Status regarding Budapest ConventionStatus : Observer See legal profile
Invited to accede: 1 February 2007
The President’s Office presented the National Digital Strategy in November 2013, an initiative that seeks to contribute to reach the goals on the development of information and communication technologies established in Mexico’s 2013-2018 National Development Plan.
The main purpose of the National Digital Strategy is to facilitate and promote the use of ICT’s across the Mexican society and the government in order to contribute to the social and economic development and improve the quality of life of Mexican citizens. The National Digital Strategy is composed of five strategic objectives, five key facilitators and 23 secondary objectives.
The National Digital Strategy of the President’s Office does not explicitly contain policies on the adoption of a national cybersecurity strategy, however it includes diverse actions on the subject matter such as the strengthening of the information security mechanisms in ICTs of the Federal Public Administration; the development of projects aimed at generating skills for preventing criminal conducts against children and teenagers, such as cyberbullying, sexting, child pornography and violence acts and promotes the incorporation of better practices to the legal framework in order to prevent risks against society’s integrity and patrimony as well as a constant work of legal harmonization regarding preventive measures for security risks due to the improper use of ICTs or natural situations.
In turn, the 2014-2018 National Security Program establishes as part of its strategies, the development of a State policy in cybersecurity and cyberdefense for protecting and promoting the national objectives and interests. The mexican goverment is currently working on a project on National Strategy for Information Security (NSIS), it seeks to be the main vehicle to guide and coordinate all the activities and actions undertaken by the entities and branches of the federal government in order to identify, neutralize and counteract risks and threats associated to information security, cybercrime and cyberdefense and the protection of critical infrastructures.
Furthermore, Mexico has developed the information security policy on ICT’s applicable to all agencies and entities of the Federal Public Administration, which is established in the Agreement under which the policies and provisions for the National Digital Strategy on Information and communication technologies and information security matters are issued, along with the Administrative Manual for General Application in said matters and its amendments. Likewise, said collegiate body has developed a collaboration protocol between the official CERT-MX -under the umbrella of the Scientific Division of the Federal Police- and different agencies and branches of the Mexican government, in order to address and respond to incidents and threats that could potentially jeopardize national critical infrastructures.
State of cybercrime legislation
Mexico does not have an independent law to investigate and prosecute cybercrime offenses.
However, the Federal Criminal Code, the Federal Law against Organized Crime and other federal laws and some State Criminal Codes contain provisions that sanction and punish conducts committed through and against the use of computer systems, which includes crimes like illegal access to computer systems, modification or destruction of information contained in computer systems and databases; misuse, interference or destruction of public telecommunications networks; possession, sell and distribution of child pornography, the promotion and facilitation of sexual tourism in national territory and offenses against the security of the nation, which includes espionage, rebellion, terrorism and sabotage.
Mexico has a new National Criminal Procedural Code (NCPC) since March 2014, which will gradually come into force in the 32 States of the Mexican Republic by 18 June 2016. The NCPC switched to an accusatory and oral system and has the prospect to be more flexible, less burdensome and more efficient than the previous procedural system. The NCPC contains specific provisions on how to conduct criminal investigations; allows for the use of electronic means to notify the parties involved in the investigation, contains wide provisions on the use of the chain of custody in the admission of evidence, the intervention of private communications by the Attorney General, procedural safeguards and a full chapter on international legal assistance and cooperation in criminal matters.
During the Workshop on Cybercrime Legislation held in Mexico City on March 31, 2014, the Government of Mexico mentioned that it is currently working together with federal agencies and branches including the Office of the Attorney General and the Ministry of Foreign Affairs on a draft proposal to modify the Federal Criminal Code that will include new punishments and conducts related to cybercrime, which will be sent by the Legal Council of the Executive branch to the Mexican Congress for its endorsement during the current LXII Legislature. The draft proposal includes the following punishments:
- Damage to computer systems and attempts against the integrity and availability of information systems;
- Terrorist activities conducted through internet and information technologies;
- Acts of xenophobia, racism and hatred violence through internet and information technologies;
- Geographic location of mobile systems in real-time;
- Preservation of traffic and content data;
- Sanctions to concessionaires of telecommunication services for not collaborating with law enforcement authorities in the disclosure of information to identity suspects as a result of conducts committed through Internet;
- Misuse of devices;
- Identity theft and computer fraud;
- Possession, distribution, commercialization of child pornography material and contact with minors;
- Illegal access to government systems pertaining to national security; and
- A chapter on international cooperation with foreign 24x7 points of contact and law enforcement authorities, among others.
