The Cybercrime Bill for journalists

Above: The law is coming to cybertown. The next steps will be crucial to ensuring freedom of expression. Illustration by BeeBright/DepositPhotos.

BitDepth#1098 for June 20, 2017

Over the last two weeks I’ve been considering the Cybercrime Bill, 2017 spending two long evenings examining its legal provisions line by line with the executive of the T&T Computer Society for its formal comments on the draft legislation.

The deadline for formal comments on the bill closed on Friday and along with participating in the TTCS perspective, I’ve also republished the submission of technologist Taran Rampersad.

In its summary of its comments on the legislation, the TTCS rather potently and quite admirably notes that, “It is important to note that many of the clauses in this Bill can be applied to journalists carrying out their duties, and/or the free speech of private citizens, as well as to persons who are attempting, in the public interest, to report misconduct (aka whistleblowers).”

“In the interest of support of the Fourth Estate, as well as the principles of Free Speech enshrined in our Constitution, this Bill requires urgent complementary whistleblower/journalist protection via legislation.”

I wish that I could claim that I had a hand in driving these comments as the lone journalist on the panel discussing the bill, but this point came up repeatedly from different participants, who each saw quite clearly the slippery slope that follows the potential for chilling and suppression of the activities of the traditional media, and the effect that’s likely to have on online commentary and discussion.

My own, parallel and contemporaneous notes on the discussion from a journalist’s perspective end up tracking closely with the concerns raised by the Computer Society in its final document, which I took no part in completing and shaping.

In a nation which is just feeling its way to free and open discussion of national issues using online media as a tool for the disseminating views on such matters, there will be mistakes made in the heat of enthusiasm by newcomers to the guidelines of reporting and commentary along with a whole lot of the rumshop old talk so beloved by the people of this island in whatever medium they choose to congregate.

And that’s part of what makes the most problematic issues of the bill so potentially chilling of truth spoken to power in new media forums and channels.

Three years ago, I published a robust take on the 2014 edition of the bill by Information Security expert Shiva Bissessar after local media houses demonstrated no appetite to publish anything but abbreviated experts of his dissection of the legislation.

The 2017 edition of the bill tidies some issues, but leaves others in place in a way that’s clearly intended to punish without overdue attention to the consequences for communicators and activists.

Fines for access to information defined as illegal, which would include deliberate leaks of incriminating files and whistleblower statements, are met with quite staggering fines, scaling up quickly from $100,000 to $500,000 and depending on the reading of the infringement, can be applied cumulatively.

It wouldn’t be hard for an investigative journalist with an exceptionally cooperative and well-connected source to face charges in excess of $2 million for having access to information deemed illegal, regardless of the criminality it might reveal.

Noting this, the TTCS suggests in their comments that “Online fines should bear some resemblance to their nearest offline equivalence.”

Other restrictions that are likely to cause a chilling effect show up buried in clauses like the one covering the disclosure of details of a (court) order, which restricts someone placed under an order to reveal contested information from disclosing either the fact that the order has been made or the details of the order.

Which means that a media house which has been subject to such an order cannot report on the situation.

Journalists concerned about the restrictions and constraints to their trade posed by the Cybercrime Bill 2017 should also review the Data Protection Act and the Interception of Communications Act, 2010, which both overlap provisions of the new legislation in several areas of concern.

The law as proposed, for instance, seems to contradict the provisions of the Interception of Communications Act when it comes to the use of remote forensic tools by duly appointed police officers seeking access to computer information.

Journalists may also be called on to decrypt computer devices, including phones, while under police investigation, which calls into question the issue of self-incrimination, which is guarded against by the T&T constitution.

The constitution denies any authority the right to “compel a person to give evidence unless he is afforded protection against self-incrimination and where necessary, to ensure such protection, the right to legal representation.”

Clearly there is urgent need for complementary legislation establishing the rights of working journalists and commentators in our free democracy and a critical need to establish specific provisions for whistleblowers if there is to be any change in the pervasiveness of corruption in public office and corporate malfeasance.

The act is to be reviewed every three years, which may end up being too long given the pace of both technology developments and information sharing paradigms, and that review should be continuous, given the length of time it’s taken to consider the original document and the likelihood that pressing it into practical, day-to-day law may give rise to worst case scenarios in practice.

Consider the boots on the ground reality of police intervention.

The history of journalists facing police officers in their newsrooms has not been one of sleek technology sophistication. It has, rather, been one of computers being identified and ripped from desks for further inspection.

The Police Service has a capable Cybercrime Unit, but it is small and is presumably tasked with more compelling duties than running around with constables seizing computer information.

