Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK)

Dr. Anwar M. S. Masadeh Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) Dr. Anwar M. S. Masadeh* * Assistant professor of criminal law, Law Dept. - Ahmad Bin Mohammad Military College, Doha, Qatar

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK)

Dr. Anwar M. S. Masadeh مكافحة جرائم نظم املعلومات من منظور تشريعي - دراسة مقارنة (قطر اإلمارات العربية املتحدة اململكة املتحدة) الدكتور أنور محمد صدقي المساعدة * 264 نظ ا ر لالزدياد المضطرد في عدد جرائم المعلوماتية المرتكبة في شتى أنحاء العالم فإن هذه الدراسة تظهر ضرورة تطوير وتعديل القوانين الجنائية لتواكب هذا التطور المتسارع في تكنولوجيا المعلومات. فالقوانين الجنائية التقليدية غير قادرة على التعامل مع كافة صور جرائم المعلوماتية مما قد يؤدي إلى إفالت مرتكبو هذه الجرائم من العقاب لعدم وجود النصوص الالزمة للتجريم والعقاب. وقد لفتت ظاهرة جرائم المعلوماتية انتباه العديد من المنظمات الدولية والدول في العالم فأسرعت إلى تعديل قوانينها العقابية أو إلى سن قوانين خاصة للتعامل مع هذا النوع من الجرائم. وتركز هذه الدراسة على أهمية التعاون التشريعي الدولي في سبيل مكافحة جرائم المعلوماتية والخطوة األولى في ذلك تقع على كاهل الهيئات التشريعية في الدول المختلفة بغية وضع األسس الالزمة إلصدار قواعد تجريمية خاصة بهذه الجرائم سواء من خالل تعديل القوانين الجزائية الموجودة أو من خالل إصدار قوانين مستقلة لذلك. وفي سبيل لفت النظر إلى أهمية هذا الموضوع فقد قامت هذه الدراسة بتناول الموضوعات التالية : تعريف جرائم المعلوماتية والتفريق بينها وبين جرائم الكمبيوتر النظريات المختلفة في تقسيم جرائم المعلوماتية صفات وخصائص جرائم المعلوماتية التي تميزها عن غيرها من الجرائم كما تطرقت الدراسة لالستجابة التي أولتها المنظمات الدولية المختلفة والعديد من الدول في العالم

) Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK لهذا الموضوع العقابي مع التركيز على مدى استجابة الهيئات التشريعية في عالمنا العربي لذلك ومدى التزامها بإصدار قوانين تتعامل مع جرائم المعلوماتية وضرورة قيام جامعة الدول العربية بإصدار قانون نموذجي لجرائم المعلوماتية حتى تستطيع بقية الدول االستنارة به. وأخي ا ر فقد قامت الدراسة بتناول ثالثة قوانين بالدراسة والتحليل قانون العقوبات القطري وقانون مكافحة جرائم نظم المعلومات اإلماراتي وقانون إساءة استخدام الحاسب اآللي اإلنجليزي وقد تم اختيار هذه القوانين كأمثلة على النماذج المختلفة التي انتهجتها الدول للتعامل مع جرائم نظم المعلومات. الكلمات الدالة : جرائم المعلوماتية جرائم الكمبيوتر قانون العقوبات قانون أصول المحاكمات الجزائية. 263

Dr. Anwar M. S. Masadeh Abstract This essay considers how criminal laws should change in response to the increasing number of criminal cases called cyber crimes. In a vibrant society, changes in technology should always trigger changes in law. Tradition criminal law will not be able to deal with modern cyber crimes; therefore criminals will escape punishment, since there are no rules to criminalize their actions. Many organizations and countries have modified their existing criminal laws, or instituted a complete cyber crime law, in order to deal with these crimes. This essay contends that globalization requires a high commitment of countries to collaborate with each other in combating cyber crimes. The first step lies on the shoulders of legislative bodies in each country. They have to lay the foundation for suitable laws in order to make these actions punishable. This could be done, either by modifying existing criminal law or by making a completely separate law to deal with cyber crimes. The main aim of this work is to draw attention to the importance of legislating cyber crimes. In order to achieve that this essay proceeds in the following parts; the definition of cyber crimes is declared, the differences between cyber crimes and computer crimes are distinguished, the features and classification are discussed, and finally a tour through different parts of the world is done to show the commitment of the countries in regulating these crimes. The essay concentrates on the response of Arab states towards legislating regulations to deal with 262

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) these specific types of crimes, and advises that the League of Arab States should settle on a model cyber crime law. Three laws were studied and analyzed, The Qatari penal law, The Emirates law of 2006 on The Prevention of Information Technology Crimes, and the UK Computer Misuse Act 1990. These laws are examples of three legislative policies dealing with cyber crimes. Keywords:Cyber crimes, Computer Crimes, Criminal Law, Criminal Procedures Law. Introduction: Crime is timeless, it has been here since society began and will be here forever. As long as society improves its safeguards, criminals will change their approaches. Traditionally, crimes were committed dependent on physical force, body muscles, and threatening instruments. Societies are changing, and the way of communicating between people has changed with the advent of the computer and internet. Nowadays it is easier to use a computer and the internet to commit a crime than it is to go car-jacking ( ). As with any new development, there is the possibility of misuse, and with the well-publicized occurrences of malicious acts such as viruses, worms and fraud over the Internet, there is a general acceptance that steps are required to control potentially harmful activities and protect users. There should be some control 261 (1) Balancing Act News Update, «Africa>s policies forces begin to gear up to fight cybercrime»,(2003), available at: www.balancingact-africa.com/news.

Dr. Anwar M. S. Masadeh over the various activities that are undertaken over the Internet ( ). In 2003, 82% of American companies surveyed by the Computer Security Institute, faced security problems and dealt with damages that were estimated at $27.3 million. Even though organizations already spend considerable amounts of money on safeguarding their information assets, according to surveys published by monitoring organizations such as the Computer Crime Research Centre in the U.S. (March 2004) there will be an increase in the information security market because of cyber criminality growth( ). This paper considers how criminal laws should change in response to the increasing number of criminal cases called cyber crimes. In a vibrant society, changes in technology should always trigger changes in law. Tradition criminal law will not be able to deal with modern cyber crimes; therefore criminals will escape punishment, since there are no rules to criminalize their actions. Many organizations and countries have noticed this concern and have modified their existing criminal laws, or instituted a complete cyber crime law, in order to deal with these crimes. (1) Soumyo D. Moitra, (2005). Developing Policies for Cybercrime: Some Empirical Issues, Eurropean Journal of Crime, Criminal Law and Criminal Justice Koninklijke, Brill NV. Printed in the Netherlands, Vol. 13/3, p 436. (2) Kanellis, Panagiotis. (2006). Digital Crime and Forensic Science in cyberspace. Hershey, PA, USA: IGI Global, p viii. For more detailes about the last number and events, see: 2010 Cyber Security Watch Survey: Cybercrime Increasing Faster than Some Company Defenses, January 25, 2010, http://www.crime-research.org/news/26.01.2010/3764/. 260

