Status regarding Budapest ConventionStatus : Party Ratified / acceded : 22/09/2017 Declarations and reservations : Declarations concerning articles: 10, 24. See legal profile
Costa Rica, in a project led by the Ministry of Science, Technology and Telecommunications (MICITT) has developed a National Cyber Security Strategy, enacted during the year of 2017. This is a strategy dealing with cyber security rather than cybercrime, meaning that areas of cybercrime and electronic evidence are not included to the necessary extent. The Government of Costa Rica has also been very active participating in the Inter-American Strategy to Combat Threats to Cyber security of the Organization of American States (OAS) through the Computer Security and Incident Response Team (CSIRT-CR) of the Ministry of Science, Technology and Telecommunications.
In the Latin American Region the Budapest Convention has been ratified – among others - by Costa Rica in 2017. The country has an extensive substantive, procedural, and international cooperation framework that addresses cybercrime and electronic evidence to a substantial extent, however the need for training in cybercrime and electronic evidence is common among prosecutors and law enforcement. Costa Rica is a priority country of the GLACY+ Project and frequently involved in activities such as legislation, strategies and policies revision, trainings and regional /international conferences.
The Government of Costa Rica through the Ministry of Science, Technology and Telecommunications participated in the Workshop on Cybercrime Legislation in Latin America organized by the Council of Europe and the Government of Mexico from March 31 to April 2, 2014 where the representatives of said Ministry provided updates on substantive and procedural legislation and the national activities to counter cybercrime. During the workshop, the representative of said Ministry commented on the creation of a Division within the Ministry of Science, Technology and Telecommunications that will be especially in charge of cyber security matters pursuant to the National Development Plan of Telecommunications.
State of cybercrime legislation
The legal framework to investigate and prosecute cybercrime in Costa Rica is contained in the National Criminal Code and the Law on Intervention of Telecommunications. Criminal conducts committed through the use of computer and electronic media are contained in a number of national laws dealing with organized crime, tax, customs, public financial matters and the protection of minors.
As a result of the enactment of Law 9048 of June 2012 and Law 9135 of 24 April 2013, the Criminal Code was amended and new types of crime and conducts are considered major crimes including those committed through the use of computer systems and technologies. These crimes are: corruption of minors through social media or electronic means; intervention of private communications and correspondence; illicit access and non-authorized processing of personal data contained in computer and information systems; extortion through electronics means; illicit access and fraud; damage and destruction of information and computer systems; espionage through information systems and the use of technologies; sabotage of information systems and databases through electronic means, among the most relevant.
Regarding procedural provisions, apart from the provisions contained in the Criminal Procedural Code (Law No. 7594), other special laws are applicable such as Law No. 7425 on Intervention of Telecommunications and Law No. 8754 on Organized Crime as well as the Executive Decree Nº 37052-MICIT of March 9, 2012 that creates the national Computer Security Information Response Team (C-SIRT) of Costa Rica.
The following crimes dealing with the use of information and computer systems are punished in Costa Rica:
Promotion of tourism for sexual commercial exploitation and prostitution of individuals (Art. 162 bis of the Criminal Code)
Corruption of children and minors and the use of social media and electronic means to groom children and to oblige them to commit sexual activities (Art. 167 of the Criminal Code)
Communication with children and individuals younger than 15 years of age with sexual and erotic content, including the use of images, videos, text or audio and the usurpation and use of a false identity to establish communications with children with sexual and erotic content and when the perpetrator arranges a physical encounter with a minor (Art. 167 bis of the Criminal Code)
Definition of child pornography, production, use and manufacture of pornographic material including images and voice using children and minors (Art. 173 of the Criminal Code)
Possession of child pornography material. As a result of the enactment of Law No. 9177 of 1 November 2013, the sanction for the possession of child pornography could result in imprisonment of up to four years, which makes it now a major crime where other international conventions may also be applicable (Art. 173 bis of the Criminal Code)
Exhibition, disclosure, distribution and commercialization of child pornography material (Art. 174 of the Criminal Code)
Interception and breach of private correspondence and intervention of private communications without authorization (Art. 196 of the Criminal Code)
Illicit access, copy, modification, sell, buy of personal data to damage the private sphere or privacy of an individual and the non-authorized processing of data and images of an individual or entity contained in computer and information systems and servers, including information contained in pubic databases or when the information pertains to a minor or when the conduct reveals sensitive data of an individual (Art. 196 bis of the Criminal Code)
Financial extortion and major threats to individuals committed through the use of electronic means and information systems (Art. 214 of the Criminal Code)
Computer and information fraud with the purpose to obtain a profit or an unduly benefit against public information systems, information systems pertaining to banks and financial entities or when the offender is an employee in charge of providing support and management to information systems or when as result of his duties he has access to computer systems and data contained in electronic means (Art. 217 bis of the Criminal Code)
Modification and damage of information and data contained in computer systems without authorization and information contained in electronic, optical and magnetic means (Art. 229 bis of the Criminal Code)
Modification, destruction or impeding the use of information contained in databases or modifying without authorization the functioning of an information system including its physical and logical components (Art. 229 ter of the Criminal Code)
Usurpation of the identity of an individual or a legal entity or commercial brand through Internet, social networks or through electronic and technology means (Art. 230 of the Criminal Code)
Installation and dissemination of software programs and malicious code in computer, information systems and servers. The sanctions contained in this article vary in function of the entities affected (Art. 232 of the Criminal Code)
Phishing and usurpation of Internet websites and the obtaining of confidential information of individuals and legal entities for self-profit of for the profit of third parties (Art. 233 of the Criminal Code)
Facilitation and procurement of devises and means to commit a crime through the use of a network, information systems or server (Art. 234 of the Criminal Code)
Drug trafficking and organized crime through the use of a system, information or telecommunications network or server (Art. 235 of the Criminal Code)
Disclosure and broadcasting of information or false statements that may distortion or cause damage to the security and stability of the financial systems or to users (Art. 236 of the Criminal Code)
Disclosure of State secrets pertaining to national security, the defense of national sovereignty and foreign affairs of Costa Rica. The penalties and sanctions aggravate when the conducts are committed through the use of information and communication technologies (Art. 293 of the Criminal Code)
Espionage and the obtaining of secrets pertaining to national security, the defense of national sovereignty and foreign affairs of Costa Rica thought the use of informatics programs, malicious codes or the use of information communication technologies. The penalties and sanctions aggravate when the conducts are committed through the use of information and communication technologies (Art. 295 of the Criminal Code)
There are other laws that punish conducts and activities committed through the use of computer and information systems. Among these crimes are:
Illicit access to information systems and data bases without authorization pertaining to the Fiscal and Tax Administration (Art. 94 of the Code of Norms and Tax Procedures)
Hijacking, copy, modification, damage, destruction, transfer or possession of computer programs to administer tax information and data bases pertaining to the Tax Administration (Art. 95 of the Code of Norms and Tax Procedures)
Illicit access, copy, modification, and damage to computer programs, systems and databases pertaining and used by the National Customs Service (Arts. 221 and 222 of the General Law of Customs)
Illicit access, copy, modification, and damage or destruction of computer programs, systems and databases pertaining to the financial administration, including the facilitation of access credentials to third parties in order to access systems and databases either for self-benefit or for the benefit of third parties (Art. 111 of the Law of Financial Administration and Public Budget)
Law 8934 on the Protection of Children and Teenagers from Harmful Content on Internet and other Electronic Means sets forth obligations for private owners and managers of the administration of public access places with computers connected to Internet, which mandates the installation of programs and filters including web browsers and communication services through computer systems including email and file exchange programs or special programs to block access to websites and communications with harmful content directed to children and teenagers.
The Law against Organized Crime (Law No. 8754) was enacted on July 22, 2009 and it governs judicial and procedural investigations in matters of national and international organized crime. The law establishes rules for the intervention of private communications and sets forth the obligation of public and private entities to cooperate with the Judicial Centre for the Intervention of Communications and judicial authorities conducting criminal investigations. Failing to do so could result in the cancellation or revocation of their respective concession title or licence pursuant to the General Telecommunications Law (Law No. 8642 of 4 June 2008) (Arts. 14, 15, 16, 17 of the Law No. 8754 Against Organized Crime)
Power of national tribunals to authorize the registry, seizure or the analysis of any private document including e-mail communications when it may be deemed necessary in order to clarify criminal matters under their jurisdiction (Art. 1 of Law No. 7425 of 1994)
Intervention of private communications including the use of electronic means for purposes of the investigation of major crimes (Chapter II Arts. 9 to 20 of Ley No. 7425 of 1994; and Arts. 15 and 16 of the Law No. 8754 Against Organized Crime)Obligation of internet service providers and telecommunications companies to facilitate cooperation with judicial authorities for the intervention of private communications through the Judicial Centre of Intervention of Communications and to enforce the measures ordered by competent judges (Art. 20 of Ley No. 7425 of 1994 and Arts. 14 and 17 of the Law No. 8754 Against Organized Crime)
The protection of human rights and safeguards are the following:
- The right to a fair trial, due process and defense in national criminal tribunals (Arts 1, 4 and 13 of the Criminal Procedural Code)
- The respect of fundamental rights contained in the Constitution by the Judicial Police (Art. 286 h) of the Criminal Procedural Code)
- The respect for private sphere, liberty and secrecy of communications (Art 24 of the Political Constitution of the Republic of Costa Rica)
