54

CHAPTER FOUR
COMPARATIVE ANALYSIS OF OTHER JURISDICTIONS LAWS ON
CYBER-CRIME
4.1 INTRODUCTION
As noted in chapter two, the current legislative framework in Nigeria is not up to standard in
the fight against cybercrime. The law in Nigeria that has been used in tackling cybercrime, to
a certain degree, is the Advanced Free Fraud Act alongside the Criminal Code and the
Economic and Financial Crime Commission. In chapter three, the prospective laws or bills on
cybercrime or related to cybercrime were discussed and their effectiveness. Most of the bills
had their own criticism, especially on provisions prohibiting Unauthorised Access into a
computer, Data Retention and Misuse of device.
It has been noted that because existing laws in many countries are not tailored to deal with
cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages
of the less severe punishments or difficulties of being traced
1
. Studies have shown that 75%
of Internet content was created in the United States of America, 20% came from Europe
while Asia created 5.95%, and Africas content input in the global knowledge base is only
0.5%.
2
This shows the input of the western world in their contribution to the build-up of the
internet. The USA has been revealed to have the highest of internet user combined
3
with the
highest number of cybercrime
4
; one would have imagined they would have come up with a
single cybercrime legislation to tackle this menace. It is in this light that this chapter seeks to
identify the various laws of different countries, known to be far advanced in information
technologies compared to Nigeria on how in their own way tackle cybercrime and if there is
any single legislation on cybercrimes in Nigeria. The various countries that will be discussed
in this chapter are United States of America, United Kingdom, Germany, China and Portugal.



1
International cybercrime From Wikipedia, the free encyclopedia Available at:
http://en.wikipedia.org/wiki/International_cybercrime Accessed (9/8/2013)
2
A. Chinedu Tackling the cyber-crime menace in Nigeria Available at:
http://blueprintng.com/new/2013/01/tackling-the-cyber-crime-menace-in-nigeria/ Accessed (6/8/2013)
3
The statistics is available at: http://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users
4
See: WikiNews, Cybercrime ratings, at: http://en.wikipedia.org/wiki/cybercrimerating, (4/7/2013).

55

4.2 UNITED STATES OF AMERICA
The United States of America was probably the first country to criminalise hacking by
enacting legislation at federal as well as state level. Federal legislation operates at federal
level, governs the entire United States and is generally applicable. Individual State Laws are
only applicable in a specific State. For the purpose of this chapter, the provision of the federal
law will be discussed.
4.2.1 FEDERAL LAW
The Computer Fraud and Abuse Act 1986, is the most important federal legislation in respect
of unauthorised access and unauthorised to computers and it inserted computer crimes into
the Federal Code. The goal of the Act is to protect the confidentiality, integrity, and
availability of computer data and systems.
5
There have been quite a few amendments to the
Federal Code in respect of computer-related offences.
6
Section 1030(a) of the United States
Code
7
states:
(a) Whoever
(1) having knowingly accessed a computer without authorization or exceeding
authorized access, and by means of such conduct having obtained information that has
been determined by the United States Government pursuant to an Executive order or
statute to require protection against unauthorized disclosure for reasons of national
defence or foreign relations, or any restricted data, as defined in paragraph y. of
section 11 of the Atomic Energy Act of 1954, with reason to believe that such
information so obtained could be used to the injury of the United States, or to the
advantage of any foreign nation wilfully communicates, delivers, transmits, or causes
to be communicated, delivered, or transmitted, or attempts to communicate, deliver,
transmit or cause to be communicated, delivered, or transmitted the same to any
person not entitled to receive it, or wilfully retains the same and fails to deliver it to
the officer or employee of the United States entitled to receive it;
(2) intentionally accesses a computer without authorization or exceeds authorized
access, and thereby obtains (A) information contained in a financial record of a
financial institution, or of a card issuer as defined in section 1602(n) of title 15, or
contained in a file of a consumer reporting agency on a consumer, as such terms are
defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.); (B) information

5
J.B. Wolf Chasing 21st Century Cybercriminals With Old Laws and Little Money American Journal of
Criminal Law Vol. 28 No 1 pp.109. (2000)
6
S. S Kennedy & R.P. Flum Computer Crimes American Criminal Law Review Vol. 39 No.2 pp.279. (2002)
7
Fraud and related activity in connection with computers