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) Research methodology This paper contends that globalization requires countries to collaborate with each other in combating cyber crimes. The first step lies on the shoulders of legislative bodies to lay the foundation for suitable laws in order to make these actions punishable. This could be done, either by modifying existing criminal law or by making a completely separate law to deal with cyber crimes. The main aim of this work is to draw the attention to the importance of legislating on cyber crimes. In order to achieve that, this paper proceeds in the following parts; the definition of cyber crimes is declared, the differences between cyber crimes and computer crimes are distinguished, the features and classification are discussed, and finally a tour through different parts of the world is done to show the commitment of the countries in regulating these crimes. Dealing with cyber crimes, countries throughout the world, could be classified into the following categories; the first category does not have any legislation on this issue and still depend on traditional penal laws, the second category has regulated it in its penal laws, and the third category has enacted specific laws in this regard. This study concentrates on three laws; The Qatari penal law as an example of the second category; The Emirates law of 2006 on The Prevention of Information Technology Crimes (PITC), and the UK Computer Misuse Act 1990 (CMA). The last two are 259

Dr. Anwar M. S. Masadeh examples of the third category. The United Arab Emirates (UAE) was the first country in the region that adopted such legislation; the UK law was recently amended, in accordance with the European Convention on cyber crime, by The Police and Justice Act 2006 Chapter 48 which came into force on October 1, 2008( ). At the end of this study we will reach a conclusion which answers this question; Is the way which Qatari legislatures adopted in penal law enough to face cyber crimes? Or is a special law for this issue is required. Hoping that this paper will assist Qatari legislatures and coming researchers regarding this topic. 1. Cyber crime versus computer crime in cyber space Most people are confused about the difference between cyber crime and computer crime. Even cyber crime authors do not always appropriately separate the terms( ). Therefore, before examining details of computer-crime victimization, it is necessary to define the difference between cyber crime and computer crime. Computer crimes generally include crimes whose perpetrators utilize a computer or computers to commit them, and cybercrimes are those crimes that involve a computer network ( ). In general, special computer operating skills are not required to (1) United Nations resolution in May 13, 2005 includes that: In determining the strength of new legislation, States should be encouraged to be inspired by the provisions of the Council of Eurrope Convention on Cybercrime. (2) Kyung-shick Choi, (2008). An Empirical Assessment of an Integrated Theory of Computer Crime Victimization, International Journal of Cyber Criminology, January-June, Vol 2 (1), p 309. (3) Soumyo D. Moitra, (2005). Developing Policies for Cybercrime: Some Empirical Issues, Eurropean Journal of Crime, Criminal Law and Criminal Justice Koninklijke Brill NV. Printed in the Netherlands, Vol. 13/3, p 439. 258

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) commit cyber crime. For example, in cyber crime, a suspect and a victim may communicate via Web based chat-rooms, Microsoft Network messenger (MSN), or e-mail. Once the criminal gains the potential victim s trust, the criminal is in the position to commit a crime against the victim. In this case, even though the Internet probably assisted the suspect in communicating with the victim, it does not mean that the technology or the Internet caused the crime( ). Moreover, there are certain crimes in which computing and communications technologies facilitate the commission of the offense but are not essential to its commission. An example of this is a case of child sexual abuse ( ). The accused approached an underage girl on the Internet, met her and her friends and sister, and had sexual encounters for which he paid. Pictures of child pornography were found at his home. The accused pleaded guilty to seven counts of performing an indecent act with a child under 16, five counts of performing an indecent act in the presence of a child under 16, two counts of causing a child to take part in prostitution, two counts of production of child pornography, and one count of possession of child pornography. He claimed he did not know that the pictures were of under-age children. A psychologist found him not to be a pedophile and in no danger of reoffending. Although the defense argued that 257 10 (1) Casey, E. (2000). Digital evidence and computer crime. London: Academic Press, pp 8-9. (2) Australia, County Court of Victoria, Melbourne, 26 September 2003. Found at: www.heraldssun.news.com.au.

Dr. Anwar M. S. Masadeh the accused was genuinely remorseful, the court considered him to show no remorse. The defense also stated that the girls consented to the indecencies. (The accused said he did it as a way to give them money and cigarettes, which they would otherwise have stolen). The court said that this method of production of child pornography negates the argument that its possession harms no one. He was sentenced to eight years imprisonment with a non-parole period of six years ( ). In this case the computer was used to facilitate the crime, but it wasn t the main instrument of it, in that the crime could be committed without using the computer. This case would be considered a cyber crime, but not a computer crime. The computer crimes usually require more than a basic level of computer-operating skill for offenders to successfully procure victims. Illegal access to a computer system, damaging and deleting computer data without right, and misuse of devices are examples of computer crimes. (1) Australian state of Queensland, the Criminal Code (s. 218A) prohibiting the use of the Internnet or e-mail to procure or groom children for sexual contact, and the punishment of that will be five years imprisonment if the child is under 16 years old. This article was used in a case when a child under 16 has been used to charge a man after he allegedly sought sexual contact with a chat room visitor he believed was a 13-year-old girl, Wenham, M. 2004, Child-sex trap snares first Net predator, Courier Mail, 15 January 2004. Found at: http://www.news.com.au. Reccently, in 2008 many children, as young as 10, are being blackmailed online by sexual predators, who are using this new tactic to groom their victims for child abuse. The victims are blackmailed into providing intimate details and images of themselves under the predatory tactics. In June 2008 more than 120 Queenslanders were charged with downloading child pornography offences after one of Australia s largest stings. For more details, see: Charles Miranda, Child sex predators use blackmail tactic over internet, November 01, 2008. Found at: http://www.news.com.au. 256 11

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) In computer-assisted crimes, a computer does not need to play a major role. It can merely be the tool that is used by the suspect that assists in facilitating the offense such as fraud or a confidence scam ( ). In fact, offenders who commit a cyber crime or a computer crime are both contacting this new place, cyber-space, which is a realm different from the physical world, and which has different jurisdictions and different laws that we can apply ( ). 2. Definition Despite the fact that the word Cyber crime has entered into common usage, many people would find it hard to define the term precisely. Furthermore, there is no catchall term for the tools and software which are used in the commission of certain online crimes ( ). Moreover, cyber crime occurs in a wide variety of scenarios and environments, thus making it difficult to specify and document. One of the main difficulties facing legislatures is vague definitions while penal law should be precise and harmonized with current rule of law (the principle of legality). The rule of law requires that no crime shall be created or punishment be imposed except as provided in penal law. 255 12 (1) Kyung-shick Choi, Op.Cit, p 309. (2) Carter, L. D. and Katz, J. A. (2004). Computer crime: An emerging challenge for law enforcemment, Found at: http://www.sgrm.com. (3) Gordon, Sarah and Richard, Ford (2006). On the definition and classification of cybercrime, Journal in Computer Virology, Springer-Verlag, France, p 13.

