BitDepthFeatured

The issues arising from new cybercrime laws

3 Mins read

Above: Attorney General Reginald Armour. Photo by Damian Luk Pat/GORTT.

BitDepth#1445 for February 12, 2024

The last meeting of the OAS discussions between government level experts on cybercrime took place in December 2016.

On the agenda then were the challenges of prevention, investigation and prosecution of cybercrime and the importance of effective legislation.

Those priorities are still relevant, but in the larger landscape of cybercrime, everything has changed.

According to National Security Minister Fitzgerald Hinds, there have been 205 successful cyber attacks in Trinidad and Tobago between 2019 and 2023. It’s tempting to add to that the caveats that under-reporting of data breaches is widespread and to further note that the minister did not define what constituted a successful cyberattack.

Is this the count of successful intrusions into a secured network? Is it the number of breaches that resulted in the exfiltration of private data?

The Trinidad and Tobago Cybersecurity Incident Response Team (TTCSIRT), nominally the first port of call in a data breach, is frequently left entirely out of the loop in private sector data breaches.

In the face of the hard rain of reported data breaches by professional ransomware hackers, the government is preparing a “cybercrime legislative package” that will update existing laws both on the books and still to be proclaimed.

Minister of Digital Transformation Hassel Bacchus.

This followed an attack on the Ministry of the Attorney General and Legal Affairs, after which Digital Transformation Minister Hassel Bacchus declared that the Legal Affairs Ministry is “one of the more secure environments” after the attack.

The public might have hoped that this important ministry might have been more secure before an attack.

All too often, the revelation of a cybersecurity breach is triggered by a failure of services or exposure by ransomware collectives.

Ricardo Fraser, vice-president of the International Information System Security Consortium (Caribbean and Latin America Chapter), said that, “Organisations bear a crucial responsibility as custodians to safeguard data against unauthorised access. In the unfortunate event of a breach, organisations must prioritise transparency by promptly notifying stakeholders without fear of unwarranted criticism.”

“A cybersecurity breach doesn’t necessarily indicate shortcomings in an organisation’s established controls; independent investigations are essential to determine any potential negligence.”

“Proper reporting of breach incidents is paramount to balance the needs of all stakeholders, including customers, regulators, and shareholders. While organisations may initially hesitate to report breaches due to concerns about reputation and shareholder interests, measures should be implemented to ensure individual privacy protection and minimise individual impacts, whether reporting is mandatory or voluntary.”

Ricardo Fraser

Shiva Parasram, an ethical hacker and cybersecurity consultant said that, “As a researcher, I spend many hours every day on the dark web. If they make this work illegal, it stifles independent investigation. Then, a lot of companies will suffer because I help many companies this way. I give lots of free advice to the general public.”

“[The 2017 bill] wasn’t very well thought out at all. I’m really hoping that some serious thinking gets put into it and that they actually invite people who know what this stuff is about and how it can benefit cybersecurity researchers, particularly what’s required with dark web and penetration testing, vulnerability scanning and assessments and ethical hacking. It should really be guided by a subject matter expert.”

Fraser notes that, “Certified investigative and information security professionals adhere to a strict code of conduct emphasising societal protection. It’s imperative to recognise that disclosing or disseminating breached data improperly not only harms the organisation but also violates the privacy rights of individuals whose sensitive information is exposed.”

Fraser warns, however, that, “Investigating professionals such as journalists, fraud investigators, and ethical hackers play a crucial role in handling breached data responsibly. They must exercise caution to avoid further compromising the privacy of victims while probing or highlighting such incidents.”

The headline gold rush that followed the TSTT breach included several instances of journalist overreach, exposing information then available only on the dark web to a much wider audience.

Without clear guidelines and the scope to do the work of journalism, any new law will not serve the public well.

Shiela Rampersad, President of MATT in 2018, called on a Joint Select Committee convened that year to discuss the 2017 bill, urging the inclusion of, “A public interest exemption to protect all individuals and organisations working towards greater transparency in public affairs.”

The law, as written, Rampersad noted, would levy daunting penalties ($200,000 to $500,000 per infringement) for journalists and whistleblowers contravening of a strict reading of its scope, which was entirely too broad.

Clause 8 of the 2017 bill, for instance, would have made illegal any independent investigation into any data breach that has come to public attention through the media or cybersecurity investigators over the last four years. While clauses 35, 36 and 37 provided caveats for hosting providers, caching services and ISPs.

There is a sense of urgency to create new cybercrime laws, but that haste cannot ignore the dynamic reality of the situation any more than it can neglect the growing threat that cyber criminals now present.

The state of Caribbean digital transformation

The state of Caribbean digital transformation

Despite 87 per cent believing that digital will disrupt their industry, 87 per cent acknowledged that they don't have the right leaders
Read More
The WordPress War

The WordPress War

WPEngine and the websites of its customers were blocked from the WordPress log-in system theme and plug-in updates and other background processes that enable a Wordpress website.
Read More
A budget of concrete and asphalt

A budget of concrete and asphalt

Four years after Hassel Bacchus took up the pioneering role of Digital Transformation Minister, the 2025 budget could not identify any completed transformation project that's positively affected citizens.
Read More
Arima’s first step toward becoming a smart city

Arima’s first step toward becoming a smart city

The public WiFi was officially activated on September 28 at the hospital, and it's fast. A local ping registered 250 megabits of download speed and 126 for upload.
Read More
Now hear this!

