Escolar Documentos
Profissional Documentos
Cultura Documentos
Z AYED U NIVERSITY
MAY 2011
The task of this paper is to highlight the current status of Cyber Crime around the world and
the Middle East region in general and make SWOT (strengths, weaknesses, opportunities,
and threats) analysis of the current law of cybercrime of the U.A.E. indicating points of
strengths and weaknesses and what amendments should be done further in the future in
Despite the high levels of technological advancement the world has reached today in
multiple domains; starting from the spread of Internet, social networking sites, VoIP, cloud
However, this progress is still offset by parallel shortcoming in the development of terms
and laws that control the use of the mentioned technologies, especially the legislative
provisions that control the use of the Internet. It is well known now, that the Internet is no
longer a safe environment to trust or use. Moreover, surfing the Internet has become unsafe
due to the proliferation of Cyber Crime whereas, a recent study by McAfee (2009) says "the
cost of Cyber Crime has reached $1 trillion globally" (Lieberman, 2011). Hence, the
importance of finding a universal legal formula to adjust these crimes is highly needed.
The Budapest (2001) Convention on Cyber Crime drafted the first "International Cyber Crime
Treaty" that had been ratified by more than 46 countries around the world (Harley, 2010).
These concerted efforts reflects the need for such law to help prevent growth in cross-
border Cyber Crimes and help secure the growth in legitimate cross-border computing.
threats, hack attacks, and the real possibility of cyber terrorism continue to haunt
In the Middle East, the most current and widely abused cybercrime is intellectual property
and software privacy. On the other hand, when talking about laws governing cybercrime in
the Middle East they are close to non-existence as most of these countries have translated
the Middle East such as United Arab Emirates, Egypt, and Saudi Arabia have drawn up their
own Cyber Laws in an attempt to fight this new type of crime ( Bednarski, Chen, Chen,
Council; the U.A.E. is living it's economic boom which seems evident in the application of the
latest means and technological solutions in all walks of life. This means that the United Arab
Emirate is not immune against the arising threats coming from the cyber world. Therefore,
in Jan 2006, the United Arab Emirates has developed and put together a firm cyber law in
response to current and potential cybercrimes (Aecert.ae, 2006). Knowing that cybercrime
costs the country $2 million a year (Plewes, 2010) and the figure has the potential to
increase. Having a first look at this number which seems really small comparing to other
countries such as the UK where the cost of cybercrime exceeds expectations of $43.5 billion
Since the United Arab Emirates is still recent in relation to the development of special laws
that control use of the Internet, however, this research tries to take a close look at the most
Strength
When talking about the positive points of the cybercrime law of the United Arab Emirates,
realizes the need for such law and how it is important to stay up-to-date in the world of
Cyber Crime. Since the legal framework of the law covers a good number of different crimes
categories such as Human Trafficking, Data Forgery of prohibitive data, and unauthorized
use and interception of computer services. It includes penalties for imprisonment for a term
which may extend to ten years and a fine up to 200,000 AED. The Act also stresses the
respect for religion and the Islamic identity of the state and respect for other religions as a
total of 202 different nationalities exist in the UAE labor market, according to the Under-
Secretary of the Ministry of Labor (khaleejtimes.com, 2006). Dwyer (2010) supports the idea
that with the increase in cyber-attacks and the motives behind them, governments should
be more encouraged to avoid letting the crimes divert their attention from the Cyber Crimes.
Moreover, the local government has created a Computer Emergency Response Team
(arCERT) with a dedicated website to provide awareness, information, advice, and receive
problem alerts from users, as well as has created Cyber Crime Courts to deal with the jump
Carrying out electronic businesses in a well-defined legal structure will definitely contribute
positively to the nation’s economy and even create more opportunities to the businesses
Weaknesses
The Institute of Training and Judicial Studies of Abu Dhabi, held a discussion debate right
after the issuance of the cybercrime law in 2006 revealing that, the Act contains many
loopholes that need further explanation and that specialized courts should be assigned for
its implementation. Confirmation of this, and from a judicial point of view, the judge
Mohammed Obeid al-Kaaby assured that "some articles may cause the prosecutor to be
puzzled because of the contradictory penalties that might exist in the same article"
(Openarab.net, 2006).
