Panamanian Regulations For Computer Crimes And Electronic Banking Operations

Panamanian regulations for computer crimes and electronic banking operations

Summary

The great technological advances, the intrinsic characteristic of the Internet, (absence of borders), and the increase of inexperienced users, have become the main field of action of cybercriminals that are on the aim of creating novel and complex ways of violating the law. In turn, these advances, which have contributed to what we know today as "globalization" have played a transcendental role in the economic growth of the world since they carry without number of advantages and disadvantages that have been benefiting to users and organizations. Its growing link, transfers the borders of countries creating sufficient spaces to different areas of life, society, diverse business, among others.

On the other hand, the aforementioned absence of borders offers a greater number of opportunities to cybercriminals to perpetrate different antisocial acts or behaviors, mainly malfunctioned aggressions to information systems.

These facts have motivated governments, to deal with such circumstances by providing expedited responses that facilitate the protection of users, both companies and individuals, through regulations which have long been tried to unify so that the same existenceregulations to all countries.

In 2001 the European Council assumed this challenge, thus trying to mitigate the problem of supranationality, but according to the exhaustive study by the UN in 2013, the true focus of the problem are the least developed countries, since these are the mostly vulnerable to cybercrime.

It is from here where the objective and interest of this article arises, investigating what are the existing regulations or regulations in Panama, (a country that in the process of development and therefore mostly vulnerable to cybercrime) that help control, prevent or mitigate this problemlatent worldwide that may specifically affect electronic banking operations therefore organizations and users who use this type of service.

Some background of computer crimes.

For Carlos Sarzana, cited by Estrada (2006) in his criminal work and technology, computer crimes include ‘any criminogen behavior in which the computer has been involved as material or as an object of criminogenic action, or as a mere symbol’.

The motivations and varieties of criminal acts worldwide are very diverse, in terms of cyber order, so we can find, those that are related to computer content, financial interests, attacks against confidentiality, integrity and accessibility to computer systems.

It should also be mentioned that in terms of relative threat and riskPrepare them.

The United Nations Office against Drugs and Crime (UNODOC), said that the participating countries of the group of expertPolice systems are poor to register computer crimes, so there may be a disparity since police data are affected by factors such as the levels of development of a country and the police capacity specialized in this area, rather than with the rates ofexisting crime.

Also points out this study that:

In 2011 at least 2.300 million people, equivalent to more than a third of the world’s total population, had Internet access. More than 60% of all users are in developing countries and 45% of all Internet users are under 25 years. It is estimated that by 2017 the subscriptions to the mobile broadband will reach approximately 70% of the world population. By 2020 the number of devices interconnected by the Net. In the hyperconnected world of the future it will be difficult to imagine a "computer crime", or perhaps no crime, which does not imply electronic evidence related to the internet protocol connectivity.

On the contrary, victimization surveys, for this exhaustive study, are considered a solid basis for comparisons, this is how it is demonstrated that individual victimization is considerably superior to other forms of conventional crimes, it also indicates some data or percentage rates of victimizationof some computer crimes:

Victimization rates for online fraud with credit cards, identity theft, response to an "data fishing" or "phishing" attempt, or suffer unauthorized access to email vary between 1% and 17%of the population with Internet access from 21 countries around the world, while typical crimes rates, such as theft, theft and robbery of cars, are in those same countries lower than 5%. Victimization rates in the case of cyber crimes are higher in countries with lower levels of development, indicating the need to increase prevention measures in those countries.

Then, in its section entitled worldwide panorama of cyber crime, it is indicated that:

The officials responsible for enforcing the law that responded to the study considered that worldwide had increased the acts of cyber crime as both people and organized criminal groups sought new illegal possibilities to obtain personal profits and benefits. It is estimated that more than 80% of these acts have their origin in some form of organized activity, with cybernetic black markets established in a circle of creation of malicious computer programs, computer infection, zombie or “botnet” network management, data collection, collection of datapersonal and financial, data sale and obtaining money in exchange for financial information. Cybernetic criminals no longer need complex experts or technical skills. Especially in the context of developing countries, subcultures of young people dedicated to financial fraud related to computer science have appeared, many of whom began to participate in this crime in their last years of adolescence.

According to Temperini which cites one of the most worldwide studies in computer crimes, in which more than 13 have been interviewed.000 adults in 24 countries, by 2012, it was estimated that direct costs associated with computer crimes that affect consumers in the world amounted to US $ 110.000 billion in twelve months.

The same study reveals that for every second, 18 adults are victims of a computer crime, which results in more than a million and a half victims of computer crimes every day, worldwide.

However, a very important factor and in which it has long been emphasized, is that the borders of the countries constitute an unquestionable obstacle to the detection, investigation, persecution and punishment of the authors of crimes perpetrated by using theseNew technologies, in Internet contrast, which is configured as a space without borders for those, so Gómez (2010) “The supranational dimension plays, therefore, a crucial importance in the treatment of computer crimes. The execution of joint, general policies, which integrate all states and sectors of society ”is imperative.

Hence, computer crimes involve criminal activities with the use of computer techniques, which in the foreground have tried to classify in typical traditional figures, such as robberies or theft, fraud, falsifications, damages, scam, sabotage,etc., which have created new possibilities of improper use of computers, which has in turn led to the need for regulation by governments in the level of law.

