Mauritius - Octopus Cybercrime Community

Back Mauritius

Status regarding Budapest Convention

Status : Party Declarations and reservations : No reservations. See legal profile

Cybercrime policies/strategies

Mauritius has been a Party to the Budapest Convention since 2013 and was the first African country to accede to the Convention. Since 2014, it has benefitted from the support provided by the GLACY and the GLACY+ Projects. One of the main activities was to train and empower judges, magistrates and prosecutors with the aim to establish and maintain a pool of national judicial trainers, in partnership with the Institute for Judicial Legal Studies. Such capacities are expected to be leveraged to reach out to neighbouring countries and confirm Mauritius as a capacity building hub on cybercrime and electronic evidence in the South African region.

Mauritius has adopted Cybercrimestrategy for 2017 – 2019. However, Mauritius already had a Cybersecurity strategy that ran from 2014 to 2019. This Cybercrime strategy ran in parallel and dealt with the issues pertaining the investigation and prosecution of criminals and the role of the criminal justice system, while the cyber security strategy focused on prevention, mitigation and defence of critical national infrastructure assets.

From a legislative point of view, amendments have been brought to cybercrime legislative scenery through the introduction of Section 46 of the Information and Communication Technologies Act following recommendations provided by the GLACY+ project. With these amendments in 2016, Mauritius introduced the criminalization of cyber harassment.

Cybercrime legislation

State of cybercrime legislation

Mauritius passed the Computer Misuse and Cybercrime Act in 2003.

The Act provides for criminal offences relating to cybercrime and the related rules for investigations and procedures. The Act also covers issues regarding prosecutions, jurisdiction, extraditions and forfeitures.

Substantive law

The Computer Misuse and Cybercrime Act 2003 provides for the following offences:

Unauthorised access to computer data
Access with intent to commit offences
Unauthorised access to and interception of computer service
Unauthorised modification of computer material
Damaging or denying access to computer system
Unauthorised disclosure of password
Unlawful possession of devices and data
Electronic fraud

Procedural law

The Computer Misuse and Cybercrime Act 2003 also covers the procedure for cybercrime investigations and related court applications Part III of the Act deals with investigations and procedures. It includes the following:

Preservation order
Disclosure of preserved data
Production order
Powers of access, search and seizure for purposes of investigation
Real time collection of traffic data
Deletion order

The applications for the orders mentioned above are made before the Supreme Court ( Judge in Chambers , for urgent applications).

Safeguards

One of the safeguards in the Computer Misuse and Cybercrime Act is the limited use of disclosed data and information ( Section 17 of the Act (reproduced below))

17. Limited use of disclosed data and information

No data obtained under sections 11 to 15 shall be used for any purpose other than that

for which the data was originally sought except—

(a) in accordance with any other enactment;

(b) in compliance with an order of a Court or Judge;

(c) where such data is required for the purpose of preventing, detecting or investigating offences, apprehending or prosecuting offenders, assessing or collecting tax, duty or other monies owed or payable to the Government;

(d) for the prevention of injury or other damage to the health of a person or

serious loss of or damage to property; or

(e) in the public interest.

Related laws and regulations

The Information and Communication Technologies Act 2001 is another very important piece of legislation in field of Information Technology and Telecommunications, and cybercrime, in Mauritius.

Section 46 of the Act (reproduced below) deals with criminal offences.

46. Offences

Any person who—

(a) by any form of emission, radiation, induction or other electromagnetic effect, harms the functioning of an information and communication service, including telecommunication service;

(b) with intent to defraud or to prevent the sending or delivery of a message, takes an information and communication message, including telecommunication message from the employee or agent of a licensee;

(c) with intent to defraud, takes a message from a place or vehicle used by a licensee in the performance of his functions;

(d) steals, secretes or destroys a message;

(e) wilfully or negligently omits or delays the transmission or delivery of a message;

(f) forges a message or transmits or otherwise makes use of a message knowing that it has been forged;

(g) knowingly sends, transmits or causes to be transmitted a false or fraudulent message;

(ga) uses telecommunication equipment to send, deliver or show a message which is obscene, indecent, abusive, threatening, false or misleading, which is likely to cause or causes annoyance, humiliation, inconvenience, distress or anxiety to any person;

