Cyber crimes law: Misuse of IT tools and networks

The first article on the subject provided an overview of the importance of cyber crimes legislation around the world due to the increasing threats posed by individuals who use the Internet and information technology tools to commit cyber crimes against others.
Moreover, as cyber threats are constantly evolving, many countries around the world have enacted comprehensive and unified legal framework to counter cyber crimes. The legislative enactment that deals with cyber crime in Oman is the Cyber Crimes Law set out in Royal Decree No 12/2011 (Law).
As mentioned in the previous article, the Law contains definition of important terms such as “information system”, “electronic data and information” and “information technology”.
The evident advantage of these defined terms in the Law is that they make the meanings of these terms precise and easier to understand as the reader can conveniently refer back to the definition. The previous article also discussed crimes under Chapter II relating to violation and breach of “safety, confidentiality of data and electronic information and the informational systems” and the penalties for those crimes.
Chapter Three of the Law deals with misuse of information technology tools and networks.
It has been argued by IT experts that information systems, technology tools and networks are designed with functionality and not security as the main goal and therefore, most organisations view security threats as inbound i.e. from outside to inside which is a fallacy because major threats to security are not introduced from external sources but internally by employees.
Article 11 of Chapter III provides for imprisonment and/or fine for any person who uses informational network or the information technology tools to produce or sell or purchase or import or distribute or present or make available programmes devices or tools designed or adapted for the purpose of committing cyber crimes or uses passwords or symbols for accessing informational system or possesses such programmes or devices with the intention to use them in the commission of cyber crimes.
Article 11 under the Law, which deals with misuse of information technology tools and networks, must be understood in the context of terms used in Article 11 which have been defined under the Law.
For example, term “Information Technology” has been defined as: “The scientific utilisation of computers, electronics and communications for the process, dissemination of data and information in its different versions”. The term “Information Technology Device” means: “Electronic device used to process the electronic data and information, save, transmit or receive it such as computers and communication equipment” while “Informational Network” means: “A link between many Information Technology Devices for obtaining and exchanging of data and electronic information”.
Construing Article 11 in light of the above definition, it becomes evident that various circumstances in which information technology tools and data can be misused by individuals would constitute crime punishable by penalty or fine and/or imprisonment.
However, it is important to note that there is an important qualifier in Article 11 before any person can be made liable for commission of a crime under the Law: The intention to commit cyber crimes i.e. crimes referred as cyber crimes under the Law.
In other words, if a person were to commit any of the acts referred in Article 11, the person would be liable for commission of those acts and the ensuing penalty only if it were established — beyond a shadow of doubt — that the person who committed those acts had the intention to do so and not otherwise. This requirement or qualifier under Article 11 adds an important twist in the application of Article 11 because the concept of “intention” to commit a crime falls within the purview of the criminal law concept of mens rea or the state of mind of the defendant. Intention to commit a crime requires the highest degree of fault to be established before a person can be made liable for commission of a crime. In other words, a person who had mere “knowledge” that his/her actions would constitute a crime cannot be made liable for commission of cyber crimes in terms of Article 11 of the Law. To the contrary, what would need to be established is that the person had the intention to bring out specific and desired results through the commission of the act.
The next article in the series will touch upon further cyber crimes under the Law such as forgery and information fraud under the Law: Crimes that are an increasing global threat. The analysis of these cyber crimes under the Law will be in addition to a brief overview of the importance of legislation to prevent and penalize forgery and information fraud.
The author heads the Corporate and Commercial practice at ARAB Advocates and Legal Consultants, Oman.