Dr. Anwar M. S. Masadeh Going through the three comparative laws in our study, a definition for this term was not found, the laws concentrate on criminalizing acts more than definitions. However, they define some terms relating to cyber crimes, to make it clearer for enforcement. Qatari Penal law, in the section deals with computer crimes, defines two terms; Article 370 defines an Electronic Information System as a group or groups of software and devices for processing and managing electronic data, whether represented in the memory of the computer, or programs, or units of input or output, or communication that contribute to achieving a particular result, and article 376 defines Virus as a program registered, or planted on the disks, or CDs of computer, and remains idle for a specific period, then suddenly activates itself for exercising influence to a computer, or programs, or data stored there. PITC Emirates law includes that Electronic Information means any information stored, processed, generated and transmitted by an information technology device in the form of text, images, sounds, numbers, letters, codes and signs or otherwise. This law has specified also the meaning of; Information Program, Electronic Information System, The Information Network/ the Internet, Electronic Document, Website, Information technology device, and Government Data. UK CMA starts with this statement: An Act to make provision for securing computer material against unauthorized 254 13

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) access or modification; and for related purposes. This act does not contain a specific definition. Obviously, no definitions for the term of cyber crime were found in laws. Actually it is not the mission of laws to coin definitions for legal terms, and it is not so important in enforcing law either. To precise the elements and ingredients of crimes is the most important. I believe making definitions is an academic issue, rather than legislative. The study tries to examine the definition, nature and scope of cyber crime, so we can move further in this concern. The term cyberspace was first coined by William Gibson in his novel Neuromancer (1984) to describe a high-tech society in which people inhabit a virtual world divorced from terrestrial life. It has since been used in a wide range of contexts to describe almost anything to do with computers, communications systems, the Internet, or, indeed, life in the twenty-first century ( ). In dealing with the word cyber crime, we find that there is, at present, a wide range of adjectives used to describe it, such as: computer crime virtual, online, digital, high-tech, computerrelated, Internet-related, tele-communications related, computerassisted, electronic, and e-crime ( ). 253 14 (1) Chatterjee, B. B. (2001). Last of the Rainmacs: Thinking About Pornography in Cyberspace, in Wall, D. S. (ed.), Crime and the Internet, Routledge, London, p. 81. (2) Smith, Russell, Peter Grabosky, and Gregor Urbas, (2004). Cyber Criminals on Trial. West Nyack, NY, USA: Cambridge University Press, p 5.

Dr. Anwar M. S. Masadeh Based on historical foundations ( ), this author will use the term cyber crime as: a crime in which a computer was the tool for a crime s commission, or a computer was the object of the offense, or the crime was committed with the aid of communication devices in a network. 3. Features of cyber crimes In analyzing the above definitions, we find that cyber crimes have specific features that distinguish it from other crimes. One key feature is that a cyber crime often takes place across jurisdictional boundaries. Russell states that cyberspace is divorced from terrestrial life, existing in digital data streams that are transmitted via telephone lines and satellites. The use of the Internet and other networked services clearly make such activities possible and create jurisdictional questions about the most appropriate place for legal proceedings ( ). Many theories were developed to clarify the main differences between cyber crimes and traditional crimes, most of them agree about some main ideas which are ( ): (1) Definitions include but are not restricted to : Krone, T. (2005). High tech crime brief, Australlian Institute of Criminology, Canberra, Australia. See also: Thomas, D. and Loader, B. (2000). Introduction Cyber crime: Law enforcement, security and surveillance in the information age, Routledge, London, p3. Trawler, Project (1999). National Criminal Intelligence Service: Crime on the Information Highways, NCIS, London, found at: /www.cyber-rights.org/documents. Crang M., Crang, and May J. (2001).Virtual Geographies, Routledge, London, p 5. Craig J. Blakeley, cybercrime law, International best practises, Doha Information Security Conference, Doha, June 10-11, 2008. (2) Russell. OP.Cit. p 12. (3) For all details about that see: Jaishankar, K. (2008). Space Transition Theory of cyber crimes. In Schmallager, F., & Pittaro, M. Eds. Crimes of the Internet, Upper Saddle River, NJ: Prentice Hall, pp.283-301. 252 15

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) Some persons, with criminal behavior might commit crimes in cyberspace, which they would not commit in physical space, due to their status and position. Criminal behavior of offenders in cyberspace is likely to be imported to Physical space. Intermittent ventures of offenders into the cyberspace and the dynamic spatio - temporal nature of cyberspace provide the chance to escape. (a) Strangers are likely to unite together in cyberspace to commit crime in the physical space. (b) Associates of physical space are likely to unite to commit crime in cyberspace. Persons from closed society are more likely to commit crimes in cyberspace than persons from open society. The conflict of Norms and Values of Physical Space with the Norms and Values of cyberspace may lead to cyber crimes. 4. Classification of cyber crimes In classifying cyber crimes, a comparative approach will be conducted when studying the relevant laws of Qatar, UAE and UK, besides two selected academic models, and a judicial model. 4.1 Classification of cyber crimes in comparative laws 4.1.1 Qatari Penal law (11-2004) Since Qatar has no specific law concerning cyber crimes, all these crimes are found in Section 5 of Part 3 of penal law, Qatari legislature set these crimes under the title of Computer Crimes, in the Part of Crimes against properties in the articles (370-387). 251 16

Dr. Anwar M. S. Masadeh These crimes were not categorised or classified. Qatari legislature tries to list most cyber crimes, such as: Illegal access to a computer system, illegal damaging, deletion, deterioration, alteration or suppression of computer, hindering without the right of functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data. 4.1.2 PITC Emirates law (2-2006) PITC law consists of 29 articles, first article comes under the title of definitions, and the rest have no title. Nevertheless, in the course of going through these articles, it could be classified into three groups; First group: the use of digital technologies in the commission of cyber crimes. This category includes these offenses; illegal access to a website or Information System (article No.2), forging an official document that is legally recognized in an Information System (article No.4), hindering or delaying access to a service, system, program or database (article No.5), procuring, facilitating or enabling the modification or destruction of medical records (article No.7), intentionally and unlawfully eavesdrops, or receives or intercepts communication transmitted (article No.8), using the Internet or an information technology device to unlawfully access the number or details of a credit card or other electronic card (article No.11), offenses against the privacy of an individual s private or family life (article No.16), and money laundering offenses (article No.19). 250 17

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) Second group: Offenses against communications technologies themselves This category includes the following offenses; using the Internet or an information technology device in order to disable, disrupt, destroy, wipe out, delete, damage, or modify programs, data or information on the Internet or an information technology (article No.6), illegal login to an Internet website in order to change, delete, destroy, or modify its design or take over its address (article No.14), and illegal accesses a website or system, directly or through the Internet or an information technology device, for the purpose of obtaining, deleting, damaging, destroying or disclosing Government data or information that is confidential in nature or confidential pursuant to directives (article No.22). Third group: Traditional offenses supported by communications technologies This category includes the following offenses; using the Internet or an information technology device to threaten or blackmail others to act or omitting to act (article No.9), using Internet or an information technology device to appropriate for himself or others moveable property or procures a deed or signature upon deed, using deception, a false name or impersonation with intent to defraud the victim (article No.10), arranging, sending or storing with intent of using, circulating or offering, through the Internet or an information technology device, information that is contrary to public morals or 249 18

Dr. Anwar M. S. Masadeh operates a venue for such purpose (article No.12), inciting luring or assisting a male or female into committing an act of prostitution or fornication by means of the Internet or an information technology device (article No.13), offenses against Islam and Shari a and other religions (article No.15), setting up a website or publishing information on the Internet or an information technology device for the purpose of conducting or facilitating human trafficking (article No.17), setting up a website or publishing information on the Internet or an information technology device for the purpose of selling or facilitating the trade of narcotics and mind altering substances (article No.18), setting up a website or publishing information on the Internet or an information technology device for a group engaged in facilitating and promoting programs and ideas contrary to public order and morals (article No.20), and setting up a website or publishing information on the Internet or an information technology device for a terrorist group using pseudonyms to facilitate contact with its leaders or members, promote its ideas, Providing financial support to such groups or publishing knowledge related to the manufacture of incendiary, explosive and other devices used in terrorist activities (article No.21). 4.1.3 UK CMA The Act identifies three specific offenses, which are: First; Unauthorised access to computer material It is the unauthorised causing a computer to perform any 248 19

