In the digital age, cyber extortion has emerged as a significant threat, leveraging the power of technology to manipulate and exploit victims. The Cybercrime Code Act 2016 (No 35 of 2016) of Papua New Guinea addresses various cyber offences, including content related offences such as cyber extortion. Section 24 of this Act provides detailed provisions on the unlawful act of this offence using electronic systems or devices.
What Constitutes Cyber Extortion?
Section 24 of the Cybercrime Code Act 2016 defines cyber extortion as the intentional and unauthorized use of an electronic system or device to threaten or deploy software designed to disrupt or hinder operations, or to expose sensitive data, with the intent of procuring monetary or other benefits.
Key Actions Constituting Cyber Extortion
Cyber extortion includes:
- Uploading or Threatening to Upload: Introducing or threatening to introduce disruptive software into an electronic system.
- Deploying or Threatening to Deploy: Activating or threatening to activate software that hinders electronic systems.
- Inputting or Threatening to Input: Entering or threatening to enter software that disrupts electronic systems.
- Accusing or Threatening to Accuse: Using electronic means to accuse someone of a crime to procure benefits.
- Exposing Sensitive Data: Threatening to expose confidential information for personal gain.
A person commits a crime if they intentionally, without lawful excuse or justification, or in excess of a lawful excuse, use an electronic system or device to commit these actions set out above. The purpose behind these actions must be to procure monetary or other benefits for themselves or another person.
Penalties for Cyber Extortion
The penalties for this offence are stringent, reflecting the serious nature of the offence. The penalties for natural persons are:
- Fine: Up to K50,000.00.
- Imprisonment: Up to 25 years.
- Combined Penalty: Both fine and imprisonment can be imposed together.
The penalty for bodies corporate is a fine up to K500,000.00. These penalties aim to deter cyber extortion and protect the integrity of electronic systems and devices.
Understanding Cyber Extortion: Legal Consequences and Penalties
The Cybercrime Code Act 2016 imposes strict penalties on individuals who use electronic systems to extort others by threatening to expose sensitive information or falsely accuse someone of a crime. Here’s a breakdown of what constitutes this offence and the associated penalties. A person is guilty of a crime if they intentionally, without lawful excuse or justification, or in excess of a lawful excuse, use an electronic system or device to upload, deploy, input, or threaten to upload, deploy, or input electronic writings, images, audio, visual, or audiovisual recordings for the purpose of:
- Accusing or Threatening to Accuse: Another person of committing an indictable offence or any other offence under this Act, the Criminal Code Act (Chapter 262), or any other law.
- Exposing Sensitive Data: Compromising confidential information with the intent to procure monetary or other gain for themselves or another person.
The penalties for such offences are severe. The penalties for natural persons are:
- Fine: Up to K100,000.00.
- Imprisonment: Up to 25 years.
- Combined Penalty: Both fine and imprisonment can be imposed together.
The penalties for bodies corporate isa fine up to K1,000,000.00. These stringent penalties reflect the serious nature of this offence and aim to protect individuals and organizations from such malicious activities.
Special Considerations
Immateriality of the Accusation’s Truth: It is irrelevant whether the person accused or threatened to be accused has actually committed the offence they are being accused of.
Examples
Cyber extortion involves using electronic means to threaten or harm individuals or organizations for monetary or other gains. Here are two examples:
Ransomware Attacks: A cybercriminal deploys ransomware onto a company’s computer network, encrypting all critical data. The attacker then demands a ransom payment in cryptocurrency in exchange for the decryption key needed to restore access to the data. This type of cyber extortion can cripple business operations and lead to significant financial losses if the ransom is paid.
Threatening to Expose Sensitive Information: An individual hacks into a social media influencer’s accounts and obtains sensitive private messages and photos. The hacker then threatens to release this information publicly unless the influencer pays a substantial sum of money. This form of cyber extortion not only targets the victim’s finances but also aims to damage their reputation and personal life. Such actions are considered serious crimes under the Cybercrime Code Act 2016.
Implications of Cyber Extortion
The stringent penalties outlined in Section 24 highlight the seriousness with which Papua New Guinea treats cyber extortion. Such activities can lead to significant financial losses, breaches of confidentiality, and emotional distress for victims. The legislation aims to deter cyber extortion by imposing heavy fines and long prison terms for offenders.
Prevention
Given the severe penalties and potential impacts of this offence, it is crucial to adopt comprehensive measures to prevent such activities. Here are some strategies:
- Implement strong cybersecurity protocols: Ensure that electronic systems are protected against unauthorized access and disruption.
- Educate users: Provide education and awareness programs about the risks and legal implications of cyber extortion.
- Monitor systems: Regularly monitor electronic systems for signs of unauthorized activity or potential threats.
- Support victims: Offer support and counseling services to victims of cyber extortion.
Conclusion
Section 24 of the Cybercrime Code Act 2016 underscores the importance of preventing cyber extortion in Papua New Guinea. By understanding the legal implications and implementing robust preventive measures, individuals and organizations can better protect themselves and others from the harmful effects of cyber extortion.
About the author