CMA REVIEW ASSIGNMENT

AUGUST 20, 2020

YUVRAJ GANGARAM (2003_18487), HANS JHAMNA (2003_19202) & AKASH DIGUMBER (2003_18580)
Cohort: BCNS20AFT
 The Computer Misuse Act and Cybercrime Act
Introduction
The main goal of the government in Mauritius is to turn the island into a Smart Island. This
implies everyday use of technology by us, Mauritians. Technology would be everywhere
including government services, businesses, lifestyle, as well as the physical infrastructures would
also be centered around digital interface.

This brings new opportunities to everyone but on the other hand and at the same time we are
dealing with new computer threats every day. Indeed, cyber criminals are becoming more
cunning and they are constantly developing new software and devices to harm others. Cyber
criminals are adapting their tactics, as new defences are implemented. The cyberspace is being
used as a platform to compromise critical infrastructures and commit crimes such as fraud, theft
of sensitive data, amongst others.

What is cybercrime?
To understand further on the topic, let us define the term ‘cybercrime’. Cybercrime are offences
which are committed using digital technology combined with The Internet. Cyber attackers make
use of different OS such as Ubuntu or the more famous Linux. Kali Linux, another version of
Linux is one that is dedicated to hacking. It’s main purpose of development was aimed towards
cybersecurity and pentesting (or Penetration Testing). However, hackers are able to use these
pentesting tools to identify vulnerable spots in the systems of victims and thus steal private data.
Technology is also used as a tool to aid other modern crimes forged documents to death threats
and in worst case scenarios, propagation of child abuse.
Some examples of Cybercrime around the world
The first and most obvious one that comes to mind is of course Social Network sites. For
example: Facebook. It is believed that many people do not use this platform for its intended
purpose. When Facebook was launched, its purpose was to connect Harvard students. Moreover,
it extended to connect other University students. But now, it is used by people of every age and
people from every corner of the world. Facebook is now a platform not only to connect globally
with people but also a platform to share all sort of information.

Recently in 2018, the US government opened an investigation against Facebook regarding their
collection of people’s data. It was alleged that Facebook had mislead its users for the collection
of data. Indeed, in 2019, Facebook had to pay a fine to the US Government concerning these
allegations. A fine rising up to $5 Billion.
Below is a short list of some serious cyber-offences that occurred overseas.

In 2016, Dyn, a company in charge of a great part of the internet’s DNS (Domain Name System)
infrastructure was targeted by a series of Distributed denial of service, or DdoS for short, attacks.
These attacks caused extensive damage and as a result, internet use for users in North America
and parts of Europe was majorly disrupted.

In 2010, Max Ray Vision (formerly Max Ray Butley, alias Iceman) was sent away to serve a 13-
year sentence. Max Ray was a computer security consultant and hacker. He was arrested for
stealing more than 2 million credit card details over the course of his criminal career. If the value
mention is not impressive enough, it should be noted that his targets were not only businesses
and individuals but also rival hackers themselves. His MO consisted of getting on the deepweb
selling the details on his forum named CardersMarkets, which, as the name suggests, was a place
where cyber-criminals to buy, sell or even exchange the illicitly obtains information.

Two years later, Stuxnet was used against a nuclear facility in Tehran. The Stuxnet worm is one
of the worlds first instances of weaponized computer code. This meant that it could not only
cause digital damage but could also cause PHYSICAL hard to real-world targets. In the attack,
the worm exploited four zero-day flaws within the research facility’s system, infecting over
60000 state-owned computers and physically destroying about 1000 nuclear centrifuges.

Another cyber crime that we are going to talk about is the Ashley Madison hack. While not
necessarily having caused major financial damage, the hack managed to amass and leak 300GB
of user data. The data included banking data and real name, as well as private sexual desires. The
group of hackers is know as Impact Team were the ones to expose the company for not deleting
user data even after being paid to do so. The Company was charged with lawsuits of $11.2
million plus an addition $1.66 million fine for data breach.

Notice that we are talking about overseas, but at the same time, we imply that these could
actually happen to any of us if not careful.

So, how is Mauritius protected exactly?

In 2003, with the evolution of technology in Mauritius and the duty of constitution of Mauritius to
protect its citizen when using technology, the Computer Misuse and Cybercrime Act of 2003
(CMCA 2003) was enacted to provide a restraint over criminal activities through computer
systems. But is that actually enough?
The local journal ‘Le Defi Media’ states in one its article that people’s account who contest for
election are likely to be pirated. Applying CMCA Act of 2003, we can observe that the accused
will likely to be charged with section 3(1) - unauthorized access to computer data, section 5(1)(b)-
unauthorized access to and interception of computer service, where the person will be guilty and
convicted for a fine not exceeding 150,000 rupees and a penal servitude not more than 15 years.
We can see here in this case where the laws of Mauritius are protecting our citizen.
According to another article in ‘Le Defi’ journal dated in the months of February; another serious
matter came onto surface which was the MCB bank fraud. This was an international fraud whereby
agents working in call centers were calling Mauritian telling them they have won a sum of money
and asked them their account details to transfer the amount. Unfortunately, many people fell trap
in this fake call with the imposters. A certain people had their bank account hacked and a large
sum of money were deducted. However, the CMCA Act is unable to protect its citizen of Mauritius
as they are international fraud. The cybercrime unit in Mauritius states that it is difficult to locate
those people as their IP Addresses are always bouncing, meaning they are not in fixed place. They
make use of Virtual Private Networks (VPN) and wrap themselves in layers of encryption and
other various protection. The cost to re-trace them is very high while the success rate of such a feat
is very low.
In this case, the only way to protect people from those online fraud is through massive campaign.
Both government and the concerning bank authorities should devise a way to reach out to
vulnerable client.

