the cybercrime bill, 2015the cybercrime bill, 2015 explanatory note (these notes form no part of the...

Fifth Session Tenth Parliament Republic ofTrinidad and Tobago

HOUSE OF REPRESENTATIVES

BILLAN ACT to provide for the creation of offences related

to cybercrime and related matters

PRINTED BY THE GOVERNMENT PRINTER, CARONIREPUBLIC OF TRINIDAD AND TOBAGO—2015

Legal Supplement Part C to the “Trinidad and Tobago Gazette’’, Vol. 54,No. 51, 14th May, 2015

No. 7 of 2015

THE CYBERCRIME BILL, 2015

Explanatory Note

(These notes form no part of the Bill but are intended only to indicate its general purport)

The purpose of the Cybercrime Bill, 2015 is to provide for thecreation of offences related to cybercrime and for other relatedmatters in Trinidad and Tobago. The Bill would be inconsistentwith sections 4 and 5 of the Constitution and is therefore requiredto be passed by a special majority of three-fifths of the members ofeach House.

Part I of the Bill would provide for certain preliminary matters.

Clause 1 provides for the short title.

Clause 2 would provide for the Act to come into operation onProclamation by the President.

Clause 3 provides that the Act shall have effect thoughinconsistent with the Constitution.

Clause 4 would define certain terms used in the Bill.

Part II of the Bill would create certain offences related tocybercrime.

Clause 5 seeks to create the offence of illegally accessing acomputer system. This offence would carry a fine of one million dollars and three years’ imprisonment on summary conviction or afine of two million dollars and five years’ imprisonment on conviction on indictment.

Clause 6 seeks to create the offence of illegally remaining in acomputer system which would carry a fine of one million dollarsand three years’ imprisonment on summary conviction or a fine oftwo million dollars and five years’ imprisonment on conviction onindictment.

Clause 7 seeks to create the offence of illegally interceptingnon-public transmission or electromagnetic emissions, to or from acomputer system. This offence would carry a fine of one million dollars and imprisonment for three years on summary conviction ora fine of two million dollars and five years’ imprisonment on conviction on indictment.

2

Clause 8 seeks to create the offence of illegally interfering withcomputer data and would include damaging or deleting computerdata. This offence would carry a fine of one million dollars andthree years’ imprisonment on summary conviction or a fine of twomillion dollars and five years’ imprisonment on conviction onindictment.

Clause 9 seeks to create the offence of illegally acquiringcomputer data whether for personal use or for use by anotherperson. This offence would carry a fine of one million dollars andthree years’ imprisonment on summary conviction or a fine of twomillion dollars and five years’ imprisonment on conviction onindictment.

Clause 10 seeks to create the offence of illegally interferingwith a computer system or a person who is using or operating acomputer system. This offence would carry a fine of one million dollars and three years’ imprisonment on summary conviction or afine of two million dollars and five years’ imprisonment on conviction on indictment.

Clause 11 seeks to impose greater penalties on persons whocommits an offence under Part II and which affects criticalinfrastructure. This clause would define “critical infrastructure” asany computer system, device, network, computer program orcomputer data so vital to the State that the incapacity ordestruction of, or interference with, such system, device, network,program or data would have a debilitating impact on the security,defence or international relations of the State or the provision ofservices directly related to national or economic security, bankingand financial services, public utilities, the energy sector,communications infrastructure, public transportation, publichealth and safety, or public key infrastructure. An offence underthis clause would carry a penalty of five million dollars and fifteen years’ imprisonment on conviction on indictment.

Clause 12 seeks to create the offence of illegally producing,selling, procuring, importing, exporting, distributing or otherwisemaking available a computer device or programme for the purposeof committing an offence under the Act. This offence would carry afine of one million dollars and three years’ imprisonment on summary conviction or a fine of two million dollars and five years’imprisonment on conviction on indictment.

Clause 13 seeks to create the offence of the unauthorizedreceipt or grant of access to computer data stored in a computersystem and would carry a fine of one million dollars and threeyears’ imprisonment on summary conviction or a fine of two milliondollars and five years’ imprisonment on conviction on indictment.

ii

Clause 14 seeks to create the offence of computer-related forgery. This would make it unlawful to input, alter, delete or suppress computer data which would result in inauthentic data andwould carry a fine of one million dollars and three years’ imprisonment on summary conviction or a fine of two million dollars and five years’ imprisonment on conviction on indictment.

Clause 15 seeks to create the offence of computer-related fraudand would carry a fine of one million dollars and three years’imprisonment on summary conviction or a fine of two milliondollars and five years’ imprisonment on conviction on indictment.

Clause 16 seeks to create the offence of identity theft throughthe use of a computer system which would carry a fine of one million dollars and three years imprisonment on summary conviction or a fine of two million dollars and five years’ imprisonment on conviction on indictment.

Clause 17 seeks to create the offence of luring, which is the useof a computer system to set up a meeting with a child for the purpose of abusing the child. This offence would carry a fine of onemillion dollars and three years’ imprisonment on summary conviction or a fine of two million dollars and five years’ imprisonment on conviction on indictment.