56
from any department or agency of the United States; or (C) information from any
protected computer if the conduct involved an interstate or foreign communication;
(3) intentionally, without authorization to access any non-public computer of a
department or agency of the United States, accesses such a computer of that
department or agency that is exclusively for the use of the Government of the United
States or, in the case of a computer not exclusively for such use, is used by or for the
Government of the United States and such conduct affects that use by or for the
Government of the United States;
(4) knowingly and with intent to defraud, accesses a protected computer without
authorization, or exceeds authorized access, and by means of such conduct furthers
the intended fraud and obtains anything of value, unless the object of the fraud and the
thing obtained consists only of the use of the computer and the value of such use is
not more than $5,000 in any 1-year period;
(5)(A)(i) knowingly causes the transmission of a program, information, code, or
command, and as a result of such conduct, intentionally causes damage without
authorization, to a protected computer; (ii) intentionally accesses a protected
computer without authorization, and as a result of such conduct, recklessly causes
damage; or (iii) intentionally accesses a protected computer without authorization,
and as a result of such conduct, causes damage; and (B) by conduct described in
clause (i), (ii), or (iii) of subparagraph (A), caused (or, in the case of an attempted
offense, would, if completed, have caused) - (i) loss to 1 or more persons during any
1-year period (and, for purposes of an investigation, prosecution, or other proceeding
brought by the United States only, loss resulting from a related course of conduct
affecting 1 or more other protected computers) aggregating at least $5,000 in value;
(ii) the modification or impairment, or potential modification or impairment, of the
medical examination, diagnosis, treatment, or care of 1 or more individuals; (iii)
physical injury to any person; (iv) a threat to public health or safety; or (v) damage
affecting a computer system used by or for a government entity in furtherance of the
administration of justice, national defense, or national security;
From the provisions of this section, the mere accessing of any computer is not an offence;
there are other additional elements that have to be met before an authorised access can be
penalised by the act. The elements are; firstly it is directed at certain categories of data or
information. Certain categories of computers or computer systems are protected by the Act
such as government computer systems.
8
These provisions initially excluded computers of
individuals (personal computers), most businesses and companies and limited the scope of
application of the Code.
9
The original text of section 1030(a) (4) referred to a federal interest
computer but was subsequently amended by the National Information Infrastructure
Protection Act (NIIPA)
10
to read protected computer. A protected computer will now include

8
See section 1030 (e) (2) of the United States Federal Code.
9
Steve Shackelford Computer-Related Crime: An International Problem in Need of an International Solution
(1992) Texas International Law Journal Vol. 27 No.2 pp.488
10
1996. In general see the legislative analysis by the US Department of Justice in respect of the NIIPA
Available at: http://www.usdoj.gov/criminal/cybercrime/1030-anal.html

57
government computers; financial institution computers and any computer which is used in
interstate or foreign commerce or communications.
11
Computers that are connected to the
Internet are now protected. The USA PATRIOT Act
12
amended the provisions further
providing for protection against terrorism through a cyber-war.
13
Secondly, a specific intent is
also required, for example the intent to defraud or the obtaining of an advantage or the
furtherance of a fraud. One of the main criticisms against the Act is that key concepts such as
without authorisation, use, affects and access were not defined.
14
The Act was further
criticised on the basis that large corporations and businesses that are often targeted by
computer criminals, were initially not protected by the Act.
15
The mere access, trespass or
browsing in respect of a computer or system is not an offence in terms of the Act.
16
The
above provision also prohibits Data Interference, System interference, Computer-related
fraud and Misuse of device. Also as regard Misuse of device, Section 1030(a)(6) of the
United States Criminal Code as inserted by the Computer Fraud and Abuse Act9 states:
(a) Whoever
(1) (5)
(6) knowingly and with intent to defraud traffics (as defined in section 1029) in any
password or similar information through which a computer may be accessed without
authorization, if- (A) such trafficking affects interstate or foreign commerce; or (B)
such computer is used by or for the Government of the United States; shall be
punished as provided in subsection (c) of this section.
The prohibitions in respect of trafficking in passwords only apply to commerce and
government computers. The Act has been criticised because affects interstate commerce
is not defined and the definition and scope thereof are unclear.
17
Furthermore a perpetrator
should have the intention to defraud. The United States Code also prohibits the production
and use of or trafficking in counterfeit access devices
18
, provided that the perpetrator acts

11
Section 1030(e)(2) of the United States Federal Code.
12
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct
Terrorist Act 2001. This Act was promulgated after the 9/11 terrorist attacks in the USA.
13
Kennedy op cit. supra pp.208
14
B.D Cohen Computer Crime American Criminal Law Review Vol. 25 No. 3 (1988) p.368
15
C.D Chen Computer Crime and the Computer Fraud and Abuse Act of 1986 Computer Law Journal Vol. X
No.1 pp.79 (1990)
16
Ibid
17
Ibid
18
Section 1029(e)(1) provides the term access device means any card, plate, code, account number, electronic
serial number, mobile identification number, personal identification number, or other telecommunications
service, equipment, or instrument identifier, or other means of account access that can be used, alone or in
conjunction with another access device, to obtain money, goods, services, or any other thing of value, or that can
be used to initiate a transfer of funds (other than a transfer originated solely by paper instrument). In addition
section 1029(e)(2) provides that the term counterfeit access device means any access device that is

