Retour Ecuador

Statut concernant la Convention de Budapest

Statut concernant la Convention de Budapest

Statut : N/A Voir le profil légal

Politiques / stratégies en matière de cybercriminalité

The government of Ecuador has adopted the National Plan for Electronic Governance 2018 – 2021. This document provides an assessment of Ecuador’s current situation and a comprehensive plan for setting up e-government services. As of June 2022, a National Cybersecurity Strategy was being prepared by the Ecuadorian Government.

Législation sur la cybercriminalité

État de la législation sur la cybercriminalité

Ecuador has been transitioning its criminal law system from a civil to a common law model in 2001 (American Bar Association).

 

Legislation addressing cybercrime has been enacted through the updated Código Orgánico Integral Penal (amended by the Ley Organica Reformatoria al Código Orgánico Integral Penal, 2019 and by Ley orgánica reformatoria del código orgánico integral penal para prevenir y combatir la violencia sexual digital y fortalecer la lucha contra los delitos informáticos, 2021)). This includes penal substantive rules, procedural and penitentiary rules.

 

The draft Law on cybersecurity was introduced by the National Assembly of the Republic of Ecuador on 19 October 2021. The draft Law on Digital Security, Cybersecurity, Cyberdefence and Cyberintelligence creates a cybersecurity subsystem, which will be made up of the Ministries of Government and Telecommunications, as well as the National Police.

Droit matériel

The Código Orgánico Integral Penal (COIP) contains substantive provisions on: illegal access (Art. 234); illegal interception (Art. 230); data interference (Art. 232); system interference (Art. 232); misuse of devices (Art. 230 computer related forgery (Art. 234.1); computer-related fraud (Art. 231); online child sexual exploitation/ child pornography (Art. 103, 104, 173, 174); attempt and aiding or abetting (Art. 39, 41-43); and corporate liability (Art. 49).

 

The Ley de Propiedad Intelectual (1998) also covers infringements of copyright and related rights (e.g. Art. 8, 24, 28-32, 217, 292, 296), as does the Constitution of Ecuador in Art. 92 (data protection).

Droit procédural

The Código Orgánico Integral Penal (COIP) includes some relevant provisions can be found with respect to the real-time collection of traffic data / interception of content data (Art. 476); recognition of recordings (477); search and seizure of stored computer data (Art. 480-482); rules on the treatment of digital content (Art. 500) and jurisdiction (Art. 398, 400, 401), and the principle of evidentiary freedom (Art. 454.4).

 

Regarding the interception of content data Código Orgánico Integral Penal establishes:

Article 476.- Interception of communications or computer data

 

On the issue of the treatment of digital content the Código Orgánico Integral Penal, refer:   Article 500.- Digital content.-

 

On the issue of jurisdiction, the Código De Procedimiento Penal (2001) also offers a few provisions, for example in Título I – La Jurisdiccion y la competencia, Capítulo 1: La Jurisdiccion (e.g. Art. 18 – on the scope of criminal jurisdiction). The Criminal Procedure Code also has some relevant provisions on the processing of documentary evidence from various media (including social media), the validity of electronic evidence along with its protection and authorization of interception, and the responsibility of networks hosting them, and the protection of human rights.

Garanties

Constitution of the Republic of Ecuador provides a number of relevant provisions through the following articles: Art. 66 (list of freedoms), Art. 75 (right to justice), Art. 76 (right to due process), Art. 77 (defendant’s rights), Art. 87 (protection of rights), Art. 89 and 90 (habeas corpus and prisoner treatment), and Art. 94 (special proceedings for a violation of the rights guaranteed by the Constitution).

 

The Código Orgánico Integral Penal (COIP) provides a range of safeguards through its principles on evidence gathering and preservation in Articles 454 – 457 (Title IV – Evidence, Ch. 1 – General provisions), as well as in Art. 476 on interception of communication and computer data, where terms of data preservation and oversight are set, its violation could be a crime.

 

The Código De Procedimiento Penal (2001) lists the rights of the defendant (right to a defense attorney and presence of attorney for interaction with the prosecutor; prohibition of defendant’s incommunicado), in addition to those present in the Constitution, in Title 3 - The Procedural  subjects, Ch. 3 (Libro Primero Principios Fundamentales, Título III Los Sujetos Procesales, Capítulo III El Procesado).

 

Lastly, a recent draft law on the protection of media audiences (Proyecto de Ley Orgánica para la Protección de Audiencias de los Medios de Comunicación, 2020) reiterates the importance of protecting the rights of freedom of expression, access to information, the respect of human rights and non-discrimination in mass media.