Clause 18 seeks to create the offence of violating a person’sprivacy by capturing and sharing pictures or videos of a person’sprivate area without his consent. This offence would carry a fine ofone million dollars and three years’ imprisonment on summary conviction or a fine of two million dollars and five years’ imprisonment on conviction on indictment.

Clause 19 seeks to criminalise the act of sending multipleelectronic mail messages that are unsolicited and which causesharm to a person or damage to a computer. This offence would carrya fine of one million dollars and three years imprisonment on summary conviction or a fine of two million dollars and five years’imprisonment on conviction on indictment.

Clause 20 seeks to create the offence of harassment throughthe use of electronic means with the intent to cause emotionaldistress. This offence would carry a fine of one million dollars andthree years’ imprisonment on summary conviction or a fine of twomillion dollars and five years’ imprisonment on conviction onindictment.

iii

Part III of the Bill provides for certain enforcement provisions.

Clause 21 would provide for the jurisdiction of the Courts ofTrinidad and Tobago as it would relate to its territorial limitsunder the Act.

Clause 22 would impose liabilities for offences committed by abody corporate or any person purporting to act in such capacity.

Clause 23 would empower the Court to authorize the searchand seizure of apparatus and computer data necessary forestablishing an offence or which has been acquired by a person asa result of the commission of an offence.

Clause 24 would impose liability on a person who hasknowledge about the functioning of a computer system but whofails to render assistance to access computer data that is thesubject of a search warrant.

Clause 25 would empower a Magistrate to order an internetservice provider or any entity with a domain name server to removeor disable computer data that is being stored or transmitted incontravention of the Act.

Clause 26 would empower the Court to make a productionorder relating to computer data that is required for a criminalinvestigation or criminal proceedings.

Clause 27 would empower a Magistrate to order the expeditedpreservation of computer data if he has reasonable grounds tobelieve that the data is susceptible to modifications.

Clause 28 would impose liability on an internet serviceprovider who intentionally and without lawful excuse discloses thedetails of an Order of a Court.

Clause 29 would give authority to a Magistrate, who hasreasonable grounds to believe that data stored in a computersystem is required for a criminal investigation, to order the partialdisclosure of traffic data.

Clause 30 would provide that a Magistrate may authorize apolice officer to utilize remote forensic tools if he reasonablybelieves that evidence cannot be collected without the use of suchtools. The Schedule to the Act would stipulate the offences forwhich these tools may be used.

Clause 31 would empower the Court to order payment of anadditional fine where monetary benefits were gained as a result ofthe commission of an offence under the Act or where loss ordamage was caused as a result.

iv

Clause 32 would empower the Court to order payment ofcompensation for loss or damage suffered as a penalty for offencesunder the Act and the procedure for making an application for suchcompensation.

Clause 33 would provide the procedure for the Court to make aforfeiture order and the treatment of property forfeited as it relatesto any property used for, or in connection with, or obtained asproceeds from the commission of an offence under the Act.

Clause 34 would empower the Court to issue a warrant for thesearch and seizure, and a restraint order to prohibit the disposal of,any property that is to be forfeited under the Act.

Part IV of the Bill seeks to make provisions related to internetservice providers.

Clause 35 would provide that an internet service provider isnot under an obligation to monitor the information which ittransmits or stores on behalf of another person or to actively seekfacts or circumstances which would indicate illegal activity. Thisclause also seeks to prohibit an internet service provider fromrefusing to comply with any order of the Court or other legalrequirement.

Clause 36 would provide that an access provider is notcriminally liable for providing access to, or transmitting information prohibited by, the Act under certain circumstances.

Clause 37 would provide that a hosting provider is notcriminally liable for the storage of information prohibited by theAct under certain circumstances.

Clause 38 would provide that a caching provider is notcriminally liable for storing information prohibited by the Actunder certain circumstances.

Clause 39 would provide that an internet service provider isnot criminally liable for enabling access, via electronic hyperlink, toinformation provided by another person in contravention of the Actunder certain circumstances.

Clause 40 would provide that a search engine provider whocreates an index of internet-related content or makes availableelectronic tools to search for information is not criminally liable ifhe does not initiate the transmission, select the receiver of thetransmission, or select or modify the information contained in thetransmission.

v

Part V of the Bill provides for certain miscellaneous provisions.

Clause 41 would give the Minister the power to makeRegulations for the proper administration of the Act.

Clause 42 would repeal the Computer Misuse Act, Chap. 11:17.

vi

THE CYBERCRIME BILL, 2015

Arrangement of Clauses

PART IPRELIMINARY

Clause1. Short title2. Commencement3. Act inconsistent with Constitution4. Interpretation

PART IICYBERCRIME OFFENCES

5. Illegal access to a computer system6. Illegally remaining in a computer system7. Illegal interception8. Illegal data interference9. Illegal acquisition of data

10. Illegal system interference11. Offences affecting critical infrastructure12. Illegal devices13. Unauthorised receiving or granting of access to computer

data14. Computer-related forgery15. Computer-related fraud16. Identity-related offences17. Luring18. Violation of privacy19. Multiple electronic mail messages20. Harassment utilizing electronic communication

i

PART IIIENFORCEMENT

21. Jurisdiction22. Offence by body corporate23. Search and seizure24. Assistance25. Order for removal or disablement of data26. Production Order27. Expedited preservation28. Disclosure of details of an order29. Disclosure of traffic data30. Remote forensic tools31. Order for payment of additional fine32. Order for payment of compensation33. Forfeiture Order34. Order for seizure and restraint

