Peru: Concerns Over Computer Crime Bill

When the subject of the general state of justice in Peru is brought up, it is usually said that the problem lies not with a lack of laws, but with the failure to comply with those laws already in place. This statement is true for both citizen safety and for other aspects of the law. Nevertheless, advances in and the use of technology have pressured the legislature to enact more laws or at least to update those in effect.

Given such, discussions have ensued over the past year throughout the various committees and ancillary organizations of the National Congress to draw up a computer crime bill. An initial step was made with the proposed Computer Crime Law [pdf] drafted by Congressman Juan Carlos Eguren.

In late 2011, attorney Luis Miguel Reyna Alfaro gave a speech regarding the proposed law at an academic event in which he discussed the legal status of computer crimes in Peru. The blog ICJ: Instituto de Capacitación Jurídica [Legal Training Institute], published the speech, whose critical conclusions state:

si bien resulta plausible la intención de poner al día nuestra legislación penal frente al avance de las nuevas tecnologías de la información, la incorrecta identificación del bien jurídico y las inconsistencias en la tipificación de las conductas pueden llevar a mostrar una imagen “simbólica” de la intervención penal en ésta materia.

Es necesario, en consecuencia, sugerir sendas modificaciones en el texto vigente que no sólo sean coherentes teóricamente sino que sean además y principalmente “eficaces” en la protección de la información, sólo de ésta forma encontrará justificación la intervención del Derecho penal que, como bien sabemos, es la rama del ordenamiento jurídico cuyas consecuencias resultan más drásticas para el ciudadano.

While the intent to update our criminal laws in light of new information technologies is plausible, the incorrect identification of the legal right and the inconsistencies in classifying conduct may demonstrate “symbolic” criminal intervention in this matter.

Therefore, we need to suggest changes to the current legal text that are not only theoretically coherent but that are foremost effective in protecting information. This is the only way we can justify the use of criminal law, which, as we well know, is the branch of law that incurs the most drastic consequences.

The current bill, which has already been modified, and actually combined with other similar bills, the draft prepared by the Justice and Human Rights Commission [pdf] raised serious questions not only because it encompassed a probable threat to privacy and freedom of expression on the internet, despite aspects like not attributing criminal responsibility to internet service providers, but because a sizable part of the text had been copied from various sources. Miguel Morachimo explains on the blog Blawyer:

Detalle de las páginas copiadas

En esta imagen, los textos resaltados en amarillo han sido encontrados idénticos en varios artículos publicados en páginas como Monografí, blogs sobre derecho argentino y libros sobre derecho informático. En ninguno de los casos, el Proyecto de Ley menciona que ha utilizado otros trabajos como fuentes. Las únicas partes que no han sido tomadas libremente de Internet son la que se refiere a la regulación de los delitos informáticos en Perú y la que señala los cambios que ha introducido el texto sustitutorio respecto de los proyectos de ley iniciales. […]

Después de casi un año de ingresados los Proyectos de Ley y de haber sostenido reuniones con expertos y distintos niveles del entidades estatales, (que) más de la mitad de la exposición de motivos del Dictamen de la Comisión haya sido copiado y pegado de páginas sin ningún rigor académico como Monografí ¿Es esa toda la investigación que merece un Proyecto de Ley de esta magnitud?

The highlighted text in this image is identical to the text found in a number of articles published on pages like Monografí, blogs about Argentine law and books about computer law. Nowhere does the bill mention that its sources utilize other works. The only parts that have not been freely pulled from the internet are those that refer to the regulation of computer crimes in Peru and that signal the changes that the substitute text has introduced with regard to the initial bills….

After nearly a year proposing bills and holding meetings with experts and various government agencies, where more than half the motives expressed in the committee's report have been copied and taken from pages with no academic rigor, is this all the investigation that a bill of this size deserves?