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) function with intent to secure access to any program, or data held in any computer, or to enable any such access to be secured (article 1). This offense include different kinds of conducts such as, using another person s identifier (ID) and password without proper authority in order to use data or a program, or to alter, delete, copy or move a program or data. Second; Unauthorised access with intent to commit or facilitate commission of further offenses It is the same as first offense, but it is committed with intent, or to facilitate the commission of such an offense (whether by himself or by any other person); and a person may be guilty of an offense under this section even though the facts are such that the commission of the further offense is impossible (article 2). This would include: gaining access to financial or administrative records, but intent would have to be proved. Third; Unauthorised modification of computer material It is an unauthorized act with intent to impair or with recklessness as to impairing, operation of computer, etc. when a person does any unauthorised act in relation to a computer, at the time when he knows that it is unauthorised. This would include: destroying another user s files; modifying system files; creation of a virus; introduction of a local virus; introduction of a networked virus; changing examination results; and deliberately generating information to cause a complete system malfunction. 247 20

Dr. Anwar M. S. Masadeh 4.2 Academic models of Cyber crimes classification Two academic cyber crimes classification will be examined; the model of Russell ( ) in his book Cyber Criminals on Trial, and the model of Gordon and Ford ( ) in their book On the definition and classification of cyber crime. 4.2.1 First Model: Russell ( ) classified the conducts which could be proscribed as cyber crimes into three groups: Involves the use of digital technologies in the commission of the offense; such as cases involving dissemination of offensive material electronically, online fraud and financial crime, electronic manipulation of share markets, and the dissemination of misleading advertising information, to name but a few. Also included are traditional crimes such as fraud or deception in which the involvement of computers constitutes a statutory aggravating element. Is directed at computing and communications technologies (1) Smith Russell: Deputy Director of Research at the Australian Institute of Criminology. He is co-author of the books Electronic Theft: Unlawful Acquisition in Cyberspace and Crime in the Digital Age. Peter Grabosky, Professor in the Regulatory Institutions Network at the Australian National University, and current Deputy Secretary General of the International Society of Criminnology. Gregor Urbas, a Lecturer in Law at the Australian National University and a former Ressearch Analyst at the Australian Institute of Criminology. With Russell Smith, he is a co-author of Controlling Fraud on the Internet. (2) Sarah Gordon: is a computer security researcher, responsible for early scientific and acaddemic work on virus writers, hackers, and social issues in computing, She was among the first computer scientists to propose a multidisciplinary approach to computer security. Known primarily for work relating to people and computers. Richard Ford: Research Professor, Florida Institute of Technology, Department of Computer Sciences. (3) Russell. Cyber Criminals on Trial. Op.Cit. p 7. 246 21

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) themselves; such as: unauthorized access to computers and computer networks (so-called hacking or cracking ), crimes involving vandalism and invasion of personal space, such as cyber stalking and denial of service attacks, and theft of telecommunications and Internet services. Is incidental to the commission of other crimes; such as: conduct that has been described as computer-supported crime ( ). This includes the use of encryption (the translation of data into secret code) or steganography (in which information is embedded within other, seemingly harmless data such as pictures) to conceal communications or information from law enforcement. It also includes the use of electronic databases to store and to organize information concerning proposed or completed criminal activities. In this classification Russell described cyber crime as entailing conduct prescribed by legislation and/or common law as developed in the courts. 4.2.2 Second Model: Classification by Gordon and Ford ( ) places cyber crime into three groups: Type one; in this type Gordon and Ford adopted the definition of cyber crime by: The Council of Europe s Cyber Crime Treaty, which uses the term Cyber crime to refer to offenses against data, 245 22 (1) Kowalski, M. (2002). Cyber Crime: Issues, Data Sources and Feasibility of Collecting Police Reported Statistics, Canadian Centre for Justice Statistics, Ottawa, p. 6. (2) Gordon and Ford, (2006). OP.Cit, p p 14-16.

Dr. Anwar M. S. Masadeh and content and copyright infringement. They believe this type has the following characteristics: 1. It is generally a singular, or discrete, event from the perspective of the victim. 2. It often is facilitated by the introduction of crime ware programs such as keystroke loggers, viruses, root kits or Trojan horses into the user s computer System. 3. The introductions can, but may not necessarily be, facilitated by vulnerabilities( ). Type Two: In this type of cyber crime Gordon and Ford adopted the Zeviar-Geese opinion ( ), who suggested that the definition of cyber crime is broader, including activities such as fraud, unauthorized access, child pornography, and cyber talking. They believe that these types of crimes are more technical in nature, and have these characteristics( ); (1) An example of this crime is: 1. The user goes online to perform a task, i.e. access the WWW, or read/reply to e-mail. 2. User takes action which then allows the criminal access to informattion (entering personal information on the look-a-like site, (or) clicks on some object resulting in the download of a Trojan or keystroke logger. 3. This information is used by the attacker. 4. The user becomes aware of the crime this is the single event from the perspective of the user. This usually occurs much later in the lifecycle of the Cybercrime. 5. The crime is investigated and resolved. For more details see: Ibid, p 14. (2) For the details of this issue see: Zeviar-Geese (1997 1998). The state of the law on cyber jurisdiction and cybercrime on the internet, California Pacific School of Law, Gonzaga Journal of International Law, vol. 1. (3) A case of this type of crime is: (). 1. User(a) goes online to see what she can find out about llama farming. 2. User(a) decides to participate in on-line forum about llama farming. 3. User(b) sees User(a), watches her participation in the forum for several days, responds to some of her comments. 4. User(b) then sends a request for private chats using a common Instant Messagiing client. 5. User(a), being familiar with User(b) via the on-line forum, responds positively and they begin to chat daily as well as participate in the Forum. This is a period known as instilling trust. 6. After several interactions User(a) reveals that she is single, likes llamas, has a quarter of a million dollars available to start a llama farm, and that she likes to go to concerts. She tells 244 23

