In Guatemala, the Criminal Code criminalizes certain computer crimes, for which there are penalties assigned. However, these do not correspond to the patterns of illicit acts using networks or computer systems.
This absence is the one that aims to replace initiative 6347, the Cybersecurity Law that the National Security Affairs Commission of the Congress of the Republic has under review before being issued to present it for discussion before the plenary. But, in the opinion of legal professionals consulted by Prensa Libre, it still requires a thorough review from a criminal point of view.
According to this proposal, legal professionals can interpret proportionality according to the type and affectation of the crime committed, also aligning themselves with the international standards of the Budapest Convention, which emphasizes proportionality in the prosecution and sanction of cybercrimes, especially when they involve the use of technologies to affect fundamental rights, says Costa Rican Juan Ignacio Zamora Montes de Oca, a master’s degree in Computer Law.
“Indexisting offences are criminalized”
The main object of initiative 6347, among others under Article 1, is the criminalization of criminal conduct, to prevent the eradication and punishment of cybercrimes. Likewise, procedural rules are necessary to incorporate digital evidence to obtain electronic evidence and evidence in the criminal proceedings, for effective and inter-agency and international cooperation in this area.
According to this approach, the Cybersecurity Act, which is intended to be adopted in the Congress of the Republic, would be criminalizing, as its name indicates, the “cyberdelitos” or computer offences – which specifically do not exist in the country’s legislation.
In this regard, the lawyers interviewed agree that this criminalization in both the definition of criminal figures and the penalties assigned to them are concatenated by the Criminal Code, although they do not need to do so because each law is totally autonomous and each country is taxing according to its convenience and the nature of what is meant to be protected.
These are some of the unlawful acts established in Title II, which are based on the number of the minimum wage in force, for non-agricultural activities.
- Article 7. ILITITTO prison from 4 to 6 years and a fine of 20 (Q.72,691.80) to 200 (Q.726,918.00) minimum monthly wages in force for non-agricultural activities.
- Article 8. ILICITA INTERCEPTATION imprisonment from 6 to 10 years fine from 100 (Q.363,459.00) to 200 (Q.726,918.00) minimums per month for non-agricultural activities.
- Article 9. ATA TO INTEGRITY OF INFORMÁTIC DATA
Imprisonment will be from 5 to 7 years and a fine of 100 (Q.363,459.00) to 200 (Q.726,918.00) minimum monthly wages in force for non-agricultural activities.
Imprisonment will be 6 to 8 years and a fine of 200 (Q.726,918.00) to 500 (1,817,296.50) minimum monthly wages in force for non-agricultural activities.
- Article 10. TAY INTEGRITY OF THE INFORMÁTIICAL SYSTEM
imprisonment for 6 to 9 years and a fine of 100 (Q.363,459.00) to 300 (Q.1,090,377.90) minimum monthly wages for non-agricultural activities.
7 to 10 years and a fine of 100 (Q.363,459.00) to 500 (1,817,296.50) minimum monthly wages in force for non-agricultural activities.
- Article 11. INFORMÁTICA FALTIFICATION. Imprisonment 2 to 6 years and fine of 20 (Q.72,991.80) to 200 (Q,726,918.00) minimum monthly wages in force for non-agricultural activities.
- Article 12. APPROVATION OF AJENA IDENTITY.
3 to 6 years and a fine of 40 (Q. 145,183.60) to 100 (Q.363,43,559.00) minimum monthly wages for non-agricultural activities.
4 to 7 years and a fine of 40 (Q. 145,183.60) to 200 (Q.726,918.00) existing minimum monthly wages for non-agricultural activities.
- Article 13. DISPOSITIVES. imprisonment from 3 to 6 years and a fine of 20 (Q.72,991.80) to 200 (Q.726,918.00) minimum monthly wages in force for non-agricultural activities.
- Article 14. FRAUDE INFORMÁTICO. imprisonment from 4 to 8 years and a fine of 100 (Q.363,459.00) to 300 (Q.1,090,377.90) minimum monthly wages in force for non-agricultural activities.
Source: Initiative of Law 6347.
Right to repair or sanctioner
Zamora says that initiative 6347 proposes procedures for the confiscation of assets obtained through fraudulent activities. Articles 24 and 25 mention asset recovery measures, urging inter-agency and international collaboration to locate and recover badly owned property. Both align themselves with the international standard in the fight against cybercrimes.
While the Budapest Convention does not set exact amounts or penalties, in its Article 13 it supports the idea of effective and dissuasive penalties. Both documents (initiative 6347 such as the Convention) reflect the importance of adapting penalties to the nature and severity of the crime, depending on its impact on public security, Zamora says.
On the other hand, he observes; the initiative suggests penalties that could vary between 2 and 10 years in prison depending on the severity of the cybercrime, the impact on society and critical infrastructure. This is where it must take into account what criminal law is sought at the level of Guatemala and the process, whether it intends to apply a restorative or sanctioning criminal law, Zamora notes.
For the litigant lawyer César Calderón, the crimes contained in the bill, as well as the verbs they have put in for each crime, advances the largest amount of cyber criminological phenomenon. If in the future something else is invented, it will be enough to add adjective nominations or verbs to the law, he says.
It should be taken into account that none of the offences under this bill can be considered a less serious offence, and are therefore the responsibility of the Courts of First Instance. Therefore, the procedure to be followed is the common criminal procedure, says Abraham Girón, a criminal lawyer and consultant.
