The Jordanian government has passed a new cybercrime law despite global criticism over its content and the relatively rapid speed at which it was approved.
Jordan's new cybercrime law follows the release of several related cybercrime policies over the past decade but is more detailed and concise in proactively addressing vulnerabilities and cybercrime activity and punishment in the country.
The new law comes amid the backdrop of increased attacks against the Middle East over the last few years. At this stage, it is not clear what impact the law will have on securing Jordan's infrastructure and organizations. Much of the reaction to it has surrounded freedom of speech and human rights.
What Does the Law Address?
The original bill was created in order to address the security ramifications of the rapid development in the field of information technology, and to create a legal system in Jordan for those acts "that are carried out by electronic means and the punishment of their perpetrators in order to achieve public and private deterrence."
The majority of the 41 articles in the bill detail certain types of cybercrime and the specific financial penalties and prison time associated with those crimes.
For example, Article 4 claims that whoever enters or connects to the information network without authorization and has access to data or information there could face between six months and three years in prison, and a fine of between 2,500 and 25,000 dinars.
There is a further punishment of "temporary work" to anyone charged with damaging, destroying, or modifying data or information.
Another piece of the bill, Article 12, has caused some controversy among human rights groups, who contend that it contains vague language that threatens privacy. Article 12 states that anyone who "circumvents the protocol address" could face a fine of 2,500 to 25,000 dinars and imprisonment for a period of no less than six months. On this point, Human Rights Watch said this could involve the use of VPNs, anonymous proxies, and even the Tor browser. Human Rights Watch said that would force individuals to choose between keeping their identity secure and being able to express their opinions freely online.
The new law also raised concern over accountability. Article 25 says the person responsible for the management of the website or social media platform, or in charge of any account, public page, group or channel, "shall be responsible for the illegal content."
Why So Controversial?
A joint statement by Human Rights Watch, Access Now, Article 19, and 11 other organizations said the bill has several provisions threatening freedom of expression, the right to information, and the right to privacy, as well as tightening government control over the Internet. The groups also claimed the bill will introduce new controls over social media, weaken online anonymity, hamper free expression and access to information, and increase online censorship.
Meantime the European Union says it recognizes and supports Jordan's objective to create a strong legislative framework to deal with and counter cybercrime efficiently, but it contends that some of the provisions of the new cybercrime law depart from international human rights standards and could result in limiting freedom of expression online and offline.
Liz Throssell, the United Nations' spokesperson for the UN High Commissioner for Human Rights, said countries indeed need to take steps to combat cybercrime, but protecting security online and ensuring online freedoms must be treated as complementary goals.
The draft legislation of the bill was presented to the Jordanian Parliament on July 15, was quickly passed by parliament on Aug. 2 and approved by the King on Aug. 12. UN's Throssell said this rapid ascent "raises concerns about transparency and participation."