(h) uses, in any manner other than that specified in paragraph (ga), an information and communication service, including telecommunication service—

(i) for the transmission or reception of a message which is grossly offensive, or of an indecent, obscene or menacing character; or

(ii) which is likely to cause or causes annoyance, humiliation, inconvenience, distress or needless anxiety to any that person;

(iii) for the transmission of a message which is of a nature likely to endanger or compromise State defence, public safety or public order;

(ha) uses an information and communication service, including telecommunication service, to impersonate, or by any other means impersonates, another person which is likely to cause or causes annoyance, humiliation, inconvenience, distress or anxiety to that person;

(i) dishonestly obtains or makes use of an information and communication service, including telecommunication service, with intent to avoid payment of any applicable fee or charge;

(j) by means of an apparatus or device connected to an installation maintained or operated by a licensee—

(i) defrauds the licensee of any fee or charge properly payable for the use of a service;

(ii) causes the licensee to provide a service to some other person without payment by such other person of the appropriate fee or charge; or

(iii) fraudulently installs or causes to be installed an access to a telecommunication line;

(k) wilfully damages, interferes with, removes or destroys an information and communication installation or service, including telecommunication installation or service, maintained or operated by a licensee;

(ka) wilfully tampers or causes to be tampered the International Mobile Station Equipment (IMEI) of any mobile device;

(l) establishes, maintains or operates a network or service without a licence or in breach of the terms or conditions of a licence;

(m) without the prior approval of the Authority, imports any equipment capable of intercepting a message;

(n) discloses a message or information relating to such a message to any other person otherwise than—

(i) in accordance with this Act;

(ii) with the consent of each of the sender of the message and each intended recipient of the message;

(iii) for the purpose of the administration of justice; or

(iv) as authorised by a Judge;

(na) knowingly provides information which is false or fabricated;

(o) except as expressly permitted by this Act or as authorised by a Judge, intercepts, authorises or permits another person to intercept, or does any act or thing that will enable him or another person to intercept, a message passing over a network;

(p) in any other manner, contravenes this Act or any regulations made under this Act, shall commit an offence.

Amended by Act No 2 of 2016, Act No 14 of 2018

Other Related laws and regulations

Data Protection Act 2017, in force since 15 January 2018 (replacing the Data Protection Act 2004)

Electronic Transactions Act 2000

Child Protection Act 1994

It must be noted that the above mentioned legislation relate to cybercrime offences in part ( for example the Child Protection Act is included in this list as it criminalises , amongst other things, the illegal use of indecent child photographs).

Specialised institutions

The main specialized institutions in Mauritius are:

The Police force (IT Unit)
The Information and Communication Technologies Authority ( ICTA)
The Mauritian National Computer Security Incident Response Team (CERT-MU)
The National Computer Board
The Attorney General’s Office
The Office of the Director of Public Prosecutions ( which also comprises of a cybercrime unit)
The IT Security Unit

International cooperation

Competent authorities and channels

According to the Mutual Assistance in Criminal and Related Matters Act 2003, the Attorney General, designated as the “Central Authority” for the purposes of a request from a foreign State or an international criminal tribunal, or a request from Mauritius to a foreign State or an international criminal tribunal, is the appropriate competent authority.

Jurisprudence/case law

Cybercrime cases in Mauritius include:

Police v N. S. Mohamed 2011 Intermediate Court 120

Nadir aged 17 was arrested for having harassed, hacked and defaced a girl of 16’s profile on Social Networking websites. He was sentenced by the Intermediate Court to a fine of Rs. 190,000 on 17 counts under the ICT Act 2001 and Computer Misuse and Cybercrime Act 2003.

Police v S.Teeluck Date of Decision 28 March 2012

A graphic designer arrested for having committed Identity theft by creating a fake profile on Facebook by using victim’s identity and sending two threatening emails to the complainant who was a minor.

Judgment : fine of Rs. 150,000 on two counts under the ICT Act 2001.

Police v N. K. Teeluck

Accused was arrested for having used his iphone to access the database of a company engaged in betting activities, Supertote, and fraudulently withdrawn Rs.100,000 from the account of Supertote. Accused was prosecuted for Unauthorised Access to computer data and Electronic Fraud.

Judgment: Accused fined Rs.380,000.

