Understanding Illegal Devices Under the Cybercrime Code Act 2016: A Comprehensive Guide

In the digital age, the creation and distribution of illegal devices pose significant threats to cybersecurity. The Cybercrime Code Act 2016 (No 35 of 2016) of Papua New Guinea addresses various cyber offences, including the use of illegal devices, under Part III, Division 2, which focuses on computer related offences. Section 16 of this Act provides detailed provisions on illegal devices.

What are Illegal Devices?

Illegal devices, as defined by Section 16 of the Cybercrime Code Act 2016, involve the intentional and unauthorized design, production, sale, procurement, import, export, distribution, or availability of electronic systems, devices, or access data for committing cyber offences. The key actions constituting the use of illegal devices include designing, producing, selling, procuring for use, importing, exporting, distributing, or otherwise making available:

1. An electronic system or device, or thing designed or adapted for illegal purposes.
2. A password, access code, or similar data enabling access to electronic systems or devices.

What is an Electronic System?

According to the Cybercrime Code Act 2016, an “electronic system” refers to a setup of hardware or software that can work automatically without human intervention. This system includes interconnected devices or systems that can process, generate, send, receive, or store data. Examples of electronic systems include computers, smartphones, the internet, and data storage facilities. Essentially, any technology that handles data automatically, from input to storage, falls under this definition.

Understanding Illegal Devices: Two Real-World Examples

Illegal devices refer to tools designed or used for committing cybercrimes. Here are two examples:

Credit Card Skimmers: Credit card skimmers are devices installed on ATMs or point-of-sale terminals to secretly capture credit card information. These devices are often placed over legitimate card readers and can collect data such as card numbers and PINs. Criminals use the stolen information to create counterfeit cards and make unauthorized transactions. The use and distribution of credit card skimmers are serious offences under the Cybercrime Code Act 2016 (No 35 of 2016).

Keyloggers: Keyloggers are malicious software or hardware devices that record every keystroke made on a computer. Cybercriminals use keyloggers to steal sensitive information such as usernames, passwords, and credit card details. These devices can be installed physically or remotely through malware. Using keyloggers for unauthorized data collection is illegal and punishable under the Cybercrime Code Act 2016.

Penalties for Using Illegal Devices

The Act imposes significant penalties for those found guilty of using illegal devices:

1. For Natural Persons: A fine not exceeding K25,000.00 or imprisonment for a term not exceeding 15 years, or both.
2. For Bodies Corporate: A fine not exceeding K100,000.00.

Defence Against Charges

Section 16 also outlines a defense for those charged under this section. The defense applies if the design, production, sale, procurement, import, distribution, or possession of the devices was for:

1. Authorized testing or protection of an electronic system or device.
2. Law enforcement purposes.

The determination of whether the use of the illegal device was for authorized testing, protection, or law enforcement purposes is a question of fact.

Implications of Using Illegal Devices

The stringent penalties outlined in Section 16 highlight the seriousness with which Papua New Guinea treats the use of illegal devices. Such activities can lead to significant breaches of cybersecurity, financial losses, and legal consequences. The legislation aims to deter the creation and distribution of illegal devices by imposing heavy fines and long prison terms.

Protecting Against Illegal Devices

Given the severe penalties and potential impacts of using illegal devices, it is crucial to adopt comprehensive measures to protect against such activities. Here are some strategies:

1. Implement strong access controls: Restrict access to sensitive data and systems to authorized users only.
2. Use robust authentication methods: Implement multifactor authentication to enhance security.
3. Regular audits and monitoring: Conduct regular security audits and continuously monitor systems for suspicious activities.
4. Employee training: Educate employees on recognizing and reporting potential illegal device activities.
5. Data encryption: Protect sensitive data with advanced encryption techniques to prevent unauthorized access and manipulation.

Conclusion

Section 16 of the Cybercrime Code Act 2016 underscores the importance of preventing the creation and distribution of illegal devices in Papua New Guinea. By understanding the legal implications and implementing robust security measures, individuals and organizations can better safeguard their data and systems against cyber threats.

Read more similar article here.