“A study about the Cybercrimes Law”
By: Muhammad Ebaid
On August 14, 2018, the Official Gazette published Law No. 175 of 2018 on Combating Cybercrime to come into force on 15 August 2018. The mentioned law is an episode in a series of silencing measures imposed on freedom of expression which began with blocking websites, closing media platforms and punishing those who are engaged and eventually issuing press and media laws based on defective legislation, which reflects the State’s clear desire to undermine and silence critical voices, as well as to prevent the circulation and dissemination of information.The law provides a complete legalization of cybercrimes by extending it to all netizens according to broad terms and excessive penalties that pave the way for full control of the Internet and information technology in a way that does not allow the internet to be used as a means of expressing opinion or accessing information, especially after its growing importance as a key driver and major player in the Arab revolutions, in addition to the intention of security authorities to monitor and follow the internet pages lately and using this in te fabricating vague charges to many activists, most notably, the dissemination of false news and insulting state institutions and other punishable offences according to penal,, anti-terrorism and anti-protesting laws and other laws.By reading and interpreting the law’s texts, it was observed that they constitute a real threat to the most important fundamental freedoms, violate constitutional provisions, with a clear desire to eliminate freedom of information and digital freedoms, so that only the state media and propaganda can be implemented. The new law does not only constitute legislative and constitutional violations, but it reveals the ignorance of the role of information technology and the nature of its users.In this study we are trying to refute the law’s texts, to find out the shortcomings and to identify the article affected by the constitutional irregularities, as well as to raise awareness of the nature of the information reality with the current political events and the implications of the provisions of the law and its legislative flaws which lack the simplest techniques of information technology and the nature of its users.
The shortcomings of the law and refuting it .. The constitutional flaws and violations:
The definition of the term “national security” is a broad definition that prevents the mere criticism of state institutions and its officials
The first thing we face in the Cybercrimes law is the text of Article 1 on definitions, which is, along with many technical definitions, contains a specific definition of national security and its actors as follows:
“In the application of the provisions of this law … the following terms and expressions shall have the meaning attached to it…:
– National security: everything related to the independence, stability, security, unity and territorial integrity of the country, and the affairs of the Presidency, the National Defense Council, the National Security Council, the Ministry of Defense and Military Production, the Ministry of Interior, the General Intelligence and the Administrative Control Authority and all Authorities related to these entities.
– National Security covers: the Presidency, the Ministry of Defense, the Ministry of the Interior, the General Intelligence and the Administrative Control Authority. “There is no doubt that this definition of national security is so broad and loose to such an extent that it is not possible to determine its identification, especially with the use of words like “everything related”, “what is involved”, which means that public affairs can never be dealt with through Information technology and social media. Following the definition of the term, the law mentions in several punitive procedures the term of national security as an excuse to aggravate the penalties; as follows:
Monitoring and allowing the disclosure of data and information of netizens. Semi-permanent censorship and non-standard and loose terms that do not specify the preserved data
Although the Arab Convention on Combating Cybercrime (ACCC) (signed in Cairo on 21/12/2010 and decree No. 276 of 2014 issued by the President and approved on 19/08/2014 and published in the Official Gazette on 13/11/2014 ) provided for the obligation of service providers to maintain the integrity of the information in their possession for a maximum of 90 renewable days; the second article of the law in question stipulates that the service provider must maintain and store the data of information systems or any other storage devices for 180 consecutive days, in a clear step to further surveillance on netizens
The article specifies the types of data the service providers must store and maintain as follows:
A- Data that enables the user to be identified.
B- Data relating to the content of the information system when it is under its control.
C- Data on the communication
D- Data relating to the telecommunications terminal.
E- Any other data to be determined by a decision of Board of National Security Authority.
