The concept of cyber crime is not new, yet there are still quite a number of challenges in the legal framework designed to combat the issue. This problem has evolved speedily in the recent past, due to the increase in the application of computers, mobile devices and access to the internet. Digital crimes have transformed from ordinary fraud to extremely complex targeted and Advanced Persistence Threats (APT) (Brown & Roth, 2012). Cyber crime poses a substantive threat to individuals and national security, both online and offline. This calls for a legal setup to empower the responsible agencies act effectively on this subject. To combat the threats and damages caused by cyber related crimes, UAE (United Arab Emirates) enacted laws pertaining to cybercrime to protect its citizens, infrastructures, national security, as well as, to prosecute the people responsible for this unlawful activity. This report will consider the laws and regulations enacted by the UAE to fight cybercrime within and beyond its borders. The paper highlights and summarizes the cyber crime laws UAE as of April 2013.
The internet is perhaps the most transformative invention of the twentieth century. It has allowed instant connectivity to all corners of the world in a revolutionary manner. Business and commerce have now spread to several client and consumers with relative ease. Thus, the internet is an international, interactive and consistently changing center for connectivity. Therefore, measures to maintain some order over the internet has to be an effort several players, that is, governments and private sector businesses. Cyber crime consists of all criminal activities that utilize the computer and its related devices (Casey, 2004). The offences include activities where the computer is the primary instrument of the offence, and an aid to the crime. In November 2012, the UAE implemented the most comprehensive and detailed cyber crime laws in the wider Middle East (Mustafa & Ruiz, 2012). It consisted of a full array of offences that could be committed using the computer or through the internet with their respective sentences to those found guilty. These laws were implemented in response to growing levels of cyber crime activities in the UAE. Cyber crime in the UAE is catalyzed by the aggressive advancements in technology and the increase in online transactions (Gulf-News, 2012). This report will consider the laws and regulations enacted by the UAE to fight cybercrime within and beyond its borders. The paper highlights and summarizes the cyber crime laws UAE as of April 2013.
Understanding Terms Used in Cyber Crime Laws
It is extremely important to understand the ICT terms used within the legal framework in order to eliminate confusion when persecuting an offender. These terms are defined under UAE law, which include electronic information, information program, the internet, electronic document and website. A website is defined as a data access point on the internet where the internet is simply the data communications systems, which links information technology. Government data refers to that which pertains to the federal government and its related local or public entities. A person faces imprisonment and a fine for intentionally forging or using a forged federal document (aeCERT, 2006).
Cyber Crime and Cyber Laws in UAE
Laws are enacted to govern, protect and secure people, property, as well as, the activities linking them. The UAE tackles cyber crime with the help of UAE Computer Emergency Response Team (CERT) (aeCERT, 2006). CERT was formed by The Telecommunications Regulatory Authority (TRA) to detect and prevent cyber crime in UAE. This was a countermeasure because cyber crimes had led to loss of valuable data and damage in IT (Information Technology) infrastructure in some countries.
The Federal Legal Decree No. 5 for 2012 on fighting cyber crimes was issued by the President His Highness Sheikh Khalifa bin Zayed Al Nahyan (Mustafa & Ruiz, 2012). It included amendments to Federal Legal Decree No. 2 for 2006 on cyber crimes. The new law criminalizes the use of any information communication and technology (ICT) tools or the internet to commit an array of crimes, punishable by imprisonment and or fine. Articles in the Federal Legal Decree No. 5 for 2012 on cyber crime cover content, conduct commercialism and contact. Some of the primary offences include breach of privacy, defamation, publishing illegal content, hacking and phishing, identity theft, credit card fraud, money laundering and threatening national security (UAE-Cyber, 2012). It is also illegal to capture or intercept communication intentionally without permission (Al-Jandaly, 2013).
In November 2012, the UAE reinforced its dedication towards electronic-security and the campaign against cyber crimes. The UAE government enacted two new laws. That is, the Federal Law no. (5) Of 2012 concerning Cyber Crimes and the Federal Law no. (3) Of 2012 concerning the establishment of the National Electronic Security Authority (NESA). The Federal Law no. (3) Of 2012 is also known as the E-Security Authority Law. This set of new laws builds on the Federal Legal Decree No. (2) For 2006 on cyber crimes. They also reinforce other UAE internet security measures and programs such as the formation of the UAE Computer Emergency Response Team and various public awareness campaigns, for example, Salim (UAE-Cyber, 2012).
