Status regarding Budapest ConventionStatus : Party Ratified : 09/05/2017 See legal profile
There are no current policies specific to cybercrime and cybersecurity. On a wider scale, related issues can be found in other policies, namely: the Kingdom of Tonga National Information and Communications Technology (ICT) Policy, the Freedom of Information Policy, and the Tonga Broadband Investment Policy.
Under the ICT Policy, the Cyber Challenges Task Force (CCTF) was created on 13 December 2013, to provide a coordinated approach to technology issues in Tonga. It is a partnership between Government, Non-Government Organisations (NGO’s), Private Sector and Development Partners.
The Task Force’s terms of reference included establishing a national CERT to protect the government, private businesses, and the public.
On 1 July 2016 Tonga CERT commenced operations. Known as CERT.to, it is attached to the Information and ICT department of the Ministry of Meteorology, Energy, Information, Disaster Management, Climate Change and Communications.
State of cybercrime legislation
Principally, the main legislation in Tonga that specifically deals with cybercrime is the Computer Crimes Act 2003. This Act is based on the Commonwealth Model Law on combating cybercrime and consists of three parts, dealing with Preliminary matters, Offences and Procedural Powers. The Act has two main objectives:
- Combat computer crime, and
- Provide for collection and use of electronic evidence.
The Tongan cybercrime landscape includes an array of current laws including:
- The Computer Crimes Act 2003 (to be replaced by the Computer Crimes Bill 2016);
- Communications Act 2015;
- Communications Commission Act 2015;
- Provisions in the Evidence Act dealing with electronic records and with the amendment of the definition of theft to include intangible properties;
- Provisions in the Criminal Offences Act dealing with fraud, forgery and child abuse;
- Pornography Control Act 2002;
- Defamation Act 1988;
- Copyright Act 2002, and
- Tongan Internet Corporation Registration Act 2000.
Section 13 of the Computer Crimes Act currently allows a police officer to order a person in control of a computer system to preserve data where the officer is satisfied that the data is reasonably required for the purpose of a criminal investigation and that there is a risk that the data might be destroyed or rendered inaccessible. These orders can require the data to be preserved for a period of up to 7 days, which may upon application to a magistrate be extended by not more than 14 days. This limited time frame has the potential to hinder future investigations.
A critical investigative technique is having the ability for Police to install a remote forensic tool on a computer, computer system or computer data storage medium owned, operated or possessed by the suspect of the offence or by a communications licensee that provides communications services to the suspect.
There is an apparent absence of powers to seek partial disclosure of traffic data, subscriber information under specific legal mandate.
Related laws and regulations
Tonga does not currently have in place legislation specifically dealing with electronic transactions. However, Tonga’s Evidence Act was amended in 2003 to deal with the related issue of the admissibility of electronic records in evidence.
Under Tonga’s current Copyright Act, it is not clear that acts done in respect of less than the whole of a work or other subject matter can constitute infringement. For example, it is not clear that making a copy of 80% of a book constitutes an infringement of copyright in the book. It is also not entirely clear which acts may give rise to copyright infringement and what constitutes authorisation of an infringing act.
Tonga does not currently have in place legislation dealing with privacy or data protection either at a general or telco-specific level.
The Communications Act 2015 is the primary legislation regulating telecommunications and ICT services in Tonga.
There are no laws to protect children from online sexual violence however the Criminal Offences Act [Cap 18] inserted section 115A on child pornography in 2003 which makes it an offence to publish, produce or possess child pornography. The Pornography Control Act 2002, similar to section 115A of the Criminal Offences Act, the pornographic material which this Act is intended to prohibit includes material that is displayed in print, audio, visual electronic or other similar medium.
The Computer Crimes Act 2003 sets out Royal Tonga Police as the lead law enforcement authority with procedural powers that may be used to investigate, detect and prosecute computer crimes. The Royal Tonga Police established the Transnational Crime Unit (TCU) in 2003 that became the Serious Organized Transnational Crime Unit (SOTCU) in 2010. It is currently responsible for transnational crimes including cybercrimes.
The Royal Tonga Police currently has no digital forensics capability and sometimes calls upon the resources of the Australian Federal Police or the New Zealand Police to assist in investigations.
The Attorney General’s Office (AG), which handles prosecutions does not have a specialised unit for cybercrime or electronic evidence cases. The role of the prosecutor includes advising the police during investigations to ensure that correct procedures are followed and that investigative activity complies with legislation.
There are only currently two judges that sit on the bench in the Supreme Court of Tonga. They are not specialised in the area of cybercrime however they have tried a number cases involving electronic evidence.
The Financial Intelligence Unit at the Central Bank receives information from the Asia Pacific Money Laundering Group and they deal with the Suspicious Transaction reports, which they hand to the police (SOTCU) for investigations.
Section 8 of the Mutual Assistance in Criminal Matters Act 2000 (Mutual Assistance Act) allows authorised officers to apply for search warrants or evidence-gathering orders in relation to requests for assistance approved by the Attorney-General. However, it is not entirely clear that this application process extends to interception warrants or to preservation orders. Section 7 of the Mutual Assistance Act specifies the information that a foreign state must provide in a request for mutual assistance. However, the requirement to provide all of this information may be too onerous where there is an urgent need to preserve data.
Tonga is a member of the International Criminal Police Organisation, INTERPOL. Their membership is on a restricted basis due to Tonga not having paid the statutory membership dues for several years for a variety of reasons. The Royal Tonga Police have also signed a Memorandum of Agreement with the AUSTRAC and the Australian Federal Police for sharing information.
National Central Bureau (NCB) Nuku’alofa has not been connected to I24/7 since July 2014 due to technical difficulties.
Tonga has the Mutual Legal Assistance Act and the Money Laundering and Proceeds of Crime Act to provide for international legal assistance. Tonga is currently looking at reviewing these legislation as a member of the Commonwealth under the Revised Harare Scheme on mutual legal assistance.
Competent authorities and channels
The Attorney General’s Office, through the Solicitor General and the Director for Public Prosecutions provide legal support to Royal Tonga Police where required for international police cooperation, especially with regards to mutual legal assistance and extradition matters.
There are provisions within the Mutual Assistance in Criminal Matters Act 2000 for the Attorney-General to:
- Provide a foreign State with information that the Attorney General reasonably believes could assist in, or lead to the commencement of, a criminal investigation or criminal proceedings in relation to a serious offence.
- Grant a request from a foreign State to preserve stored computer data.