There is no doubt that it is pointless to specify the data and what it is, as discussed in the text, since it included almost all kinds of data data, especially with the addition of the word “other” in item (e) above and the authorization of the Board of National Security Authority. It does not set a standard for the administrative authority to invade the private life of citizens guaranteed by the Constitution under the provisions of article 57, which stipulates that “private life shall be inviolable. Postal, telegram, electronic, telephone and other means of communication are inviolable, its confidentiality is guaranteed, and can not be confiscated, or disclosed or monitored except by a judicial warrant and for a definite period, and in cases prescribed by law.In addition to the fact that the inviolability of private life is one of the rights and freedoms of the citizen, which the Constitution states in Article 92: “The rights and freedoms of the citizen shall not be tolerated or derogated.Not only did the text deprive the inviolability of the private life of citizens, but it also provided the possibility of disclosure of stored data, including the personal data of any user by reason of a judicial authority, as provided in the second paragraph of the obligations of the service provider by saying ” Confidentiality of data stored and maintained, and not disclosed without a warrant issued by one of the competent judicial authorities – including personal data of any users of his service or any data or information related to the sites and special accounts to which these users enter, or people and contacts related to them. ”
The third item, in order to suffocate freedoms, stating: “and in accordance with the provisions of the Constitution, the service providers and their dependents shall, in the event of the request of the National Security Authorities and in accordance with their needs, comply with all the technical possibilities which enable them to exercise their powers in accordance with the law.”
There is no doubt that the purpose of the previous text is clearly to monitor and undermine the personal freedom of users, and that the provision of “inviolability of private life guaranteed by the Constitution” will not prevent achieving such a purpose, not to mention that providers do not have the luxury of acceptance or refusal to provide these possibilities even if it contradicts the inviolability of private life of users, and no means or criterion to determine what is considered a violation of that sanctity or not.
The expansion in granting judicial policing powers to incompetents in conjunction with the loose texts
The law expanded in granting of judicial policing powers to the employees of the National Telecommunications Regulatory Authority (NTRA), in addition to others designated by the national security authorities, in accordance with Article 5, which states:
“A decision by the Minister of Justice, in agreement with the competent Minister, may grant the status of judicial seizure to the employees of the Agency or other persons designated by the National Security Forces wtih regards to crimes which are in violation of the provisions of this Law and related to the performance of their functions.”The law stipulates in Article 6 that the mentioned judicial officers of various powers granted to them by the investigative authorities in broad terms, stating that “the competent investigative authority shall, as the case may be, issue an injunction to competent judicial officials for a period not exceeding 30 days Days, renewable for one time, when it is useful for the appearance of the truth to commit a crime punishable under the provisions of this law with one or more of the following:
1. To control, withdraw, collect or hold data, information or information systems, and track them in any place, system, program, electronic support or computer in which they are located, and their digital evidence shall be delivered to the issuer of the order without prejudice against the system and the service it provides.
2 – Research, inspection, access to computer programs, databases and other devices and information systems for the purpose of control.3- To order the service provider to deliver its data or information related to an information system or technical device, which is under its control or stored in it, as well as the data of its service users and the communication traffic carried out on that system or the technical device. In any case, the order of the competent investigation authority should be reasoned.
The appeal of the advanced orders before the competent criminal court shall be in the consultation room on time and in accordance with criminal procedure. “
It is clear, according to the above-mentioned text, that such powers are given to judicial officers based on broad terms such as “when it is useful in the emergence of the truth” or “if necessary” in total waste of several constitutional principles, which will be ignored under the pretext of the words above.
Blocking sites under the pretext of threatening national security with decisions of the investigation authorities and in case of need by the investigation and arrest authorities
In recent years, the Egyptian authorities have blocked more than 500 websites without disclosing the reasons. However, the indicators confirm the current regime’s desire to restrict the freedom of thought, opinion and expression, especially that most blocked sites are owned by media channels hostile to the regime or human rights organizations that do not reflect the sole opinion of the state
After the enactment of Law No. 175 of 2018, the prohibition became a matter for the investigative authorities to issue whenever it wished and without reasons to be required, based on the same pretexts and loose words. Article 7 of the law states in its first paragraph that “the competent investigation authorities have the right, whenever it finds out that a site, broadcasted from inside or outside the country, that contains words, numbers, pictures, films, propaganda material or the like, which constitutes a crime under the law, constitutes a threat to national security or jeopardizes the security of the country or its national economy, to order the blocking of the site or sites to be broadcast, whenever this could be done technically. “
The text also authorizes the authorities of investigation and arrest without the need to return to the investigation bodies, to inform the National Telecommunications Regulatory Authority to notify the service provider with the immediate blocking of sites in the event of urgency of the existence of danger, the service provider shall implement the content of the notification immediately upon its arrival which is stated in the third paragraph of Article 7 “In the case of urgency, there may be imminent danger or damage caused by the commission of a crime the competent investigation authorities shall notify the authority (in reference to NTRA) to notify the service provider immediately for a temporary blocking of the site, sites, links or content mentioned in the first paragraph of this article in accordance with its provisions … The service provider shall comply with the content of the notification as soon as it is sent to it. “While the law guarantees to the concerned parties to appeal against the blocking orders. However, the anticipation of the issuance of judicial decisions based on the pretexts of security and the national economy and other broad criteria for the regulation of blocking is in complete contradiction with the principles and constitutional provisions in support of the freedom of thought and opinion guaranteed under the text of Article 65 of the Constitution
Travel Bans in cases of necessity
The legislator did not overlook the use of the word necessity when dealing with the travel ban in the law. The text of Article 9 allows the Attorney General or his authorized representative and the competent investigative authorities to prevent the accused from traveling outside the country or by placing his name on the arrival watch lists “when there is sufficient evidence “of the seriousness of the charge of committing an offense set out in the law.