PART IVINTERNET SERVICE PROVIDERS

35. No monitoring obligation36. Access provider37. Hosting provider38. Caching provider39. Hyperlink provider40. Search engine provider

PART VMISCELLANEOUS

41. Regulations42. Repeal of Chap. 11:17

SCHEDULE

ii

BILLAN ACT to provide for the creation of offences related

to cybercrime and related matters

[ , 2015]

WHEREAS it is enacted by section 13(1) of theConstitution that an Act of Parliament to which thatsection applies may expressly declare that it shall haveeffect even though inconsistent with sections 4 and 5 ofthe Constitution and, if any Act does so declare, it shallhave effect accordingly:

And whereas it is provided in section 13(2) of theConstitution that an Act of Parliament to which that

13

Preamble

section applies is one the Bill for which has been passedby both Houses of Parliament and at the final votethereon in each House has been supported by the votesof not less than three-fifths of all the members of thatHouse:

And Whereas it is necessary and expedient that theprovisions of this Act shall have effect even thoughinconsistent with sections 4 and 5 of the Constitution:

ENACTED by the Parliament of Trinidad and Tobago asfollows:

PART IPRELIMINARY

1. This Act may be c ited as the CybercrimeAct, 2015.

2. This Act comes into operation on such date as isfixed by the President by Proclamation.

3. This Act shall have effect even though inconsistentwith sections 4 and 5 of the Constitution.

4. In this Act—“child” means a person under the age of

eighteen years;“computer data” means any representation of—

(a) facts;(b) concepts;(c) machine-readable code or

instructions; or (d) information, including text, sound,

image or video,that is in a form suitable for processing in acomputer system and is capable of being sent,received or stored, and includes a program that

2

Enactment

Short title

Commencement

Act inconsistent withConstitution

Interpretation

3

can cause a computer system to perform a function;“computer data storage medium” means

anything in which information is capable ofbeing stored, or anything from whichinformation is capable of being retrieved orreproduced, with or without the aid of anyother article or device;

“computer program” or “program” means datawhich represents instructions orstatements that, when executed in acomputer system, can cause the computersystem to perform a function;

“computer system” means a device or group ofinterconnected or related devices whichfollows a program or external instructionto perform automatic processing ofinformation or electronic data;

“data message” has the meaning assigned to itin the Electronic Transactions Act;

“device” includes—(a) a component of a computer system

such as a graphic card or memorychip;

(b) a storage component such as ahard drive, memory card, compactdisc or tape;

(c) input equipment such as akeyboard, mouse, track pad,scanner or digital camera;

(d) output equipment such as aprinter, screen or monitor; or

Act No. 6 of 2011

(e) any other component orequipment used in relation to acomputer system;

“function” in relation to a computer systemincludes logic, control, arithmetic, deletion,storage or retrieval, and communication ortelecommunication to, from or within acomputer;

“hinder” in relation to a computer systemincludes—

(a) disconnecting the electricitysupply to a computer system;

(b) causing electromagneticinterference to a computersystem;

(c) corrupting a computer system; or(d) inputting, transmitting,

damaging, deleting, deteriorating,altering or suppressing computerdata;

“intercept” has the meaning assigned to itin the Interception of CommunicationsAct, 2010;

“internet service provider” includes a personwho provides the services referred toin Part IV;

“Minister” means the minister to whomresponsibility for national security isassigned;

“multiple electronic mail messages” means anunsolicited data message, includingelectronic mail and instant message, that is

4

Act No. 11 of 2010

sent to more than five hundred recipientsat a time;

“remote forensic tools” means investigativesoftware or hardware installed on, orattached to a computer system that is usedto perform a task that includes keystrokelogging or transmission of an internetprotocol address;

“traffic data” means computer data that—(a) relates to a communication by

means of a computer system;(b) is generated by a computer system

that is part of the chain ofcommunication; and

(c) shows the communication’s origin,destination, route, time, date, size,duration or the type of underly-ing services,

and references to traffic data being attached toa communication include references to the dataand the communication being logically associated with each other.

PART IICYBERCRIME OFFENCES

5. A person who, intentionally and without lawfulexcuse or justification, accesses a computer system orany part of a computer system, or accesses a computersystem for the purposes of securing access to computerdata, commits an offence and is liable—

(a) on summary conviction to a fine of one million dollars and imprisonment for threeyears; or

5

Illegal access to acomputer system

(b) on conviction on indictment to a fine oftwo million dollars and imprisonment forfive years.

