Basil Jarrett and Nigel Parke | Cybersecurity legislation: Closing the gaps for law enforcement

THE RECENT incident involving an AI-assisted video accusing the RJRGLEANER Communications Group of bias in its reporting, highlights the dangers we face in this ever- evolving digital landscape. The video, which the group’s chief executive officer, Anthony Smith, claimed was designed to discredit both The Gleaner and its journalists, not only disparaged the paper and its team of reporters, but also put reporters and journalists at risk of being targeted in various ways.

Beyond the reputational harm caused, this event sheds light on a bigger issue that is becoming more and more inevitable in our present and future digital lives, bringing into focus cybercrime and the inadequacies in Jamaica’s cybersecurity legislation.

The RJRGLEANER event highlights the threats posed by the misuse of emerging technologies, and in a world where AI can be weaponised to create false narratives, it is imperative that our legal frameworks continuously evolve in response. The Cybercrimes Act of 2015, while a step in the right direction, is not adequately equipped to handle these sophisticated, fast-moving challenges, and from experience, we have seen how these gaps can stymie our efforts to prosecute cybercriminals and protect the public.

A NEW KIND OF CYBERCRIME

The RJRGLEANER incident is more than just a case of defamation; it’s a cybercrime involving AI manipulation and disinformation. As these technologies become increasingly sophisticated and more accessible, cybercriminals are using them to wreak havoc. Whether it’s AI-generated content used to manipulate public opinion or ransomware that holds entire companies hostage, the playing field has changed. But, unfortunately, our cybersecurity legal framework has remained largely stagnant.

For example, our current laws focus on traditional cybercrimes like unauthorised access, data interference, and system interference, which, while necessary, don’t cover the full gamut of threats we now face. AI, malware, ransomware, phishing, and social engineering attacks are creating new avenues for criminal conduct that aren’t adequately addressed in the Cybercrimes Act. Cyber-enabled crime also requires consideration of the adequacy of existing offences, in terms of remaining fit for purpose.

The Gleaner video wasn’t just malicious communication; it was a deliberate attempt to manipulate information, using AI to create a false narrative and tarnish reputations. Our laws should therefore be able to treat such incidents as serious criminal offences, and contain dissuasive, proportionate and deterrent sanctions.

EXPANDING OUR LEGISLATIVE FRAMEWORK

So how do we address this? Well, for starters, perhaps we need a legal framework that is sufficiently elastic to adapt to the rapid technological changes we’re witnessing. Cybercriminals are becoming more sophisticated, using tools like AI to manipulate data, create forgeries, and execute complex phishing schemes, and so our laws must be agile enough to accommodate these newer, more complex offences.

For example, while the current laws criminalise aspects of computer fraud, they don’t adequately address the use of AI to forge documents or manipulate video content, in the sense that their use in that manner would amount to an offence. In the case of The Gleaner, had the perpetrators been identified, it’s possible that current legislation wouldn’t have fully accounted for the scope of the crime, or offered sufficient grounds for prosecution.

We also need to expand our definition of ‘protected computers’. Right now, the law defines these as computer systems related to national security, defence, and public safety. But in an increasingly interconnected world, perhaps we should look to explicitly include computers involved in public revenue, critical infrastructure, and media institutions like The Gleaner which play a vital role in maintaining democracy and social stability.

STRENGTHENING INTERNATIONAL COLLABORATION

One of the key challenges in combating cybercrime is that it knows no borders. The Gleaner incident could have been orchestrated from anywhere in the world, using AI and disinformation strategies that transcend national jurisdictions. To effectively combat these threats, we need stronger international collaboration. Our laws must facilitate cross-border investigations and prosecutions, making it easier for law-enforcement agencies like MOCA to work with international partners.

Countries like Barbados have already incorporated provisions in their Computer Misuse Act that we could learn from. By adding elements like recklessness in their malicious communication offence, they’ve made it easier to prosecute offenders. Jamaica should consider following suit, by adapting its laws to account for the recklessness of actors who engage in cyberattacks, AI manipulation, or disinformation campaigns.

RANSOMWARE AND BEYOND: TACKLING EMERGING THREATS

The issue of ransomware also deserves attention. Globally, ransomware attacks have skyrocketed, impacting hospitals, financial institutions, and even governments, as we’ve seen here in Jamaica. These incidents, where criminals infiltrate systems, encrypt data and demand payment for its release, are on the rise. They not only paralyse operations, but also put sensitive information and, potentially, lives at risk. Our legislation doesn’t specifically criminalise ransomware attacks, and so bespoke provisions are needed to address this issue. In addition, our laws need to account for AI manipulation, phishing, and identity theft – which are not hypothetical threats, but rather, are real and present dangers, continuously growing in scope and complexity.

MAKING CYBERSECURITY A PRIORITY

But beyond legislative solutions, there is also a need for greater public awareness. We live in a digital world, and while technology brings numerous benefits, it also increases exposure to a wider range of vulnerabilities. Media houses, financial institutions, and even individuals must be better prepared to recognise, prevent, and respond to these threats.

At the same time, law-enforcement agencies must be given the tools they need to tackle these new crime types. This includes not only modernising our laws, but also ensuring that our law-enforcement agencies are properly resourced to investigate and prosecute cybercrimes. We can ill afford to be reactive; instead, we must constantly be proactive in our approach to cybersecurity.

THE WAY FORWARD

The Gleaner incident should be a catalyst for change. It has highlighted the growing risks we face in the digital age and underscores the importance of updating our laws to keep pace with these changes. We need to enact legislation that is flexible, comprehensive and forward-thinking, with the ability to address the threats of today, and also those of tomorrow. And with so much at stake in this increasingly digital world, it would be almost criminal not to.

Major Basil Jarrett is a communications strategist and CEO of Artemis Consulting, a communications consulting firm specialising in crisis communications and reputation management. Nigel Parke is an attorney-at-law and director of legal and prosecutorial services at MOCA. Send feedback to columns@gleanerjm.com.