Cybercrime bill draws concerns on individual privacy, police power abuse

Tuesday, February 24, 2009
Issue 622, Page 2
Word count: 733
Published in: Macau Daily Times

By Poyi (Natalie) Leung

The bill to combat cybercrime was passed for the first reading yesterday at the Legislative Assembly. However, concerns were drawn on the provision that suggests special power to be given to police to seize criminal evidence without needing to get prior court orders.

Article 16 of the bill says that police authorities, “if have reasons to believe that certain computer data would help in criminal investigation, could exercise essential and urgent measures even before a court order is obtained.”

These “essential and urgent measures” include saving computer data such as routing or content data instantly and the internet service provider has to maintain the data’s integrity within a maximum period of 90 days; instantly searching and collecting routing data in suspects’ communication devices; to order an individual to hand computer data he or she owns or controls; and also to order a specific internet service provider to hand its customers profiles.

The provision also states that the police force has to inform judicial authorities to validate its actions “immediately after any of the above measures have been carried out.”

Secretary for Administration and Justice, Florinda Chan, and her cabinet yesterday attended the plenary meeting at the Legislative Assembly to present the content of the bill.

Lawmaker Ng Kuok Cheong first raised a question to the government asking what the justifications were in allowing police to seize people’s assets before getting a court approval.

Director of the Legal Affairs Bureau (DSAJ), Cheong Weng Chon, responded that they had taken into consideration the characteristics of cybercrime, including “the usually more difficult investigation and the fast dissemination of information or computer virus.”

“Thus we cannot overlook this type of crime nowadays,” Cheong said.

At the same time, the DSAJ director asserted that the “essential and urgent measures” would only give power to police to access and obtain someone’s routing data, such as his or her Internet Protocol address and network traffic information, excluding the content data which showed the person’s emails and hard disk content.

He also said that police could only order a person to “hand out” his or her computer data, adding the bill did not give them the power to “actually read the information” until a court order was acquired.

Meanwhile, lawmaker Jose Pereira Coutinho said the bill violated Article 32 of the Macau Basic Law as individuals’ privacy was “in serious jeopardy without proper judicial supervision.”

The article, in short, states that “The freedom and privacy of communication of Macao residents shall be protected by law.”

Coutinho also said that it would be a “subjective decision” to judge whether or not those critical measures had to be carried out.

“The provision doesn’t give any standards but instead allows police to exercise special power whenever they ‘have reason to believe’ in the necessity of their actions,” the lawmaker added.

Another lawmaker, Au Kam San, also urged the government to define in what specific circumstances “essential and urgent measures” should be implemented, as it would “prevent police from abusing power.”

Kwan Tsui Hang at the same time questioned the government of how to ensure impartiality when police were exercising their power and carrying out investigation.

She said that the provision should have room to revise during the deliberation process that followed.

Chan Kin Hong, the chief of the Judiciary Police IT-related crimes division, said at the Assembly that the exigency in collecting evidence for cybercrime was “more notable” than for any other type of crime.

“We always have to compete with time in order to recover data before it gets deleted, and the suspects are always hard to be located, and thus a lot of countries and regions have also given the same kind of special power to police,” Chan told the lawmakers.

Cybercrime is defined in the bill as to “improperly obtain or use computer data, improperly enter into a computer system, improperly intercept computer data, damage and interfere with computer data, as well as computer forgery and fraud.”

Offenders could be sentenced for up to 10 years in jail or be fined an equivalent amount.

On the other hand, the Assembly yesterday also passed the bill to lower the age of criminal responsibility to 14 when offenders cause death or severe bodily harm upon others, or carry out serious sexual violence.

The two bills have formally entered into the deliberation process which will be carried out by standing committees of the Assembly.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: