself cannot adopt basic international standards regarding both substantive and procedural criminal law. • But representatives of various international organizations can suggest the implementation of such basic international standards. • Through the implementation of such basic international standards, Sri Lanka will be able to increase the efficiency of its current legal framework. • Also the confusions in relation to jurisdiction can be minimized by introducing specifications as to the jurisdictions. 2
  45. 45. General principles of substantive law in force in Sri Lanka may be adopted in matters of the following offences committed with the use of computer. As it is in the UK, Sri Lankan legal framework may also adopt general principles of substantive law in force, in relation to matters of the following offences committed with the use of computers. • Illegal gambling • Identity theft • Libel • Slander • Publication of false information 3
  46. 46. Protection of private communication as civil right against methods of computer crime investigations • One reason for the lack of reporting by the victims of computer crimes is that, their fear of imminent infringement of their right to privacy. • It would be much effective if procedures could be adopted to conduct crime investigations while protecting private communication as a civil right. 4
  47. 47. Implementation of laws requiring the identification of users accessing internet through public terminals • Most of the criminals access internet through public terminals or use the computers of the public terminals such as cyber-cafes in the process of commission of computer crimes. • Therefore.. It would be an effective measure to require the identification of the users accessing the internet and computers through public terminals, which would increase the convenience of the police officers and panel of experts in the investigating procedures. 5
  48. 48. Strengthen the Co-operation between local officers of Transnational Service Providers and the authorities • Information technology is a subject which gets updated every second. • With its constant updates, the scope for commission of computer-crimes also increases. • Therefore there should be a good corporation between local officers and the Transnational Service Providers to provide for the preventive measures on possible commissions of crimes. 6
  49. 49. Creating public awareness on the remedies available to the affected parties of computer crime. • Computer crimes were recently recognised by the Sri Lankan law. • Therefore, most of the individuals are unaware about the remedies available to them, such as compensation. • By creating awareness, the victims may tend to report computer crimes which will create scope for the improvement of law relating to computer crimes 7
  50. 50. Creating public awareness on the punishments available for the offenders of computers crimes. • Prevention is better than cure.. • Therefore, by creating public awareness about the available punishments for the offenders of computer crime, it would create a fear among the public commit computer crimes. 8
  51. 51. Conducting training programmes to provide the officials involved with the process expertise and experience. • The scope for the improvement of law in relation to computer crime has declined with the lack of expertise and experience. • By conducting training programmes the lacuna between the effectiveness of the system and the expertise and experience can be filled 9
  52. 52. Finally…
  53. 53. What about these two?? Situation 1 Situation 2
  54. 54. References Cases  Morgans v DPP [1999] 2 Cr App R 99  Nagaiya vs. Jayasekera (1997) 28 NLR 467  Oxford v. Moss (1979) 68 Cr App Rep 183  R v P & Others (2001) 2 All ER 58  United States v. Gorshkov (2001) WL 1024026 (WD Wash, 2001) Statutory Instruments  Communications Act 2003  Computer & Information Technology Council of Sri Lanka Act 1984  Computer Crime Act No.24 of 2007  Computer Misuse Act 1990  Criminal Damage Act 1971  Criminal Procedure Code Act No.15 of 1979  Fraud Act 2006  Human Rights Act 1998  Penal Code Ordinance No.2 of 1883  Police and Criminal Evidence Act 1984  Police & Justice Act 2006  Protection of Children Act 1978  Regulation of Investigatory Powers Act 2000  Theft Act 1968
  55. 55. References EU Legislation  Convention on Cybercrimes 2001 Books  Lloyd I, Information Technology Law  Reed C, Computer Law (7th edn, Oxford University Press 2011)  Stewart J, Computer Crime: Criminal Justice Resource Manual (2nd edn, National Institute of Natural Justice 1998) < y_r&cad=0#v=onepage&q&f=false> accessed 7 November 2016 Journal Articles  Jayasekara A, 'Internet And Law (Special Reference To Sri Lanka)' (University of Kelaniya 2015) Reports  UNAFEI, 'Issues And Measures Concerning The Legal Framework To Combat Cyber Crime' (UNAFEI 2008) Newspaper Articles  Nafeel N, 'New Laws To Curb Cyber Crimes' Daily News (2015) <> accessed 20 November 2016
  56. 56. Thank you!