Subsequently, the chairman of the Congressional Justice and Human Rights Commission made some clarifications to the doubts raised by the above post, but his explanations were not entirely satisfactory and even took on a whole other focus, as Morachimo explains in another post, in which he adds:

Consultado sobre los hechos por Diario 16, el Presidente de la Comisión de Justicia y Derechos Humanos amplió su descargos refiriéndose a este blog. Aparentemente, los blogs no tienen derecho a opinar sobre este tema salvo que estén directamente interesados.

“Quisiera hacer otra aclaración. Me parece muy sospechoso que un bloguero se tome el trabajo y el tiempo de revisar este predictamen. Esta ley preocupa precisamente a las personas que cometen delitos informáticos, puede ser aquí donde comienza el ‘lobby’ de las personas a las que perjudica que esta ley se promulgue”, finalizó el congresista.

When Diario 16 asked him about the facts, the chairman of the Justice and Human Rights Commission further defended his position, referring to the blog. Apparently, blogs do not have the right to express their opinions on this topic unless they are directly involved.

“I would like to make another clarification. I find it very suspicious that a blogger takes the time and goes to the effort of reviewing this draft report. This law concerns precisely those people who commit computer crimes; perhaps this is what triggers lobbying from those jeopardized by what this law enforces,” the congressman concluded.

More recently, the blog Iriarte & Asociados published some comments on the bill, primarily concerning the standardization of internationally accepted terms regarding the subject matter, precision in the use of said terms and enacting laws in accordance with the Budapest Convention (to which Peru is not a signatory, although few countries outside the European Community have actually signed the Convention). Some of the remarks made include:

5. Respecto del artículo 8 sobre Violación de la intimidad de la data personal, sugerimos revisar la redacción y alcance del mismo, habida cuenta que el tema de protección de datos personales ya está regulado en la Ley 29733, publicada el 3 de julio del 2011 en la sección de normas legales del diario Oficial El Peruano, la cual dispone en su Título VII una serie de infracciones y sanciones administrativas.

6. Respecto del artículo 9° (Violación del secreto de las comunicaciones), sugerimos analizarlo a la luz del los tipos penales desarrollados en el CAPITULO IV – VIOLACION DEL SECRETO DE LAS COMUNICACIONES del Código Penal vigente, en especial el artículo 161°; a fin de no crear un nuevo tipo penal, sino mejorar la redacción y contenido del tipo penal existente.

11. Respecto del Artículo 24º (Omisión de deber de denuncia) somos de la opinión de eliminar completamente dicho artículo del texto del Proyecto de Ley, habida cuenta que una cláusula de este tipo puede generar mucho debate respecto a su alcance y la forma de aplicación y en cómo efectivamente, un proveedor de servicios de acceso a Internet (ISP), puede conocer que se va a realizar o se está realizando un delito informático a fin de realizar la denuncia del caso.

5. With respect to article 8 concerning the violation of the intimacy of personal information, we suggest that the wording and scope be revised given that the topic of protection of personal information is already regulated under Law 29733, which was published on July 3, 2011 in the legal norms section of the Peruvian Official Gazette and which lists a series of administrative infractions and sanctions under title VII.

6. With respect to article 9 (violation of communication confidentiality), we suggest analyzing such in light of the offenses listed in CHAPTER IV (VIOLATION OF COMMUNICATION CONFIDENTIALITY) of the Criminal Code in effect, so as not to create a new criminal type, but to improve the wording and content of the current criminal type.

11. With respect to article 24 (waiver of the duty to file an accusation), we are of the opinion that this article should be removed entirely from the bill, accounting for the fact that an article of this type can generate much debate in terms of scope, form of applicaiton and regarding how an internet service provide can effectively know that a computer crime will happen or is happening in order to file an accusation against such.

Last July 20, 2012, the  Justice and Human Rights Commission approved the Computer Crime Bill [pdf], but many steps must still be taken before this bill becomes law. The recent change of ministers may also somewhat affect the bill's wording. However, it is not too late to keep an eye on the bill's development given how it evolved thus far.

Post originally published on a blog by Juan Arellano on July 23, 2012.


Join the conversation

Authors, please log in »


  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.