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) 1. It is generally facilitated by programs that do not fit under the classification crime ware. For example, conversations may take place using IM (Instant Messaging) clients or files may be transferred using the File Transfer Protocol (FTP). 2. There are generally repeated contacts or events from the perspective of the user. Type Three: In this type of cyber crimes Gordon and Ford perceive the United Nations Manual on the Prevention and Control of Computer Related Crime includes fraud, forgery, and unauthorized access in its cyber crime definition( ). 4.3 A Judicial model of cyber crimes classification Chief Judge Stein Schjolberg( ) outlined cyber crime offenses as; offenses against the information technology infrastructure and 243 24 him her real name is Jenny. 7. User(b) asks User(a) to meet in person and go to a concert. 8. User(a) becomes suspicious when User(b) will not give his contact information other than online information,and she refuses. 9. User(b) becomes irrational and begins to post false claims against User(a) in the on-line forum, accusing her of fraud, and of being there to pick up men, not to find others interested in llamas. He posts her home number. He also goes onto other forums posing as User(a), and leaves messages asking for dates leaving her real phone number and real name.10. User(a) tries to defend herself in the Forum, and asks User(b) privately to stop, using IM. She begins to get numerous e-mails about the dates she requested and realises then that someone is impersonating her online. She confronts User(b) with her suspicions. 11. User(b) becomes more irrational and begins to make hang-up and harassing phone calls to User(a). User(a) becomes afraid for her safety. 12. The telephone company and the local police become involved. 13. User(a) files charges against User(b), who is, it is later learned, a former childpornographer with links to organized crime, under investigation for the disappearance of three women he allegedly met on the Internet. For more details see: Ibid, pp 14-15. (1) For more details about this definition see; United Nations: The united Nations manual on the prevention and control of computer related crime, 1995, supra note 41, paragraphs 20 to 73 in International Review of Criminal Policy, pp. 43 44. (2) Stein Schjolberg: Chief Judge Stein Schjolberg, Moss Tingrett, Norway is an international expert on cybercrime and one of the founders of the harmonization of national criminal law on computer crime. He organized the first global survey on computer crime legislation in cooperattion with Interpol in 1981 and has published widely on computer crime and cybercrime law, he is the editor of the site: www.cybercrime Law.net and the site of: www.globalcourts.com.

Dr. Anwar M. S. Masadeh classified the crime as; Illegal access: the access to the whole or any part of a computer system without right. Illegal interception: the interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system Data interference: the damaging, deletion, deterioration, alteration or suppression of computer data without right system interference: the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data. Misuse of devices, Forgery and Fraud. 4.4 Discussion The differentiation of Cybercrime types is extremely important. It provides researchers with a common language, necessary for sound collaboration and meaningful discussion. As a result a model law listing the kinds and categories of cyber crimes rises as a valuable and important need. 4.4.1 Qatari penal law assigns a section for cyber crimes; this section contains 17 articles dealing with kinds of these offenses, Qatari legislature should think soon of putting a comprehensive law for cyber crimes. Qatari penal law does not include traditional offenses, 242 25

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) which could be committed with support of information technology and computers, in this section. It is a correct policy, if it is done as part of a comprehensive plan, and I agree with that, in view of the fact crimes are defined in terms of the end result, not how that result was brought about. Murder is the taking of a human life without justification whether done with a knife, a gun, a stone, etc. ( ), child pornography is the visual representation of minors under the age of 18 engaged in sexual activity, and fraud is a deception deliberately practiced in order to secure unfair or unlawful gain. In these offenses, and all other traditional offenses, result is the focal point, the means in which the offense committed by is an insignificant point. Internet, computers and information technology are examples of such means. 4.4.2 PITC Emirates law listed many cyber crimes in a consecutive way without an obvious or organized method or classification. PITC law tries to cover all types of crimes, and to clarify its elements and ingredients. This goes with the rule of law, which requires the government to exercise its power in accordance with well-established and clearly written rules, regulations, and legal principles. Accordingly, no one shall be punished if he does not commit the exact act written in the law. I suggest three categories PITC law could take into consideration. 241 26 (1) I believe that information technology could be used to commit murder i.e. sending an e-mail to somebody telling him false tragic news with intent to kill him, while the offender knows that person will not be able to carry the news beacuse he suffers from chronic heart disease (heart attacks). The e - mail was a mean to commit murder, exactly like the gun or the knife.

Dr. Anwar M. S. Masadeh 4.4.3 UK CMA categorises cyber crimes into three main groups, these groups include all kinds of cyber crimes that might be committed. I believe this way covers any possible act that may emerge in the future, since information technology and uses of internet and computer are progressing rapidly. Technology evolves faster than the law does, which makes it the responsibility of legislatures to improve laws, which deal with current technology. I still believe that this is the proper way to deal with cyber space. 4,4,4 Academic classification of cyber crimes reflects the points of view of academics, depending on their searches and studies, the previous models gave selected models of law scholars. These views are considered as a fortune that can be used by legislatures, jurists and researchers. On the contrary, judicial classification of cyber crimes comes after a long experience in dealing with such cases and offenses in courts, it could be useful, since it is mostly close to the reality and what happened, but not what is expected to happen. 5. International Legislative Response towards Cyber Crimes As cyber crimes are of current origin and affect the whole world, all regional organizations have called upon legislatures to draft laws dealing with these crimes; most countries started to do so. Below are selected examples of how different countries approached this task. 240 27

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) 5.1 Efforts of United Nations United Nations alerted states about the importance of putting special laws to deal with cyber crimes. Many Resolutions on combating the criminal misuse of information technologies were adopted by the General Assembly ( ), the 13th of May 2005 resolution included ( ): International cooperation at all levels should be developed further. Because of its universal character, the United Nations system, with improved internal coordination mechanisms called for by the General Assembly, should have the leading role in intergovernmental activities to ensure the functioning and protection of cyberspace so that it is not abused or exploited by criminals or terrorists. In particular, the United Nations system should be instrumental in advancing global approaches to combating cybercrime and to procedures for international cooperation, with a view to averting and mitigating the negative impact of cybercrime on critical infrastructure, sustainable development, and protection of privacy, e-commerce, banking and trade. All States should be encouraged to update their criminal laws as soon as possible, in order to address the particular nature of cybercrime. With respect to traditional forms of crime 239 28 (1) See: Schjolberg, S., & Hubbard, A.M. (2005). Harmonizing National Legal Approaches in Cybbercrime, International Telecommunication Union, WSIS Thematic Meeting on Cybb bersecurity, Geneva, 28 June-1 July. (2) See: http://www.crime-research.org/news/13.05.2005/1225.

Dr. Anwar M. S. Masadeh committed through the use of new technologies, this updating may be done by clarifying or abolishing provisions that are no longer completely adequate, such as statutes unable to address destruction or theft of intangibles, or by creating new provisions for new crimes, such as unauthorized access to computers or computer networks. Such updating should also include procedural laws (for tracing communications, for example) and laws, agreements or arrangements on mutual legal assistance (for rapid preservation of data, for example). In determining the strength of new legislation, States should be encouraged to be inspired by the provisions of the Council of Europe Convention on Cybercrime. The most active UN-institution in reaching harmonization on global cyber security and cyber crime legislation is the International Telecommunication Union (ITU) in Geneva. A World Summit on the Information Society WSIS (from 16 to 18 November 2005) was held in Tunis, The Tunis Agenda, paragraph 42 and 40, reads as follows( ): Paragraph 40: We call upon governments in cooperation with other stakeholders to develop necessary legislation for the investigation and prosecution of cyber crime, noting existing frameworks, for example, UNGA Resolutions 55/63 and 56/121 on Combating the criminal misuse of information technologies (1) see the page of WSIS on the International Telecommunication Union website: www.itu.int/ wsis/docs2/pc3/working/dt10rev5.doc. 238 29