58
with the intention to defraud.
19
The intentional trafficking in and use of unauthorized access
devices within any one-year period and by such conduct obtaining anything of value in
excess of $ 1, 000 is also criminalised.
20


4.3 UNITED KINGDOM
Like the US, UK does not have a singular law prohibiting the offences of cybercrime. Acts
that have been used in tackling cybercrime-related offences are; Computer Misuse Act
(Illegal Access, system and interference), Fraud Act (computer-related fraud), Forgery Act
(computer-related forgery) among others.
4.3.1 COMPUTER MISUSE ACT 1990
In 1987, the Scottish Law Commission produced a working paper in respect of computer-
related crimes.
21
The ruling by the House of Lords in the case of R v Gold and Schifreen,
22

that computer hacking was not a criminal offence under the British Forgery and
Counterfeiting Act of 1981, highlighted the need for legislative intervention to bring the
criminal law up to date with technology.
23
In 1988 the Law Commission for England and
Wales produced a working paper dealing with computer misuse.
24
Another working paper
was released by the Law Commission in October 1989 entitled Criminal law: Computer
misuse.
25
The Computer Misuse Bill was introduced
26
and in August 1990 the Computer

counterfeit, fictitious, altered, or forged, or an identifiable component of an access device or a counterfeit access
device
19
Section 1029(a)(1) of the United States Code (2000 Edition)
20
Section 1029(a)(2) of the United States Code (2000 Edition).
21
C. Tapper Computer Crime: Scotch Mist? (1987) The Criminal Law Review p.4.
22
[1988] 2 WLR 984
23
A. Charlesworth Legislation against Computer Misuse: The trials and tribulations of the UK Computer
Misuse Act 1990 (1993) Journal of Law and Information Science Vol. 4 No.1 pp.82.
24
Law Commission Working Paper No. 110 Computer Misuse, 1988. HMSO. See in general Martin
Wasik Law Reform Proposals on Computer Misuse (1989) The Criminal Law Review 257 et seq.;
Martin Wasik The Law Commission Working Paper on Computer Misuse (1988-89) 5 Computer Law
and Security Report 2 et seq.; Jeffrey Chapman Computer misuse a response to Working Paper No.
110 (1989) Computer Law & Practice Vol. 5 115 et seq.; Michael Heather Law Commission Working
Paper No. 110 (1989) Computer Law & Practice Vol. 5 171 et seq.; Morag Macdonald Hacking (1989)
Computer Law & Practice Vol. 5 195 et seq
25
Law Commission Working Paper No. 186 Criminal law: Computer misuse, 1989. See in general
Martin Wasik Tackling technocrime: The Law Commission Report on Computer Misuse (1989)
Computer Law & Practice Vol. 6 No. 1 23 et seq.
26
For a broad overview of the Bill see Richard Dedman The Computer Misuse Bill 1990 (1990-91) 1
Computer Law and Security Report 13 et seq.

59
Misuse Act
27
came into effect.
28
Section 1 of the Computer Misuse Act, 1990 criminalises
hacking. It states that:
A person is guilty of an offence if- (a) he causes a computer to perform any function
with intent to secure access to any program or data held in any computer; (b) the
access he intends to secure is unauthorised; and (c) he knows that at the time when he
causes the computer to perform the functions that that is the case.
The elements can be simply as: (1) access to computer or data, (2) unlawfulness i.e.
unauthorised access and (3) intention. Interestingly the actus reus consists in causing a
computer to perform any function with the intent to secure access and appears not to be
limited to the actual accessing of a computer.
29
Section 17(5) of the Act states that access of
any kind by any person to any program or data held in a computer is unauthorised, if he is not
himself entitled to control access of the kind in question to the program and data, and he does
not have consent to access by him of the kind in question to the program or data from any
person who is so entitled.
30
Unauthorised access includes instances where authorised users
deliberately exceed their authority. According to British authors Smith & Hogan the mens rea
element consists therein that the perpetrator must cause a computer to perform a function
with the intent to secure access to any program or data held in any computer, knowing that
the access he intends to secure is unauthorised.
31
The Act also contains a specific provision as
to the required intent and states that the intent need not be directed at any particular program
or data, a program or data of any particular kind, or a program or data held in any particular
computer.
32
Section 1(2) seems to introduce a kind of dolus generalis
33
, which has been said
to be useful since some hackers tackle whatever constitutes a challenge.
34