New Cyber Crime Laws
The rapid growth of cyber crimes in UAE advocated for the repeal of the previous Federal Legal Decree no. (2) For 2006 on cyber crimes. This sharp increase in cyber crimes is correlated to the advancement in ICTs. The business landscape in UAE is also tremendously transforming to online transactions. With the increasing trends of globalization, the nature of crime has also evolved from the physical market to the cyberspace. There are various cases of money laundering, identity theft and loss of trade secrets and intellectual property rights.
The Federal Legal Decree No. (5) For 2012 covers a wider array of offences than the previous 2006 cyber crime laws. Examples include forging electronic documents, using IT systems for phishing and hacking, damaging or altering electronic information and interrupting access to a communication network (Mustafa & Ruiz, 2012). In addition, these laws criminalize intentional disclosure or retransmission of electronically stored data without permission (Mustafa & Ruiz, 2012). This covers sensitive credit card or financial details theft, personal medical information and fraud. Cyber crime laws in UAE also cover blackmail through electronic means. These laws also prohibit preparation, distribution, publishing or republishing of pornographic material in UAE. The UAE cyber crime laws also consist of offences linked to the threat to national security and activities promoting terrorism (Al-Jandaly, 2013).
The new amendments increased the fine of some offences from three hundred thousand Dirhams up to 3 million Dirhams (AED). Some offences also lead to jail terms of up to 10 years. The punishments and penalties as set out in the Federal Legal Decree No. (5) For 2012 can accompany more stern punishment as entrenched in the Penal Code or any other related law in the UAE.
For instance, breach of intellectual property rights can be linked to the Federal Law No. (4) Of 2002 on Criminalizing the Money Laundry, and the Federal Law No. (7) Of 2002 on author Rights and the relating rights (aeCERT, 2006).
Furthermore, the UAE courts have the constitutional power to impound computers and the cyber crime related devices. The courts can as well deprive access to IT systems or completely shut down illegal websites. Foreigners face deportation in the event that they are convicted of any cyber criminal offences.
National E-Security Authority
The National E-Security Authority (the Authority) was established by the Federal Law No. 3 of 2012, along with the new Cyber Crimes Law of 2012 with the main objective of protecting the communications networks and information systems found in the country as well as developing, amending and using appropriate methods to enhance electronic security (Al-Jandaly, 2013). It also has a specific responsibility of giving support to the federal and Emirate level government institutions. The Authority’s e-security initiative also extends to the private sector. The National E-Security Authority also co-ordinates with the aeCERT, and the Telecommunications Authority (TRA) to achieve its goals (aeCERT, 2006).
Cyber Crime Incidences and Measures Taken By the UAE to Tackle Cyber Crime
In 2012, the Norton Cybercrime report indicated that 21% of adults in UAE have been victims of cyber crimes either through their mobile phones of social networking sites (Gulf-News, 2013). In Dubai, approximately 700 cyber crimes were reported to the police (Al-Jandaly, 2013). According to the police’s 999 Magazine, social networking sites, cloud computing and Smartphone’s are more prone to cyber attacks. All these dimensions are the present trends in the UAE. This implies that people are victimized on a daily basis. In addition, the findings indicate that the in 2011, the UAE residents lost about Dh 2.3 billion in cyber crimes. In 2012, the loss fell to Dh1 billion. This is attributed to government’s aggressive initiatives towards cyber security.
In January 2013, it was reported that 35% of cyber attacks centered on the banking sector (Gulf-News, 2013). This affected both ATM (automated teller machine) and online banking applications. In the same month, 65% of the attacks were targeted towards the government’s online services, educational institutions and telecommunication services.
UAE established special cyber crime units to tackle crime within and outside its territory (Al-Jandaly, 2013). The government has also established dedicated police departments committed to solve high-tech crimes. Other measures taken to tackle cyber crime in the UAE include public awareness and adoption of common treaties with other countries. Examples include the GCC countries and the EU. The United Arab Emirates government frequently scans the internet to filter websites that contain sensitive materials such as pornography, gambling materials, terrorist activities and anti –Islamic religion (Deibert & et-al, 2007). The aeCERT works with other agencies to formulate sound laws within the subject. TRA has been reporting the government’s efforts in counteracting internet threats, especially phishing attacks and website defacement.