- The rights of the victims during criminal proceedings (Arts. 7 and 71 of the Criminal Procedural Code)
- The rights of the accused party (Arts. 36 and 37 of the Political Constitution of the Republic of Costa Rica)
- Inviolability of private communications (Art. 24 of the Political Constitution of the Republic of Costa Rica)
Related laws and regulations
The following laws, regulations and decrees contain relevant provisions on computer and Internet related crime as explained in the sections of substantive and procedural law:
- Criminal Code (Law. No.4573)
- Criminal Procedural Code (Law No. 7594)
- Law No. 7425 of 9 August 1994 on the Registry and Securing of Private Documents and Intervention of Communications
- Law No. 8754 of 22 July 2009 Against Organized Crime
- Law 8934 on Protection of Children and Teenagers from Harmful Content on Internet and other Electronic Means
- Obligation of Internet Cafes to Comply with Law 8934 on Protection of Children and Teenagers from Harmful Content on Internet and other Electronic Means
- Organic Law for the Judicial Investigation Organization
- Organic Law for the Public Prosecutor
- Organic Law of the Judicial Power
- Code of Norms and Tax Procedures (Law 4755 of May 3, 1971 updated to 1 January 2014)
- General Law of Customs
- Law of Financial Administration and Public Budget (Law No. 8131 of 16 October 2001)
- Executive Decree Nº 37052-MICIT of March 9, 2012 that creates the national C-SIRT of Costa Rica
- Law on Certificates, Digital Signatures and Electronic Documents
- Regulation of the Law on Certificates, Digital Signatures and Electronic Documents
- Law No. 8968 of July 7, 2011 on the Protection of the Individual from the Processing of Personal Data
- Executive Decree No. 37554-JP of October 30, 2012. Regulation of Law No. 8968 on the Protection of the Individual from the Processing of Personal Data
The Judicial Investigation Organism of Costa Rica has a Division on Cybercrime Investigations, which along with the corresponding Offices of Public Prosecutors pertaining to the Ministerio Publico are the main authorities in charge of the investigation of crimes, including crimes committed through the use of computer systems and Internet.
The Computer Security and Incident Response Team (CSIRT-CR) of the Ministry of Science, Technology and Telecommunications, which was officially created in March 2012 is the official government entity that facilitates and coordinates matters on information security and cybercrime among government entities and financial institutions pertaining to the State. The CSIRT-CR is composed of the heads of the main national Ministries and is the entity in charge of facilitating support and cooperation with administrative and judicial authorities for the investigation and prosecution on cybercrime and the coordination of activities and tasks within the Inter-American Committee Against Terrorism (CICTE) of the Organization of the American States and Interpol.
Competent authorities and channels
The Criminal Procedural Code (Law No. 7594) contains provisions on international cooperation with investigative authorities and public prosecutors of other countries and to facilitate and conduct investigations with foreign institutions and entities, which will shall be previously approved and supervised by the Office of the Attorney General (Art. 65); provisions on rogatory commissions and procedures with foreign authorities (Art. 154); and the limits, attributions and powers of public prosecutors and judges (Art. 277).
Costa Rica is part of the Inter-American Convention on Extradition, of the Centro-American Agreement on Extradition of 1924, and of the Extradition Treaty of 1903, which mutually acknowledge and facilitate extradition of criminal perpetrators with the great majority of countries of Latin America.
Costa Rica has a Law on Extradition (Law No. 4795) of 16 July, 1971 that allows the extradition of individuals located in national territory when there is a lack of a convention or bilateral extradition agreement with another country.
Additionally, Costa Rica has entered and ratified extradition treaties and conventions on judicial and international cooperation in criminal matters with Belgium, Chile, China, Colombia, Italy, Mexico, Nicaragua, Panama, Paraguay, Peru, Spain, Taiwan and the United States.
The official list of extradition conventions and bilateral agreements that Costa Rica has entered is available at: http://www.pgrweb.go.cr/scij (Word key: Extradicion)
The competent authority to investigate crimes in Costa Rica is the Ministerio Público (Pubic Prosecutor) with the support of the Judicial Police. The attributions and obligations of the Ministerio Público are contained in Articles 62 to 66 of the Criminal Procedural Code and its respective Organic Law. The attributions and obligations of the Judicial Police, -which works under the direction and control of the Ministerio Publico- are contained in Articles 67-69 of the Criminal Procedural Code.
The extradition of perpetrators is conducted through the rules of the Montevideo Convention on Extradition, and the respective extradition treaty with the country where the offender is being prosecuted. The official authorities and channels for international extradition are the Office of the Attorney General (Procuraduría General de la República) and the Ministry of Foreign Affairs (Ministerio de Relaciones Exteriores de la República de Costa Rica).
The Supreme Court of Justice has issued findings and jurisprudence regarding child pornography and intervention of private communications. The case law can be consulted directly in the website of the Judicial Power of Costa Rica at: http://www.poder-judicial.go.cr/scij .
These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe.
- Cybercrime website
- Template: Mutual Legal Assistance Request for subscriber information (Art. 31 Budapest Convention). Available in Albanian, Bosnian,
Serbian and Turkish
- Template: Data Preservation Request (Articles 29 and 30 Budapest Convention). Available in Albanian, Bosnian,
Serbian and Turkish