Will journalists facing a court order to reveal information find themselves facing the surgical precision of a forensic digital specialist or the bootoo of a beat cop?

  • Kwesi Prescod

    “Fines for access to information defined as illegal, which would include deliberate leaks of incriminating files and whistleblower statements, are met with quite staggering fines, scaling up quickly from $100,000 to $500,000 and depending on the reading of the infringement, can be applied cumulatively. ”

    Not true.

    “It wouldn’t be hard for an investigative journalist with an exceptionally cooperative and well-connected source to face charges in excess of $2 million for having access to information deemed illegal, regardless of the criminality it might reveal”

    Not true either.

    “Clearly there is urgent need for complementary legislation establishing the rights of working journalists and commentators in our free democracy and a critical need to establish specific provisions for whistleblowers if there is to be any change in the pervasiveness of corruption in public office and corporate malfeasance”
    Is there any exmple anywhere in the Commonwealth? Will this law determine who is, and is not a journalist? by registration? licensing?

    • Thanks for responding Kwesi. I don’t think it’s enough to simply declare these concerns as “Not true.” I see no provisions for caps on the fines that can be levied for any perceived infringement of the law, nor do I see any exemptions that suggest that fines for one aspect of an infringement will mean that fines for another aspect will not be levied.
      Naturally this sort of thing gets tested in legal cases, not in drafts of legislation and the reality of the way charges can be laid gets sorted out then.
      As for journalism, I think it’s a bit like pornography. Difficult to define, but pretty obvious when it’s taken to clear extremes. Again, it’s less a matter of journalists being licensed than it is a matter for their work to be properly evaluated against guidelines of meeting the public interest, which is what the profession serves.

      • Kwesi Prescod

        Mark,

        First, my “not true” treated with specifically the claim that deliberate leaks would constitute a crime. Journalists leaks generally should not include of commercially sensitive information (e.g. Copyrighted information like a song, movie or patented system) and as such would not be a crime. Section 12 which deals with leaks limits criminality to a specific subset of types of information.

        Second, in any law, fines set are maximum. The courts have the discretion to apply the maximum or not. To be overly prescriptive in sentencing guidelines can be seen as the legislature unduly restricting the discretion of the judiciary. So generally, sentencing prescriptions other than that already there are not included in laws.

        Third, on the journalist thing, if it can’t be clearly defined then an exemption should not be created – that leads to corruption the system as claims will arise that what is exempted or not depends on who is the friend of the persons in power at the time. Further, who will do the determination that the journalism merits prosecution or not? In our constitutional system such arbitration is done by the judicial system – first the TTPS, then the DPP, then the magistracy and then finally the judges at the High and Appelate courts are LEGALLY trained persons with the function to arbitrate such things. They arbitrate if there is a case of slander, they can arbitrate if there is a breach of the law.

        To be clear, unless the journalist conspired to hack into a system, under the law as written, the journalist is not liable. If the journalist (and their editors) suspect that Informatuon that has come to them is pursuant to a hack, even without the law, the appropriate thing to do is to REPORT the hack. And they are STILL not liable under the current law. If the journalist gets leaked (not hacked) information, as long as the information is not info associated with piracy, national security operations, or hacked, the journalist is NOT liable.

        So there is no risk for lawful undertaking of investigative journalism in the bill.

    • Taran Rampersad

      You’re certainly a very black and white sort of person. The trouble is in the grey, and that’s what I see Mark teasing out. There are permutations where his speculation is well within the realm of possibility given the verbage of the Bill as commented on.

      Further, as someone who has been blogging/writing for decades, I see this too as of personal impact on anyone who uses their voice outside of traditional media. This has been happening more than people have liked, particularly when the 4th Estate seems to be less than independent these days – not a reflection on journalists, per se, but rather publishers themselves. In such scenarios, social media fills in gaps. And, on the less than ideal side, a lot of crap comes out, too – but then it becomes about trust, and the actual 4th Estate shifts from traditional to non-traditional.

      I think, while the thrust of the journalist perspective is not something I can write about, I think I can speak to the social cooling which is implict. Ref: https://www.socialcooling.com/

      So, when you’re wandering around with your red pen making your ‘x’ (you never seem to have checkmarks), you might want to stop and consider things a little more.

      Just because you *believe* something can’t happen doesn’t mean it won’t happen. We have Trump, we have Brexit, and we got Bret.

      The world doesn’t care about belief. It does what it wants to.

      • Kwesi Prescod

        Take your own advice – Just because you *believe* something could happen doesn’t mean it can – ESPECIALLY when the permutations you are considering are expressly mitigated against in the bill.