Different types of cybercrime are punished under the following laws at the federal level:
- Commercialization and misuse of credit and debit cards and payment instruments used by banking and financial systems and illicit access to computer systems pertaining to the financial and banking system (Art. 112 bis of the Credit Institutions Law)
- Illegal access, use and transfer of monetary or security funds of customers of credit institutions through illegal schemes (Art. 113 bis of the Credit Institutions Law)
- Damage, harm or destruction of general communication channels in telecommunication and broadcasting and any real property or furniture used in the installation or operation of a concession interrupting totally or partially communication services (Art. 306 of the Federal Law on Telecommunications and Broadcasting)
- Corruption of minors and the commission of real and simulated sexual acts with individuals younger than 18 years of age with the purpose to exhibit, record, photograph or transmit them through data archives, computer systems or electronic means, including the stock, distribution, sell, purchase, lease, exposure, advertisement, transmission, import and export of child pornography material (Art. 202 and 202 BIS of the Federal Criminal Code)
- Promotion, invitation, facilitation or arrangement of sexual tourism with minors in national territory (Art. 203 and 203 BIS of the Federal Criminal Code)
- Disclosure or unduly used of information or images of an individual obtained in an intervention of private communications (Arts. 211 bis of the Federal Criminal Code)
- Illegal access to computer equipment and information technology systems (Arts. 211 Bis to 211 bis 7 of the Federal Criminal Code)
- Modification, destruction and loss of information contained in computer systems and equipment protected with a security mechanism (Arts. 211 bis 1 and 2 of the Federal Criminal Code)
- Illegal access and use and copy of information contained in systems, equipment or storage devises pertaining to the State (Arts. 211 bis 2 of the Federal Criminal Code)
- Modification, destruction and loss of information contained in computer systems and equipment pertaining to financial institutions (Arts. 211 bis 4 and 5 of the Federal Criminal Code)
- Illegal use of works protected under the Federal Law of Authors’ Rights with the intention to profit and without the corresponding authorization (Art. 424 III of the Federal Criminal Code)
- Manufacture of devises or systems for profit whose main purpose is to deactivate electronic protection features of a computer program (Art. 424 bis II of the Federal Criminal Code)
- Unintentionally or with the purpose to profit generates interruption, intervention of wire, wireless or optic fiber communications whether telephone, telegraph or satellite by which video, audio and data are transmitted (Art. 167 VI of the Federal Criminal Code)
- Decipher or cracking of telecommunications signals other than program satellite carriers (Art. 168 bis I of the Federal Criminal Code)
- Intervention of private communications without judicial mandate of a competent authority (Art. 177 of the Federal Criminal Code)
- Denial of collaboration with the Public Prosecutor and competent authorities to disclose information for the geographic location in real-time of communication devises linked to organized crime investigations, crimes against health, kidnapping, extortion or threats (Art. 178 Bis of the Federal Criminal Code)
- Prevent, delay or refusal to collaborate with law enforcement authorities in the intervention of private communications or to disclose information in terms of the applicable legislation (Art. 178 Bis second paragraph of the Federal Criminal Code)
- Removal, modification or destruction of tracking and surveillance devises (Art. 180 Bis second paragraph of the Federal Criminal Code)
- Security breaches affecting data bases containing personal data under a custody of an entity authorized to process personal data and entities that process personal data deceitfully with the aim of achieving an unlawful profit, including sensitive personal data (Arts. 67 to 69 of the Federal Law on Protection of Personal Data in Possession of Private Parties)
- In addition to the above-mentioned federal laws, there are some Sate Criminal Codes that contain provisions to punish crimes committed through the use of computers. Among them are:
- The Criminal Code for the Federal District punishes the crime of usurpation of identity for illicit purposes (Art 211 Bis)
- The Criminal Code of the State of Aguascalientes contains provisions that punish theft committed through computer systems, damage to computer programs, files and databases and illegal access and damage to computer data and information systems (Arts. 142, 152, 181)
- The Criminal Code of the State of Sinaloa punishes illegal access to computer networks and interception, modification, damage and destruction of computer program and databases (Art. 217)
- The Criminal Code of the State of Baja California punishes illegal access to computer data, and destruction and modification of information contained in computer systems (Article 175 BIS, 175 TER, 175 QUATER)
- The Criminal Code of the State of Tabasco punishes illegal access, damage to computer data and information systems and computer forgery (Arts. 326 bis, 326 bis 1, 326 bis 2, 326 bis 3)
