AIC Comments on the Draft Cybercrime Law for Cambodia
- We encourage the Government of Cambodia to ensure that criminal offenses be subject to an
individual’s intent and not just based on whether or not that individual has authorization to
conduct an activity. We also encourage the Government of Cambodia to include strong
intermediary liability protections so that web companies are not held liable for content posted by
third parties. Furthermore, definitions about what content is illegal should be made explicit so that
legitimate expression is not stifled.
- Article 3: The scope extends to service providers and individuals outside of Cambodia but
without any reference to jurisdiction. For the Law to be enforceable, it should either reference the
mechanism(s) through which the Law will be enforced (e.g. through MLAT) or it should not
attempt to extend extraterritorially.
- Article 23: This offense is very broad. Typically there are exceptions for these kinds of clauses
which should be added here. Uncertainty in this area could prevent companies which handle user
data from establishing offices or building local data centres.
- Article 24: Most of the criminal offenses are based on a model that someone has done something
without “authorization/right”. What the offenses lack is a clear demonstration that the offense was
committed with intent. For example, if someone accesses a file accidentally that they do not have
authorization to access, it would not be fair to punish them as if they had intentionally accessed
that file that they knew they did not have authorization to access. We encourage strong intent
requirements to be added to criminal offenses.
- Article 28: This article is troubling as it could be used to limit legitimate forms of online
expression. The definitions for offenses are not sufficiently clear for a user to know when content
are illegal. This article does not reference any intermediary liability protections which ensure that
platforms hosting content are not held liable for content posted by a user. Intermediary liability
protections should be added to this article.
- Article 29: We suggest the inclusion of a safe harbour regime that protects online intermediaries
from liability for offenses committed by third parties such as but not limited to copyright and
fraud, as long as there is a reasonable notice and take down framework in place.
- Article 30: we suggest further defining (1) the intent to commit fraud and (2) fraud itself a bit
more clearly. As such, we recommend the following change: Should an individual or organization
purposefully seek to cause a loss of property to another individual or organization by committing
fraud, or a wrongful or criminally deceptive act intended to result in financial or personal gain for
oneself or another, through a computer system (such as inputting, altering or deleting critical data
and/or interfering with the functioning of a computer system), this individual or organization shall
be sentenced from 03 years to 12 years and fined from six million Riel (6,000,000) to twenty four
million Riel (24,000,000).