Costa Rica’s Cybercrime Law—Censorship Or A Reasonable Law?

On July 10, President Laura Chinchilla of Costa Rica signed into law Ley 9048, which sought to expand the definition of cybercrime. The law incorporates several anti-hacking provisions in accordance with the United Nations’ 2004 Convention of Cybercrime. However, Law 9048 has generated criticism from activists concerned about the country’s commitment to free speech. Some believe the law is the epitome of internet censorship and that it demonstrates Costa Rica’s willingness to cover up governmental secrets at any cost. While restrictions on internet freedom have not yet caused any serious issues in Costa Rica, Ley 9048 is troubling, to say the least, and should be reworded, if not repealed.

Presently, there is no real precedent for internet censorship in Costa Rica, and human rights organizations consistently praise the country’s unrestricted internet access. Moreover, Costa Rica has been able to avoid censoring its internet while its neighbors, such as Guatemala, have been reported to have committed acts of internet restriction.

Surprisingly, before Ley 9048 was passed, Costa Rica had seen no real complaints about internet freedom. The country is a member of the Internet Freedom Coalition, which pledges to protect freedom of expression on the internet. Moreover, the country’s Supreme Court has declared access to the internet a “fundamental right,” which hardly reflects the actions of a repressive nation. Indeed, the actions previously undertaken by Costa Rica were similar to those of most Western nations prosecuting WikiLeaks, and even those allegations complaints rarely include violations against internet freedom. Thus, it is surprising that Costa Rica seeks to dedicate its resources to combating this issue when it has not appeared to be a particularly pressing national problem.

The new law’s language possesses an ambiguously disturbing legal component that could contain severe consequences for violators. Article 230 states that a person “shall be punished with imprisonment of three to six years if they impersonate a person in any social network, website, electronic or information technology medium.” In addition to the questions raised with the severity of the punishment, critics have found problems with the phrasing of the law. As it stands, this passage could technically criminalize almost any form of unauthorized impersonation through social media. Given the preponderance of fake social media accounts, masquerading as any figure—no matter how famous—might be risky under this new measure.

Other provisions have been even more troubling. Ley 9048 also penalizes persons who cause damage to a third party using a false or nonexistent identity. The vague wording of this legislation makes its ultimate impact somewhat unclear. Another provision criminalizes “spreading false news,” a law that would require significant resources to enforce. Perhaps most troubling, laws with similar provisions have been used to suppress freedom of expression in other countries. For example, the Costa Rican provision resembles a Guatemalan law that incarcerated a Twitter user for spreading rumors about a bank. Costa Rica appears to be navigating a dangerous slope regarding its oft-touted freedom of expression.

In addition to targeting impersonators, another controversial part of the law seeks to combat espionage. Espionage, under Costa Rican law, had been defined as the improper procurement or obtainment of secret political information or state security policies, which carried a punishment of one to six years in prison. Under the new law, which carries a five to ten-year sentence, espionage includes the use of computer manipulation, malicious software,or information and communication technology. This new legal structure seems to assume that espionage through digital platforms is a greater security threat than non-digital leaking even though cybercrime has not previously been an issue for the nation. Many Costa Rican critics have agreed with the view that this law is a veiled measure to preemptively target whistle-blowers like WikiLeaks or the hacking collective, Anonymous. Indeed, this claim does seem to carry some validity. After all, the legislative committee that discussed and approved the law first did so in 2010, when leaked cables from WikiLeaks sent shockwaves around the world and opened up a new debate about governmental transparency. Today, many Costa Ricans have demanded dialogue with the government through public forums regarding the potential negative implications of this legislation.

The ambiguity of the cybercrime law sets a troubling standard for the circulation of free information in Costa Rica. As it stands, much of the provision’s language should be reworded, given the country’s recent Supreme Court decision to uphold internet use as a personal right. If Ley 9048 is upheld in its present form and is interpreted only by the clear implications of the text, Costa Ricans have ample reason to worry. At the very least, the government should be more transparent with its motives in passing this law.

Justin Halatyn, Research Associate at Council on Hemispheric Affairs.

Originally published on September 20, 2012 

Please accept this article as a free contribution from COHA, but if re-posting, please afford authorial and institutional attribution. Exclusive rights can be negotiated.