Octopus Cybercrime Community

Law n° 2019-056 on the Suppression of Cybercrime, adopted in December 2019, introduces substantive law provisions corresponding to illegal access, data and system interference, as well as child pornography. The Criminal Code of 2001 (established by Law N°01-079 of 20 August 2001 containing the Penal Code) also provides for certain relevant incriminations.

The procedural framework in criminal matters has not been adapted to IT technologies so far.

The new Law n° 2019-056 on the Suppression of Cybercrime, applies to “any offence committed by means of Information and Communication Technologies (ICT) in whole or part on the territory of Mali, to any offence committed in cyberspace and whose effects occur on the national territory” (article 2). The Cybercrime Law in articles 74 to 78 authorises search of computers and seizure of data as part of criminal investigations. Under article 75, data may be copied and stored where “seizure of the medium seems inappropriate”. Articles 83 to 86 suggest real-time surveillance through interception of communications. Service providers are required to cooperate with authorities, including through ensuring that they have in place the necessary technical means to facilitate interception of communications.

Articles 264 to 271 of the Criminal Code of 2001 (established by Law N°01-079 of 20 August 2001 containing the Penal Code) criminalises certain acts against the confidentiality, integrity and availability of computer data and systems: illegal access (art. 264 al. 1), data interference (art. 264 al. 2 and art. 266) and computer interference (art. 264 al. 2 et article 265), and computer-related forgery (art. 267 and 268).

Art. 275 CC on the criminal offence of fraud seems to be applicable to the acts of fraud committed online.

Although art. 228 CC criminalises paedophilia, it appears that no legal framework exists to protect children against online activities such as child pornography or grooming.

Art.37 of Law n°2016-008 of March 2016 on Money Laundering and the Financing of Terrorism indicates the obligation of financial institutions to assess all risks related to the use of ICTs and the Internet for the use or promotion of existing or future financial products or services, in order to minimise money laundering activities and the financing of terrorism.

Procedural measures taken in the context of criminal proceedings are governed by the Criminal Procedure Code of 2001 (established by the Law N°01-080 of 20 August 2001 containing the Penal Code). These measures have not been adapted to IT technologies (e.g. on electronic evidence).

The Criminal Procedure Code identifies the law enforcement and judicial authorities having competence to conduct the investigations and prosecutions (see in particular art. 31 and following; art. 47 and f.; art. 55 and f.). It provides for procedural measures such as search and seizure (art. 93 and f.) and letters rogatory (art. 159 and f.).

It appears that no provision of the Code allows specifically officers of the judicial police (investigative police) to intercept communications in real-time and record data.

The Penal Procedural Code does not contain any article related to the investigation of cyber offences or the use or acceptance of electronic evidence. The Penal Procedural Code contains however a few principles related to extradition and to mutual legal assistance.

However, the draft cybercrime law also contains provisions on procedural law to allow investigative measures and the acceptance of electronic evidence.

General rules and safeguards apply in principle, but the constitutional situation is unclear since the political events of March 2012.

On the regulation of telecom:

Ordonnance n°2011-023/p-rm of 28 September 2011 on telecom and ICT activities.

Ordonnance n°2011-024/p-rm of 28 September 2011 on the regulation of the postal and telecom sectors

Ordonnance n°2011-012/p-rm of 20 September 2011 establishing the Post Office

Law n°01-005 of 27 February 2001 modifying the Ordonnance n° 99-043/p-rm of 30 September 1999 on telecom activities in Mali.

Political Declaration on the telecom sector in Mali

Ordonnance n°00-028/p-rm of 29 March 2000 modifying the Ordonnance n° 99-043/p-rm of 30 September 1999 on telecom activities in Mali.

Ordonnance n°99-043/p-rm of 30 September 1999 on telecom activities in Mali.

It would appear that the ordinary channels to transmit extradition and assistance requests are the diplomatic channels. In case of emergency, the request may be transmitted directly between the competent judicial authorities either by mail, or by any other method producing a written record or equivalent. The request may also be transmitted via the INTERPOL network.

The Malian legislation does not provide for a general legal framework on international cooperation.

Mali is a Party to several multilateral conventions, in particular (at the regional level) the ECOWAS Convention on mutual legal assistance in criminal matters (adopted on 29 July 1992). Mali has also adopted bilateral conventions (e.g. General Convention of cooperation in judicial matters between Burkina Faso and the Republic of Mali, signed in Ouagadougou on 23 November 1963). Mali is also a Party to the United Nations. Convention against Transnational Organized Crime (ratified on 12 April 2002), which encompasses provisions on international cooperation.

See also the practical guide developed by UNODC on extradition and mutual assistance, with specific developments on Mali, available here (FR) (up-to-date in 2011).

The Malian focal point for the INTERPOL network is within the DCPJ. In the context of international police cooperation, INTERPOL Bamako provides for contact points within the National Police and other law enforcement agencies, including the Gendarmerie, the Customs and the National Guard.