4.3.2 FRAUD ACT 2006
This Act is used in tackling the offence of computer-related frauds in the United Kingdom.
Sections 1-8 of the Act prohibit the offence of obtaining by false pretences. Section 1 states
that:

27
The Computer Misuse Act 1990.
28
See M. Wasik The Computer Misuse Act 1990 (1990) Criminal Law Review 767 et seq.; Steve
Shackelford Computer-Related Crime: An International Problem in Need of an International Solution
(1992) Texas International Law Journal Vol. 27 No. 2 490 493; Chris Reed Electronic Finance Law (1991)
212 et seq.
29
Smith and Hogan Criminal Law pp.725.
30
T, Elbra A practical guide to the Computer Misuse Act 1990 (1990) pp.5.
31
Smith and Hogan Criminal Law 726
32
Section 1(2) of the Computer Misuse Act, 1990.
33
General intent
34
D P van der Merwe Computers and the Law (2000) 179.

60
A person is guilty of fraud if he is in breach of any of the sections listed in subsection
(2) (which provide for different ways of committing the offence). (2) The sections
are (a) section 2 (fraud by false representation), (b) section 3 (fraud by failing to
disclose information), and (c) section 4 (fraud by abuse of position).
Section 2 of the Act therefore states that:
A person is in breach of this section if he (a) dishonestly makes a false
representation, and (b) intends, by making the representation (i) to make a gain for
himself or another, or (ii) to cause loss to another or to expose another to a risk of
loss.
(2) A representation is false if (a) it is untrue or misleading, and (b) the person
making it knows that it is, or might be, untrue or misleading.
(3) Representation means any representation as to fact or law, including a
representation as to the state of mind of (a) the person making the representation, or
(b) any other person.
(4) A representation may be express or implied.
(5) For the purposes of this section a representation may be regarded as made if it (or
anything implying it) is submitted in any form to any system or device designed to
receive, convey or respond to communications (with or without human intervention).
Sections 6 and 7 prohibits the possession of articles for the use of frauds and the also
prohibition of making or supplying articles for use in frauds respectively. Section 8 defines
Articles as to include any program or data held in electronic form.
4.3.3 THE PROTECTION OF CHILDREN ACT 1978
This Act deals with the offences related to child pornography, a classification of cybercrime.
It prohibits any one from taking, distribute or have any indecent photograph. Section 1(1) of
the Act states that:
(1)It is an offence for a person (a)to take, or permit to be taken or to make, any
indecent photograph or pseudo-photograph of a child. . .; or (b)to distribute or show
such indecent photographs or pseudo-photographs; or (c)to have in his possession
such indecent photographs or pseudo-photographs, with a view to their being
distributed or shown by himself or others; or (d)to publish or cause to be published
any advertisement likely to be understood as conveying that the advertiser distributes
or shows such indecent photographs or pseudo-photographs, or intends to do so.
Section 2 (3) of the act states that in proceedings under this Act relating to indecent
photographs of children a person is to be taken as having been a child at any material time if
it appears from the evidence as a whole that he was then under the age of 16.


61
4.4 GERMANY
Germany, like two countries previously discussed doesnt have a harmonized cybercrime
law, but most offences relating cybercrime are criminalised under the German Criminal
Code, 2009.
35
The offences classified as cybercrime that are prohibited by the German Code
are; Illegal access, illegal interception, data interference, system interference, misuse of
devices, computer-related forgery, computer-related fraud and offences related to child
pornography.
4.4.1 THE GERMAN CRIMINAL CODE, 2009
36

Section 202a of the code deals with or prohibits the act of Data espionage. The section states
that:
(1) Whosoever unlawfully obtains data for himself or another that were not intended
for him and were especially protected against unauthorised access, if he has
circumvented the protection, shall be liable to imprisonment of not more than three
years or a fine.
(2) Within the meaning of subsection (1) above data shall only be those stored or
transmitted electronically or magnetically or otherwise in a manner not immediately
perceivable.
The Code in this provision focuses on electronic data. It also states that the data should not be
directly visible. The element of procurement would in all probability require that the data be
removed or that a copy at least be made, which means that the mere unauthorised access to
the data would not amount to any procurement. As regard Illegal interception, like Phishing,
section 202b of the code states that:
Whosoever unlawfully intercepts data (section 202a (2)) not intended for him, for
himself or another by technical means from a non-public data processing facility or
from the electromagnetic broadcast of a data processing facility, shall be liable to
imprisonment of not more than two years or a fine, unless the offence incurs a more
severe penalty under other provisions.
Also, as regard, Data interference, the Code provides for various actions in respect of the
unauthorised modification of data. Section 303a(1) criminalises data tampering and provides
that, anybody who unlawfully deletes, suppresses, renders useless, or alters data shall be