Now hear this!

Budget headsets will effectively dampen ambient sounds, but tend to be an all or nothing solution.
Read More
A taxing time for all

A taxing time for all

Tax collection began using the least customer-friendly interface imaginable, lines outside a government building.
Read More
Mobile devices, a war of increments

Mobile devices, a war of increments

Mixing and matching the two rival ecosystems is essentially impossible, so it's the utility of the products combined that makes the biggest difference.
Read More
Why cash is king in Trinidad and Tobago

Why cash is king in Trinidad and Tobago

In 2017, 16 per cent of users owned a credit card, a figure that dropped to 15 per cent by 2023.
Read More
I shopped at Temu!

I shopped at Temu!

Temu is great fun to explore and offers many bargains but product quality can be wildly variable.
Read More
What’s needed to make e-Governance happen?

What’s needed to make e-Governance happen?

“If we look at successful governments that have achieved a certain level in of success in these programs, some things stand out."
Read More
Changing the education conversation

Changing the education conversation

There are local schools that aspire to continuous improvement and others that struggle to make it through a working day without bloodshed.
Read More
Practical steps to reducing cybersecurity risks

Practical steps to reducing cybersecurity risks

The process, to be effective, must be ongoing and managed to ensure that vendors meet required standards.
Read More
The consequences of careless code

The consequences of careless code

The cruel reality of Crowdstrike is that it wasn't a cybersecurity attack. It was a quality of service lapse and the incident puts IT professionals in an odd space.
Read More
What leaders are doing to enable digital transformation

What leaders are doing to enable digital transformation

If people in your organisation are coming to you, telling you we need to change these things, you really should listen.
Read More
Apple’s photography workflow

Apple’s photography workflow

Every Apple device has a Photos database and every image that's taken with a mobile iOS device or imported into the desktop Photos app gets added to it.
Read More
An apathy of cybersecurity concerns

An apathy of cybersecurity concerns

It's weird when a definitive statement about the importance of cybersecurity comes from the people who broke into your digital house.
Read More
Putting data to work to improve perception

Putting data to work to improve perception

When it comes to the data, the numbers are there, but it also has to work alongside your goals.
Read More
The state of TT broadband, 2024

The state of TT broadband, 2024

In 2022, mobile internet penetration it had risen to 62.9 per 100 citizens, almost twice the penetration rate of fixed wireless.
Read More
Apple’s plan for device domination

Apple’s plan for device domination

Siri, at 13, gets an upgrade with Apple Intelligence, promising a significant upgrade on Siri’s smarts in a small language model that functions on device.
Read More
Adobe’s terms of disservice

Adobe’s terms of disservice

The activation servers for Adobe's CS, CS2 and CS3 products were shut down between 2013 and 2017. In May last year, Adobe stopped its customer support from deactivating perpetual licenses...
Read More
The state of Caribbean digital transformation The state of Caribbean digital transformation
The WordPress War The WordPress War
A budget of concrete and asphalt A budget of concrete and asphalt
Arima’s first step toward becoming a smart city Arima’s first step toward becoming a...
Now hear this! Now hear this!
A taxing time for all A taxing time for all
Mobile devices, a war of increments Mobile devices, a war of increments
Why cash is king in Trinidad and Tobago Why cash is king in Trinidad...
I shopped at Temu! I shopped at Temu!
What’s needed to make e-Governance happen? What’s needed to make e-Governance happen?
Changing the education conversation Changing the education conversation
Practical steps to reducing cybersecurity risks Practical steps to reducing cybersecurity risks
The consequences of careless code The consequences of careless code
What leaders are doing to enable digital transformation What leaders are doing to enable...
Apple’s photography workflow Apple’s photography workflow
An apathy of cybersecurity concerns An apathy of cybersecurity concerns
Putting data to work to improve perception Putting data to work to improve...
The state of TT broadband, 2024 The state of TT broadband, 2024
Apple’s plan for device domination Apple’s plan for device domination
Adobe’s terms of disservice Adobe’s terms of disservice

🤞 Get connected!

A once weekly email notification of new stories on TechNewsTT. Just that. No spam.

Possible UI Glitch. Click top right corner to dismiss 👉

Get Connected!

A once weekly email notification of new stories on TechNewsTT.

Just that. No spam.

Related posts
BitDepthFeatured

The state of Caribbean digital transformation

3 Mins read
Despite 87 per cent believing that digital will disrupt their industry, 87 per cent acknowledged that they don’t have the right leaders
BitDepthFeatured

A taxing time for all

3 Mins read
Tax collection began using the least customer-friendly interface imaginable, lines outside a government building.
BitDepthFeatured

What’s needed to make e-Governance happen?

3 Mins read
“If we look at successful governments that have achieved a certain level in of success in these programs, some things stand out.”
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback
8 months ago

[…] Trinidad and Tobago – The last meeting of the OAS discussions between government level experts on cybercrime took place in December 2016… more […]

Bdb01
Bdb01
7 months ago

Excellent reporting once again on an issue of great national significance by Bitdepth. We need more of this.

×
BitDepthFeatured

White hats on the darknet

2
0
Share your perspective in the comments!x
()
x