In consonance with The Initiative for an Open Arab Internet, for instance, the law ignored
the criminalization of gambling while criminalized prostitution and temptation. The law also
loopholes vary between unclear terms, penalties, and fines. This study will review some of
the articles that are dominated by vagueness and uncertainty. Here are some articles from
the current law that need justification for the terms used (Parts highlighted in yellow need
clarification):
Article (15)
The penalty of imprisonment and a fine or either applies to whoever commits any of the
following offences through the Internet or an information technology device:
What kind of crimes against Islam can occur via the Internet or cyber world?
Article (16)
A person who violates family principles and values or publishes news or pictures in violation
of the privacy of an individual’s private or family life, even if true, through the Internet or an
information technology device, shall be liable to imprisonment for at least 1 year and a fine
of at least AED 50,000 or either.
What are those family-principles/values exactly? Who should determine them? And who
have the right to do so? Taking into account that UAE is a multinational country as more
Article (20)
What is meant by public order and morals? How should it be defined? This article is really
critical for the security of the nation, wherefore, further accurate justification is highly
required.
After this quick review it's essential to say that these terms are open to a wide range of
interpretation. Hence, UAE government should take quick steps to reduce and eliminate any
Additionally, some of the articles presented in the Act are not really clear especially in terms
of imprisonment and fine amounts, but for the United Arab Emirates to further improve and
strengthen their existing cybercrime law there should be a clear penalty definition to some
of the presented articles preventing cyber criminals from escaping from a full prosecution.
Down below Articles from UAE law of cybercrime need to be clarified in terms of fine
Article (2)
Article (4)
The penalty shall be temporary detention for anyone who forges a document of the federal
or local government or federal or local public entity or corporation that is legally recognized
in an Information System.
The penalty shall be imprisonment and a fine or either for forging any other document with
intent to injure.
The penalty prescribed for forgery applies, as appropriate, in the case of anyone who
knowingly uses a forged document.
Article (5)
A person who in any way hinders or delays access to a service, system, program or database
through the Internet or an information technology device shall be liable to imprisonment
and a fine or either.
Article (6)
A person who uses the Internet or an information technology device in order to disable,
disrupt, destroy, wipe out, delete, damage, or modify programs, data or information on the
Internet or an information technology device shall be liable to temporary detention and a
fine of not less than AED 50,000 or either.
Article (7)
Article (8)
Article (11)
Anyone who uses the Internet or an information technology device to unlawfully access the
number or details of a credit card or other electronic card shall be liable to imprisonment
and a fine. If the offence is committed with intent to acquire the property or avail of the
services of another the penalty is imprisonment for a period of at least 6 months and a fine
or either. If the property of another is appropriated for the account of the perpetrator or
someone else the penalty is imprisonment for at least 1 year and a fine of at least AED
30,000 or either.
Article (12)
Anyone who produces, arranges, sends or stores with intent of using, circulating or offering,
through the Internet or an information technology device, information that is contrary to
public morals or operates a venue for such purpose shall be liable to imprisonment and a
fine or either.
If the act is committed against a minor, the penalty shall be imprisonment for a period of at
least 6 months and a fine of not less than AED 30,000.
Article (13)
The penalty shall be imprisonment and a fine for whoever incites lures or assists a male or
female into committing an act of prostitution or fornication by means of the Internet or an
information technology device.
If the victim is a minor, the penalty shall be imprisonment for at least 5 years and a fine.
Article (14)
A person who unlawfully login to an Internet website in order to change, delete, destroy, or
modify its design or take over its address shall be liable to imprisonment and a fine or either.
Article (15)
The penalty of imprisonment and a fine or either applies to whoever commits any of the
following offences through the Internet or an information technology device:
The penalty shall be imprisonment for up to 7 years for an offence involving opposition to
Islam or injury to the tenets and principles of Islam, opposition or injury to the established
practices of Islam, prejudice to Islam, the breaching of a religion other than Islam or the
propagation, advocacy or promotion of any discipline or idea of such nature.