35
Strafgesetzbuch (STGB) English version available at: http://www.gesetze-im-internet.de Accessed:
(2/8/2013)
36
Ibid

62
sentenced to imprisonment not exceeding 2 years or to a fine. Also an attempt to commit the
offence is also criminalised.
37

A further offence of computer sabotage, System interference is contained in section 303b (1)
of the Code. It states that:
Whosoever interferes with data processing operations which are of substantial
importance to another by;
1. committing an offence under section303a (1); or
2. entering or transmitting data (section 202a (2)) with the intention of causing
damage to another; or
3. destroying, damaging, rendering unusable, removing or altering a data processing
system or a data carrier,
shall be liable to imprisonment of not more than three years or a fine.
An attempt to commit the offence is criminalised in section 303b (3) of the code. The
provisions of section 303b are much more detailed and provide for more severe penalties to
instances where the offender causes major financial loss, or acts on a commercial basis or as
a member of a gang whose purpose is the continued commission of computer sabotage.
38
In
regards of the offence of Misuse of Device, Section202c of the code prohibits acts
preparatory to data espionage and phishing. The section states that:
Whosoever prepares the commission of an offence under section 202a or section 202b
by producing, acquiring for himself or another, selling, supplying to another,
disseminating or making otherwise accessible
1. passwords or other security codes enabling access to data (section 202a (2)), or
2. software for the purpose of the commission of such an offence,
shall be liable to imprisonment of not more than one year or a fine.
Sections 267 and 269 of the code have the combine effect of prohibiting the act of forgery
and forgery of data intended to provide proof. Section 269 states that:
Whosoever for the purposes of deception in legal commerce stores or modifies data
intended to provide proof in such a way that a counterfeit or falsified document would
be created upon their retrieval, or uses data stored or modified in such a manner, shall
be liable to imprisonment of not more than five years or a fine.

37
Section 303a (2)
38
See s.303b (2) & (4)

63
Also the attempt of this crime is also punishable.
39

Also sections 263a and 263 have the combined effect of prohibiting and criminalising the
offence of computer-related fraud. Sections 184b, 184c and 18d criminalise the offences
related to child pornography.
4.4.2 LAW ON COPYRIGHT AND NEIGHBOURING RIGHTS, 2007
40

On offences related to infringements of copyright and related rights, Sections 106, 107, 108,
108a and 108b of this law have the combined effects of prohibiting offences on Unauthorized
Exploitation of Copyrighted Works; Unlawful Affixing of Designation of Author;
Infringement of Neighbouring Rights; Unlawful Exploitation on a Commercial Basis; and
Unauthorised interference with technical protection measures and information necessary for
rights management, respectively. Section 106 states that:
(1) Whoever reproduces, distributes or publicly communicates a work or an
adaptation or transformation of a work, other than in a manner allowed by law and
without the right holders consent, shall be punished with imprisonment for up to
three years or a fine.
(2) An attempt shall be punishable.

4.4.3 GERMAN CODE OF CRIMINAL PROCEDURE, 2008
41

The law on the Expedited preservation of stored computer data can be found in this law,
which is covered by Sections 94, 95 and 98 of this code. These sections provided that objects
which may be of importance as evidence for the investigation shall be impounded or
otherwise secured and if the object is not surrendered, by the person who holds custody, it
shall be seized.
42
It further provides that seizure can only be ordered by the judge, in exigent
circumstances, by the public prosecution office and the officials assisting it.
43
The procedures
to carry out this seizure are also stated in section 98.