6. A person who, intentionally and without lawfulexcuse or justification, remains logged into a computersystem or part of a computer system or continues to usea computer system commits an offence and is liable—

(a) on summary conviction to a fine ofone million dollars and imprisonment forthree years; or


7. (1) A person who, intentionally and without lawfulexcuse or justification, intercepts—

(a) any subscriber information or traffic dataor any communication to, from or within acomputer system; or

(b) any electromagnetic emission from acomputer system that carries any data,

commits an offence.(2) A person who commits an offence under

subsection (1), is liable—(a) on summary conviction to a fine of

one million dollars and imprisonment forthree years; or


8. (1) A person who, intentionally and without lawfulexcuse or justification—

(a) damages computer data or causescomputer data to deteriorate;

6

Illegally remainingin a computer system

Illegal interception

Illegal data interference

(b) deletes computer data;(c) alters computer data;(d) copies computer data to any computer data

storage device or to a different locationwithin the computer system;

(e) moves computer data to a computerstorage device or a different locationwithin the computer system;

(f) renders computer data meaningless,useless or ineffective;

(g) obstructs, interrupts or interferes with thelawful use of computer data;

(h) obstructs, interrupts or interferes with aperson in his lawful use of computer data;or

(i) denies access to computer data to a personwho is authorised to access it,

commits an offence.(2) A person who commits an offence under

subsection (1), is liable—(a) on summary conviction to a fine of

one million dollars and imprisonment forthree years; or

(b) on conviction on indictment to a fine of two million dollars and imprisonment for five years.

9. A person who, intentionally and without lawfulexcuse or justification, obtains for himself or anotherperson, computer data which is not meant for him or theother person and which is protected againstunauthorised access, commits an offence and is liable—

(a) on summary conviction to a fine of one million dollars and imprisonment forthree years; or

7

Illegal acquisition ofdata

(b) on conviction on indictment to a fine of twomillion dollars and imprisonment for five years.

10. (1) A person who, intentionally and without lawfulexcuse or justification, hinders or interferes with acomputer system commits an offence.

(2) A person who, intentionally and without lawfulexcuse or justification, hinders or interferes with aperson who is lawfully using or operating a computersystem commits an offence.

(3) A person who commits an offence under thissection is liable—


(b) on conviction on indictment to a fine of two million dollars and imprisonment for five years.

11. (1) Notwithstanding the penalties set out insections 5 to 10, where a person commits an offenceunder any of those sections and the offence resultsin hindering, or interference with, a computer systemthat—

(a) is exclusively for the use of criticalinfrastructure; or

(b) affects the use, or impacts the operation, ofcritical infrastructure,

he is liable on conviction on indictment to a fine of five million dollars and imprisonment for fifteen years.

(2) For the purpose of this section, “criticalinfrastructure” means any computer system, device,network, computer program or computer data so vital tothe State that the incapacity or destruction of, or

8

Illegal system interference

Offences affectingcriticalinfrastructure

interference with, such system, device, network,program or data would have a debilitating impact onthe—

(a) security, defence or international relationsof the State; or

(b) provision of services directly related tonational or economic security, banking andfinancial services, public utilities,the energy sector, communicationsinfrastructure, public transportation,public health and safety, or public keyinfrastructure.

12. (1) A person who—(a) produces, sells, procures for use, imports,

exports, distributes or otherwise makesavailable or has in his possession—

(i) a device, or computer program,that is designed or adapted for thepurpose of committing an offenceunder this Act; or

(ii) a computer password, access codeor similar data by which the wholeor any part of a computer system,computer data storage device orcomputer data is capable of beingaccessed,

with the intent that it be used for thepurpose of committing an offence under thisAct; or

(b) intentionally and without lawful excuseor justification discloses a computerpassword, access code or similar data bywhich the whole or any part of a computersystem, computer data storage device orcomputer data can be accessed—

(i) for unlawful gain, whether forhimself or another person;

9

Illegal devices

(ii) for an unlawful purpose; or(iii) knowing that it is likely to cause

damage,commits an offence.

(2) A person who commits an offence undersubsection (1) is liable—



13. (1) A person who is not authorised to receive orhave access to computer data commits an offence if heintentionally and without lawful excuse or justificationreceives or gains access to the computer data fromanother person, whether or not he knows that the otherperson obtained the computer data through authorisedor unauthorised means.

(2) A person who is authorised to receive or haveaccess to computer data commits an offence if heintentionally and without lawful excuse or justificationreceives or gains access to the computer data fromanother person knowing that the other person hasobtained the computer data through unauthorisedmeans.

(3) A person who obtains computer data throughauthorised means and intentionally and without lawfulexcuse or justification, gives the computer data toanother person who he knows is not authorised toreceive or have access to the computer data, commits anoffence.

(4) A person who obtains computer data throughunauthorised means and intentionally and withoutlawful excuse or justification, gives or grants access tothe computer data to another person, whether or not heknows that the other person is authorised to receive orhave access to the computer data, commits an offence.

10

Unauthorised receiving or grantingof access to computerdata



(b) on conviction on indictment to a fine oftwo million dollars and imprisonment for five years.

14. (1) A person who, intentionally and without lawfulexcuse or justification, inputs, alters, deletes orsuppresses computer data, resulting in inauthenticdata, with the intent that it be considered or acted uponas if it were authentic, regardless of whether or not thedata is directly readable and intelligible, commits anoffence and is liable—



(2) A person who commits an offence undersubsection (1) by sending out multiple electronic mailmessages from or through a computer system, is liableon conviction to a fine of one million dollars and imprisonment for three years, in addition to the penaltyset out in subsection (1).