- The Criminal Code of the State of Tamaulipas contains a full chapter on illegal access to computer data, systems and equipment by public officials (Arts. 207 Bis, 207 Ter, 207 Quarter, 207 Quinquies, 207 Sexies)
- The Criminal Code of Puebla punishes illegal access, modification, destruction and causing loss of information contained in computer equipment and systems (Arts. 476 to 478)
- The Criminal Code of Nuevo Leon contains a full chapter that punishes illicit access, modification and damage to computer data and information systems (Arts. 427 to 429)
- Obligations of telecomm and ISP’s to facilitate cooperation with investigative authorities and to execute orders of intervention of private communications (Art. 301 NCPC)
- Powers of the Attorney General to request telecommunication and satellite concessionaires and ISP’s real- time geographic tracking of mobile telecommunication equipment, as well as the immediate preservation of data contained in computer systems and equipment related to crimes committed through the use of computer systems for a maximum term of 90 days. (Art. 303 NCPC)
- Facilitate and offer material and documental evidence and data contained in digital, electronic, optical or any other technological means for its admission in court (Art. 381 NCPC)
- Obligations of telecommunication concessionaires and content service providers to collaborate with security, law enforcement and administration of justice authorities in the geographical location in real-time of mobile communication equipment and the retention of data for twelve months when there is reason to believe that a crime has been committed using mobile telecommunications equipment (Arts. 189, 190 of the Federal Telecommunications and Broadcasting Law)
- Admission of information generated or communicated through electronic or optical means or any other technology as evidence in a civil trial and its preservation in digital form (Art. 210-A of the Federal Code of Civil Procedure)
The right to a fair trial and due process (Art. 16 of the Political Constitution of the Mexican United States)
The respect for privacy, private life and data protection in criminal procedures pursuant to the Constitution and applicable legislation. (Art. 16 second paragraph of the Political Constitution of the Mexican United States and Art. 15 of the NCPC)
The rights of the victims during criminal proceedings (Art 109 NCPC)
The rights of the accused party (Art. 113 NCPC)
Inviolability of private communications (Art. 16 paragraphs twelve and thirteen of the Political Constitution of the Mexican United States)
Related laws and regulations
The following laws, regulations and decrees contain relevant provisions on computer and Internet related crime as explained in previous sections:
- Political Constitution of the Mexican United States, http://www.diputados.gob.mx/LeyesBiblio/pdf/1_07jul14.pdf
- Federal Criminal Code, http://www.diputados.gob.mx/LeyesBiblio/pdf/9_140714.pdf
- Federal Law Against Organized Crime, http://www.diputados.gob.mx/LeyesBiblio/pdf/101.pdf
- National Code of Criminal Procedure, http://www.diputados.gob.mx/LeyesBiblio/pdf/CNPP.pdf
- Federal Code of Civil Procedure, http://www.diputados.gob.mx/LeyesBiblio/pdf/6.pdf
- Federal Law on Telecommunications and Broadcasting, http://www.diputados.gob.mx/LeyesBiblio/pdf/LFTR_140714.pdf
- Federal Law on Protection of Personal Data in Possession of Private Parties, http://www.diputados.gob.mx/LeyesBiblio/pdf/LFPDPPP.pdf
- Regulation of the Federal Law on Protection of Personal Data in Possession of Private Parties, http://dof.gob.mx/nota_detalle.php?codigo=5226005&fecha=21/12/2011
- Law of Credit Institutions, http://www.diputados.gob.mx/LeyesBiblio/pdf/43.pdf
- Code of Commerce, http://www.diputados.gob.mx/LeyesBiblio/pdf/3_130614.pdf
- Federal Law on Consumer Protection, http://www.diputados.gob.mx/LeyesBiblio/pdf/113_040614.pdf
Chain of Custody
ACUERDO número A/002/10 mediante el cual se establecen los lineamientos que deberán observar todos los servidores públicos para la debida preservación y procesamiento del lugar de los hechos o del hallazgo y de los indicios, huellas o vestigios del hecho delictuoso, así como de los instrumentos, objetos o productos del delito (DOF 03/02/2010) http://dof.gob.mx/nota_detalle.php?codigo=5130194&fecha=03/02/2010
ACUERDO A/078/12 de la Procuradora General de la República, por el que se establecen las directrices que deberán observar los servidores públicos para la debida preservación y procesamiento del lugar de los hechos o del hallazgo y de los indicios, huellas o vestigios del hecho delictuoso, así como de los instrumentos, objetos o productos del delito (DOF 23/04/2012 http://www.dof.gob.mx/nota_detalle.php?codigo=5244766&fecha=23/04/2012
The Scientific Division of the Federal Police -an entity of the National Commission of Security from the Ministry of Interior- is the entity in charge of the investigation and prevention of federal crimes. The Scientific Police has a special and outstanding unit on the prevention and countering of cybercrime and child pornography, which also serves as the central point of contact and coordination of cybercrime investigations at the national and international level.