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) and regional initiatives including, but not limited to, the Council of Europe s Convention on Cyber crime. Paragraph 42: We affirm that measures undertaken to ensure Internet stability and security, to fight cyber crime and to counter spam, must protect and respect the provisions for privacy and freedom of expression as contained in the relevant parts of the Universal Declaration of Human Rights and the Geneva Declaration of Principles. 5.2 Cyber crime Legislations in Europe The Council of Europe has put the Convention on Cyber crime as a treaty on 23rd of November 2001 and opened it for signatures. The council considered this convention as an example of legal measures realized as a regional initiative and requested that: countries should complete its ratification, or consider the possibility of acceding to the Convention of Cyber crime. Other countries could use the Convention as a guideline, or as a reference for developing their internal legislation. Countries could implement the standards and principles it contains, in accordance with their own legal system and practice. The Convention recognized the desirability to extend the safeguards for everyone s rights and fundamental freedoms, and in particular the right to the respect for privacy, taking account of the increasing flow across frontiers of personal data undergoing automatic processing, and the necessity to reconcile the 237 30

Dr. Anwar M. S. Masadeh fundamental values of the respect to privacy and the free flow of information between peoples. The Convention covers the protection of personal data in both the public and private sectors. The Convention has been widely accepted as a landmark, providing for both the substantive and procedural legal frameworks, both the domestic and international level of countermeasures, so as to achieve higher effectiveness in fighting against cyber crimes ( ). At the 2005 Conference on Cyber crime, the Council of Europe expressed concern about the fast-increasing threats and serious social and economic results of cyber crime including terrorist activity on the Internet. The conference noted that most cyber crime is international cyber crime, recognized the need for effective and compatible laws and tools to enable efficient cooperation to combat cyber crime, called upon public and private cooperation, and encouraged access to the Convention on Cyber crime ( ). In examining some European countries to see the commitment of enacting laws concerning cyber crimes, the following table provides some examples. (1) Xingan Li, (2007). International Actions against Cybercrime: Networking Legal Systems in the Networked Crime Scene, Webology, Volume 4, Number 3. Found at: http://www.webology. ir/2007/v4n3/a45.html. (1) Ibid. 236 31

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) Country Response Belgium The Belgium Parliament has in November 2000 adopted new articles in the Criminal Code on computer crime, in effect from the 13th of February 2001(1). The National Assembly adopted on the 13th of Bulgaria Canada Denmark France 235 32 September 2002, an amendments in the Penal Code by adding A new Chapter on Cyber crime (2). Amendments in 2003 took place in Canadian Criminal Code to deal with cyber crimes (sections 342.1, 342.2, and 430) (3) On the 19th of May 2004 The Parliament of Denmark adopted a bill about IT crime. As a result an amendment took place to penal code (sections: 193 and 263)(4). Penal Code Amended by Law no.2004-575 of June 21, 2004, entered into force on June 23, 2004. (Articles: 323.1, 323.2, 323.3, 323.3.1, and 323.4)(5). Germany German penal code punishes on these crimes according to sections: 202.a, 303.a and 303.b. besides a new cyber crime law which entered into force on the 11th of August 2007 (6). Hungary Hungary ratified the Council of Europe Cyber crime Convention on the 4th of December 2003(7). Italy The Senate of the Italian Parliament has on27th of February 2008 approved and ratified the Convention on Cyber crime (8).

Dr. Anwar M. S. Masadeh 5.3 Cyber Crime Legislations in USA In 1984, in an effort to combat what was described as a growing wave of computer crime. Congress passed what was known as The Counterfeit Access Device and Computer Fraud and Abuse Act (CFAA). This initial legislation focused on criminal acts and was limited to a relatively narrow class of government operated computers. Under the terms of the Act, it was a felony to knowingly access a computer without authorization in order to obtain classified defense information ; it was a misdemeanor to knowingly access a computer without authorization in order to obtain information in a financial record... or in a consumer file if those acts detrimentally affected the government ( ). As damage to companies increased due to the clandestine efforts of individuals outside the companies and disgruntled employees within, Congress amended the Act in 1986, 1994, 1996, 2001, and 2002 to expand protections to computers and information in the private sector. Congress also beefed up the penalty provisions in the Act and added civil remedies ( ). The Ministers of Justice or Ministers or Attorneys General of the Americas in the Organization of American States (OAS) recommended in Peru in 1999 the establishment of a group of governmental experts on cyber crime. At a meeting in Trinidad and Tobago in 2002 recommendations were adopted giving the Group of Experts the following mandate: (1) For more information see: Bradley C. Op.Cit. pp 17-26. (2) James M. Thomas, (2007). The Computer Fraud and Abuse Act: A Powerful Weapon vs. Unffair Competitors and Disgruntled Employees, 2 In-House Defense Quarterly, Chicago, p.10. 234 33

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) To consider the preparation of pertinent inter-american legal instruments and model legislation for the purpose of strengthening hemispheric cooperation in combating cyber crime, considering standards relating to privacy, the protection of information, procedural aspects, and crime prevention. In 2004, the Fourth Plenary Session of the Organization of American States General Assembly passed the resolution on Adoption of a Comprehensive Inter-American Strategy to Combat Threats to Cyber security: A Multidimensional and Multidisciplinary Approach to Creating a Culture of Cyber security proposing that an effective cyber security strategy must recognize that the security of the network of information systems that comprise the Internet requires a partnership between government and industry( ). On the 9th of February 2009, the President of United States Barack Obama has directed the National Security and Homeland Security Advisors to conduct a review of the plan, programs, and activities underway throughout the government dedicated to cyber security, including new regulations to combat cyber crime( ). US Vice President Joe Biden gave a presentation at the 45th Munich Conference on Security Policy on February 7. Among many issues he emphasized the need to tackle terrorism and cybersecurity ( ). Moreover, there are many federal statutes in the USA that can be used to prosecute computer criminals ( ). 233 34 (1) Xingan Li, Op.Cit. (2) See: White House website: http://www.whitehouse.gov. (3) See: council of foreign relations website: http://www.cfr.org. (4) Some of it are: 15 USC 1644, prohibiting fraudulent use of credit cards. 18

Dr. Anwar M. S. Masadeh 5.4 Cyber crime Legislations in Asia The Ministers and Leaders of the Asia Pacific Economic Cooperation (APEC) have at a meeting in 2002 made a commitment to: Endeavor to enact a comprehensive set of laws relating to cyber security and cyber crime that are consistent with the provisions of international legal instruments, including United Nations General Assembly Resolution 55/63 (2000) and Convention on Cyber crime (2001) by October 2003. A Chair s Report of the Telecommunications and Information Working Group was presented to the Seventh APEC Ministerial Meeting in Bangkok on April 23, 2008, including Security issues and cyber crime projects. A review of some countries in Asia shows the following legislative actions: USC 1029, prohibiting fraudulent acquisition of telecommunications services. 18 USC 1030, prohibiting unauthorized access to any computer operated by the U.S. Government, financial institution insured by the U.S. Government, federaally registered securities dealer, or foreign bank. 18 USC 2510-11, prohibiting interception of electronic communications. 18 USC 2701, prohibiting access to communications stored on a computer (i.e., privacy of e-mail). For more details see: Dr. Ronald B. Standler website: http://www.rbs2.com. 232 35

