Cybercrime laws and the GCC
By Bill Law
Chatham House has just released a study, ‘Cybercrime Legislation in the GCC: Fit for Purpose?’ The author, Joyce Hakmeh, is a Cyber Research Fellow at the influential London-based think tank. Among her conclusions, she notes that “most of these (cybercrime) laws focus heavily on limiting freedom of expression and at the same time miss out on key elements needed to combat cybercrime.”
The focus on using cybercrime legislation to clamp down on critics has led to the arrest and imprisonment of people like Bahraini activist Nabeel Rajab, whose 5 year sentence was recently confirmed by an appeal court. Rajab was convicted of “disseminating false news that would undermine the kingdom’s prestige and status.” Rajab, a longstanding regime critic, had tweeted about the death of civilians in the Yemen war and alleged torture in Bahrain’s prison system.
Acclaimed UAE human rights defender Ahmed Mansoor was given a ten year term for using his social media accounts to publish “false information” and “spread hatred and sectarianism”. He was also fined Dh1 million (US$ 270,000) for insulting the “status and prestige of the UAE and its symbols”, including its leaders. Other Emiratis have been convicted for tweeting in support of jailed family members.
In June of last year, after the UAE ‒ together with Saudi Arabia, Bahrain and Egypt ‒ had launched a blockade of fellow GCC member Qatar, the Emirati attorney general, citing his country’s 2012 cybercrime law, warned that showing sympathy for Qatar on “social media or by any other means of communication is a cybercrime (that) could result in prison sentences of between three and 15 years, or at least Dh500,000 in fines.”
The subjective nature of the laws and the vagueness of the language (it is left to the government and the courts to determine, for example, what constitutes “prestige” and “status” and how they have been undermined) has proved a convenient catch-all that not only seeks to silence critics, but also places individuals at risk of unintentionally breaking the law.
In her paper, Hakmeh argues that the emphasis on restricting criticism and repressing freedom of expression puts the Gulf states at odds with international human rights laws, standards and safeguards. She additionally notes that although there is no universally agreed-upon umbrella definition of what constitutes cybercrime, the 2001 Council of Europe Convention on Cybercrime, otherwise known as the Budapest Convention, has become the accepted international norm.
Amongst other things, the Budapest Convention lays out in its approach to structure and content the way forward to effectively combat and curtail the ever-growing threat of cybercrime. Hakmeh’s analysis shows how, in this regard, current GCC cybercrime legislation is at odds with international norms, laws, and practice, as enshrined in the Budapest Convention.
Regarding structure, she points to the “lack of procedural laws that regulate cybercrime investigations and prosecutions” ‒ in particular electronic evidence. Missing as well is language that addresses jurisdiction, international cooperation, and service provider liability and responsibility. This absence of legislation is hampering successful anti-cybercrime efforts in the GCC countries.
Regarding content, GCC legislation has criminalized a wide spectrum of content. Hakmeh finds that this approach is “in tension with the broad latitude given the freedom of expression in international human rights law.” The author underlines the point by quoting resolution 20/8, adopted in July 2012 by the UN Human Rights Council, which specifies in unequivocal language that the same rights to freedom of expression that people have offline extend to the internet ‒ “in particular freedom of expression.”
The absence of an effective legislative structure, coupled with content that is vague, limited, and restrictive, means that cybercrimes such as money laundering and fraud do not get the attention they deserve. The Gulf states are as prone to these activities as any jurisdiction, but few other states have used their formidable cyber surveillance technology and criminal law to come down with such zeal on regime critics at the expense of combating legitimate cybercrime.
There are two reasons for this. The first has to do with the Arab Spring. The ruling Gulf families were badly rattled by the overthrow of the three North African dictators: Egypt’s Hosni Mubarak, Zine al Abidine Ben Ali of Tunisia and Libya’s Muammar Qaddafi. Furthermore, Bahrain and Oman had experienced significant street protests ‒ in Bahrain’s case stifled only by the intervention of GCC forces from the UAE and Saudi Arabia.
For young Arabs demanding change, the internet had played a significant, if not defining, role in spreading a narrative of resistance and reform. It is no coincidence, therefore, that in response to popular protests roiling the Middle East, the GCC states brought in new, draconian cybercrime legislation during the period from February 2011 to July 2015.
The second reason for the emphasis on criminalizing criticism has to do with the extraordinary penetration of social media in the Gulf. As Hakmeh notes, “The GCC has among the highest internet and mobile penetration rates in the world.” She points out that, across the GCC countries, an average of 76% of the population use the internet, compared with a global average of 51%. The internet became the public space that is otherwise mostly lacking in the Gulf for young Khalijees.
The space offers many opportunities, particularly for women, who have used it to launch businesses and connect with marketplaces that are otherwise not easily accessible to them. However, it also became a place where criticism of government, under the umbrella of apparent anonymity, was possible. That greatly concerned the ruling families.
As they move to shift their economies away from hydrocarbons dependency, the families are in the process of rewriting the social contract between themselves and their subjects ‒ a contract that, planed down to its bare essentials, said that, in return for benefits, you, the people, will eschew criticism of us, the rulers.
Altering the social contract is a fundamental shift and, for it to work, the people will need to be brought along either through consultation or compulsion. Using cybercrime legislation as the measure, it is clear that the GCC states have chosen to opt for the latter.
Hakmeh argues that for the battle against cybercrime to be effective, the Gulf states need to revisit legislation and refocus energies away from monitoring and controlling online speech. “Revision of the cybercrime laws in the GCC is urgently required and is essential for better security, for a better society, and for better civil liberties.”
That may well be true, but for now, at least, cybercrime legislation that enables the repression of civil liberties and the silencing of critics, and the general populace, rather than the hunt for cybercriminals, remains the preferred GCC option.