Police v Choo Kui Chan & others (2012)

Accused parties were found in possession of 21 fake credit cards, bearing names of foreigners and used these cards to buy articles for an amount of Rs.3 Million.

Judgment: 20 months imprisonment.

Police vs Ramrichia 2013 Int 74

Accused, a government servant ,was arrested and prosecuted for obstruction of the operation of a computer system. He had sent long URLs on the Government Online Centre server and one of the URLs caused an obstruction of service. Accused pleaded not guilty.

Judgment: Fined Rs 25,000.

Police v M.I. Nuckcheddy 2013 Int 69

Mr. Nuckcheddy, a Government servant was arrested for having unlawfully downloaded files on the internet related to Al Qaeda videos and notes, and that too during office hours on a Government Computer system, after having unlawfully modified the IP Addresses on four occasions despite being access to internet being blocked . He confessed the cases during the enquiry but pleaded not guilty in Court.

Judgment: Accused found guilty and fined Rs. 90,000.

Ramsaran v State of Mauritius [2013] SCJ 466

Accused was convicted on 25 counts for effecting unauthorised withdrawal through ATM while he was only authorised to use the electronic card to pay for the telecom bills. On appeal the Supreme Court upheld the sentence and held:

“It is plain therefore, that an offence would lie against the appellant on each occasion that he has had access to the ATM to make a withdrawal without the consent of the complainant who was the only person entitled to give him consent to access the system in order to make a withdrawal of money from her account by making use of her card.

Judgment: fine of Rs 125,000.

Police v K. Bunwaree & S. Dowlut (2014)

Accused No.1 posted on facebook comments which caused prejudice to a religion, and such post caused a social disharmony. She confessed the case and was fined by the Intermediate Court to a fine of Rs.25,000 on one count.

Accused No. 2 did comment on 12 occasions to the post made by accused No. 1 and his comments too contained racial hatred, prejudicial to a religion. He confessed the case and was fined by the Intermediate Court to pay Rs. 25,000 per count. Total fine was Rs. 300,000.

Judgement: Accused No 1 fined Rs25,000 and Accused No 2 fined Rs 300,000.

Police v Khliupta, Polivanov, Ternavchuk (2014)

The accused, floreign nationals, were arrested for using fake credit cards to effect withdrawals. 31 fake credit cards on the names of foreign nationals were also secured. They all pleaded guilty to the charges.

Judgment: 1 year imprisonment and a total fine of Rs 1,400,000.

Police v Cubelac, Coulson & Barbu (2015)

The Accused, foreign nationals, were arrested for having used fake credit cards and withdrawn sum of Rs.400,000 from a local Bank, through ATMs around the island They were confronted to CCTV Footage and subsequently confessed the case. Fake credit cards and a skimmer were secured in the hotel where they were residing.

Judgment: Accused Cubelac was fined Rs. 375,000, Coulson Rs. 400,000 & Barbu Rs. 450,000.

Police v Petrasco and Galearschi (2015)

The accused, foreign nationals, were arrested with 8 magnetic cards. Their attempts to withdraw money from various ATMs were unsuccessful.

Judgment: Fined Rs 80,000 and imprisonment of 1 year.

Police v Zhang Guiping, Liu Ruichin, Hu Xia Mao, Liu Xiayong (2016)

The four accused, foreign nationals, used skimmer devices and spy camera to capture more than 1500 card details of bank clients. 15 plastic magnetic cards were also secured from them. Accused confessed to the charges and admitted their respective participation.

Judgment: Accused No. 1 fined Rs 40,000, Accused No.2 fined Rs120,000, Accused No.3 fined Rs 220,000 and Accused No 4 Rs 80,000.

Sujeeun V.S. v The State [2018] SCJ 165

The Accused, was prosecuted before the Intermediate Court with the offence of using an information and communication service for the purpose of causing inconvenience to a person, in breach of sections 46(h)(ii) and 47 of the Information and Communication Technologies Act (ICTA). The Accused pleaded not guilty and was represented by Counsel. He was convicted and sentenced to be conditionally discharged upon entering into recognizance in his own name in the sum of Rs 50,000 and furnishing a security of Rs 30,000 within 21 days and to be of good behaviour for a period of two years failing which to undergo six months imprisonment. He appealed against his conviction on 14 grounds which were all unsuccessful.