Status regarding Budapest ConventionSee legal profile
The National Cyber Security Strategy of Afghanistan has been adopted in November 2014; no updated version has been reported since.
Two of Strategy’s objectives are referring to cybercrime: “To enable and strengthen an effective prevention, investigation and prosecution of cyber and electronic crimes, enforce the law enforcement capabilities through an effective cyber law and legislation” and “To enhance and strengthen international cooperation’s to fight cyber crimes”.
AFCERT is the main responsible agency identified in the Strategy, including as authority to coordinate efforts against cybercrime and serve as first responder in cybercrime investigations; coordination with law enforcement is also part of its duties.
State of cybercrime legislation
Cybercrime Code which forms part of the country’s new Penal Code was reportedly signed into law in June 2017, but without procedural law and international cooperation provisions. Draft Info-Communications Technology Law (reportedly based on publicly available draft) includes most of procedural powers under the Convention.
Substantive law: basic provisions are largely in place.
Section 12 of the Penal Code of Afghanistan comprises provisions on cybercrimes. Cybercrimes are defined as crimes that occur in cyberspace through the use of modern technology, information, and electronic communication. Crimes of disrupting a computer network, using of illegal means to access a computer system, programs, and computerized information, changing or destroying a computer system or the password and security code of the system, or installing viruses in the system may incur a penalty ranging from a fine of AFG600 (about US$9) to short-term , long-term, and even life imprisonment. (Id. arts. 856, 857, & 858.) Short-term imprisonment is imprisonment for more than six months up to one year; medium-term imprisonment, one year up to five years; and long-term imprisonment, from five years up to 16 years. The Cyber Crime Code also includes as crimes, punishable with a fine ranging from AFG6,000 to AFG300,000 (about US$89-$4,431) or medium-term imprisonment, the following actions:
disclosing the password or security code of an information system (Draft Cyber Crime Code, art. 859);preventing others from having access to an information system (id. art. 860);
creating, preparing, and using an information system to commit crimes (id. art. 861);
electronic counterfeiting (id. art. 862); and electronic fraud (id. art. 863).
Theft of another person’s Internet service is punishable upon conviction by a fine of twice the amount of the cost of the stolen service. (Id. art. 865).
Cyber terrorism (id. art. 866), cyber espionage and cyber warfare (id. art. 868), and cyber gambling (id. art. 875) are punishable by the penalties imposed in the other relevant chapters of the Penal Code now being drafted.
Cyber crimes involving personal offenses against individuals include misuse of another person’s identity for committing a crime is punishable with a sentence of medium-term imprisonment (id. art. 869); disclosure of another person’s personal or privacy-related information, punishable with imprisonment for a term of one to three years or a fine of from AFG60,000 to AFG180,000 AFG (id. art. 871); and blackmail, punishable with short-term imprisonment or a fine of AFG30,000 to AFG60,000 (id. art. 872). For crimes against public morality and chastity, the punishment is a fine of from AFG5,000 to AFG20,000 (about US$74-$295) (id. art. 870), while using cyberspace to broadcast discriminatory remarks and to defame religion are both punishable with a fine of from AFG5,000 to AFG60,000 (id. arts. 873 & 874, respectively). One of the stiffest fines imposed in connection with offenses against social mores is that for disseminating child pornography: medium-term imprisonment of up to two years or a fine of from AFG60,000 toAFG120,000 (id. art. 877)
The Draft Info-Communications Technology Law includes specific procedural measures, applicable to all the investigations related to cybercrime, to crimes committed by the means of computer systems and to all the criminal investigations where digital evidence is required.
The Draft Info-Communications Technology Law includes provisions on warrants for disclosure of traffic data (Article 144), warrant for production (Article 145), powers of police to access computer systems and data (Article 146), real time collection and recording of data (Article 147), powers for preventing or countering threats to national security (Article 148), retention of traffic data (Article 149) and arrest and detention by police without warrant (Article 150).
Under the draft legislation, almost every power requires a judicial warrant which has detailed safeguard criteria.
Related laws and regulations
Draft Info-Communications Technology Law
Besides an extensive legal framework on technical aspects, there are important acts on this field respecting:
Law on the support the right of authors, composers, artists and researchers (Copy Right Law), No. 54 of 21st July 2008;
Telecom Services Regulation Law.
At present, prosecution is the purview of the Prosecution Service comprised of the Attorney General's Office and district level attorneys.
With respect to cybercrime, data protection and cybersecurity the Information systems security directorate ISSD of the Ministry of Communication and Information Technology (MCIT) and the cybercrime department of Ministry of Interior are the relevant institutions. The Ministry of Interior asks ISSD for cooperation in almost all cybercrime cases. The AFCERT team managed by ISSD is comprised of the most trained personnel within the government for cybercrime investigations.
Data Protection is also the purview of the Information systems security directorate ISSD of MCIT.
The Afghanistan Telecom Regulatory Authority (ATRA which is based at MCIT) is the telecom regulator in Afghanistan.
The legal competence to begin and direct criminal investigations lies with the Attorney General's Office. There is an attorney directorate for each district and when any crime takes place by law the district Police reports the crime and requests district attorneys to conduct the prosecution. Thereafter, the case goes to the court. All attorneys send a copy of their report to the Attorney General's Office for record keeping purposes.
Competent authorities and channels
Under the draft Info-Communications Technology Law the legal competence to begin and direct criminal investigations belongs to the investigation agency to be designated by the government (Article 152). The investigation agency is the competent authority to send and to receive international cooperation requests.
Under the draft legislation, the investigation agency shall designate a 24/7 point of contact. This point of contact shall have specific competence to provide technical advice, expedited preservation of stored computer data and traffic data and searches and seizure of data, provision of legal information and locating suspects.
Practical guides, templates and best practices
Afghanistan is not a signatory to the treaties and conventions on judicial international cooperation within the European Union and the Council of Europe.
The draft legislation provides specific international cooperation measures and includes expedited preservation of stored computer data (Article 155), expedited disclosure of preserved traffic data (Article 156), mutual assistance regarding accessing of stored computer data (Article 157), mutual assistance regarding the real-time collection of traffic data (Article 158), mutual assistance regarding the interception of content data (Article 159) and 24x7 networks (Article 160) within international cooperation.
In particular, Article 154 allows the investigation agency to access data stored in a computer system where publicly available or access through a computer system located in its territory, the data, through legal and voluntary consent of the person legally authorized to disclose them.
As the legislation is currently in draft form, no jurisprudence/case law is available.
Sources and links
Ministry of Communication and Information Technology
Afghanistan Telecom Regulatory Authority
Information and Communication Technology Institute
Attorney General’s Office
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
Are you aware of the latest legislative or policy developments on cybercrime and electronic evidence?
Share this information with us helping to keep this platform up to date.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). English and bilingual versions available.
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). English and bilingual versions available.