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) country Response India India started legislating these kinds of crimes since 2000, when they laid down the Information Technology Act, 2000 (9). On 21 April 2008, after being approved by the Indonesia House of Representatives, the government of Indonesia enacted Law No 11 of 2008 regarding Information and Electronic Transactions(10). Japan Unauthorized Computer Access Law (Law No. 128 of 1999) was enforced on the 13th of February 2000(11). China Cyber crime was until recently governed by three articles added to China s criminal code in 1997. The laws are considered out of date and «failed to correlate proportionately with the tremendous social harm» caused by cyber crime (12). 5.5 Cyber crime Legislations in Africa The East Africa region includes Tanzania, Kenya and Uganda, while the Southern African Development Community (SADC) region includes Zambia, Zimbabwe, South Africa, Malawi and Mozambique. The SADC region started harmonizing cyber crime laws in 2006 to deal with cross-border criminals. The new laws allow member countries to prosecute cybercriminals despite where the 231 36 crime was committed in the SADC region. However, progress has

Dr. Anwar M. S. Masadeh been slow in several countries, such as: Kenya ( ) and Uganda ( ) who have not proposed draft laws to their respective parliaments ( ). Mauritius ( ), South Africa ( ) and Zambia ( ) have adopted cyber crime legislation. Botswana finally has a cyber crime law. Passed by Parliament in December 2007 and signed into law by President Festus Mogae later in the same month ( ). 5.6 Cyber crime Legislations in Arab Countries Several countries in the region have adopted electronic laws since 2000. However, these laws were not comprehending the whole aspects of a cyber crime law, as it was concentrating on some issues, such as: electronic contracts, electronic signature etc. The Gulf Cooperation Council (GCC) involving Bahrain, Kuwait, Oman, Qatar, KSA and UAE held a conference in Abu Dhabi in June 2007, The conference recommended that GCC countries... make a treaty on cyber crimes ( ). (1) Muthoga Kioni, Cyber crime- anew vice on the horizon, August 7, 2008. Found at the website of The Kenyan ICT Sector at: http://kenya-byte.blogspot.com. (2) David Bakibinga, Cyber Crime in Uganda, (2009). For more details see the website of The Director of Public Prosecutions Uganda at: http://www.dpp.go.ug. (1) Michael Malakata, East Africa coordinates cyber laws, Region>s crime statutes must harmonnize by 2007, 12, May 2006. For more information see the website of Computer world Security at: http://www.computerworld.com. (2) Mauritius Computer Misuse and Cybercrime Act 2003. For more details see the website of Internet Business Law Services: http://www.ibls.com. (3) S. Madziwa and Sizwe Snail, Cyber Crime In South Africa, This article provides a detailed summary of those issues relating to offences, legislation, legal aspects and jurisdiction in cyber crime cases in South Africa. Found at HG.org Worldwide Legal Directories website at: http:// www.hg.org. (4) On the 11th of August 2004, Zambia s parliament has passed The Computer Misuse and Crimes law. Found at: http://www.theage.com. (5) For more information see: the website of syberplex Africa at: www.cyberplexafrica.com. (6) For more details see: www.gulfnews.com. 230 37

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) An Information Communications Technology (ITU) Regional Workshop for Cyber security and Critical Infrastructure Protection (CIIP) and Cyber security Forensics Workshop was held in Doha in February 2008. The Workshop stressed the importance of reviewing national cyber crime legislation to address threats in cyberspace, and develop appropriate tools to combat cyber attacks. This issue was also discussed in the 15th GCC e-government and e-services forum which held in Dubai (23-27) May 2009( ). We will proceed through some Arab countries, to find out what kind of electronic laws they have: 229 38 Country Response KSA Cabinet issued a cyber crime law in March 2007 to enhance information security and limit crimes. Among the crimes defined by the law are tampering with and illegal access to websites, invading personal privacy through the misuse of mobile phone cameras, causing harm to others using different ICT channels, or using the Internet to exploit minors(13). Egypt The only Electronic law in Egypt is the E -signature Law, which was issued acts in April 2004, and the work is in progress for: E - Commerce Law, Cyber Crime Law, E payment Law and Data Protection Law (14). (1) For more details see: www.datamatixgroup.com.

Dr. Anwar M. S. Masadeh Oman Oman doesn t have a cyber crime law, but the Omani legislature paid attention to these kinds of crimes since 2001, when they made an amendment to penal law (article 276) under the title of Computer Crimes. According to this article many acts related to cyber crimes were criminalized such as: illegal access, illegal interception, Data interference, and system interference, Misuse of devices, Forgery and fraud. Jordan Information Technology Crimes law is issued recently in September 2010. Bahrain Does not have real cyber crime law. It has electronic laws concerning e-transaction and e-trade (2002). Tunisia Electronic and Trade Transaction law in Tunisia (2000). 228 39

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) Conclusions As long as we have rules to regulate the conduct of humans, we will have rule-breakers; therefore, there is no society without crime. The role of the legislative body is to write out the measurements which guarantee criminal convictions and deterrents. Regulating cyber crimes is not an easy task, as it needs a good knowledge of law and Information Technology. Cyber crimes also require a close and fruitful cooperation between lawyers and IT specialists, to write a comprehensive law that covers all possible paths that cyber criminals might follow. The best we can do is to urgently gather as much information as possible and to always be prepared to expand established laws and regulations in light of new knowledge. This study has stated that Qatar needs to go for a cyber crime law; there are current laws in Qatar that can be applied to various types of internet crimes, but a specific cyber crime law will provide more effective mechanism for deterring internet or computer-based misconduct. The amendment in Qatari penal law to include a section about computer and information technology crimes is a very good step. Further steps are required to regulate a specific law for cyber crimes. Emirates was the first country in Arab territory to issue a special law of cyber crimes, it was a very good response to the demands of society and to the calls of international organizations. But UAE still needs to review this law, many issues need to be included, crimes need to be classified and the matter of jurisdiction 227 40 needs to be clarified.

Dr. Anwar M. S. Masadeh The United Kingdom has issued a law for cyber crimes since 1990. It was recently amended, in accordance with the European Convention on cyber crime, by The Police and Justice Act 2006 Chapter 48 which came into force on October 1, 2008. All aspects concerning cyber crimes were regulated. Last of all this law could be considered as a model to be followed. Despite local threats and global example, many countries in the Arab world have not regulated cyber crimes. They deal with these crimes by using tradition criminal law, which is simply not enough. The study believes that modifying criminal laws is not enough. It is necessary to have specific laws, since there are objective rules to deal with cyber crimes and this will be found in criminal laws. There are special procedures to deal with cyber crimes and this will be found in Criminal Procedures Law. Thus modification of Criminal Law is not enough, it needs also modification of Criminal Procedures law, and the best way is joining them into one law. This study has concentrated on the high risk of leaving cyber crimes without regulations. We already know that narrowing or ignoring the problems related to cyber crimes will create the perfect environment for the Cybercriminal to flourish, undermining the stability and reliability of electronic systems worldwide. Finally, it is the responsibility of the League of Arab States to devise a model cyber crime law, and it is our responsibility to help in achieving this goal by studying and analyzing different laws in different countries, in order to achieve the best outcome. 226 41

