The official version of this document can be found via the PDF button.
The below content has been automatically generated from the original PDF and some formatting may have been lost, therefore it should not be relied upon to extract citations or propose amendments.
Dear Scrutiny,
I would like to comment on the proposed new states of Jersey Draft Cyber Crime Law.
Whilst, I am broadly in favour of aligning Jersey with the UK and European Cybercrime laws, I feel that article 5A needs special consideration.
Draft Cyber Crime Law – Article 5A (i)
This article appears to implement the same legislation as article 37 of UK Police and Criminal Justice Act (2006) which criminalised "the production, ownership, use and movement of various devices designed or adapted to commit offences such as accessing or intercepting data".
One issue with this blanket approach is that many tools are "dual use" for example a crowbar can be used to open a packing crate but could also be used to force open a window on a house.
Secondly, how can you be responsible for the actions of a second party when they use a dual use tool in an unattended way, for example could you hold a building supplier liable for selling a crow bar to someone who later uses it for breaking and entering? This would come down to intent whether the first party knew the intentions of the second party.
Furthermore , this could possibly mean that a person educating someone about security tools and how to use them, could be liable if the second party uses them to commit an offence under this section of the law. How can the first person know the future intent of the person they are training / educating?
In the UK, this has led to a situation where security professionals could effectively be charged under the law subject to intent. To my knowledge, these has not been a legal precedent to resolve this issue.
Given, that Jersey has a requirement for security trained professionals in the future, to support several government initiatives such as:-
- States of Jersey Digital Policy Framework
- Sandbox Jersey (JT Global Internet of Things)
- Pan island Computer Emergency Response Team (CERT)
This also does not account for the need for trained security people to help protect businesses which provide significant GBP income such as finance services.
I feel that the law in its present form may dissuade people from teaching or learning in this area to the detriment of the needs of the island for trained security professionals in the future.
I would like to see the proposed Draft Cyber Crime Law consider these issues. Kind Regards
Paul Dutot -IEng MIET MBCS CITP OSCP QSTM