Introduction
We are in the middle of a fast growing internet age. Internet, social networking, VOIP, teleconferencing and cloud computing are growing phenomenally. Though the growth of technology is on fast track, the security system is yet not full-proof enough. This lapse in security measures provides an opportunity to a group of people to intrude private networks and system illegally, resulting in the creation of a new brand of criminals called cyber criminals or hackers. Internet is a virtual space not restricted by any country boundary. Often vulnerability in the network of one country can be used to attack a neighboring country. In UAE, first cybercrime law was introduced in 2006 but at that time the law was not very robust. Over the years the Middle East region has seen a lot of cybercrimes in the space of software piracy, movie copyright violation and intellectual property. UAE is the leading country in the region and aspires to become a precedent for the rest of the neighbors in all aspects. Cybercrime is one area the country needs has lot of room for improvement. This paper will discuss in detail the strength, weakness, opportunities and threats of the UAE cybercrime law.
Strength
That UAE is the first country in the Middle East belt to have implemented cybercrime laws is a fact to be noted. In 2006, UAE adopted its Cybercrime Law No. 2. In order for the new law to be successful, UAE has taken measures of spreading awareness about the need of cyber security by partnering with local universities and designing academic programs aimed at gearing up the new generation of graduates proficient in the technology related to cybercrimes and its prevention. For example, Zayed University which is one of the government sponsored institutes for higher studies in UAE started a new academic program in 2008 that offers the Master of Science degree to the successful candidates upon completion of the course in Information Technology. This program is designed to provide specialization in cyber security. This program targets at creating a group of highly qualified individuals who would be able to satisfy the market needs of technical experts for information and cyber security.
Recently in 2012 UAE government has passed cybercrime law 5 as amendment to the cybercrime law 2 in order to fight the information technology crimes. The new decree encompasses a wider range of crimes and these include forging electronic documents, hacking or phishing, altering or destroying electronic information and hindering access to an online network. Violation of privacy including recording or disclosing communications, audio and video clips, blackmailing through electronic means, preparing and distribution obscene materials in violation of public morale, credit card, debit card or bank account information theft and fraud are all considered as punishable offense (J. Beretta & S. Berrached). The new decree also has increased the fine for some offenses to 3 million AED and imprisonment extension up to 10 years or more.
Further, TRA or the Telecommunications Regulatory Authority also acknowledges the requirement of such cybercrime prevention law and in order to help the government in its mission to reduce cybercrimes, TRA has launched IAM policy or Internet Access Management. The TRA keeps vigilance on the cyber content that are available to the people in UAE and any content potential to be breaching the IAM policy is brought to the attention of website operators.
In order to make the cybercrime laws enacted by the UAE federal government successful, the local government has launched CERT with a website devoted to the purpose of spreading awareness by disseminating information and advice. The CERT website also receives complaints related to cyber misuse and has initiated Cybercrime courts to handle cyber-criminal offenses. Same way, the Ministry of Justice of UAE also has established cybercrime courts to solve cybercrime related litigation. The local government has also undertaken measures to host international conferences on information security programs to improve the knowledge base and learn about new technologies related to cyber security. For example, 2nd International ICST Conference on Digital Forensics and Cyber Crime held by Zayed University in 2010 is one of the pioneering events in the Middle East.
Weakness
First and foremost there are clauses in the laws which are not clear. For example in Article (15) of the law says that a person who commits "abuse of an Islamic holy shrine or ritual" can be punished with penalty of imprisonment and fine or either. The problem with this clause is that it is not very clear as to what type of crime can be committed against Islam shrine via internet or what should be called a cybercrime committed against Islam via internet. There are many such clauses that raise questions about the law. The law makers should be more descriptive about the laws to make it easier for the judge to differentiate between actual criminals and non-offenders.
Secondly, there are other clauses contradictory in nature. For example, Article (20) of the cybercrime law says that anyone publishing news or pictures about an individual in violation of family values can be punished up to 1 year in prison. However, it is not clear that what will be the determinant of family values as values are likely to vary from one family to another. Further, UAE is a country in which people over 200 different nationalities stay and hence it is not clear what would be the set standard of family values.
Further some of the laws restrict the fundamental right to expression. The Cybercrime law states that anyone could be subjected to imprisonment if he posts any content online that poses danger to the security of the state, reproaches the country and its authoritative heads, and humiliates Islam and other religions. Using the internet as a medium to hold public demonstration also would be considered a punishable offense. Each of these clauses is not clarified clearly and is open to interpretations, leading to the likelihood of the authority abusing the law in its favor.
The law is not dynamic. The cyber technology and the way to commit crimes and frauds change every passing year but the law remains more or less static. The law needs to be as dynamic as the cyber world to remain relevant and up to date. This will ensure people who commit crimes get judgment according to the actual depth of their crimes and should not get away with it because the law does not exist.
Opportunities
United Arab Emirates enjoys the most elite position in whole of the Middle East with a huge inflow of foreign tourists round the year in the country. To give a good impression to outsiders UAE needs to have a world class cyberspace infrastructure without which any big business will hesitate to invest in any permanent venture there. Currently, cities like Dubai and Abu Dhabi have extremely good cyber infrastructure but the security infrastructure is still not world class. UAE hosts a number of international conventions and multitudes of international students come to the country for study and research. Government can use the knowledgebase of these international students to obtain valuable inputs as regards the information security in place in other countries and use that knowledge to design a state of the art cyber security in UAE.