15. (1) A person who, intentionally and without lawfulexcuse or justification—

(a) inputs, alters, deletes or suppressescomputer data; or

(b) interferes with the functioning of acomputer system,

with the intent of procuring an economic benefit forhimself or another person and thereby causes loss of, ordamage to, property, commits an offence.

11

Computer-relatedforgery

Computer-relatedfraud

(2) A person who commits an offence undersubsection (1) is liable—

(a) on summary conviction to a fine of onemillion dollars and imprisonment for threeyears; or

(b) on conviction on indictment to a fine of twomillion dollars and imprisonment for fiveyears.

16. A person who intentionally transfers, possesses oruses a means of identification, other than his own, withthe intent of committing an unlawful act through theuse of a computer system, commits an offence and isliable—



17. A person who uses a computer system to arrange ameeting with a child with the intent of abusing or engaging in sexual activity with a child orproducing child pornography, whether or not he takesany steps to effect such a meeting, commits an offenceand is liable —



18. (1) A person who intentionally and without lawfulexcuse or justification—

(a) captures; or(b) stores in, or publishes or transmits through

a computer system,

12

Identity-relatedoffences

Luring

Violation ofPrivacy

the image of the private area of another person withouthis consent, where the other person has a reasonableexpectation that—

(c) he could disrobe in privacy; or(d) his private area would not be visible to the

public, regardless of whether he is in apublic or private place,

commits an offence.

(2) A person who commits an offence undersubsection (1), is liable—

(a) on summary conviction to a fine ofone million dollars and imprisonment forthree years; and


(3) For the purposes of this section, “private area”means the genitals, pubic area, buttocks or breast.

19. (1) A person who intentionally and without lawfulexcuse or justification—

(a) initiates the transmission of multipleelectronic mail messages from or through acomputer system; or

(b) uses a computer system to relay orretransmit multiple electronic mailmessages with the intent to deceive ormislead a user or internet service provideras to the origin of the message,

and thereby causes harm to a person or damage to acomputer system commits an offence.

(2) A person who intentionally falsifies the headerinformation of an electronic mail message for thepurpose of committing an offence under subsection (1)commits an offence.

13

Multiple electronicmail messages


(a) on summary conviction to a fine of one million dollars and imprisonment forthree years; and


20. (1) A person who uses a computer system to—

(a) coerce, intimidate or harass another personwith intent to cause emotional distress; or

(b) cyberbully, intentionally or recklessly,another person,

commits an offence.

(2) A person who uses a computer system with theintent to extort a benefit from another person by threatening to publish computer data containing personal or private information which can cause publicridicule, contempt, hatred or embarrassment commitsan offence.

(3) A person who commits an offence under thissection is liable —

(a) on summary conviction to a fine of one million dollars and to imprisonment forthree years; and

(b) on conviction on indictment to a fine of two million dollars and imprisonment forfive years.

(4) For the purpose of this section, “cyberbully”means to use a computer system repeatedly or continuously to convey information which causes—

(a) fear, intimidation, humiliation, distress orother harm to another person; or

14

Harassment utilizingelectronic communication

(b) detriment to another person’s health,emotional well-being, self-esteem orreputation.

PART IIIENFORCEMENT

21. (1) A Court in Trinidad and Tobago shall havejurisdiction in respect of an offence under this Act wherethe act constituting the offence is carried out—

(a) wholly or partly in Trinidad and Tobago;(b) by a citizen of Trinidad and Tobago,

whether in Trinidad and Tobago orelsewhere; or

(c) by a person on board a vessel or aircraftregistered in Trinidad and Tobago.

(2) For the purpose of subsection (1)(a), an act iscarried out in Trinidad and Tobago if—

(a) the person is in Trinidad and Tobago at thetime when the act is committed;

(b) a computer system located in Trinidad andTobago or computer data on a computerdata storage device located in Trinidad andTobago is affected by the act; or

(c) the effect of the act, or the damage resultingfrom the act, occurs within Trinidad andTobago.

(3) Subject to subsection (1), a Summary Court hasjurisdiction to hear and determine any offence underthis Act, if—

(a) the accused was within the magisterialdistrict at the time when he committed theoffence;

(b) a computer system, containing anycomputer program or computer data which

15

Jurisdiction

the accused used, was within themagisterial district at the time when hecommitted the offence; or

(c) damage occurred within the magisterialdistrict, whether or not paragraph (a) or (b)applies.

22. Where a body corporate commits an offence underthis Act and the Court is satisfied that a director,manager, secretary or other similar officer of the bodycorporate, or any person who purports to act in suchcapacity—

(a) connived in, or consented to, the commission of the offence; or

(b) failed to exercise due diligence to preventthe commission of the offence,

the director, manager, secretary or other similar officeror person purporting to act in that capacity alsocommits the offence.

23. (1) Where a Magistrate is satisfied on the basis ofinformation on oath by a police officer that there isreasonable ground to believe that there is in a place anapparatus or computer data—

(a) that may be material as evidence in provingan offence under this Act; or

(b) that has been acquired by a person as aresult of an offence under this Act,

he may issue a warrant authorizing a police officer, withsuch assistance as may be necessary, to enter the placeto search for and seize the apparatus or computer data.

