The increasing connectivity of society brought about by the Internet and its numerous advantages have been somewhat offset by the threat posed by individuals who use the Internet and information technology tools to commit cyber crimes against others.
Cyber threats are constantly evolving and ever changing and to counter this, many countries around the world have enacted a comprehensive and unified legal framework to counter cyber crimes.
Amongst other things, the objective of cyber crimes prevention law or legislation is to ensure cyber security, the protection of computer systems and networks, and to ensure electronic communications and privacy.
The Oman Cyber Crimes Law is contained in Royal Decree No 12/2011 (Law).
Unlike in some other countries which the object and purpose of the enacted law or legislation is set out in the form of a preamble, the same is not the case with laws enacted in Oman. Therefore, the Law does not spell out the object and purpose behind its enactment. Having said that, the Law considers various acts as cyber crimes and backs violations of those acts with robust penalties in the form of jail sentence and fines.
The Law is divided into seven chapters. Chapter One of the Law contains definition of key terms used in the Law. The definitions section (Chapter One) defines “information system” as “a group of programmes and tools used to process and administer the data and the electronic information”. Similarly, term “Electronic data & information” has been defined as “whatsoever can be saved, processed, generated and communicated by means of information technology, whether it is in writing, photos, sounds, symbols or signals”.
The term “Information Technology” has been defined as “The scientific utilization of computers, electronics and communications for the process, dissemination of data and information in its different versions”. Clearly, the scope of the Law widens comprehensively in view of these robust definitions which have been designed to cover different forms of information technology and the circumstances in which data and information can be used, transmitted, captured and stored or retrieved.
The Law falls under the purview of Information Technology Authority of Oman which is the designated authority for combatting and preventing cyber crimes in the Sultanate.
Chapter One of the Law makes it clear that the Law applies to cyber crimes committed wholly or partly outside of Oman whenever damage ensues or results to the interests of the Sultanate of Oman and also when the criminal act results from within Oman or is intended to result from within Oman.
Chapter Two of the Law is titled “Violation of safety, confidentiality of data & electronic information and informational system” and it covers various acts that constitute cyber crimes.
Article 3 of this Chapter makes it a criminal offence if a person intentionally and illegally (i) accesses an electronic site or informational system or information technology tools or part of it, or (ii) exceeds his/her authority to access it or continues to access it after being aware of his/her access. Article 4 makes it a crime if a person commits the acts mentioned in Article 3 during performance of his/her official duties.
Article 6 of Chapter Two provides criminal liability for persons who intentionally and illegally have access to an electronic site or to an informational system with the intent to obtain data or governmental electronic information of confidential nature or if the criminal act results in the deletion or change or amendment or disfiguration or destruction of or copying or damage or dissemination of data or electronic information.
Article 6 makes it clear that confidential data and electronic information of banks and financial institutions are regarded as governmental confidential data and electronic information for the purposes of the application of Article 6.
Article 7 of Chapter Two makes it a crime if a person intentionally and illegally has access to an electronic site with the intent to change its configuration, amend or damage or delete it or to occupy the site.
Article 8 of Chapter Two makes it a crime if a person intentionally and illegally by using information technology tools obstructs flow of data or electronic information transmitted through the informational network or the means of information technology or intercepts its transmission or eavesdrops on such data and information.
Similarly, Article 9 of the Law prescribes penalty for persons who intentionally and illegally by using information technology tools enter into informational system or informational network or information technology tools etc. causing the breakdown any of these systems, or the deletion, amendment, disfigurement or destruction of the programs or data or the information technology used or saved in any of these systems with knowledge that such act may stop the systems from working.
The next in the series of articles on this subject will touch upon further acts prescribed as cyber crimes under the Law such as forgery and content
(The author heads the Corporate and Commercial practice at ARAB Advocates and Legal Consultants, Oman)