Since the act was enacted, Facebook was created and have since become the most popular Social
Network Site in the world. Consequently, we can see that Facebook holds a large number of
personal data about a person and regarding the act issued by the Mauritian Government, there is
almost nothing protecting people from using the information from Facebook. Furthermore, there
have been many cases recently where people use this platform to blackmail other people
threatening to expose indecent pictures. There has been an amendment concerning pictures of
indecent photographs of children. We think that there should be another amendment concerning
blackmailing using social sites.

Five years ago, there was an article that was published in L’Express stating that since 2009 the
Cybercrime Unit had received more than half a thousand complaints that relate to social
networks. It is astounding that in those cases, just two were fined and two were just given a
warning by the court.

In the year 2009, there were one case where a minor was sent indecent messages and Facebook
was used to post obscene pictures on the page of the minor. Consequently, a suspect was arrested
but was released after just three days. Nevertheless, the suspect had a guilty plea in court. There
are statistics about the government who made requests to Facebook for help to solve Cyber
Crime. It is really astonishing to see that no requests have been from the Mauritian Government.
What about freedom of speech? Are there any laws protecting it?
In the Constitution of Mauritius, it is provided under section 12 where it states that:

“(1) Except with his own consent, no person shall be hindered in the enjoyment of expression,
that is to say, freedom to hold opinions and to receive and impart ideas and information without
interference, and freedom from interference with his correspondence.

(2) Nothing contained in or done under the authority of any law shall be held to be inconsistent
with or in contravention of this section to the extent that the law in question makes provision
–

(a) in the interest of defence, public safety, public order, public morality or public health;

(b) for the purpose of protecting the reputations, rights or freedoms of other persons or the
private lives of persons concerned in legal proceedings, preventing the disclosure of
information received in confidence, maintaining the authority and independence of the courts,
or regulating the technical administration or the technical operation of telephony, telegraphy,
posts, wireless broadcasting, television, public exhibitions or public entertainment; or

(c) for the imposition of restriction upon public officers, except so far as that provision or, as
the case may be, the thing done under its authority is shown not to be reasonably justifiable in
a democratic society.

By analyzing section 12 of the constitution of Mauritius, we find well that our freedom does exist
with all its might. However, section 2(a), (b), (c) shows how our freedom of speech is structured.
This clearly shows no freedom. Recently in the news, one incident which took place at
‘Mahebourg’ where a person had written a slogan against the government, was arrested later that
day itself.
Section 12 of the constitution of Mauritius should not only be reviewed by the government but
also adapt to freedom of speeches.

However, we also think that not only the minors are targeted, everybody can become a target.
We have seen several cases where this happened in Mauritius itself. Indeed, we believe that
many Mauritians think that when they are behind a computer, they are anonymous. Apart from
blackmailing cases, there have also been a lot of Cyber Bullying. This, we believe is not greatly
stated in the Computer Misuse Act and Cybercrime Act was enacted in 2003. People still think
that saying something anonymously on the internet is alright and nobody will ever know
anything. If the anonymous statement is harmless, then it should be fine. However, if it is indeed
Cyber Bullying then we believe that the local authorities must indeed do everything possible to
put a stop to this and not only warn or fine the individual.

There are statistics about the government who made requests to Facebook for help to solve
Cyber Crime. It is really astonishing to see that no requests have been from the Mauritian
Government. We believe that although these offences are not taken seriously and are not being
dealt with properly by the authority. We will give the benefit of the doubt the Mauritius and urge
them to make many amendments to the Computer Misuse Act and Cybercrime Act as 17 years in
the technology world is like forever and the world is also constantly evolving towards new
technologies.

We believe that the act is not up to date with the boom of Social Networks and hence the country
is not equipped to fight these cybercrimes. Nevertheless, we believe that the first step to move
forward with this issue is to include new provisions in the Computer Misuse Act and Cybercrime
Act and also to make the penalties for the offences more severe.

Conclusion
Indeed, there have been several of these type of cases during the last 10 years. We think that the
minors that are exposed to social networks are much at risk as they may not be mature enough to
make intelligent decisions and this may lead to them being targeted and hurt by Cyber Criminals.
Reference
• https://defimedia.info/piratage-comment-eviter-de-se-faire-pirater-son-profil-facebook
• https://defimedia.info/allegations-de-fraude-electronique-des-clients-de-la-mcb-se-font-
arnaquer-viber