|
||||
|
||||
|
Computer
crimes - the Sri Lankan experience The necessity for these discussions arose in the light of many computer-related crimes that had taken place in Sri Lanka during the last decade. In most instances, the problems arose in the banking industry where the criminal acts had been committed by employees. The offences in most instances had been committed by gaining entry to a programme without authority or by betraying the trust placed by the employer. There were many cases of credit card fraud and falsification of computerised bills and receipts. A common problem faced by many investigators and prosecutors in almost every case relating to computer-related crime is the absence of a specific law governing the area. As at today the only piece of legislation in Sri Lanka which deals with some aspect of Information Technology is the Evidence (Special Provisions) Act, No. 14 of 1995 which was certified by Parliament on 31 July 1995. This Act provides for the reception of computer evidence. In the absence of such specific legislation, the investigators, the courts, and the prosecutors have to fall back on the existing penal law to consider whether an act of a criminal would amount to an offence or not. Existing
law Apart from the offences contained in the Penal Code, the Criminal Justice System of Sri Lanka recognises another category of offences identified as statutory offences. Such offences are created through statutes passed by Parliament exercising its legislative power. In the absence of a statute dealing with Information Technology Law or Computer Crimes, the question that has to be considered is whether the existing Penal Code is adequate to cover different types of crimes that may be committed in the arena of Information Technology. When we consider the nature of criminal activities connected with Information Technology concepts, it appears that most of such criminal activities fall within the scope of the offences dealt with under the chapter on offences against property. In a limited number of instances some activities would fault within the ambit of offences under the chapter on offences relating to documents. Any defamatory electronic mail or article or a defamatory message would fall within the ambit of the offences listed in Chapters 19 and 20 of the Penal Code. The Penal Code does not contain a definition of the term "Property". However, the term "movable property" has been defined in the Penal Code as "Corporeal property of every description except land and things attached to the earth or permanently fastened to anything which is attached to the earth." Accordingly, "Property" which constitutes the subject matter of the offences in the Penal Code is "tangible property". A close examination of the chapter relating to offences against property would reflect that in most instances, offences are confined to wrongful conduct in respect of "movable property". Such a restrictive interpretation will not be conducive to encompass offences related to Information Technology, within the ambit of the offences listed out in the Chapter. Unfortunately, an attempt to expand the meaning of the term "Property" to include "intangible property" has been rejected by the Courts of Sri Lanka. In the Nagaiya vs. Jayasekera case the accused was prosecuted for theft of electricity. At the time of prosecution there was no specific legislation governing such an act. Hence, the accused was prosecuted under Section 366 of the Penal Code. It was submitted for the defence that electricity was not tangible property and therefore the accused could not be convicted for theft under the Penal Code. It was held by the Supreme Court that the scope of Section 20 was limited to property which is movable. Accordingly, the accused was acquitted. Computer
theft Accordingly a problem that could be seen is that the restrictive and the traditional interpretation placed on the term "Property" by the Courts shuts out computer-related crimes being tried under the provisions relating to offences in respect of property. This problem could be resolved to a great extent if the interpretation of the term "property" could be expanded to mean and include intangible property such as matter stored in a computer. The Chapter
of the Ceylon Penal Code relating to offences in respect of documents
contains inter-alia the following offences: If a criminal is to be prosecuted under the provisions of this Chapter in the Penal Code of Ceylon, it is essential that the matter in respect of which the offence is committed falls within the definition of a "Document". At this point it is interesting to analyse whether the information stored in a computer or information stored in any medium would fall within the ambit of the above definition. It is relevant to note that the preliminary requirement of establishing the existence of a document is an indispensable and an essential component of this offence. The term "Document" has been defined in the Penal Code as "any matter expressed or described upon any substance by means of letters, figures, or marks or by more than one of those means, intended to be used, or which may be used, as evidence of that matter." The above definition is similar to the definition of a "document" as contained in Section 3 of the Evidence Ordinance. A perusal of the above definition would disclose that many difficulties would arise in the application of Information Technology related