AIC Comments on the Draft Cybercrime Law for Cambodia

Share on Facebook3Tweet about this on Twitter0Share on Google+0Share on LinkedIn0Pin on Pinterest0Share on Reddit0Share on StumbleUpon0Buffer this pageEmail this to someoneDigg thisShare on Tumblr

AIC Comments on the Draft Cybercrime Law for Cambodia

  1. We encourage the Government of Cambodia to ensure that criminal offenses be subject to an
    individual’s intent and not just based on whether or not that individual has authorization to
    conduct an activity. We also encourage the Government of Cambodia to include strong
    intermediary liability protections so that web companies are not held liable for content posted by
    third parties. Furthermore, definitions about what content is illegal should be made explicit so that
    legitimate expression is not stifled.
  2. Article 3: The scope extends to service providers and individuals outside of Cambodia but
    without any reference to jurisdiction. For the Law to be enforceable, it should either reference the
    mechanism(s) through which the Law will be enforced (e.g. through MLAT) or it should not
    attempt to extend extraterritorially.
  3. Article 23: This offense is very broad. Typically there are exceptions for these kinds of clauses
    which should be added here. Uncertainty in this area could prevent companies which handle user
    data from establishing offices or building local data centres.
  4. Article 24: Most of the criminal offenses are based on a model that someone has done something
    without “authorization/right”. What the offenses lack is a clear demonstration that the offense was
    committed with intent. For example, if someone accesses a file accidentally that they do not have
    authorization to access, it would not be fair to punish them as if they had intentionally accessed
    that file that they knew they did not have authorization to access. We encourage strong intent
    requirements to be added to criminal offenses.
  5. Article 28: This article is troubling as it could be used to limit legitimate forms of online
    expression. The definitions for offenses are not sufficiently clear for a user to know when content
    are illegal. This article does not reference any intermediary liability protections which ensure that
    platforms hosting content are not held liable for content posted by a user. Intermediary liability
    protections should be added to this article.
  6. Article 29: We suggest the inclusion of a safe harbour regime that protects online intermediaries
    from liability for offenses committed by third parties such as but not limited to copyright and
    fraud, as long as there is a reasonable notice and take down framework in place.
  7. Article 30: we suggest further defining (1) the intent to commit fraud and (2) fraud itself a bit
    more clearly. As such, we recommend the following change: Should an individual or organization
    purposefully seek to cause a loss of property to another individual or organization by committing
    fraud, or a wrongful or criminally deceptive act intended to result in financial or personal gain for
    oneself or another, through a computer system (such as inputting, altering or deleting critical data
    and/or interfering with the functioning of a computer system), this individual or organization shall
    be sentenced from 03 years to 12 years and fined from six million Riel (6,000,000) to twenty four
    million Riel (24,000,000).

Leave a Reply

Your email address will not be published. Required fields are marked *


− three = 1