What is a Cybercrime?
Module 7: Cybercrimes
There is no precise, universal definition of the term ‘cybercrime’. In general terms, it refers to a crime that is committed using a computer network or the internet.(1) This can cover a wide range of activities, including terrorist activities and espionage conducted with the help of the internet, illegal hacking into computer systems, content-related offences, theft and manipulation of data, and cyberstalking.(2)
Cybercrimes and cybersecurity are two issues that cannot be separated in an interconnected digital environment. Cybersecurity, or the protection of digital devices, systems and networks against cybercrimes, refers to the collection of “tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets”, such as computing devices, applications and telecommunication systems.(3)
Cybercrimes in International Law
“Security should be implemented in a manner consistent with the values recognised by democratic societies, including the freedom to exchange thoughts and ideas, the free flow of information, the confidentiality of information and communication, the appropriate protection of personal information, openness and transparency.”(4)
The Convention on Cybercrime of the Council of Europe (CETS No.185), known as the Budapest Convention, is the only binding international instrument on cybercrime.(5) This Convention is open for adoption by states outside of Europe, and to date, the Philippines and Sri Lanka are the only two states in South and Southeast Asia that are party to it.(6) The Budapest Convention has also been used as a ‘model law’ for legislators in certain jurisdictions. For example, Sri Lanka modelled its 2007 national legislation, the Computer Crime Act, on the Budapest Convention prior to being invited in 2015 to join the Convention.(7)
Although it has been cited as a ‘benchmark’ by certain participants in current negotiations for a UN convention on cybercrime, the Budapest Convention has been criticised for providing insufficient procedural protections for the rights to freedom of expression and privacy, and for containing superfluous and overbroad content and copyright offences.(8)
Cybercrimes in Domestic Law
Cybercrimes legislation has proliferated across South and Southeast Asia in recent years despite only two states in the region being party to the Budapest Convention.
To ensure that cybercrimes laws do not unnecessarily infringe on the fundamental rights to freedom of expression, privacy and access to information, legislation should meet the following criteria:
- Provide narrow and clear definitions of cybercrimes, well-tailored to advancing legitimate aims and minimally restrictive of freedom of expression and privacy rights.
- Require proof about the likelihood of harm arising from a given criminal activity.
- Require the nature of the threat resulting from any criminal activity to be identified.
- Not introduce different standards for online and offline behaviour unless that behaviour is fundamentally different online.
- Provide for a public interest defence in relation to the obtaining and dissemination of information classified as secret.
- As a general principle, not impose prison sentences for expression-related offences, except for those permitted by international legal standards and with adequate safeguards against abuse.(9)