Lois et règlements connexes

 

Intellectual property legislation and related data protection is covered in a range of existing/draft laws and international agreements to which Ecuador has become a party. Among its national legislation, those with direct relevance are:

Ecuador renewed in 2018 the Servicio Nacional de Derechos Intelectuales (National Service of Intellectual Rights), which is the technical authority that has the power to regulate, manage and control intellectual rights.   Its key roles are to: (1) protect and defend intellectual rights; (2) organize and manage the information on the records of all kinds of intellectual property rights, in coordination with the Sistema Nacional de Información de Ciencia, Tecnología, Innovación y Saberes Ancestrales (National Information System of Science, Technology, Innovation and Ancestral Knowledge).

Ecuador is a member of the WTO since 1996 (Uruguay TRIPS Agreement was passed in 1994) and is party to the following intellectual property treaties (among other WIPO treaties):

Institutions spécialisées

  •  
  • Unidad De Investigación De Delitos Tecnológicos: This department is part of the Judicial Police is divided in seven sections: (1) Electronic Fraud; (2) Intellectual Property; (3) ICT Networks; (4) Child Pornography; (5) Digital Content Analysis; (6) Surveillance & Web Tracking; (7) Cyber Security Emergency Response. The unit’s main objectives are: (a) implement digital investigations; (b) alert the Prosecutor Office about the commission of an ICT-based alleged crime; (c) identify new criminal modalities in the digital field; (d) promote international police cooperation through the development of investigative strategies aimed at combating the criminal phenomenon in cyberspace.

  •  

  • EcuCERT (set up in 2014): This office is part of the Agencia de Regulacion y Control de las Telecomunicaciones / ARCOTEL (Telecommunications Regulation and Control Agency) acting within the scope of application of the Organic Telecommunications Law/ Ley Orgánica de Telecomunicaciones. It is tasked with protecting the security of country’s telecommunications networks and of the Internet network. To accomplish its mandate it also cooperates with other CSIRT teams inside and outside Ecuador. Its target community is: ARCOTEL, telecommunication service providers, public and private sector institutions that request their services.

Coopération internationale

Autorités compétentes et canaux

Legal Framework

Código Orgánico Integral Penal (COIP):

  • Article 497 on mutual legal assistance;
  • Article 483 on covert operations;
  • Article 488 on request for the delivery of evidence located in a foreign country;
  • Article 496 on joint investigations on transnational organized crime.

Among the main multilateral instruments for mutual legal assistance (MLA) to which Ecuador adheres to we find:

Competent authorities and channels

  • Fiscalia General del Estado: is the Central Authority for international mutual legal assistance through its Dirección de Cooperación y Asuntos Internacionales by submitting a request for International Criminal Assistance form (Asistencia Penal Internacional). Its actions are mainly based on international instruments of a multilateral nature. These have been the basis for signing bilateral and inter-institutional agreements, with the aim of improving the process of information exchange and response time to requests for international legal assistance. Contact information can be found here;

 

 

The Court itself is part of the following judicial cooperation networks: (a) Red Iberoamericana de Cooperación Jurídica Internacional (Iberoamerican Network for International Legal Cooperation); and (b) Organización de los Estados Americanos (OAS);

 

 

The MLA process is briefly summarized here.

Jurisprudence / droit jurisprudent

The following are cases that reached the highest ordinary court of justice in Ecuador – Corte Nacional de Justicia / the National Court of Justice (NCJ). Full case details can be found here, searching by case number:

Online Child Exploitation: Case on COIP Art. 173 Contacto con finalidad sexual con menores de dieciocho años por medios electrónicos

  • Case 26850 (judgement 17721-2016-0592): a 15 years old girl was caught by her mother on 11 February 2015 receiving love/sexual messages requesting physical interaction on WhatsApp since December 2014 from the defendant Jean Damien Paúl Toulouse. The court of 1st instance found the defendant guilty under Art. 173 of COIP and sentenced him to four years in prison and a fine. The defendant appealed, but the court of 2nd instance (Provincial Court of Justice of Pichincha) upheld the ruling of the lower court on 22 March 2016. The defendant further appealed to the National Court of Justice arguing that the law (in this case the COIP) cannot be applied retroactively – i.e. messages were sent in 2011 when the victim was 12 years old, and requested the cassation of the previous rulings of guilt. The prosecution pointed out that while the online relationship indeed started when the victim was 12 years old (i.e. in 2011), it was discovered and was still happening after the COIP went in force (Aug. 2014). Therefore, the issues at hand were: nullum crimen sine lege and continued crime. The NCJ upheld the lower courts’ decisions arguing that the defendant did not demonstrate that the previous rulings constitute a violation of the law.