(2) If a police officer who is undertaking a searchunder this section has reasonable grounds to believethat—

(a) the computer data sought is stored inanother apparatus; or

16

Offence by body corporate

Search and seizure

(b) part of the computer data sought is inanother place within Trinidad and Tobago,

and such computer data is lawfully accessible from, oravailable to the first apparatus, he may extend thesearch and seizure to that other apparatus or otherplace.

(3) In the execution of a warrant under thissection, a police officer may, in addition to the powersconferred on him by the warrant—

(a) activate an onsite computer system orcomputer data storage media;

(b) make and retain a copy of computer data;(c) remove computer data in a computer

system or render it inaccessible;(d) take a printout of output of computer data;(e) impound or similarly secure a computer

system or part of it or a computer datastorage medium; or

(f) remove a computer system or computerdata storage medium from its location.

(4) A police officer who undertakes a search underthis section shall secure any apparatus and maintainthe integrity of any computer data that is seized.

(5) For the purpose of this section, “apparatus”includes—

(a) a computer system or part of a computersystem; or

(b) a computer data storage medium.24. (1) A person who has knowledge about the

functioning of an apparatus, or measures appliedto protect computer data, that is the subject of a searchwarrant shall, if requested by the police officerauthorised to undertake the search, assist theofficer by—

(a) providing information that facilitates theundertaking of the search for and seizure ofthe apparatus or computer data sought;

17

Assistance

(b) accessing and using an apparatus to searchcomputer data which is stored in, orlawfully accessible from or available to, thatapparatus;

(c) obtaining and copying computer data; or(d) obtaining an intelligible output from an

apparatus in such a format that isadmissible for the purpose of legalproceedings.

(2) A person who fails to comply with this sectioncommits an offence and is liable on summary convictionto a fine of one hundred thousand dollars andimprisonment for one year.

25. If a Magistrate is satisfied on the basis ofinformation on oath by a police officer that an internetservice provider or any other entity with a domain nameserver is storing, transmitting or providing access toinformation in contravention of this Act or any otherwritten law, the Magistrate may order the internetservice provider or other entity with a domain nameserver to remove, or disable access to, the information.

26. If a Magistrate is satisfied on the basis ofinformation on oath by a police officer that computerdata, a printout or other information is reasonablyrequired for the purpose of a criminal investigation orcriminal proceedings, the Magistrate may order—

(a) a person in Trinidad and Tobago who is incontrol of an apparatus, to produce from theapparatus computer data or a printout orother intelligible output of the computerdata; or

(b) an internet service provider in Trinidad andTobago to produce information about aperson who subscribes to, or otherwise useshis service.

18

Order for removal ordisablement of data

Production Order

27. (1) A Magistrate may, if satisfied on an ex parteapplication by a police officer of the rank ofSuperintendent or above that there are grounds tobelieve that computer data that is reasonably requiredfor the purpose of a criminal investigation is vulnerableto loss or modification, authorise the police officer torequire a person in control of the computer data, bynotice in writing, to preserve the data for such periodnot exceeding ninety days as is stated in the notice.

(2) A Magistrate may, on an ex parte application bya police officer of the rank of Superintendent or above,authorise an extension of the period referred to insubsection (1) by a further specified period notexceeding ninety days.

28. (1) If an order under section 26 or a notice undersection 27 stipulates that confidentiality is to bemaintained, a person who is the subject of the order ornotice and who intentionally and without lawful excuseor justification discloses—

(a) the fact that the order or notice has beenmade;

(b) the details of the order or notice; (c) anything done pursuant to the order or

notice; or(d) any data collected or recorded pursuant to

the order, commits an offence.

(2) A person who commits an offence undersubsection (1), is liable—

(a) on summary conviction to a fine of onemillion dollars and imprisonment for threeyears; or


19

Expeditedpreservation

Disclosure of detailsof an order

29. If a Magistrate is satisfied on the basis ofinformation on oath by a police officer, that there arereasonable grounds to believe that computer data storedin an apparatus is reasonably required for the purposeof a criminal investigation into a data message, he mayrequire a person to disclose sufficient traffic data aboutthe data message to identify—

(a) the internet service provider; or(b) the path,

through which the data message was transmitted.

30. (1) If a Judge is satisfied on ex parte application bya police officer, that there are reasonable grounds tobelieve that computer data which is required for thepurpose of a criminal investigation into an offencelisted in the Schedule, cannot be collected without theuse of a remote forensic tool, the Judge may authorise apolice officer, with such assistance as may be necessary,to utilise such tool for the investigation.

(2) An application made under subsection (1) shallcontain the following information:

(a) the name, and if possible, the address of theperson who is suspected of committing theoffence;

(b) a description of the targeted computersystem;

(c) a description of the required tool, and theextent and duration of its utilization; and

(d) reason for the use of the tool.

(3) Where an application is made undersubsection (1), the Judge may order that an internetservice provider support the installation of the remoteforensic tool.

