ABU DHABI // A federal judiciary department that will deal specifically with investigating and prosecuting cyber crimes will be in place next year, the Minister of Justice, Dr Hadef bin Jua'an al Dhaheri, said yesterday. "While we have information technology knowledge within the UAE, now is the time to bring this knowledge together so we can clearly focus all our joint expertise on this ongoing commitment to provide the best, most modern services to the people of the UAE," Dr al Dhaheri said.
The department would most likely be based in Sharjah, the minister said, and would include Emirati judges who specialised in information technology crimes. It will be federal, meaning that it will deal with cyber crime cases that are now typically handled by federal courts. Such cases include matters that affect national security and the economy, such as terrorism and hacking into national institutions, including state banks.
Another initiative by the ministry will be to update the existing federal cyber crime law of 2006, which is said to be lacking in procedural aspects specific to such offences. The announcements were made on the sidelines of the third international cyber crime conference, held in Emirates Palace in Abu Dhabi yesterday. Cyber crime is a term used to describe any criminal act carried out using computers or computer networks. Offences can include identity theft, child pornography, matters of state security and financial crimes.
"Many of them are related to moral, behavioural issues and those which concern the society," Dr al Dhaheri said. "There are financial cyber crimes, and these are very serious because they affect the economy, the financial institutions and would also affect the international classification of the country in regard to fighting cyber crimes." Between Dh550 million (US$150m) and Dh735m are estimated to have been lost in 2007 to cyber criminals in the GCC countries, typically through financial crimes. That includes only the reported cases. According to a police officer who deals with such crimes, this number has not changed much in recent years.
In terms of attacks on personal computers, there were 157,000 compromised PCs transmitting on the web throughout the GCC in January 2007, according to Trend Micro, a developer of software and services to protect against computer viruses and web-based threats. For each active PC, there are believed to be an additional two or three in sleep mode, meaning the region contains close to 500,000 compromised computers.
In the UAE, the number of compromised PCs rose to 48,000 at the start of 2008 from 28,700 in January 2007, a 67 per cent increase, according to the company. Dr al Dhaheri said the UAE had been a "pioneer" in introducing an anti-cyber crime law in 2006 that deals with the "abuse of information technology", but said it needed regular changes to keep pace with an evolving threat. "We are constantly reviewing the law because the progress and development in information technology is too fast and requires constant updating ? unlike other laws that are OK if they take years to review," he said.
He said no special procedures to tackle cyber crimes were specified in the 2006 law. "There is a need for special measures for cyber crimes, and we are in the process of putting together a law for the measures taken in the event of cyber crime," Dr al Dhaheri said. "The existing law is sufficient, but we want to improve, and this is the aim of this conference. We want to hear suggestions from experts, judges and the cases they came across, and the challenges, in order to change them."
The judiciary department given the task of dealing with cyber crime would be launched before the law was changed, he said. Maj Gen Ahmad al Raisi, the general director of central operations in Abu Dhabi Police, said having a secure infrastructure "was not just to do with devices and tools". "There have to be specialised people to work on this," he said. Abdul Aleem Sayed, the chief information security architect for Abu Dhabi Police, praised the moves, but called for a "proactive" approach to push companies to start protecting their information.
He said it was the responsibility of organisations that handled information to start protecting it. The country should not only criminalise these offences but also oblige organisations or companies by law to protect their information in the best way possible, he said. When a company falls short of protecting its information, he said, a jail sentence and fines could be applied. "If you have financial information, you protect it," Mr Sayed said. "You owe it to your customer, and that is not happening here. In California, for example, there is a law that if you have financial information, by law you are bound to protect it. That is what we need.
"If that information has got out, by law you have to tell your customers so they can at least protect themselves." The UAE has minimum requirements in terms of protection of information for companies - under the Dubai International Financial Centre data protection rules - to ensure that personal data are processed securely. According to one expert, privacy guidelines under Shariah law can be applied for data protection.
hhassan@thenational.ae hdajani@thenational.ae