Another opportunity for UAE is to lead the Middle East region in this regard. As the whole region is still catching up in terms of cyber security measures and lot of those countries are still at a very basic stage of security infrastructure, UAE can be a pioneer for the region. UAE already has a cyber-security system superior than most of its neighbors and it can motivate others also design the same. That way not only UAE's system but also the whole region will be safer from cybercrimes. The cyber attackers will not be able to hack into UAE system directly or through its neighboring countries.
One of the very specific measures which UAE can immediately start probably is to assign unique identification to machines, individuals or online IDs. This protocol can help identify the root cause of any problem easily. It is not very easy to implement but even if UAE starts now it can give ripping benefits in the near future.
Also, only creating policies for government organizations and public will not make the cyber security system full-proof. To make it an overall full-proof system, government should tie up with private organizations to ensure minimum standards in cyber security measures are maintained everywhere.
Threat
Internet is growing at a very fast pace in UAE and in next few years almost every person will be connected to the internet through some device or the other. On the other hand implementation of cyber security policies are very slow and often comes into effect when the technology goes out of the market and some other technology has replaced it, making the policy ineffective. This slowness in policy-making especially in cyber industry is a very big problem. Unlike most of the industry where big technological changes come slowly, internet is growing rapidly with its technology changing every other year. Policy makers should come up with a faster mechanism to address new changes in the cyber technologies, otherwise the current cyber infrastructure will continue to remain ineffective.
Secondly, the general population is getting more educated about the cyberspace. In the past there were very few people who understood the technology and were capable of hacking into systems. Those days are fast changing. Now lot of people are aware of the technology and there are a lot of free hacking tools available on the internet which can be used to monitor, get data and hack into other systems. This creates additional threat points for the policy makers.
Now a days because of social networking sites, blogs and other modes of communication it is easier for a group of single minded people to come together and share their ideas. In this case hackers can come in contact with each other and share their knowledge. This makes it even tougher for the security body to prevent the cybercriminals from committing cybercrime as they will now be more sophisticated and knowledgeable than before.
Conclusion
Cyber system is different from other industries. Technologies change very frequently making it difficult for the policy makers to create an infrastructure that would ensure a long term secure environment for the cyber world. UAE needs to create a framework which will not only establish a world class secure system but will create an agile security process to act fast against any changes in technology and crime. Once the cyber security system is created, a number of stringent laws are to be put in place to deter the potential perpetrators and also the actual offenders from committing cyber offense. In case of cybercrime the law should also include penalty for minors as in many cases minors are found to be increasingly involved with cybercrimes. The UAE government has started its journey on the right path but it needs to streamline its process to establish a secure system. Alongside the laws should be properly enforced to penalize the culprits. As cybercrimes are on the rise it is the time for the government to be strict with the offenders and take some exemplifying measures in terms of punishing cyber criminals to discourage potential offenders in the future.
Works Cited
Beretta, Joby. and Berrached, Simar. UAE issues new cybercrimes law and establishes a national e-security authority (2013), Association of Corporate Counsel. Retrieved on 7th June 2013 from <http://www.lexology.com/library/detail.aspx?g=1d072cdf-3cd5-4ad9-8c54-28c045057d02>
Wam (2012). New UAE cybercrime laws: Jail for indecent posts, Retrieved on 7th June 2013 from <http://www.emirates247.com/news/government/new-uae-cyber-crime-laws-jail-for-indecent-posts-2012-11-14-1.482836>
Lieberman, Danny (2011). Cyber Crime Costs Over $1 Trillion Globally? Retrieved on 7th June 2013 from <http://www.infosecisland.com/blogview/12352-Cyber-Crime-Costs-Over-1-Trillion-Globally.html>
Dajani, Haneen (2011). Laws needed to conquer cybercrime, Retrieved on 7th June 2013 from <http://www.thenational.ae/news/uae-news/laws-needed-to-conquer-cyber-crime>
Master of Science (M.S.) in Information Technology (Specialization in Cyber Security), Zayed University, Retrieved on 7th June 2013 from <http://www.zu.ac.ae/msit/>
2nd International ICST Conference on Digital Forensics & Cyber Crime (2010), Retrieved on 7th June 2013 from <conference.archimuse.com/>
Lunjevich, Michael and Shaikh, Omar Al (2010). UAE to Establish Specialist Cybercrime Courts, Zawya. Retrieved on 7th June 2013 from <http://www.zawya.com/story/ZAWYA20100118085552/>
Conroy, Erin (2010). Zayed University to host cyber-crime conference, Retrieved on 7th June 2013 from <http://www.thenational.ae/news/uae-news/education/zayed-university-to-host-cyber-crime-conference>
Revisions to UAE Cybercrime Law Stifle Free Expression, Freedom House, Retrieved on 7th June 2013 from <http://www.freedomhouse.org/article/revisions-uae-cybercrime-law-stifle-free-expression>
Far-reaching cyber law a legal necessity, National Editorial, Retrieved on 7th June 2013 from <http://www.thenational.ae/thenationalconversation/editorial/far-reaching-cyber-law-a-legal-necessity>