Computer-Related Fraud: cases on COIP Art. 190 - Apropiación fraudulenta por medios electrónicos

  • Case 38623 (judgement 0634-2015): in August 2010, Mr. Juan Gabriel Carranco Romo used a stolen debit card to withdraw USD600 from an ATM. In November 2014, Mr. Romo was found guilty of illegal appropriation based on Articles 553.1 and 552.2 of the Penal Code (i.e. the precursor to the 2014 COIP), and sentenced to the maximum penalty of 5 years prison sentence, a penalty fine of USD1,000, and a fine for damages of USD3,000. Both the accused and the victim appealed the decision of the lower court. The Provincial Court of Justice dismissed the defendant’s appeal, but accepted that of the victim’s and increased the fine for damages to USD9,000. Both the accused and the victim appealed to the NCJ. The defendant’s appeal argued that the wrong articles and code (Art. 553.1 and 552.2 of the Penal Code) instead of Article 190 of COIP (fraudulent appropriation by electronic means) were applied to charge and sentence the defendant. The victim countered by arguing the defendant had been charged with the correct crime based on the legislation in force at the time of the commission of the crime (i.e. the Penal Code; the COIP came in force in February 2014). The National Court of Justice dismissed the victim’s appeal for want of legal grounds, but accepted the accused’s appeal and agreed that Article 190 of COIP applied. Thus, the defendant’s sentence was commuted to one year in prison as per Article 190 of COIP.
  • Case 27081 (judgement 17721-2016-0586): the defendant, Mr. Morales, worked for a company in charge of maintaining ATMs for various banking institutions, including Banco del Pichincha from 2007-2013. From 13-15 Oct. 2012 users of this bank reported that money had been stolen from their accounts via ATM transactions. A computer expert testified that the ATMs were compromised in multiple ways through the connection of external hard-drives (e.g. changes to/disabling of the antivirus software; the introduction of software that recorded inputs into the system – e.g. passwords, email addresses) allowing for remote access with cloned ATM cards. The prosecution also established through records and eye-witness testimonies that the only person that performed maintenance on the two ATMs for which damages were decided by the court had been the defendant.

The decision of the court of first instance (5 Oct. 2015) which exonerated the defendant, was reversed on appeal by the Provincial Court of Justice (17 Feb. 2016), who found him guilty under the first unnumbered Article 553 - apropiación ilícita/ unlawful appropriation of the Penal Code (pre-COIP), and sentenced him to 6 months in prison, USD1,000 fine and compensatory damages of USD20,196. The defendant challenged the prosecutorial appeal to the Provincial Court (court of 2nd instance) by arguing, among other issues, that it missed to provide an assessment whether the acts addressed by Art. 553 of the Penal Code were still criminalized in the COIP (which was in force at the time), as the first transitory provisions of the latter require. It also challenged that the defendant could have done the facts alleged by the prosecution, as it was proved that he only did maintenance to two ATMs out of the eighteen that were reported to have been illegally accessed.

National Court of Justice denied the appeal of the defendant on both grounds, pointing out, among other arguments, that the acts of the first unnumbered Art. 553 of the Penal Code have been fully captured by Art. 190 of the COIP and the prosecution had demonstrated the defendant is the party responsible for the acts leading to the illegal ATM access and subsequent client and bank financial loses.

Sources et liens

Imprimer Ecuador
Outils sur la cybercriminalité et les Preuves Electroniques, Vous donner les Moyens d'Agir.png

These profiles do not necessarily reflect official positions of the States covered or of the Council of Europe. 

  Connaissez-vous les dernières évolutions législatives ou politiques en matière de cybercriminalité et de preuves électroniques ?

  Partagez ces informations avec nous pour nous aider à maintenir cette plateforme à jour.

  • Site internet Cybercriminalité
  • Modèle : Demande d'information sur le souscripteur dans le cadre de l'entraide judiciaire (Article 31 de la Convention de Budapest). Versions anglaises et bilingues disponibles.
  • Modèle : Demande de Préservation des Données (Articles 29 et 30 de la Convention de Budapest). Versions anglaises et bilingues disponibles.