Tue | Dec 5, 2023

US deputy data chief pours cold water on CyberCrimes Act

Published:Monday | August 3, 2015 | 12:00 AM

Newly appointed Deputy Data Chief in the US Department of Commerce, Dr Tyrone Grandison has expressed concern about the Cybercrime Bill of 2015 that is currently before the Jamaican Parliament for debate, claiming, among other things, that it tramples on freedom of expression.

Referring to subsection 1 of the bill he said, “I am hoping that the intent of the law, possibly cyber bullying or spam of online porn, etc, is different from the letter of the law. Right now, a lot of people are going to be in trouble. This could also be a very effective way of shutting down a rival, whether political, business-related or other.”

Grandison said that sections 5 and 6 of the bill demonstrate a marked lack of understanding of the field of computer security and the fundamentals of training computer security professionals.”

His contention with these sections of bill lie in the fact that  system administrators, security professionals or academics may be found in breach of the law in the normal execution of their duties

“System administrator, security professional or academic needs to listen to and gather network traffic to detect security attacks; in order to spot and respond to these attacks and secure their systems. Under the current legislation, they could face prosecution,” he said.

Grandison went on to critique section 11 which addresses protected computers.

“Section 11 mentions a "protected computer" and assumes that a reasonable person should know what a protected computer is. Unfortunately, this is a highly subjective call that requires a judge to know the thoughts and mindset of an alleged offender. Without having computers clearly defined and labelled as protected computers, this section is open to manipulation from the owners of computer systems that may argue (and defend) the "protected computer" status of their systems.”

Grandison who had posted much of his criticisms on his blog, also lamented that the bill seems to have been crafted without the input of IT professionals.

But the Ministry of Justice officials were less than impressed with his criticisms and responded to the blog saying that he misread and misunderstood the law.

The response under the signatures of Maurice Bailey and Luciana Jackson, directors of Legal Reform in the ministry said,  “It is a matter of some concern that someone as eminent in the field of IT security as Dr Grandison could so misread, misunderstand and misrepresent the language and effect of the provisions of the Cybercrime Bill 2015. It is clear from reading Dr Grandison’s comments, that he lacks appreciation and understanding of how laws are drafted. He also fails to understand that the Cybercrimes Bill 2015, like its predecessor, the Cybercrimes Act 2010, is in line with international standards and trends contained in the Budapest Convention Council of Europe Convention on Cybercrime 2001 and the Commonwealth Model Bill on Computer and Computer Related Crime 2002.”