Article (17)
A person who set ups a website or publishes information on the Internet or an information
technology device for the purpose of conducting or facilitating human trafficking shall be
liable to temporary detention.
Article (18)
The highlighted parts of the text need to be clarified fully against its legal interpretation.
Furthermore, Table 1. shows which articles need to be justified further more in terms of
Imprisonmen
)#( Article Fine
t
2 Not clear Not clear
7 - Not clear
17 - Not clear
18 - Not clear
Moreover, the current Act contains no specific article that clearly declares if this Act applies
to expatriates living in the United Arab Emirates or not. It's notable that the word "minor"
has been mentioned only twice through this Act specifically in articles (12) & (13) in case of
that the minor was the victim. But what if the "minor" was the perpetrator himself? This
means that all types of crimes mentioned in the Act are not applicable to minors! Does
Not any of the articles discussed the issue of cross border cybercrime. What if the
perpetrator was from outside the UAE? What procedures should be taken and what would
crimes presented in the Act. As well as, it is true that none of the articles presented in the
cybercrime Act clearly describe any kind of compensation for cybercrime victims.
Providing that, there are no clear benchmarks or studies determine the effectiveness of this
law and the results achieved since it was placed into use. Also, the existing law does not
provide sufficient coverage against more recent computer-related crimes such as:
1. Against person:
Defamation
Cyber-stalking
Indecent exposure
Computer vandalism
Hacking/cracking
3. Against organizations:
Discreditation
coming amendment happens in the future as more and more sophisticated types of crime
are developing every day. Speaking at AusCERT 2011, Kaspersky Labs founder and security
expert, Eugene Kaspersky argued that "cybercrime now is the second largest criminal activity
in the world" (Barwick, 2011). As cybercrime was proving difficult to fight due to a
combination of its secretive nature and underground forums along with a lack of
However, it is still recommended to have few more amendments in order to include explicit
topics such as viruses, malware, online gambling, Data diddling and spam email attacks
which are considered as the main motives behind the cyber criminals nowadays due to its
huge financial returns (Dwyer, 2010, Hopkins, 2003). According to Dwyer (2010), dealing
with Cyber Crimes requires decisive security awareness. The Middle East region, especially
Gulf Cooperation Countries including the United Arab Emirates, lack many of the awareness
programs, training and education in the field of Cyber Crime due to the late interest in this
topic. With sufficient training programs and campaigns and the involvement of parties
starting from IT professionals, to organizations’ decision makers and also the general public
the level of awareness will gradually increase which in turn leads higher levels of protections
Opportunities
The United Arab Emirates enjoys great economic position among other countries in the
Middle East region which requires her to take stronger and quicker steps to use all available
opportunities to improve its current Cyber Law status to increase the level of security in a
fertile environment replete with e-businesses. As discussed earlier in the strengths section,
and as provided by Robert et al. (2010), the country could attract a more diverse economic
environment to take place that supports both consumers and organizations performing
electronic businesses. Therefore, with more solid and specific defined cybercrime laws, the
The government still has the chance to update its cyber law and make the necessary
amendments to cover any loopholes and include new sophisticated topics and other types of
upcoming cybercrimes. Several steps have been taken. The Ministry of Justice, in order to
combat cybercrime in the UAE, new cybercrime courts with specialist judges are to be set up
to expedite litigation and serve litigants more effectively (Zawaya.com, 2010). The creation
of a Computer Emergency Response Team (aeCERT) for the detection and prevention of
cybercrime in the country will help improve the efficiency and the effectivity of the current
law.