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) References: 1. Craig J. Blakeley, cyber-crime law, International best practises, Doha Information Security Conference, Doha, June 10-11, 2008 2. Bradley C. Nahrstadt, (2009). Former Employee Sabotage? Invoke the Computer Fraud and Abuse Act, Journal of Internet Law, Gale Group s brand and products, Vol. 12 Issue 8. 3. James M. Thomas, (2007). The Computer Fraud and Abuse Act: A Powerful Weapon vs. Unfair Competitors and Disgruntled Employees, 2 In-House Defense Quarterly, Chicago. 4. Schjolberg, S., & Hubbard, A.M. (2005). Harmonizing National Legal Approaches in Cybercrime, International Telecommunication Union, WSIS Thematic Meeting on Cybersecurity, Geneva, 28 June-1 July. 5. Balancing Act News Update, (2003). Africa s policies forces begin to gear up to fight cyber-crime, available at: www.balancingact-africa.com/news. 6. Bellia, P. L. (2001). Chasing Bits Across Borders, University of Chicago Legal Forum. 7. Carter, L. D. and Katz, J. A. (2004). Computer crime: An emerging challenge for law enforcement, International Journal of Cyber Criminology, Retrieved November 20, 225 42

Dr. Anwar M. S. Masadeh 2004. Available at: http://www.sgrm.com. 8. Casey, E. (2000). Digital evidence and computer crime, London: Academic Press. 9. Miranda, Charles (2008). Child sex predators use blackmail tactic over internet, available at: http://www.news.com.au. 10. Chatterjee, B. B. (2001). Last of the Rainmacs: Thinking About Pornography in Cyberspace, in Wall, D. S. (ed.), Crime and the Internet, Routledge, London. 11. Crang, Crang M. and May J. (2001). Virtual Geographies, Routledge, London. 12. Bakibinga, David (2009). Cyber Crime in Uganda. Available at:www.dpp.go.ug. 13. Elsonbaty, Ehab (2007). Ciber Crime Insight from the Egyption laws, Available at: the Council of Europe Website: www.coe.int. 14. Biancuzzi, Federico (2007). New German Laws on Cyber crime. Available at: http://www.securityfocus.com/ columnists/448. 15. Jaishankar, K. (2008). Space Transition Theory of cyber crimes. In Schmallager, F., & Pittaro, M. (Eds.), Crimes of the Internet, Upper Saddle River, NJ: Prentice Hall. 16. Kanellis, Panagiotis (Editor). (2006). Digital Crime and Forensic Science in cyberspace. Hershey, PA, USA: IGI Global. 224 43

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) 17. Kowalski, M. (2002). Cyber Crime: Issues, Data Sources and Feasibility of Collecting Police Reported Statistics, Canadian Centre for Justice Statistics, Ottawa. 18. Krone T. (2005).: High tech crime brief. Australian Institute of Criminology, Canberra, Australia. 19. Choi, Kyung-shick (2008). An Empirical Assessment of an Integrated Theory of Computer Crime Victimization, International Journal of Cyber Criminology, January-June, Vol 2 (1). 20. Man Qi, Yongquan Wang, Rongsheng Xu, (2009). Fighting cyber crime: legislation in China, International Journal of Electronic Security and Digital Forensics (IJESDF), Vol. 2, No. 2. 21. Malakata, Michael (2006). East Africa coordinates cyberlaws, Region s crime statutes must harmonize by 2007. Available at: www.computerworld.com. 22. Kioni, Muthoga (2008). Cyber crime- anew vice on the horizon, Available at the website of The Kenyan ICT Sector at: http://kenya-byte.blogspot.com. 23. Idlebi, Nibal (2008). Cyber Legislation in the ESCWA Region- Security Issues, UN-ESCWA. Available at: International Telecommunication Union website (www.itu. int). 24. Podgor, E. (2002). 223 44 International Computer Fraud: A

Dr. Anwar M. S. Masadeh Paradigm for Limiting National Jurisdiction, UC Davis Law Review, vol. 35. 25. Trawler, Project (1999). National Criminal Intelligence Service,Crime on the Information Highways, NCIS, London. Available at: www.cyber-rights.org/documents. 26. Madziwa, S. and Snail, Sizwe, Cyber Crime In South Africa, Available at www.hg.org. 27. Gordon, Sarah and Ford, Richard (2006). On the definition and classification of cyber crime, Journal in Computer Virology, Springer-Verlag, France. 28. Smith, Russell, Peter Grabosky, and Gregor Urbas, (2004). Cyber Criminals on Trial. West Nyack, NY, USA: Cambridge University Press. 29. Moitra, Soumyo D. (2005). Developing Policies for Cybercrime, Some Empirical Issues, European Journal of Crime, Criminal Law and Criminal Justice Koninklijke Brill NV. Printed in the Netherlands, Vol. 13/3. 30. Tan, K. H. Prosecuting Foreign Based Computer Crime: International Law and Technology Collide, paper presented at the Symposium on the Rule of Law in the Global Village, 12 14 December 2000, Palermo, Italy. available at: www. undcp.org. 31. Thomas, D. and Loader, B. (2000). Introduction Cyber crime: Law enforcement, security and surveillance in the 222 45

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) information age, Routledge, London. 32. Wenham, M. (2004. Child-sex trap snares first Net predator, Courier Mail. Aavailable at: http://www.news.com.au. 33. Xingan Li, (2007). International Actions against Cyber crime: Networking Legal Systems in the Networked Crime Scene, Webology, Volume 4, Number 3. Available at: http:// www.webology.ir/2007/v4n3/a45.html. 34. Zeviar-Geese (1997-1998).: The state of the law on cyber jurisdiction and cyber crime on the internet. Gonzaga Journal of International Law, California Pacific School of Law,vol. 1. Websites: 1. Athabasca University at: www.athabascau.ca/policy/ computingservices. 2. Conferences of datamatix group: www.datamatixgroup. com. 3. Council of Europe: http://www.coe.int. 4. Council of foreign relations website: http://www.cfr.org. 5. Crime law: www.crime Law.net 6. Computer Crime Research Centre: www.crime-research. org 7. Cyber crime: www.cyber crime.net. 8. Cyber laws in india http://www.cyberlawsindia.net. 9. Cyber-Rights & Cyber-Liberties (UK): http://www.cyberrights.org/cybercrim. 10. Dr.Ronald B. Standler: http://www.rbs2.com. 11. ESCWA: www.escwa.org. 221 46 12. Gulf news newspaper: www.gulfnews.com.

Dr. Anwar M. S. Masadeh 13. Herald sun newspaper: www.heraldsun.news.com.au. 14. International Telecommunication Union: http://www.itu. int. 15. Internet Business Law Services: http://www.ibls.com. 16. Makarim and Tira: www.makarim.com. 17. National Information Technology Center. http://www.nitc. gov.np. 18. National Information Technology Center. http://www.nitc. gov.np/ 19. Science links japan: http://sciencelinks.jp/j-east. 20. Supreme courts decision from around the world: www. globalcourts.com. 21. Syberplex Africa at: http://www.cyberplexafrica.com. 22. The International Telecommunication Union: http://www. itu.int/wsis. 23. United Nations: www.un.org. 24. White House: http://www.whitehouse.gov. 25. Wikipedia,: http://en.wikipedia.org/wiki/computer Crime in Canada. 26. World Information Technology and Services Alliance: http://www.witsa.org. 27. Zawaya, Middle East Business Information: www.zawya. com. 220 47

Combating Cyber Crimes Legislative Approach A Comparative Study (Qatar, UAE, UK) 48