Octopus Cybercrime Community

Chadian members of parliament adopted the Law no 009/PR/2015 from 10 February 2015, on Cybersecurity and the fight against Cybercrime.

The Law on Cybersecurity and Cybercrime of 2015 is the main source of substantive law provisions, addressing mostly content-related offences of fraud, forgery and child pornography. The law on cybersecurity and cybercrime provides penalties for cybercrime such as:

• Child pornography (Art 81-85): from one to five years imprisonment with a fine from one to ten million francs. This penalty is increased if the scheme is followed by a physical act and the penalty is five to ten years imprisonment and a fine from two to 20 million francs.  
• Illegal access (Art 66): from one to five years imprisonment with a fine from one to ten million francs
• Offense against national security and offenses such as online fraud and concealing of computer data. The penalty ranges from one to five years imprisonment with a fine from one to ten million francs.

In 2017, Chad adopted a Criminal Code which codifies the Law on cybersecurity and cybercrime (2015) in the Chapter 2 of the “Livre 6”. The provisions are divided as follows:

Section 1: attacks on computer systems (art. 429-431)

• Sub-section 1: breaches of confidentiality and integrity of computer systems
• Sub-section 2: fraudulent introduction of data into a system

Section 2: computer data breaches (art. 432-442)

• Sub-section 1: falsification and use of falsified data
• Sub-section 2: misuse of devices
• Sub-section 3: digital identity theft, association of computer criminals and complicity

Section 3: offences relating to content (art. 443-451)

• Sub-section 1: child pornography
• Sub‐section 2: racist and xenophobic acts by means of a computer system

Section 4: nonexecution of injunctions and disclosure of investigation information (art. 452-454)

Section 5: offences relating to cryptology (art. 455-460)

Section 6: spamming (art. 461)

Law n° 14 regarding electronic communications provides, in Chapter VII, criminal law provisions in case of computer crime, including:

• Article 114 : imprisonment of 1 year to 5 years and a fine of 10 million francs to 200 million francs or one of the two penalties, in case of fraudulent use for personal purposes of a public electronic communication network or in case of fraudulent access by any means to a private line.
• Article 115: shall be punished with imprisonment of 6 months to 1 year and a fine of 1 million francs to 10 million francs or one of the two penalties, the one who intentionally transmits or introduces on the radio channel, false or misleading signals or distress calls.
• Article 116: shall be punished with 1 year to 5 years and a fine of 5 million francs to 50 million francs or one of the two penalties, the one who, by any means, wilfully causes the interruption of electronic communications.
• Article 120 : shall be punished with imprisonment of 1 year to 5 years and a fine of 10 million francs to 200 million francs or one of the two penalties, without prejudice to any compensation, anyone who, fraudulently or intentionally:

1. Uses facilities or obtains an electronic communications service
2. Uses for personal purposes or not, a public communication network or access, by any means, a private line
3. Uses services obtained through crimes specified in a) or b)

The Law on Cybersecurity and Cybercrime also refers to limited scope of procedural powers corresponding to data preservation, production orders and interception.

The law n° 13 regulating electronic communications and postal activities states in article 16 that the Electronic Communications and Postal Regulation Authority may, on the basis of a written reasoned decision, compel network operators or a provider of associated services of electronic communications and post, to provide information or documents that are necessary to ensure compliance with obligations.

Chad decided on a new Constitution published in 2018. The Chadian Constitution guarantees fundamental freedoms such as the right to privacy (art. 17) and the freedoms of expression and of communication (art. 28).

The law n° 13 regulating electronic communications and postal activities provides that the Electronic Communications and Postal Regulation Authority may, for the purposes of an investigation, close the premises of a network operator or a provider of associated services of electronic communications and post. However, the closure of these premises shall not exceed 72h with a court order.

The African Declaration of Rights and Freedom on the Internet of 28 August 2014 commits its signatories to respect the right to privacy, security on the Internet and to due process.

• Privacy: everyone has the right to privacy online including the right to control how their personal data is collected, used, disclosed, retained and disposed of. Everyone has the right to communicate anonymously on the Internet, and to use appropriate technology to ensure secure, private and anonymous communication. The right to privacy on the Internet should not be subject to any restrictions, except those which are provided by law, for a legitimate purpose and necessary and proportionate in a democratic society, as consistent with international human rights standards.
• Security on the Internet: Everyone has the right to security on the Internet and to be protected from harassment, stalking, people trafficking, identity theft and misuse of one’s digital identity and data. Everyone has the right to enjoy secure connections to and on the Internet including protection from services and protocols that threaten the technical functioning of the Internet, such as viruses, malware, phishing, and D-Dos attacks.

• Law No 13/PR/2014 regulating electronic communications and postal activities
• Law No 14/PR/2014 regarding electronic communications
• Law No. 07/PR/2015 of 10 February 2015 on the protection of personal data
• Law No. 06/PR/2015 of 10 February 2015, establishing the National Agency for Computer Security and Digital Certification (ANSICE)
• Law No. 08/PR/2015 of 10 February 2015 concerning electronic transactions

The law No. 07/PR/2015 of 10 February 2015 on the protection of personal data aims at creating a complete legal framework to protect the collection, processing, transmission and storage of private and professional data. It enshrines the guiding principles of processing personal data, determines the rights of the person whose data is processed and specifies the obligations of the data controller and processor.

• National Agency for Computer Security and Digital Certification (ANSICE)
• Chadian Office of Telecommunications Regulation (OTRT)
• The electronic communications and postal regulation authority (ARCEP)
• The National State Security Agency