The UAE government through aeCERT embarked on amending the cyber crime laws focusing strictly on computer crimes. This move is meant to eliminate old statutes that were used in persecution of regular real world crimes. The old laws were ineffective since they were not written to handle the unique computer crimes. The government is also keeping track of the technological changes and the related transformations in digital crimes. For instance, TRA and aeCERT have shifted focus on the proliferation of mobile devices in cyberspace. These devices have become the main conduits of network breaches given their architectural design and internet access technologies are more advanced. The government focuses on handheld gadgets because most of the social networking and engineering, as well as, financial transactions are carried out on handheld smart gadgets (Brown & Roth, 2012).
In the current technological environment, we face numerous challenges in our efforts to combat cyber crime. The greatest problem is whether or not the involved entities or law enforcement agencies comprehends how the laws should apply. The other challenge is how cyber investigations should be conducted. Even with the governments’ computer law crimes, there are few persecutions for the loss or damage because of cyber crimes. This is subject to the fact that it is challenging to identify and track down offenders (Casey & Turvey, 2011). Most perpetrators take advantage of the anonymity of the cyberspace to conceal their identity. Moreover, it is challenging to apply these laws effectively in persecution cases without a deep insight and the actual digital crime evidence. Cyber crime investigators must avail credible digital evidence to a court of law to persecute a perpetrator (Vacca, 2002). Cyber crime now relies and exploits various digital tools such as digital gaming, wireless telephony and social networking. This calls for collaboration of technical experts and law enforcement agencies as well as the private sector to curb cyber crime. Threats associated with the cyberspace should be debated openly to increase awareness. Therefore, it is imperative to understand and effectively implement the enacted laws to keep our cyberspace safe and punish the guilty.
aeCERT. (2006, January 30). UAE Cyber Laws. Retrieved April 15, 2013, from aeCERT: http://www.aecert.ae/pdfs/Prevention_of_Information_Technology_Crimes_English.pdf
Al-Jandaly, B. (2013, January 23). Dubai fares well against cyber-criminals. Retrieved April 15, 2013, from Gulf News: http://gulfnews.com/news/gulf/uae/crime/dubai-fares-well-against-cyber-criminals-1.1136880
Brown, P., & Roth, M. S. (2012). Information technology law institute 2012 : innovations in apps, e-books, cybersecurity, mobile technology, privacy and social media. New York : Practising Law Institute.
Casey, E. (2004). Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. San Diego: Academic Press.
Casey, E., & Turvey, B. E. (2011). Digital Evidence and Computer Crime (3rd ed.). San Diego,California: Academic Press.
Deibert, R., & et-al. (2007). Access denied : the practice and policy of global Internet filtering. London: Cambridge.
Gubanov, Y. (2012). Retrieving Digital Evidence – Methods, Techniques and Issues. Retrieved April 8, 2013, from Belkasoft: http://belkasoft.com/download/info/Retrieving%20Digital%20Evidence%20-%20Methods,%20Techniques%20and%20Issues.pdf
Gulf-News. (2012, November 12). Full text of UAE decree on combating cyber crimes. Retrieved April 15, 2013, from Gulf News: http://gulfnews.com/news/gulf/uae/government/full-text-of-uae-decree-on-combating-cyber-crimes-1.1104040
Gulf-News. (2013, January 30). Tackling cybercrime: The world war of our times. Retrieved April 15, 2013, from Gulf News: http://gulfnews.com/news/gulf/uae/crime/tackling-cybercrime-the-world-war-of-our-times-1.1131642
Mustafa, A., & Ruiz, R. (2012, November 13). Cyber-crime law to fight internet abuse and protect privacy in the UAE. Retrieved April 15, 2013, from The National: http://www.thenational.ae/news/uae-news/cyber-crime-law-to-fight-internet-abuse-and-protect-privacy-in-the-uae
UAE-Cyber. (2012). UAE Federal Cyber Crime Laws. Retrieved April 15, 2013, from UAE Cyber: http://uaecyber.com/en/about/government-initiatives/uae-federal-cyber-crime-laws/
Vacca, J. (2002). Computer Forensics Computer Crime Scene Investigations. Revere, MA: Charles River Media.