The Scientific Division of the Federal Police has a program to fostering cyber security whose main lines of actions are: (i) the promotion of a culture of prevention of cybercrimes; (ii) strengthen citizenship attention; (iii) creation and compilation of national statistics and data on cybercrime; (iv) entering collaboration agreements to foster the national criminal justice system; and (v) collaboration ad cooperation with foreign cybercrime units in other countries.
The Scientific Division of the Federal Police operates a Computer and Emergency Response Team (CERT-MX), which is currently the official national government CERT. The CERT-MX is the official point of contact with Interpol and the US Department of Justice and its main activities consist of identification and follow-up of cybercrimes and the protection of industrial and critical infrastructures in Mexico.
In addition to the Scientific Division of the Federal Police, there is CISEN (Centre for Research and National Security), which is a federal intelligence centre whose main purpose is to facilitate strategic and operative intelligence that allows for the preservation, integrity, stability and credibility of Mexico. The main role of CISEN is to propose measures to prevent, avoid or dissuade threats and risks to the national security, sovereignty, the constitutional order and the freedoms and democratic liberties of Mexicans. CISEN is part of the Committee on Specialized Information Security (CSIS).
The National Code of Criminal Procedure contains a full title on international legal assistance on criminal matters, which establishes rules on judicial cooperation at the federal and state level with foreign States through the central authority, which is the Office of the Attorney General (Procuraduría General de la República PGR). (Arts 433 to 455)
Mexico has entered and ratified extradition treaties and conventions on judicial and international cooperation in criminal matters with more than 32 countries. The official list of extradition treaties that Mexico has entered is available in the website of the Supreme Court of Justice at: http://www2.scjn.gob.mx/red/constitucion/TI.html
Competent authorities and channels
The competent authority to investigate crimes is the Ministerio Publico at the federal and state level with the support of the Police. The attributions and obligations of the Ministerio Publico are contained in Articles 127 to 131 of the National Code of Criminal Procedure and its Organic Law. The attributions and obligations of the Police -which works under the instruction of the Ministerio Publico- are contained in Article 132 of the National Code of Criminal Procedure.
Extradition of offenders is conducted through the rules of the Montevideo Convention on Extradition, the Federal Criminal Code and the respective extradition treaty with the country where the offender is being prosecuted. The official authorities and channels for international extradition are the Office of the Attorney General and the Ministry of Foreign Affairs.
Intervention of Private Communications
Tesis Jursiprudencial of the Supreme Court of Justice (Contradiction of Tesis 194/2012 of February 2013) The right to intervention of private communications is extended to data contained in mobile phones of detained individuals subject to criminal investigations. Primera Sala, Libro XVII, Febrero de 2013, Tomo 1 pag. 397.
Tesis Jursiprudencial of the Supreme Court of Justice (Tesis: 1a./J. 115/2012) of October 17, 2012. The SCJN found that when a person has been detained and subject to a criminal investigation, the authority might request the seizure of his mobile telephone and request the judicial authority the intervention of private communications pursuant to Article 16 of the Constitution and if data is obtained from the mobile phone of the detainee without the corresponding judicial authorization, the order shall be considered illicit and shall have no legal validity. http://sjf.scjn.gob.mx/sjfsist/Paginas/DetalleGeneralV2.aspx?id=2002741&Clase=DetalleTesisBL
Sources and links
- Office of the Attorney General (Procuraduría General de la República PGR) http://www.pgr.gob.mx/
- Scientific Division of the Federal Police (División Científica de la Policía Federal) http://www.cns.gob.mx/portalWebApp/wlp.c?__c=fdd
- Ministry of Foreign Affairs (Secretaría de Relaciones Exteriores SRE) http://www.sre.gob.mx/
- Centre for Research and National Security (Centro de Investigación y Seguridad Nacional CISEN) http://www.cisen.gob.mx/
- Institute of Federal Access to Information and Data Protection (Instituto Federal de Acceso a la Información y Protección de Datos IFAI) http://ifai.org.mx
- Ciberdelincuencia.Org http://ciberdelincuencia.org