In spite of the insistence of the text in reliance on the word necessity, it should not be relied upon to prevent a citizen from exercising his constitutional right to move and immigrate. However, it used the same wording when it authorized the public prosecution and the competent investigative authorities to rescind the order issued by them concerning banning travel of placing names on airport checklists, in its text in the fourth paragraph the law states: “The Public Prosecution and the competent investigative authorities may at any time withdraw from the order issued, and may amend it by removing the name from the lists of prevention of travel or arrival watch lists for a specified period if necessary. “There is no doubt that this irrational conflict is contrary to the rights guaranteed by the Constitution, and in particular the principle of presumption of innocence and the right to personal freedom
The crime of illegal access and its conflict with the nature of the internet and the varying capacity and level of experiences of users
In article 14, the law defines the perpetrator of the offense of unlawful entry as: “Any person who intentionally or by mistake entered and remained unlawfully on a private site or account or information system which he/she is prohibited from entering.” There is no doubt that the term “prohibited to enter” extends to the techniques used to bypass the blocked sites so that the violator shall be punished by imprisonment for a period of not less than one year and a fine of not less than 50 thousand and not exceeding 100,000 Egyptian pounds or by one of the penalties. The theft of information on these sites shall be subject to imprisonment for a period not less than two years and a fine of not less than EGP 100,000 and not exceeding 200 thousand or one of these penalties.
Article 15 of the Act defines a crime of gaining unauthorized access by: “Anyone who accesses a private site or account or an information system using an unauthorized right that exceeds the limits of this right in terms of time or entry level.” is to be punished by imprisonment for a period of not less than 6 months and a fine of not less than 30 thousand pounds and not more than 50 thousand pounds, or one of the penalties.
The law increased the abuse of article 22 by criminalizing the possession of programs or codes that may be used to enter prohibited sites. If we consider that a court ruling issued by blocking a website, and the user has a program that allows him to bypass censorship, this program is considered a crime.
It is clear from the wording of these punitive texts that the legislator does not observe the nature of the internet and its users. It is punishable by actions that can not be limited to material or moral evidence or the availability of criminal intent of the perpetrators, in conjunction with the professional and varied experiences of users of internet and the extent of their knowledge which vary from person to person
The distinction between State-owned and individual-owned sites in case of cyber attacks
Under article 29, whoever is responsible for the administration of a website, special account or e-mail in case of any of the offenses stipulated in the law shall be liable to imprisonment for a period of not less than one year and a fine of not less than 20,000 and not exceeding 200,000 Egyptian pounds. The punishment is lessened if the site or account for one of the crimes resulted from the negligence of the official and not taking the measures and precautions in the executive regulation of the law, which has not yet been issued.