20

Disclosure of trafficdata

Remote forensic tools

Schedule

(4) Where a remote forensic tool is utilised underthis section—

(a) modifications to a computer system shall belimited to those that are necessary for theinvestigation;

(b) modifications to a computer system shallbe undone, so far as possible, after theinvestigation; and

(c) the following information shall be logged:

(i) the technical means used;

(ii) the time and date of theapplication;

(iii) the identification of the computersystem and details of themodification undertaken; and

(iv) the information obtained.

(5) The police officer responsible for a criminalinvestigation in which a remote forensic tool is utilisedunder this section shall ensure that any informationobtained by the utilisation of the remote forensic tool isprotected against modification, unauthorised deletionand unauthorised access.

(6) An authorization that is granted under thissection shall cease to apply where—

(a) the computer data sought is collected;

(b) there is no longer any reasonable ground forbelieving that the computer data soughtexists; or

(c) the conditions of the authorization are nolonger present.

21

(7) The Minister may, by Order, amend theSchedule.

(8) For the purpose of this section, “utilise”includes—

(a) accessing a computer system;(b) developing a remote forensic tool;(c) adopting a remote forensic tool; or(d) acquiring a remote forensic tool.

31. (1) Where a person is convicted of an offence underthis Act and the Court is satisfied that monetarybenefits accrued to him as a result of the commission ofthe offence, the Court may order him to pay anadditional fine in an amount equal to the amount of themonetary benefits.

(2) Where damage is caused as a result of anoffence under this Act the person convicted of theoffence is liable to an additional fine not exceeding thefine that the Court may impose for the commission ofthe offence that caused the damage.

32. (1) Where a person is convicted of an offence underthis Act, and the Court is satisfied that another personhas suffered loss or damage because of the commissionof the offence, it may, in addition to any penalty imposedunder this Act, order the person convicted to pay a fixedsum as compensation to that other person for the loss ordamage caused or likely to be caused as a result of thecommission of the offence.

(2) An order made under subsection (1) shall bewithout prejudice to any other remedy which the personwho suffered the damage may have under any otherlaw.

(3) The Court may make an order under thissection of its own motion or upon application of a personwho has suffered damage as a result of the commissionof the offence.

22

Order for payment ofadditional fine

Order for payment ofcompensation

(4) A person who makes an application undersubsection (3) shall do so before sentence is passed onthe person against whom the order is sought.

(5) For the purpose of this section, computer dataheld in an apparatus is deemed to be the property of theowner of the apparatus.

33. (1) Subject to subsection (2), where a person isconvicted of an offence under this Act, the Court mayorder that any property—

(a) used for, or in connection with; or

(b) obtained as a result of, or in connectionwith,

the commission of the offence, be forfeited to the State.

(2) Before making an order under subsection (1),the Court shall give an opportunity to be heard to anyperson who claims to be the owner of the property orwho appears to the Court to have an interest in theproperty.

(3) Property forfeited to the State undersubsection (1) shall vest in the State—

(a) if no appeal is made against the order, atthe end of the period within which anappeal may be made against the order; or

(b) if an appeal has been made against theorder, on the final determination of thematter, where the decision is made infavour of the State.

(4) Where property is forfeited to the State underthis section, it shall be disposed of in the prescribedmanner.

34. Where an ex parte application is made by theDirector of Public Prosecutions to a Judge and the Judgeis satisfied that there are reasonable grounds to believe

23

Forfeiture Order

Order for seizure andrestraint

that there is in any building, place or vessel, anyproperty in respect of which a forfeiture order undersection 33 has been made, the Judge may issue—

(a) a warrant authorising a police officer tosearch the building, place or vessel for thatproperty and to seize that property if found,and any other property in respect of whichthe police officer believes, on reasonablegrounds, that a forfeiture order undersection 33 may be made; or

(b) a restraint order prohibiting any personfrom disposing of, or otherwise dealing withany interest in, the property, other than asmay be specified in the restraint order.

PART IVINTERNET SERVICE PROVIDERS

35. (1) Subject to subsection (2), an internet serviceprovider who provides a conduit for the transmission ofinformation, shall not be responsible for—

(a) monitoring the information which hetransmits or stores on behalf of another inorder to ascertain whether its processingwould constitute or give rise to liabilityunder this Act; or

(b) actively seeking facts or circumstancesindicating illegal activity in order to avoidcriminal liability under this Act.

(2) Subsection (1) does not relieve an internetservice provider from complying with any court order,injunction, writ or other legal requirement, whichobliges an internet service provider to terminate orprevent an infringement based on any written law.

24

No monitoringobligation

36. (1) An access provider shall not be liable under thisAct for providing access and transmitting information ifhe does not –

(a) initiate the transmission;(b) select the receiver of the transmission; or(c) select or modify the information contained

in the transmission. (2) For the purpose of this section—

“access provider” means a person who providesa service to facilitate the transmission ofcomputer data between two or morecomputer systems by transmittinginformation provided by, or to a user of theservice in a communication network orprovides access to a communicationnetwork;

“communication network” means a setof devices or nodes connected bycommunication links, which is used toprovide the transfer of computer databetween users located at various points orother similar services; and

“transmit” or “provide access” includes theautomatic, intermediate and transientstorage of information transmitted in so faras it takes place for the sole purpose ofcarrying out the transmission in thecommunication network, and provided thatthe information is not stored for a periodlonger than is reasonably necessary for thetransmission.

