Peru’s controversial law on cybercrime

by Digital Rights LAC on October 20, 2013


By Eduardo Alcocer Povis, Pontifical Catholic University of Peru.

Why has this initiative, informally known as the “Beingolea law” – raised many critical voices in Peru ? In a brief analysis, Professor Eduardo Alcocer dissects the law (which is now in possession of the Executive after being approved by Congress) and shows how some of its provisions are not only misguided, but can also affect fundamental rights such as freedom of expression.

On September 12th, 2013, the full Congress of the Republic approved the bill on cybercrime, the same one that is currently in the office of the President of the Republic, as it may end up being promulgated*. The text that has been approved by Congress has been the subject of a lot of questioning, not only because of the surreptitiousness of the procedure carried out for its approval (which included other proposed bills that were not previously discussed in the congressional justice committee nor put to the attention of the legal community), but also due to its clear violations of criminal law principles.

Indeed, one of the core principles of criminal law is its minimal level of intervention, in the sense that the application of punitive power can only be legitimate if the regulated conduct is “harmful” or exposes legal goods, of particular social relevance, to some form of “concrete danger”. Contrary to this, the project plans to incorporate in our Penal Code the crime of “illegal access” (art. 2), which aims to punish those who enter computer systems by breaching security measures that are put in place to prevent such actions. In other words, it seeks to sanction “white hackers”, ie those who access systems without the intention of obtaining secret information, violating the privacy of others or causing any form of damage. This is very different to what is currently provided for in section 207 – A of the Penal Code, which requires for its configuration a “special intent” to obtain information or alter databases, for example.

If we consider the security of information contained in systems as a legal good to be protected, then the conduct displayed by the agent, who is intended to be punished through this bill, will be harmful. However, not all detrimental acts towards legal goods deserve to be sanctioned by penal law, as this effect has to be especially relevant to society, taking into consideration the actual interests being protected and the degree of danger of the agent. In the case of political “intrusiveness”, in criminal terms the security of information is protected because what is at stake is the legitimate interest of protecting the privacy and property of the people. However, in face of these legal goods, the project does not even contemplate the exposure to concrete danger, and subjectively, the intentions of the author or perpetrator are not deemed relevant. Therefore, I believe that criminal law should not punish these conducts, devoid of any real offense.

In relation to the principle of proportionality, the proposed sanction is questionable, as it foresees four years of imprisonment as the maximum penalty, punishment which is greater than that given for detrimental action towards property (petty theft has a maximum custodial sentence of three years) or offenses against dignity and honor (imprisonment in cases of defamation is for a maximum of one year in simple cases and three years in more extreme ones – for example, defamation through the press) .

Another approved proposal is to incorporate a new type of offense : sexual propositions towards under-aged people via technological means (art. 5). It intends to criminally punish those who “contact” minors in order to “request or obtain pornographic material” or ” perform sexual activities with them”. It is reprehensible that in order to describe the main verb of the offense, the ambiguous term “contact” is used. When does a person actually make “contact” with someone? By simply greeting somebody by writing an email? By adding a person as a “friend” on Facebook? These acts should not be typical ones. I believe that the existing criminal offenses for child pornography, seduction or rape of children are already sufficient for punishing such harmful behaviors (eg, when contact is already made with a minor to obtain pornographic material or for having intercourse), which are understood as attempted crimes.

Furthermore, there is the intention of punishing the offense of “discrimination on the Internet ” (art. 323 CP), comparing it (in terms of punishment, from two to four years of imprisonment) to acts of discrimination such as those made through physical violence or threats. From the level of proportionality it seems inadequate. On the other hand, it affects the principle of legality because the offense is arguably broad, as it is included as a manifestation of discrimination – on internet – conducted for “political” reasons. Therefore, there is the danger of punishing political comments posted on social networks, for the mere fact that a person may consider themselves “aggrieved”. This puts at risk the legitimate exercise of freedom of expression. If the law is enacted, the prosecutor and the judge must perform a correct delineation of facts for criminal law to distinguish those that are relevant.

Likewise, a modification of art. CP 162 is being proposed, by which the punishment of acts of wiretapping will be included as an aggravating circumstance if the information obtained is classified as secret or confidential. It also aims to increase the penalty (eight to ten years of imprisonment) if the information obtained via interception compromises defense, security and national sovereignty. The legislator, arguably, did not take into account that our law already punishes anyone who gets hold of and, or, disseminates information which has been “kept secret in the interest of national defense”, with a penalty of up to 15 years of imprisonment (art. 331 CP).

On the other hand, the fact that obtaining information (eg, classified as secret or confidential) for motives of “public interest” has not been indicated as being exempt of liability is not, in my view, an obvious limitation of freedom of information. First, because it expressly prohibits dissemination and, secondly, because the legitimate exercise of a right (art. 20 inc . 8 CP) justifies the conduct of every citizen, as it is irrelevant – when declaring innocence – for each offense to expressly state that the agent must act “rightly” or in “public interest”.

It is true that criminal law must adapt to “modern times”, however, this process should be performed according to its very own underlying principles and with respect for fundamental rights. Therefore, I believe that the bill should be observed by the President .

* Surprisingly, despite of the strong opposition from civil society and an important part of the industry, the president of Peru, Ollanta Humala, approved today, October 22, the Cybercrime Act. More information (in spanish) here.

Eduardo Alcocer is a Professor of Criminal Law at the Pontifical Catholic University of Peru. Lawyer and member of Estudio Oré Guardia.