There is no doubt that the above statement contradicts the principle of the personality of the penalty provided for in Article 95 of the Constitution. How can it be imagined that the victim of the attack will be punished instead of the aggressor, and that according to the nature of the information technologies, no information system is immune to the penetration of 100% security precautions taken to prevent an attack on it, especially with the development and continuous modernization of penetration programs and access to information systems, which makes us wonder about what measures and security precautions that will be reflected in the executive regulations of the law when issued and how will it meet this purpose?In addition, the law does not include the punishment of those responsible for the state’s sites if they are exposed to the same attacks mentioned in the text in question, especially since the state-owned sites must be more secure and sophisticated than the sites and accounts owned by individuals, which is contrary to the principle of equality before the law In Article 53 of the Constitution, especially that the person responsible for the administration of a state-owned site responsible for the management of a special site can not distinguish between them in punishment in that case have equal legal status
Fake accounts and data processing .. a punishment that ridicules and undermines freedom of thought, opinion and creativity
The law under consideration includes fake or fictitious accounts, and under it the sarcastic pages that are created by pseudonyms, or the mockery of an official in a cynical manner, which falls within the scope of freedom of opinion and expression and does not constitute a crime in the sense that these pages are often known to be artificial. The law in question guarantees in Article 24 that “a penalty of not less than 3 months imprisonment and a fine of not less than 10,000 pounds and not more than 30,000 pounds shall be imposed, or by either of the two penalties against: a person who invented an electronic mail, a site or a special computer and attributed it to a natural or legal personality.
If the offender uses the mail, the location or the artificial private account in an order that offends the person attributed to him, the penalty shall be a term of not less than one year and a fine of not less than 50,000 pounds and not exceeding 200,000 pounds or one of the two penalties.
If the crime is committed against a public legal person, the penalty shall be imprisonment and a fine of not less than 100,000 pounds and not more than 300,000 pounds. “
There is no doubt that the text as stated above will extend its scope to punish those responsible for the sarcastic pages and accounts that they created in order to criticize the political and economic situation in the country for political and public figures. This is contrary to the principles of freedom of thought, opinion and expression, which presupposes the complacency of the state officials to be criticized or mocked as long as they work in public field.
Punitive emphasis according to the terms (public order – national security – halting the provisions of the Constitution – harming national unity – and social peace)
The legal text uses non-standard and loose terms to define the aggravating circumstances of IT crimes to cover a wide range of users of information technologies. Article 34 of the law provides for strict imprisonment as punishment for the perpetrators of any crime provided for therein. “Disrupting public order or endangering the safety and security of the community or harming the national security of the country or its economic status, preventing or obstructing the practice of public works by the public authorities or disrupting the provisions of the constitution, laws or regulations, or damage to national unity and social peace”
The Supreme Constitutional Court has ruled in many of its provisions that the punitive provisions must be categorical in their significance to the material and moral elements of the crimes in a clear and specific manner as one of the foundations of the principle of the legitimacy of the crimes and penalties provided for in Article 95 of the current Constitution. National unity and social peace and other words mentioned in the text through which the acts punishable cannot be categorically determined to punish a person for excessive punishment such as aggravated imprisonment
There is no doubt that the nature of the information and data contained therein depends on freedom of circulation, transfer of information and the expression of opinions and ideas through it, which assumes a broader space to protect it, not to undermine and eliminate it. The imposition of restrictions on ideas and opinions does not prevent their circulation no matter how many attempts to suffocate them are made.
Perhaps the behavior of the legislative authority in issuing a law against cybercrimes highlights to a large extent the desire of the authorities to eliminate every way through which ideas can be put forward or criticism against its officials could take place. This is confirmed by what was mentioned earlier, the law issued attempts and endeavors to impose strict control on information technologies in all its forms, including social networking sites, which had the largest and most prominent role in mobilizing the masses against their governments and the first spark of the Arab revolutionsIt should be noted that most of the penalties and measures stipulated in the mentioned law, such as blocking, closing and fabricating accusations were carried out without legislative cover during the past. The law comes as an attempt to give it legitimacy and insisting on its wider application
1. Users of information technology and social networking websites should have full knowledge of the penal provisions contained in the law and avoid falling under its control as much as possible.
2. The legislative authority should repeal or amend the legislation issued, listen to the criticisms and drawbacks directed against it, and issue a new law that will use the technical expertise necessary to determine the nature of information technology, its administrators and users, and respect for the principles and constitutional texts.3 – The relevant investigation bodies should not direct accusations according to the flawed provisions contained in the law, especially the texts with broad words to avoid targeting activists and opinion makers.4. Lawyers should focus their efforts on the unconstitutionality of the provisions of the law before the courts until they reach the Supreme Constitutional Court.5. The Supreme Constitutional Court must fulfill its role in dealing with unconstitutional texts contained in the law and uphold constitutional principles and rights over the oppressive will of the authority.The Arabic Network for Human Rights Information