Notes that, with the creation of the figure of “Computer fraud,” contained in article 14 of the bill, a penalty of 4 to 8 years is imposed; however, the wording of that article is confusing from its point of view and could be a problem to determine when that crime should be applied and when the scam referred to in the Criminal Code is applied, the criminalization of which ranged from 6 months to 4 years, and is therefore considered a less serious offence and therefore released.
A transfer law?
According to Girón, as far as confiscation is concerned, the bill does not contribute anything different from what is already regulated in the current procedural legislation, to the point that there is no specific article referring to these elements. Refer to the Code of Criminal Procedure, which should not even have regulated such an issue in this initiative, he stresses.
According to lawyer and notary litigator Wellington Puac, the initiative is long overdue for it to be a technical law. The law is very ambiguous. As litigating lawyers, we see many gaps that defenders can use to have acquittal sentences, resulting in actions going unpunished.
For Girón, since the cybersecurity law is an issue that has not been regulated in the country, it does require a deep discussion and deserves further review, because precisely cybersecurity must begin with a complete, clear and efficient legal system that allows the flexibility and agility that the digital world entails, it should be thought a little about the “soft law,” as a modality to provide that to the regulation on cybersecurity, he points out.
Law must go further.
On the other hand, while the Budapest Convention does not set exact amounts or penalties, its exposure to the criminal types it handles is reads simpler and clearer, as to how it is proposed in the bill in the process of being passed. This is because the conventions are guidelines on the minimum regulations that States parties must have. “In this sense, the bill should risk going further at the minimums proposed in the Convention and adapting it more to the criminal reality facing the country in cyber, says lawyer Girón.
He noted that the Convention had two additional protocols which dealt with different aspects. These are not considered by the initiative, so it would be appropriate for a law on cybersecurity to be adopted, to take advantage of general regulation that addresses all aspects related to the Budapest Convention,” says the jurist.
Counsel Puac notes that in Title II, of initiative 6347 which regulates the “Ciberdelitos,” what is there, are actions (there are no omissions), therefore, they are intentional actions, carried out with the intention of causing harm, typical, anti-jurid, guilty and punishable, regulated in order to protect and/or restore a legal good that protects Guatemalan law. Therefore, in order not to enjoy alternative measures, the minimum prison sentence should be 6 years and the maximum of 15.
In addition, the prosecutor Raúl Pérez Bámaca, of the Public Prosecutor ' s Office against Transnational Crimes (MP), indicates that the elements of the new criminal figures contained in the bill have been discussed and consider that, at least with the minimum penalty of six years ' imprisonment, there will be the opportunity to exercise effective and effective criminal prosecution to neutralize the criminal phenomenon. From this account, justice operators will no longer have the excuse to force prior conciliatory or administrative phases as is now the case.
Reviewing the rule of dignified reparation
For lawyer Calderón, specifying in the bill that the sentences have from 4 to 6 years in prison, he is indicating that over 5 years he will not be released and that necessarily the sentenced person will go to jail for up to 10 years.
Now, what’s going to vary, he says, is the fine, since here several elements come in and among them goes the dignified reparation. If the defraud has been through accounting information, banking information from commercial companies and the loss is high, that is how dignified reparation will be. If Q5 million were let down, then it’s going to be as exaggerated as the amount they could have appropriated through cybercrime.
In this regard, the dignified reparation that takes place in one of the last stages of the criminal proceedings is established in the initiative that the confiscation will be carried out in the investigation and will be under the protection of the MP. In this sense, it is necessary to make an evaluation of a multidisciplinary team to verify whether the persecuting entity has the ability to safeguard the data, or the investigative delay will cause more damage than the crime itself, warns lawyer Puac.
For the litigant lawyer Miguel Balsells, the text on how to recover the data of people that alleged cybercriminals have obtained through fraudulent activities is not very specific.
According to Zamora, the Budapest Convention, in Articles 14 and 19, it generally establishes specific mechanisms for the rapid preservation of data and cooperation for the recovery of illicit assets.
Discharge
In the Committee on National Security Affairs, in charge of analyzing the initiative in question, they have received similar opinions from other professionals who have consulted in this procedure, who “have been attended to and have been corrected,” says Congressman Jorge Mario Villagrán, president of that commission.
In a case, where necessary, the respective modifications have been made, depending on the subject and the substance of the same. The comments noted are based on the original initiative, as received in the Commission and resolve many of these concerns raised,” says the Member.
He adds that these arguments 2ya were prosecuted by the Public Prosecutor’s Office and by judges of the judiciary “where they agree that the criminalization of the crime as is the right one. Hence the discord of what was discussed with reality.”
On the website of the Legislative Body is the original initiative 6347, which is the one that reaches the Commission. No longer the version reviewed by the Commission, because that revised version is the one that is dictated and is the one that goes to full reading, that is the procedure. That version is never published before, emphasizes Congressman Villagrán.
Related Diego Ronquillo, legal adviser to Congressman José Pablo Mendoza, rapporteur for initiative 6347, clarifies that the Committee on National Security Affairs is analyzing the penalties for raising them according to the principles of rationality, proportionality and reality of criminal law.
He adds that, with regard to the protocols not considered to be the Budapest Convention, they are currently under discussion by the Commission, because there are issues of protocols that are already regulated in the laws of the country.
Unlike the crime of own scam, the crime of computer fraud provides for the use of information and communications technologies (Tics) as a motive; the protected legal good is the property of the persons, Ronquillo defends.
This article has been translated after originally appearing in Prensa Libre