Octopus Cybercrime Community

The Electronic Crimes Act of 2009 is the main source of substantive law provisions, addressing all of the offences listed in the Budapest Convention in terms of substantive law.

The same Act, addresses extensively procedural powers corresponding to the Budapest Convention. The act through the amendments introduced in 2012 and 2017 brought clarifications to both substantive and procedural measures to be nearly consistent wth the Budapest Convention.

Electronic Crimes Act from 2009 addresses all of the Budapest Convention substantive law provisions .

Part II Offences of the law criminalises the following: Article 4: Illegal access and illegal remaining; Article 5: Interfering with data; Article 6: Interfering with computer system (2012 amendments included reference to critical infrastructure); Article 7: Illegal interception (2012 amendments brought to Section 2 of the act introduces a new definition of “to intercept”, as follows: ““intercept” includes, but is not limited to, acquiring, viewing and capturing of any computer data communication, whether by wire, wireless, electronic, optical, magnetic, oral, or other means, during transmission through the use of any technical advice;”); Article 8: Possession, sale etc of illegal devices; Article 9: Computer related fraud; Article 10: Unlawful disclosure of access code; Article 11: Unauthorised access to restricted computer system; Article 12: Child pornography; Article 13: Unlawful communications. Articles 14 – 17 were introduced as per 2012 amendments as follows: Art. 14 Computer related forgery; Art. 15 Data espionage; Art. 16 Identity related crimes; Art. 17 Spam.

St Kitts and Nevis is a Party to two intellectual property conventions, however it is unclear whether it has criminalised accordingly, per the Article 10 of the Budapest Convention.

The 2017 amendment contains extensive definitions, including a definition of “unauthorised.” The exact scope of “unauthorised” is a frequent problem in cybercrime statutory drafting, so the inclusion of a definition is quite interesting.

“(2) In this Act, access of any kind by a person to any program or data held in a computer is “unauthorised” or “obtained” without authority if the person is not entitled to access of the kind in question to the particular program or data.”

Procedural powers included in the amended Electronic crimes act extensively cover the Budapest Convention procedural powers: Art. 18 search and seizure powers, subject to judicial warrant; Art. 19 production order; Art. 20 Record of and access to seized data; Art. 21 partial disclosure of traffic data; Art. 22 Interception of electronic communication (content data), under judiciary supervision; Art. 23 Expedited preservation of computer data; Art. 24 Use of forensic software; Art. 25 Disclosure of details of an investigation

Art. 26 handling of evidence; Art. 27 arrest without warrant.

The Budapest Convention requirement of real-time collection of traffic is not covered.

St Kitts and Nevis Article 3 is co-extensive with Budapest Convention Article 22, Jurisdiction.

Electronic Crimes Act (2009)

Interception of Communications Act (2011)

Data Protection Bill is largely derived from the Organization of Eastern Caribbean States' model. It seeks to ensure that personal information in the custody or control of an organization, whether public or private, shall not be disclosed, processed or used other than the purpose for which it was collected, except with the consent of the individual and where exemptions are clearly defined. (Source: St. Kitts and Nevis’ legislators pass Data Protection Bill 2018).

Freedom of Information Bill aims to promote maximum disclosure of information in the public interest, to guarantee the right of everyone to access to information, and to provide for effective mechanisms. (Source: Freedom of Information Bill 2018 successfully passed into law in St. Kitts and Nevis)