Octopus Cybercrime Community

Bahamas adopted the Computer Misuse Act (2003), the only Bahamian legislation that addresses cybercrime directly (the “CMA”) and contains provisions on: unauthorised access, obstruction to or modification of computer material; unauthorised use or interception of computer service; unauthorised disclosure of access code; incitement, abetment and attempt; and relevant law enforcement powers.

Data Protection (Privacy of Personal Information) Act (2003) – contains provisions on privacy, data protection, data subject rights, enforcement, and penalties.This Act contains exemptions for the transfer of data for criminal investigations and prosecutions and permits international transfers of criminal evidence, including when the transfer is pursuant to treaty.

The Electronic Communications and Transactions Act (2003) – includes provision on electronic communications data retention, electronic communications as evidence, and electronic signatures.

Sexual Offences and Domestic Violence Act (2010) – includes provisions on sexual procuration, child pornography, and voyeurism, including by electronic means. Article 9 - It does not criminalise the covered conducts if they are carried out for certain purposes

The Computer Misuse Act more specifically criminalises actions which fall into the following categories:

• Using a computer to secure unauthorised access to any program or data held in a computer;
• Using a computer to secure access to any program or data held in any computer with intent to commit an offence involving property, fraud or dishonesty, or which causes bodily harm;
• Doing any act which is known to cause unauthorised modifications in the contents of any computer;
• Knowingly (i) securing access without authority to any computer for the purpose of obtaining any computer service, or (ii) intercepting without authority any computer functions using any device, or (iii) using or causing a computer to be used directly or indirectly for the purpose of committing an offence;
• Knowingly and without authority or lawful excuse interfering with, interrupting or obstructing the lawful use of a computer; or impeding or preventing access to, or impairing the usefulness or effectiveness of, a computer;
• Knowingly and without authority disclosing any password, access code or other means of access to any program or computer data for wrongful gain or an unlawful purpose or knowing that it would cause wrongful loss to any person; and
• Obtaining access to any protected computer in the course of commission of an offence.

The Computer Misuse Act thus criminalises the most common forms of cybercrime, including hacking, phishing scams and spoofing emails. The CMA also covers offences such as cyberstalking, cyberbullying, unlawful online gaming and online prostitution.

The Bahamas is a Party to one intellectual property treaty; whether it has criminalised the covered conduct as required by the Budapest Convention Article 10 is not known.

The Criminal Procedure Code is the main general framework applicable to all cybercrime related investigations.

The Computer Misuse Act also includes some procedural powers related to the offenses listed, in Art. 15 - Police powers and Art. 16 - Power of police officer to access computer and data. Art. 15 and Art. 16 refer specifically to search and seizure procedures.The Computer Misuse Act does provide for a form of data retention. However, data retention does not serve the same purposes as data preservation, which is absent.