The Saudi Anti-Cyber Crime Law (2007) versus the UK Computer Misuse Act (1990)
The field of Information Technology has in the recent few decades experienced a lot of technologies changes. With these advancements, people have become more informed through accessing internet services at a lower cost and besides Information Technology has converged all corners of the world to become one village –globalization. Nonetheless, although this revolution is advantageous, it is the greatest suitable platform up on which crimes popularly known as ‘cyber crime’ is committed. Cyber crimes such as hacking, phishing, and social reengineering among others have become prominent. For such reasons, a lot of government authorities are continuing formulate regulatory policies and/or enacting laws to control IT industry especially cyber crimes. In this regard, this paper compares the Saudi Anti-Cyber Crime Law of 2007 and the UK Computer Misuse Act of 1990.
The Saudi Anti-Cyber Crime Law of 2007 was instituted in order to mitigate cyber crimes through harnessing security of information/data, and putting emphasis on maintenance of public morals. Article 3 of the Act stipulates that an individual shall be prosecuted in a court of law and sentenced to a period of not more than one year and fined a fine equal to or less than five hundred riyals if he/she commits any of the following cyber crimes: first, intercepting on spying on any information/data being transmitted on an information system (such as Wide Area Network, Local Area Network or Internet) without reasonable authority. Secondly, the article also covers on unlawful access to another person’s computer, website, technological device such as mobile phones with the intention of maliciously stealing or destroying information/data stored therein. Article 4 of the law prescribes an imprisonment sentence of not more than three years and a fine of equal to or less than two million riyals to any individual who hacks bank data and manipulates it his/her advantage. Article 5 of the law prescribes equal to /less than four years imprisonment and/or a fine of not less than three million riyals to a person who unlawfully accesses, deletes, or redistributes data in remotely located computer. Article 6 of the law prescribes an imprisonment of a period of equal to or less than five years and/or three million years to an individual who produces, transmits, or stores data that infringes public morals or religious values. Besides, this Article prohibits IT-based promotion of pornography, gambling, narcotic, human trafficking. Subsequently, Article 7 prescribes an imprisonment of up to ten years and/or a fine equal to/less than five million riyals to any person responsible for hosting, publishing, or constructing terrorist websites that put national security or economy at risk. Accordingly, the law also provides for punishment to any person who incites or teams up with others criminals to commit cyber crime in Article 9. Article 13 allows relevant authorities to confiscate software or equipment used to commit cyber crimes (Saudi Anti-Cyber Crime Law 2007).
The UK Computer Misuse Act (1990) classifies cyber crime into three sections; illegal access to computer information/data, illegal access to computer materials with the intention of facilitating or committing offences, and illegal alteration of computer information/data. Section one of offenses states that an individual is guilty if he/she uses his/her computer to unlawfully access data/program stored in another computer. This is regardless of the offence being directed at any particular data/program. Offenses under this section carry a sentence of an imprisonment of up to or less than six months and/or a fine of up to or less than level 5. Section 2 of the computer offenses combine offenses under section 1–unauthorized access- to state find guilty individuals who facilitates commission of such offenses. In other words, section 2 covers on furtherance of computer offenses. Section 2 (2a) stipulates any sentence as provided by law whereas Section 2 (2b) states that an individual of such offense may be imprisoned for up to five years if he/she is above or below twenty years of age. Section 5a stipulates that a guilty person under section 2 is accountable on summary conviction to an imprisonment period of equal to or less than six months and/or a statutory fine as provided in law. Section 3 under computer offenses cover on illegal modification of computer information/data and section 3 (1) states finds a person guilty if he /she unlawfully alter computer information knowingly or un-knowingly. Subsequently, sub-sections 2 and 4 states that the necessary requisite is intention and knowledge to alter the computer information/data respectively. An individual guilty of an offense under section 3 is liable on summary conviction to an imprisonment period of up to six months or less and/or a fine as provided by law (Computer Misuse Act 1990).
In comparing these two anti-cyber crime laws UK Computer Misuse Act (1990) is more comprehensive and superior to Saudi Anti-Cyber Crime Law of 2007. Reason being UK Computer Misuse Act has provisions with respect to a person’s territory. For instance, section 4 of UK Computer Misuse Act provides that it is irrelevant with respect to offenses stipulated under sections 1 and 3, the residential country or the person or where the crime was committed. In the same note section 9 of the UK Computer Misuse Act outlines that it irrelevant for any person prosecuted in UK whether at the time of committing cyber crime was a British citizen or not. In comparison, the Saudi Anti-Cyber Crime Law of 2007 does not provide such provisions. Secondly, section 11 of the UK Computer Misuse Act has clearly outlines jurisdiction of relevant courts that may handle specific computer offenses which is lacking in the Saudi law. In another perspective, the UK Computer Misuse Act outlines rules in sections 11, 12, and 13 to be used in carrying out proceedings for various computer offenses. Furthermore section 15 of UK Computer Misuse Act has outlined under what circumstances a suspected person may be extradited. Section 17 of the UK Computer Misuse Act has provisions outlining methods of interpretation while carrying proceedings of offenses under this Act. Finally, the UK Computer Misuse Act 1990 has provisions that exempts or integrates some particular offenses which by and large is lacking in the Saudi Anti-Cyber Crime Law of 2007.
It is therefore my opinion, based on the above arguments, that UK Computer Misuse Act 1990 leaves no room for ambiguity compared to the Saudi Anti-Cyber Crime Law of 2007.
United Kingdom, Computer Misuse Act 1990.
Kingdom of Saudi Arabia, Anti-Cyber Crime Law 2007.