offences into the existing definition of the term "Document". Information stored in a computer or in any medium would not fall within the traditional interpretation of a document as found in Section 27 of the Penal Code. In Benwell vs Republic of Sri Lanka, an Australian national had committed a series of offences of embezzlement in Australia and was resident in Sri Lanka when Australia asked for his extradition. According to the available evidence it was alleged that Benwell had committed the above offences by alternation of information stored in computers. The question arose with regards to the admissibility of such evidence in a Sri Lankan court for the purpose of extradition. It was held in this case that information stored in any magnetic medium is outside the scope of the Penal Code of Ceylon. The above judicial authority too clearly indicates that the courts in Sri Lanka has adopted a restrictive approach in enhancing the scope and application of the existing law. Such an approach cannot be considered as being conducive to the development of laws relating to Information Technology. It would only permit the culprits to escape liability and would discourage the public from reporting such crimes. Such a restrictive attitude would only deter the development of this area of the law. It is time that much more judicial activism is displayed by the judges of Sri Lanka in this area. Notwithstanding the restrictive approach, there could be instances where criminals may be prosecuted successfully within the existing framework. But such instances are few in number. Accordingly an accused who steals the credit card of another, and uses it to purchase goods may be convicted for the theft of the card itself. He could also be prosecuted for the offence of Criminal Misappropriation of Property under Section 387 of the Penal Code. If the stolen card is used to purchase any items from a Departmental Store, he could be prosecuted for the offence of cheating the cashier of the store. Similarly, a person who alters or erases any programme on a computerised card may be convicted for the offence of mischief under the existing law. Credit card
scam In the prelude to this case, the credit card number of the minister concerned was published in a newspaper where it was alleged that minister had used public funds to pay private bills. After the card number was published the accused who is a computer fanatic, attempted to gain access to watch a paid phonographic movie on the Internet. The police, after having located such an attempt, produced the accused in court alleging that the minister's credit card number had been charged by the relevant website. The defence in this case has raised an objection to the continuance of the proceedings on the basis that no offence known to the law has been committed by the accused. Of course it appears that the accused had committed attempted cheating. The prosecutor may be in a position to proceed with the case if not for two other objections raised by the defence. One of the objections relates to jurisdiction and the other to admissibility of evidence. A closer look at this case would reveal that the accused cannot be prosecuted for any of the offences under the existing Penal Law. Law reform
The necessity of having a separate law and a sui generis regime to deal with computer crimes was identified by the US, the United Kingdom and Singapore. The primary objective of the legislation passed in these countries was to prevent the abuse and the misuse of computers by outside third parties, authorised personnel and unauthorised personnel. The legislation in this area is still in its infancy. There are many omissions that are now identified. Initially, the US Computer Fraud and Abuse Act, excluded insider hackers who abused authorised access. It was left to the US judiciary to interpret the circumstance of each case and decide whether the evidence disclosed a crime falling within the ambit of identified offences. In 1994, the Computer and Information Technology Council (CINTEC) initiated a project to evaluate and propose legislation to deal with Computer Crimes. In the several discussions that they had, the English and the Singapore experience was reviewed at length. After many discussions since 1994, several proposals were made by the CINTEC to the Law Commission of Sri Lanka. The Law Commission thereafter appointed a sub-committee to consider the nature of the legislation that has to be introduced. The sub-committee had many sittings and considered in detail the provisions of all the relevant laws in other jurisdictions. The laws of the US, UK and Singapore were considered in detail by the sub-committee. After a review of the English Law the sub-committee was of the opinion that there were many areas that needed improvement. The committee felt that it was necessary to provide provisions to identify specific offences relating to modification. The committee also formed the view that provisions should be made in respect of circumstances where offences could be committed without gaining access or modification. Examples cited by the committee were offences such as interception of information and introduction of pornographic material. After much deliberation a draft law was prepared and as at present the Legal Draftsman is ready to present the Bill to Parliament. (To be continued next week). |
||||
Copyright © 2001 Wijeya Newspapers
Ltd. All rights reserved. |