39
See Sections 267 (2) % 269 (2)
40
(URHG)
41
STRAFPROZESSORDNUNG (StPO)
42
Section 94
43
Section 98

64
With respect to traffic data, Expedited preservation is covered by Section 100g.
44
The section
states that:
1) If certain facts give rise to the suspicion that a person, either as perpetrator, or as
inciter or accessory,
a) has committed a criminal offence of substantial significance in the individual
case as well, particularly one of the offences referred to in Section 100a
subsection (2), or, in cases where there is criminal liability for attempt, has
attempted to commit such an offence or has prepared such an offence by
committing a criminal offence or
b) has committed a criminal offence by means of telecommunication; then, to the
extent that this is necessary to establish the facts or determine the accused's
whereabouts, traffic data (section 96 subsection (1), section 113a of the
Telecommunications Act) may be obtained also without the knowledge of the
person concerned. In the case referred to in the first sentence, number 2, the
measure shall be admissible only where other means of establishing the facts
or determining the accused's whereabouts would offer no prospect of success
and if the acquisition of the data is proportionate to the importance of the case.
The acquisition of location data in real time shall be admissible only in the
case of the first sentence, number 1.
2) Section 100a subsection (3) and Section 100b subsections (1) to (4), first sentence,
shall apply mutatis mutandis. Unlike Section 100b subsection (2), second
sentence, number 2, in the case of a criminal offence of substantial significance, a
sufficiently precise spatial and temporal description of the telecommunication
shall suffice where other means of establishing the facts or determining the
accused's whereabouts would offer no prospect of success or be much more
difficult.
3) If the telecommunications traffic data is not acquired by the telecommunications
services provider, the general provisions shall apply after conclusion of the
communication process.
4) In accordance with Section 100b subsection (5) an annual report shall be produced
in respect of measures pursuant to subsection (1), specifying: 1. the number of
proceedings during which measures were implemented pursuant to subsection (1);
2. the number of measures ordered pursuant to subsection (1) distinguishing
between initial orders and subsequent extension orders; 3. in each case the
underlying criminal offence, distinguishing between numbers 1 and 2 of
subsection (1), first sentence; 4. the number of months elapsed during which
telecommunications call data was intercepted, measured from the time the order
was made; 5. the number of measures which produced no results because the data
intercepted was wholly or partially unavailable.
Sections 100a and 100b
45
of this law gives conditions regarding the order of interceptions of
telecommunications and the procedures on how to get such orders from the court.


44
Information on Telecommunications Connections
45
Order to Intercept Telecommunications

65
4.5 CHINA
In 1994, the Chinese State Council issued the first law on computer crime, which is the
Ordinance on protecting the safety of computer system
46
. In 1997, 2000, 2009 China
Criminal Law was amended to increase new Cybercrimes,
47
in 2011 China Supreme Peoples
Court and Supreme Peoples Procuratorate issued the judicial interpretation on Cybercrime.
48

4.5.1 CRIMINAL LAW OF THE PEOPLES REPUBLIC OF CHINA
In Chinas Criminal Law, five classifications of Cybercrimes were prescribed, which are
illegal accessing, illegal obtaining computer data, illegal controlling computer system,
providing computer program or tools for illegal accessing or controlling computer system,
and sabotaging computer system. According to the first paragraph of Article 285 of China
Penal Code, Crime of illegal accessing is, invading the computer information system in the
fields of State affairs, national defence construction or sophisticated science and technology.
This provision seems to only cover governments computers and not individuals or corporate
companies.
While Art.252 of the Criminal Law of China prohibits illegal interception of data; it states
that;
Whoever conceals, destroys or unlawfully opens another persons letter, thereby
infringing upon the citizens right to freedom of correspondence, if the circumstances
are serious, shall be sentenced to fixed-term imprisonment of not more than one year
or criminal detention.
According to the first paragraph of Article 286, it provides for the offence of sabotaging a
computer system. It states that;
Whoever in violation of States regulations, deletes, alters, adds or jams the functions
of the computer information system, thereby making it impossible for the system to

46
PI Yong New China Criminal Legislations in the Progress of Harmonization of Criminal Legislation against
Cybercrime. Shared with the Council of Europe for publication in December 2011 Available at:
http://www.coe.int/t/dghl/cooperation/economiccrime/cybercrime/documents/countryprofiles/Cyber_cp_china_
Pi_Yong_Dec11.pdf Accesses: (3/8/2012)
47
In 1997 China Penal Code was amended to add Article 285, 286 and 287, which stipulated two CIA
Cybercrimes (Illegal Access and Sabotaging computer system) and other tool-type Cybercrime, in which
computer systems are used as the tools of crime. In 2000 Decision on Protecting Security of Network was
passed by National Council to combat 21 tool-types Cybercrime. In March 2009 the 7th Amendment of China
Penal Code became effective, which stipulate three new Cybercrime to combat new types of Cybercrime in the
China networked economy, See PI Yong New China Criminal Legislations in the Progress of Harmonization
of Criminal Legislation against Cybercrime, Ibid
48
See Interpretation to the Judicial Problems on Dealing with Criminal Cases related to Endangering the Safety
of Computer System, which became effective on 1th, September 2011 and interprets the application of China
Penal Code to new Cybercrime in 7th Amendment of China Penal Code.