"A solution to the problem might be that, in addition to having police agencies investigate
One of the suggested solutions to slow down or stop the increasing growth of cybercrimes is
an online (ID) identification to verify people engaging in such acts. The founder of Kaspersky
Cyber Crimes are spread worldwide now and there is no single country to be considered
immune against it. There has been a considerable growth in Cyber Crimes in the Middle East
during the last couple of years. This growth has resulted from lack of regulations, trainings
and awareness. UAE should take this opportunity to build more solid base for their Cyber
Crime courts through trainings and organizing awareness campaigns throughout the nation
They could also introduce special certifications with alliance to worldwide standards in the
digital forensics field and develop stronger Cyber Crime knowledge base. This could also lead
UAE to be the leader in the region and assist other governments to develop similar laws and
strategies in defending against the Cyber Crimes. In addition, it could be a start to creating a
Last but not least, public and private organizations should build their security policies and
cyber awareness precautions in harmony with the government in order to create a safe
.cyber community
Threats
The Telecommunications Regulatory Authority (TRA) has done a survey during the course of
2010 (TRA.gov.ae, 2010) reporting that the number of internet users in the country was
that half of the UAE population is prone to the risk of cybercrime, especially lots of hacking
tools are free available and downloadable from the Internet. In addition, sluggish
responsiveness in taking corrective actions to cover the existing loopholes in the current law
Information revolution era makes it even easier for hackers to share hacking details and
techniques. This produces a more skilled breed of Cyber Criminals that continuously
introduce new crimes which leaves governments behind in coping with technology related
laws (Ghosh, 2010). Due to the lack of the awareness discussed earlier, many of the victims
are unwilling to report Cyber Crimes. Therefore, educating people on how to deal with
cybercrimes at the time of occurrence is necessary to make users report such incidents. This
could help TRA recognize most frequently committed crimes and their time of occurrence
and to produce important statistical surveys that could help fight such crimes.
Conclusion
It can be said that, no single country on earth is considered to be the ultimate in being
immune against cybercrimes. But also it can be said that there are countries doing hard work
in developing their own national policies and laws to defend against this new type of crime
coming from the cyber world. And the United Arab Emirates is one of those countries. The
UAE in most of situations seeks to be proactive as the country is thriving economically, which
requires the state to build a safe, secure, and supportive environment for electronic based
services.
References
Aecert.ae. (2006, Jan 30). The Federal Law No. (2) of 2006 on The Prevention of
http://www.aecert.ae/preventionoftechcrimes.php
Bednarski, G., Chen, P., Chen, K., Jovanovich, A., Osman, H. (2003). International
Barwick, H. (2011, May 17). AusCERT 2011: Eugene Kaspersky calls for Internet Interpol.
Retrieved from
http://www.computerworld.com.au/article/386790/auscert_2011_eugene_kaspersky
/__calls_internet_interpol
Chan, N., Coronel, S., & Chiat Ong, Y. (2003). The Threat of the Cybercrime Act 2001 to
Australian IT Professionals. Proceedings of the The First Australian Undergraduate
Students' Computing Conference (pp. 25-33).
Clark, N. (2011, March 9). Business counts the cost of cyber crime. Retrieved from
http://www.independent.co.uk/news/business/analysis-and-features/business-
counts-the-cost-of-cyber-crime-2236158.html
Dwyer, P. (2010). Cyber Crime in the Middle East. Retrieved from www.paulcdwyer.com
Khaleejtimes.com. (2006, Aug 25). 202 nationalities in labour market. Retrieved from
http://www.khaleejtimes.com/DisplayArticleNew.asp?
section=theuae&xfile=data/theuae/2006/august/theuae_august735.xml
Lieberman, D. (2011, March 6). Cyber Crime Costs Over $1 Trillion Globally?. Retrieved from
https://www.infosecisland.com/blogview/12352-Cyber-Crime-Costs-Over-1-Trillion-
Globally.html
Lunjevich, M., Al Shaikh, O. (2010, Jan 18). UAE To Establish Specialist Cybercrime courts.
Retrieved from
http://www.zawya.com/Story.cfm/sidZAWYA20100118085552/UAE%20To
%20Establish%20Specialist%20Cybercrime%20Courts/
Robert, E., Okonigene, & Bola, Adekanle. (2010). Cybercrime in Nigeria. Business Intelligence
Journal. 3(1), 93-9
Plewes, A. (2010, May 21). Cybercrime costs UAE enterprises $2m each year. Retrieved from
http://blogs.orange-business.com/live/2010/05/cybercrime-costs-uae-
enterprises-2m-each-year.html
UAEinteract.com. (2007, April 5). UAE creates team to fight cyber crime. Retrieved from
http://www.uaeinteract.com/docs/UAE_creates_team_to_fight_cyber_crime/24690.
htm