Octopus Cybercrime Community

Cybercrime Code which forms part of the country’s new Penal Code was reportedly signed into law in June 2017, but without procedural law and international cooperation provisions. Draft Info-Communications Technology Law (reportedly based on publicly available draft) includes most of procedural powers under the Convention.

Substantive law: basic provisions are largely in place.

Section 12 of the Penal Code of Afghanistan comprises provisions on cybercrimes. Cybercrimes are defined as crimes that occur in cyberspace through the use of modern technology, information, and electronic communication. Crimes of disrupting a computer network, using of illegal means to access a computer system, programs, and computerized information, changing or destroying a computer system or the password and security code of the system, or installing viruses in the system may incur a penalty ranging from a fine of AFG600 (about US$9) to short-term , long-term, and even life imprisonment. (Id. arts. 856, 857, & 858.) Short-term imprisonment is imprisonment for more than six months up to one year; medium-term imprisonment, one year up to five years; and long-term imprisonment, from five years up to 16 years. The Cyber Crime Code also includes as crimes, punishable with a fine ranging from AFG6,000 to AFG300,000 (about US$89-$4,431) or medium-term imprisonment, the following actions:

disclosing the password or security code of an information system (Draft Cyber Crime Code, art. 859);preventing others from having access to an information system (id. art. 860);

creating, preparing, and using an information system to commit crimes (id. art. 861);

electronic counterfeiting (id. art. 862); and electronic fraud (id. art. 863).

Theft of another person’s Internet service is punishable upon conviction by a fine of twice the amount of the cost of the stolen service. (Id. art. 865).

Cyber terrorism (id. art. 866), cyber espionage and cyber warfare (id. art. 868), and cyber gambling (id. art. 875) are punishable by the penalties imposed in the other relevant chapters of the Penal Code now being drafted.

Cyber crimes involving personal offenses against individuals include misuse of another person’s identity for committing a crime is punishable with a sentence of medium-term imprisonment (id. art. 869); disclosure of another person’s personal or privacy-related information, punishable with imprisonment for a term of one to three years or a fine of from AFG60,000 to AFG180,000 AFG (id. art. 871); and blackmail, punishable with short-term imprisonment or a fine of AFG30,000 to AFG60,000 (id. art. 872). For crimes against public morality and chastity, the punishment is a fine of from AFG5,000 to AFG20,000 (about US$74-$295) (id. art. 870), while using cyberspace to broadcast discriminatory remarks and to defame religion are both punishable with a fine of from AFG5,000 to AFG60,000 (id. arts. 873 & 874, respectively). One of the stiffest fines imposed in connection with offenses against social mores is that for disseminating child pornography: medium-term imprisonment of up to two years or a fine of from AFG60,000 toAFG120,000 (id. art. 877)

The Draft Info-Communications Technology Law includes specific procedural measures, applicable to all the investigations related to cybercrime, to crimes committed by the means of computer systems and to all the criminal investigations where digital evidence is required.

The Draft Info-Communications Technology Law includes provisions on warrants for disclosure of traffic data (Article 144), warrant for production (Article 145), powers of police to access computer systems and data (Article 146), real time collection and recording of data (Article 147), powers for preventing or countering threats to national security (Article 148), retention of traffic data (Article 149) and arrest and detention by police without warrant (Article 150).

Under the draft legislation, almost every power requires a judicial warrant which has detailed safeguard criteria.

Draft Info-Communications Technology Law

Besides an extensive legal framework on technical aspects, there are important acts on this field respecting:

• Law on the support the right of authors, composers, artists and researchers (Copy Right Law), No. 54 of 21st July 2008;
• Telecom Services Regulation Law.

Under the draft Info-Communications Technology Law the legal competence to begin and direct criminal investigations belongs to the investigation agency to be designated by the government (Article 152). The investigation agency is the competent authority to send and to receive international cooperation requests.

Under the draft legislation, the investigation agency shall designate a 24/7 point of contact. This point of contact shall have specific competence to provide technical advice, expedited preservation of stored computer data and traffic data and searches and seizure of data, provision of legal information and locating suspects.

Afghanistan is not a signatory to the treaties and conventions on judicial international cooperation within the European Union and the Council of Europe.

The draft legislation provides specific international cooperation measures and includes expedited preservation of stored computer data (Article 155), expedited disclosure of preserved traffic data (Article 156), mutual assistance regarding accessing of stored computer data (Article 157), mutual assistance regarding the real-time collection of traffic data (Article 158), mutual assistance regarding the interception of content data (Article 159) and 24x7 networks (Article 160) within international cooperation.

In particular, Article 154 allows the investigation agency to access data stored in a computer system where publicly available or access through a computer system located in its territory, the data, through legal and voluntary consent of the person legally authorized to disclose them.