66
operate normally, if the consequences are serious, shall be sentenced to fixed-term
imprisonment of not more than five years or criminal detention; if the consequences
are especially serious, he shall be sentenced to fixed-term imprisonment of not less
than five years.
As regard data interference, the second paragraphs prescribes for that offence. The article
states that:
Whoever, in violation of State regulations, delete, alters or adds the data stored in or
handled or transmitted by the computer information system or its application program,
if the consequences are serious, shall be punished in accordance with the provision of
the preceding paragraph.
The third paragraph of this article also prohibits the use of programs like viruses to interfere
with data or the system. The article therefore states that;
Whoever intentionally creates or spreads destructive programs such as the computer
viruses, thus affecting the normal operation of the computer system, if the
consequences are serious, shall be punished in accordance with the provision of the
first paragraph.
Article 287 of this law prohibits the use of computers to commit forgery or fraud. The Article
states that:
Whoever uses computers to commit the crimes such as financial fraud, theft,
embezzlement, misappropriation of public funds, theft of State secrets, or other crimes
shall be convicted and punished in accordance with the relevant provisions of this
Law.
On the prohibition of offences related to child pornography, this is covered by the combine
articles of 363, 364, 366, and 367 Criminal Law of China. Also Articles 217, 218 and 220 of
this law, covers the offences related to infringements of copyright and related rights
combined with relevant provisions of the Copyright Law of China.
On Expedited preservation and partial disclosure of traffic data; Article 14 of the of
Regulation on Internet Information Service of the Peoples Republic of China, states that;
Internet information service providers, which provide news and publishing services
as well as services such as electronic bulletin, shall record and provide the content of
the information published, the time of publishing, the internet address or domain
name of publishing; the internet access service providers shall record the information
of the users such as their online time, their user names, internet address or domain
names, calling telephone number and other information. Both Internet information
service providers and internet access service providers shall keep the records for 60
days, and provide the records to relevant State authority when it is inquired.

67
This article provides for the preservation of data, not data retentions like other jurisdictions
provide for, and such records should not exceed 60 days. Other laws that provide for similar
provisions are Article 19 of Working Rules on Interim Regulation of International
Networking of Computer Information Network and Article 10 of Regulations on Internet
Surfer Service Sites. Also Articles 14 and 15 of the Provisions for the Administration of
Internet Electronic Bulletin, have similar provisions as to the one stated above.

4.6 PORTUGAL
Portugal is part of the few countries that have legislated and enacted a cybercrime law in their
country. The laws applicable used in tackling cybercrime in Portugal are; the Cybercrime
Law 2009 and the Penal Code of Portugal.
4.6.1 CYBERCRIME LAW 2009
49

Article 2 of the law defines some legal terms like;
Computer System means any device or set of connected or related devices, in which
one or more of these produces, running a program, the automated processing of data,
and the network that supports communication between them and the set of data stored,
processed, retrieved or transmitted by that or those devices, with a view to its
operation, use, protection and maintenance.
Computer Data means any representation of facts, information or concepts in a format
capable of being processed by means of a computer system, including programs able
to make a computer system to perform a function;
Traffic data means computer data relating to a communication made through a
computer system, generated by this system as part of a chain of communication,
indicating the origin of the communication, the destination, route, time, the date, size,
duration or type of underlying service.
Interception means the act intended to capture information in a computer system,
using electromagnetic devices, acoustic, mechanical or other
Article 6 of the law prohibits any illegal or unauthorised access into a computer system. The
Article states that:
1. Any person who, without legal permission or without being authorized to do so by
the owner, in any manner accedes to a computer system, shall be punished with
imprisonment up to 1 year or with a fine of up to 120 days.

49
Law nr 109/2009

68
2 - The same penalty will be applied to whoever illegally produces, sells, distributes
or otherwise disseminates within one or more computer systems devices, programs, a
set of executable instructions, code or other computer data intended to produce the
unauthorized actions described under the preceding paragraph.
3 - The penalty will be imprisonment up to 3 years or a fine if access is achieved
through violation of safety rules.
4 - The penalty will be imprisonment of 1 to 5 years if: a) by means of this access, the
agent becomes aware of commercial or industrial secrets or confidential information
protected by law, or b) The benefit or pecuniary advantage obtained is of considerably
high value.
5 - The attempt is punishable, except regarding paragraph 2.
6 - In the cases referred to in paragraphs 1, 3 and 5 the prosecution depends on of the
complaint.
The implication of paragraph I and 6 of the Article is that any illegal or unlawful arrest is
punishable but prosecution will only occur depending on complaints made. Paragraph 2 of
the article prohibits the selling or distribution of programs or codes that can lead or cause
unauthorised access into a computer. The article confers stricter punishment on the illegal
access if the person becomes aware of commercial or industrial secrets or confidential
information protected by law, or the benefit or pecuniary advantage obtained is of
considerably high value.
On illegal interception of data, Article 7 of the law states that:
1. Any person who, without legal permission or without being authorized to do so by
the owner, other right holder of the system or part of it, through technical means
intercepts transmissions of computer data processed within a computer system, to
there directed or from there proceeding, will be punished with imprisonment up to 3
years or a fine.
2 - The attempt is punishable.
3 - The same penalty provided for in paragraph 1 will be applied to those who
illegally produce, sell, distribute or otherwise disseminate within one or more
computer systems devices, software or other computer data intended to produce the
unauthorized actions described under that paragraph.
Under this article, attempt to intercepts computer data without authorisation is punishable
under the law, likewise the use of Computer forensic tools are also prohibited by this article.
Article 4 of the Law prohibits the act or the attempt to in any way affect the ability to use or
damage or remove or render unusable or inaccessible programs or other computer data of
others without their permission or authority. The prosecution here only depends on the

