Those with access to technology in various parts of the world use it in similar ways. In places as distant as Chile, Vietnam, and Norway, people use e-commerce platforms for buying and selling goods, emailing each other, and e-calendars for business schedules, and social media platforms for sharing news, communicating, and organizing. Despite these crosscutting uses of technology and often the ubiquity of the platforms themselves (Facebook is the world’s most popular social media site, with 2.6 billion monthly active users), the context in which these technologies exist matter greatly for how that technology is governed and understood.
Technology strategies and policies must be tailored to the local context so that a country can successfully promote the use of technology for growth and prosperity while governing its use to protect citizens and national security. This approach aligns closely with the first two Principles for Digital Development, which are 1) Design with the user—using conversation, observation, and co-creation to create a product or initiative that is truly beneficial and appropriate and 2) Understand the existing ecosystem—considering the particular structures and needs that exist in each country, region, and community.
My understanding of these concepts and how they are applied in context solidified during DAI’s recent research engagement with the Government of Timor-Leste under the U.S. Agency for International Development’s Digital Connectivity and Cybersecurity Partnership, a U.S. Government initiative to promote open, interoperable, reliable, inclusive, and secure internet, focusing first in the Indo-Pacific. In partnership with the Timorese government and local stakeholders, DAI contributed to an updated ICT policy for the country and drafted legislation pertaining to cybercrime and intellectual property. Some important considerations noted by the authors while carrying out this work included:
What kinds of threats does Timor-Leste currently face as it seeks to improve its ICT infrastructure? What does its geographic location mean in terms of threats and opportunities?
As connectivity, usage, and sophistication of digital tools increase, strategy and legislation must be well-considered and prepared to combat increased opportunities for cyber threats.
As with other developing nations, China has put forth significant investments in the country, opening greater access to the Asian superpower. The growing influence highlights the need for strong, independent digital systems and legislative processes to maintain true independence.
What international standards should be considered? What is best for Timor-Leste’s long-term goals to increase participation in the global economy?
Both the African Union Convention on Cyber Security and Personal Data Protection (known as the Malabo Convention) and the Budapest Convention on Cybercrime serve as important sources of guidance on international cybercrime legislation. While both of these international agreements were carefully considered, the Budapest Convention was ultimately selected as primary. The Malabo Convention, despite providing useful considerations, is only open to signature and ratification from countries within the African Union. The Budapest Convention, on the other hand, is more widely adopted and not restricted by geographic location (65 countries worldwide have ratified the treaty as of August 18). The treaty also has a more targeted focus on cybercrime legislation specifically.
Council of Europe Secretary General, Marija Pejčinović Burić, speaks to the importance of the Budapest Convention at a 2019 cybercrime conference. The Convention remains the only binding international treaty on the topic and provides pertinent guidance for countries developing national cybercrime legislation. Photo courtesy of Council of Europe Newsroom.
Societal Acceptance and Adoption
How will individuals understand and interpret this legislation? Will these laws be respected and enforced, or only exist on paper?
Informed and advised by local stakeholders, the DAI team considered cultural preferences and tendencies that would inform their recommendations, such as the general preference in the country to settle legal matters without going to court. Bearing in mind such cultural and societal realities is important for building effective incentive structures, gaining genuine buy-in from citizens, and ensuring that international best practices are applied in a meaningful way.
Legal and Structural Viability
What is the best way to ensure that new legislation is compatible with current legislation? What is the best way to ensure that the policy will be properly integrated and accepted as legitimate?
Consulting the Timorese Penal Code, the authors ensured that the new legislation contained syntax and phrasing consistent with existing legislation. The Penal Code was also used to help understand which repercussions are considered customary in the country and that the drafted repercussions under the new law were consistent with those for analogous offline crimes.
In addition to the Budapest Convention, the authors reviewed laws from several individual countries. Though many were considered, Portuguese and Estonian legislation provided particular insights.
Under Portuguese occupation or administrative control from the 17th century until 1975, Timor-Leste remains influenced by Portugal in many aspects of society, including the legal system. By considering Portuguese law, the DAI team was able to better understand potentially applicable cultural considerations, as well as the linguistic style of the law that would be most compatible.
Estonia today is a leader in cybersecurity regulations and prevention, including cybercrime, from which countries seeking to bolster their ICT infrastructure may learn lessons. Following a particularly aggressive, long, and disruptive political cyber-attack in 2007, Estonia set out to improve and intensify its cyber-defense strategy. Today the country is a leader in cyber protection and defense, including cybercrime legislation.
While thoughtful, comprehensive legislation is critical to improving a country’s ICT infrastructure, it is only the beginning of a much larger process. Whether considering the way a young woman in Delhi uses her smartphone to communicate, or the way that Timorese cultural values affect opinions of the legal system, understanding the social, political, and historical context surrounding the target population in a digital development effort is of utmost importance. Though it may seem counterintuitive to establish cybercrime legislation before ICT infrastructure has been widely established, the legislation provides a foundation on which the country’s infrastructure and economy can grow and benefit from each other’s gains. To ensure that the law is ultimately effective, it should be followed by regulations, capacity-building, training, and awareness campaigns to ensure that citizens and government officials alike are aware of the law, understand it, and have the ability to enforce or exercise their rights under the law. Without these further efforts, the law remains existent only on paper.
For more information on the importance of contextual understanding when considering ICT strategies and legislation, check out the Center for Digital Acceleration’s recent publication, User Perceptions of Trust and Privacy on the Internet. The publication focuses on research conducted in India and Ghana, highlighting the different ways that individual internet users in these two countries perceive privacy and security online and trust digital tools and digitally accessed information. Usage and perceptions varied greatly based on the user’s gender, level of digital literacy, and societal expectations, among other factors, reinforcing the magnitude of nonvirtual realities in the digital world.