Some recent high-profile crimes got me thinking about how we should handle those who break the laws using computers. In 2017, Kampala recorded about 400 cases of cybercrimes such as information alteration, money laundering and electronic fraud.
Richard Ndaboine, the cyber unit head in the Uganda Police, also revealed most of the suspects are still in courts. Criminal sentencing is decided by the type of crime and a range of factors, such as intention, harm and motive. And yet the question remains as to how we deal with criminals and their use of technology.
In my view, the government and its cyber-unit data department need to do better job of gathering the data to help make informed decisions about the scale of the cybercrime problem. Technology evolves incredibly quickly and cyber criminals are particularly adept at rolling with the changes. You can rely on them to come up with new ways to commit cybercrime almost as quickly as we can find to protect ourselves.
The implication of this is that what is or not considered to be cybercrime is also evolving. This makes it troublesome to answer fundamental questions if you going to measure criminal acts. And we need to consider what the implications of this evolution are when attempting to arrest, charge, prosecute and sentence those that commit criminal acts involve sophisticated technology.
In most countries, cybercrime classification is currently divided into two main categories: computer-enabled and computer-dependent. Some crimes such as fraud, which can be committed with or without the help of technology, are considered enabled. Whereas others such as hacking could not exist without computers and are normally considered dependent.
Do we need new legislation to deal with dependent cybercrime?
A few months ago, police spokesperson Fred Enanga said the perpetrators are creating fake Facebook accounts in the names of various very important persons in order to fleece the unsuspecting public by promising them big projects and jobs in the government. This means we are in a bad state when it comes to computer-dependent cybercrime. Do we need new legislation to deal with dependent cybercrime and crimes using the latest smartphones?
Rather than trying to draw up new legislation, perhaps the answer lies in thinking about how criminals use technology to increase the harm they do, just as we already do when we punish acts of violence.
In a first fight, the impact of the physical blows is limited according to the physical strength of the combatant. But if one of them brings in a weapon to the fight, their ability to do harm to the other is amplified and is considered an aggravating factor when sentencing is handed out.
FRAUD IS STILL FRAUD
The idea of using guidelines to manage computer-enabled crime has some interesting implications. It shifts the focus onto the impact a crime has on the victim and the impact of using technology rather than the way that technology works. That means our legal system does not necessarily have to understand the technical details of a technology in order to reach a decision; it just has to look at the effect it has had.
In my opinion, this approach means that our existing legislation and criminal definition can be left alone. Fraud is still fraud, instead of being computer fraud, which allows it to avoid having to work out whole new rules for a whole new crime.
There is still much work to be done in deciding how we approach this issue. But it’s important to start making progress. Cybercriminals aren’t going to wait for us to make up our minds.
Richard Musaazi is a private investigator.