69
complaint by the victim. Also article 5 of the law also prohibits system interference in
criminalising the offence of computer sabotage. The attempt to commit this offence is not
punishable under this article.
Articles 3, 4, 5, 6 and 7 prohibit the misuse of devices to commit computer forgery, computer
damage, computer sabotage, illegal access and unlawful interception respectively.
Article 3 of the cybercrime law prohibits computer related forgery. The article states that:
1 - Whoever, with intent to cause deception in legal relations, enters, modifies, deletes
or suppresses computer data or otherwise interferes with computer data to produce
information or documents that are not genuine, with the intention that they can be
considered or used for legally relevant purposes as if they were, is punished with
imprisonment up to 5 years or a fine of 120 to 600 days.
2 - When the actions described in the previous paragraph relate to the data registered
or incorporated in a banking card or any other device that allows the access to a
payment system or to a communications system or to a conditioned access service, the
penalty is 1 to 5 years in prison.
3 - Whoever, acting with intent to cause injury to others or to obtain an unlawful gain
for him or her or for others, makes use of a document made of computer data that
were the subject of the acts referred to in paragraph 1 or a card or other kind of device
in which it were registered or incorporated the data of the acts referred to in the
preceding paragraph, shall be punished with the penalties provided for in either
number, respectively.
4 - Whoever imports, distributes, sells or holds for commercial purposes any device
that allows the access to a computer system, to a payment system, to a
communications system or to a conditioned access service, on which was committed
any of the actions referred to in paragraph 2 is punished with imprisonment of 1 to 5
years.
5 - If the facts referred to in the preceding paragraphs are committed by an official
employee in the performance of their duties, the penalty is imprisonment of 2 to 5
years.
Article 8 of the cybercrime law prohibits the illegal reproduction of protected program.
Unlike previous countries laws considered and the Nigerian prospective laws discussed this
article expressly confers copyright on computer software.
On Expedited preservation of stored computer, Article 12 of the cybercrime law covers this
area. The Article states that:
1 If, during the proceedings, when gathering evidence in order to ascertain the truth,
it is required to obtain specified computer data stored on a computer system, including
traffic data, which might be lost, changed or no longer available, the competent

70
judicial authority orders the person who has the control or availability of such data,
including the service provider, to preserve the data in question.
2 - The preservation can also be ordered by the criminal police force, authorized by
the judicial authority or even not in emergency or danger in delay but, in this case,
notice must be given immediately to the judicial authority, by the report described
under Article 253 of the Code of Criminal Procedure.
3 - A preservation order describes, under penalty of nullity: a) the nature of the data;
b) the origin and destination, if known, and c) the period of time covered by the
preservation order, up to three months.
4 - In compliance with the preservation order addressed to it, whoever has availability
or control over such data, including the service provider, preserves immediately the
data concerned, protecting and maintaining their integrity for the appointed period of
time, in view to allow the competent judicial authority to effectively obtain that
information, and remains obliged to ensure the confidentiality of the implementation
of these procedures.
5 - The competent judicial authority may order the renewal of the measure for periods
of time according to the limit specified in c) of paragraph 3, providing all the
requirements, up to a maximum of one year.
This article provides for preservation of data instead of data retention proposed by Nigerian
legislative bill on cybercrime. Article 14 of this law allows for the court to order for the
release of data or communication by the person who is in control of it.
Article 18 allows for the interception of communications in proceedings relating to crimes: a)
described under this Act, or b) committed by the means of a computer system or, when it is
necessary to gather evidence in electronic form if such crimes are described in Article 187 of
the Code of Criminal Procedure. The paragraph 2 of the articles states that The interception
and recording of transmissions of computer data can only be allowed during the investigation,
by founded decision of the judge or by request of the Prosecution Service, if there are reasons
to believe that this is essential to establish the truth or that gathering the evidence would
otherwise be impossible or very difficult to obtain by other means.
4.6.2 THE PENAL CODE OF PORTUGAL
This law prohibits offences related to cybercrimes like computer related fraud, child
pornography. Article 221 prohibits computer and communications fraud; also the attempt to
commit this act is also punishable. It further states that the prosecution only relies on the
complaint. Article 176 prohibits offences related to Child pornography.