37. (1) A hosting provider shall not be liable for thestorage of information in contravention of this Act if—

(a) he expeditiously removes or disables accessto the information after receiving a lawfulorder from any appropriate authority toremove specific illegal information stored;or

25

Access provider

Hosting provider

(b) upon obtaining knowledge or awareness, byways other than a lawful order from anyappropriate authority, about specific illegalinformation stored, he expeditiouslyinforms the authority to enable it toevaluate the nature of the information and,if necessary, issue an order to remove thecontent.

(2) This section shall not apply when the user ofthe service is acting under the authority or control of thehosting provider.

(3) For the purpose of this section—

“hosting provider” means a person whoprovides a service to facilitate thetransmission of computer data between twoor more computer systems by storinginformation provided by a user of hisservice.

38. (1) A caching provider shall not be liable for thestorage of information in contravention of this Act if—

(a) he does not modify the stored information;

(b) he complies with the condition of access tothe stored information;

(c) he updates stored information inaccordance with any written law or in amanner that is widely recognised andused in the information communicationtechnology industry; or

(d) he does not interfere with the lawful use oftechnology, widely recognised and used bythe information communication technologyindustry, to obtain data on the use of thestored information,

26

Caching provider

and acts expeditiously to remove or to disable access tothe information he has stored upon obtaining knowledgeof the fact that—

(e) the stored information at the initial sourceof the transmission has been removed fromthe network;

(f) access to the stored information has beendisabled; or

(g) a Court has ordered the removal ordisablement of the stored information.


“caching provider” means a person whoprovides a service to facilitate thetransmission of computer data between twoor more computer systems by theautomatic, intermediate and temporarystorage of information, where such storageis for the sole purpose of making the onwardtransmission of the information to otherusers of the service more efficient.

39. (1) An internet service provider who enables theaccess to information provided by another person, byproviding an electronic hyperlink, shall not be liable forinformation that is in contravention of this Act if—

(a) the internet service provider expeditiouslyremoves or disables access to theinformation after receiving a lawful orderfrom any appropriate authority to removethe link; or

(b) the internet service provider, uponobtaining knowledge or awareness, by waysother than a lawful order from anyappropriate authority, expeditiouslyinforms the authority to enable it to

27

Hyperlink provider

evaluate the nature of the information andif necessary, issue an order to remove thecontent.


“hyperlink” means a characteristic or propertyof an element such as a symbol, word,phrase, sentence, or image that containsinformation about another source andpoints to and causes to display anotherdocument when executed.

40. A provider who makes or operates a search enginethat either automatically, or based on entries by others,creates an index of internet-related content or, makesavailable electronic tools to search for informationprovided by another person, shall not be liable underthis Act for the search results if the provider—

(a) does not initiate the transmission; or

(b) does not select the receiver of thetransmission; or

(c) does not select or modify the informationcontained in the transmission.

PART VMISCELLANEOUS

41. (1) The Minister may make Regulations prescribing all matters that are required to be prescribed under this Act and for such other matters asmay be necessary for giving full effect to this Act and forits proper administration.

(2) Regulations made under this section shall besubject to negative resolution of Parliament.

42. The Computer Misuse Act is repealed.

28

Search engineprovider

Regulations

Repeal ofChap. 11:17

SCHEDULE (Section 30)

OFFENCES

1. Offences involving treason under the Treason Act,Chap. 11:03.

2. Offences against the person, namely—

(a) Murder;(b) Manslaughter.

3. Offences involving kidnapping.

4. Drug trafficking, namely—

(a) Trafficking in dangerous drugs; (b) Possession of a dangerous drug for the

purpose of trafficking.

5. Unlawful possession of a firearm or ammunition.

6. Offences involving a terrorist act.

7. Trafficking in persons or trafficking in children.

8. Offences involving child pornography.

9. Offences involving fraud.

Passed in the House of Representatives this dayof , 2015.

Clerk of the House

IT IS HEREBY CERTIFIED that this Act is one the Bill for

29

which has been passed by the House of Representativesand at the final vote thereon in the House has beensupported by the votes of not less than three-fifths of allthe members of the House, that is to say, by the votes of

members of the House.

Clerk of the House

I confirm the above.

Speaker

Passed in the Senate this day of ,2015.

Clerk of the Senate

IT IS HEREBY CERTIFIED that this Act is one the Bill forwhich has been passed by the Senate and at the finalvote thereon in the Senate has been supported by thevotes of not less than three-fifths of all the members ofthe Senate, that is to say, by the votes of Senators.

I confirm the above.

President of the Senate

30

No. 7 of 2015

FIFTH SE

SSION

TE

NT

HP

AR

LIA

ME

NT

RE

PUB

LIC O

FTR

INID

AD

AN

D TO

BA

GO

BIL

LA

NA

CTto provide for the creation of

offences related to cybercrime and

related matters

Received and read theFirst tim

e ..............................................

Second time ..........................................

Third time .............................................

the cybercrime bill, 2015the cybercrime bill, 2015 explanatory note (these notes form no part of the...

Documents