Some definitions proposed by different authors:

International experts despite many efforts they consider that there is no universal definition for computer crime, however, functional concepts have been formulated in response to specific national realities.

The above said, in reference to the definitions that have been tried in Mexico, it should be noted that Julio Téllez Valdés points out that:

It is not easy to give a concept on computer crimes, because its same denomination refers to a very special situation, since to talk about ‘crimes’ in the sense of typical actions, that is, typified or contemplated in criminal legal texts,It is required that the expression ‘computer crimes’ be consigned in criminal codes, which in our country, as in many others, has not been subject to typification yet.

Nidia Callegari as well as the other two authors presented in the following paragraphs cited by Estrada define the computer crime such as: ‘The one that occurs with the help of computer science or attached techniques’.

Rafael Fernández Calvo defines computer crime as’ the realization of an action that, gathering the characteristics that delimit the concept of crime, has been carried out using a computer or telematic element against the rights and freedoms of citizens defined in Title 1of the Spanish Constitution ‘.

María de la Luz Lima says that the electronic crime ‘in a broad sense, is any criminal or criminal conduct that in its realization makes use of electronic technology either as a method, medium or end, and in a strict sense, the computer crimeIt is any criminal illegal act in which computers, their techniques and functions play a role either as a method, medium or end ‘.

Valdés conceptualizes the computer crime in a typical and atypical way, understanding by the first to ‘typical, unlawful and guilty behaviors in which computers are taken as an instrument or end’, and by the second, ‘illegal attitudes in which they havecomputers as instrument or end ‘.

In our consideration, computer crimes are: "illicit behaviors or attitudes, which go against the law, and in which the use of computer equipment is involved in the primary purpose of generating profit and damage to physical property as personnel".

Other authors expand on the subject:

As for this, says Rúa "knowledge and technological innovation play a capital role in economic activities and in the development of nations".

In this regard, Téllez states that the attacks adopt various forms, including illegal access, the dissemination of malicious programs, as well as the denial of services in the operations that are carried out through electronic banking, so that these attacksThey can attempt against freedom of security and justice that the information society deserves, since they can be launched at any time and from anywhere in the world due to the growing, novel and unexpected technological advances.

In addition, Alfaro states that the technique is always a weapon and each advance was criminally exploited, in such a way that the criminal is always more technified than the prevention of crime, which is more dramatic in computerized societies, to the extent that theyThey are technologically vulnerable.

The foregoing, widely conception of criminal law and criminal procedural law, have evolved to face that new criminal execution channel that develops in a virtual and technological field, different from the traditional model of physical, individual and interpersonal crime, sincequestions the current principles.

Morales et al points out that: the fraudulent use and manipulation of computers to destroy programs or data as well as the access and improper use of information that affects privacy are considered as means related to the electronic data processing with which thePossibility of obtaining a great economic benefit as well as causing considerable material or moral damage, taking into consideration the sufficient amount of data or information that computer systems can offer us about banking, financial, tax and personal activities.

Said the above Rayón et al. He points out that “to deal with this form of crime, it is necessaryThis type of behavior.

Morales “The real danger of humanity lies in the possibility that unscrupulous individuals or groups aspire to the power that information can confer, is used in the satisfaction of their own interests in frank violation of individual rights and freedoms in obvious damage toThe individuals of a society.

As you can see each of the previously indicated authors conceptualize or define the computer crime so that they all lead to a general concept, they are criminal actions which occur with the help of computer science or modern annexes annexes.

Hence, Giddens points out in his theory of reflexive modernity in this regard, modern institutions differ from the previous forms of social order, first of all, in their dynamism, the result of which traditional habits and customs are wearing up, and, insecond place, in its global impact. However, these are not only extensive transformations: modernity radically alters the nature of everyday life and affects the most intimate dimensions of our experience.

Some regulations at the international level and the problem to enforce the same.

As we mentioned at the beginning, the Internet spread to agitated rhythm, in the countries of the world it has become everyday, in recent years it has reached more homes and more and more people learn to use it from the hand of new technologies.

The so -called digital gap has undergone a great decrease thanks to the efforts made by governments, organizations and international associations, among others, and continues to move forward in it, so without a doubt beneficial results are being obtained, however, these advancesThey bring many problems. Therefore, we can consider that the increase in the number of Internet users in combination with the few existing regulations can cause an increase in the possibilities of executing a number of crimes, which can be increased more, to the extent that the greatest greaterBe the computer ignorance of new Internet consumers users.

In the same way it happens in underdeveloped countries, in which true "cybernetic paradises" are created, where legal vacuum is promoted with the opportunistic purpose to capture benefits that in other jurisdictions are illegal.

Gómez points out that: Internet is a relatively recent phenomenon;Its appearance is part of the second half of the 20th century and its large -scale use at the beginning of the current. It is perhaps for this reason that today it lacks fixed guidelines of action, of regulations capable of responding to most of the problems that arise.

In other words, the absence of any authority, to control and regulate the Internet, makes the problems even more complicated.

Hence we can affirm that the regulations of new technologies and especially the Internet will always be in a constant emptiness, which will be gradually covered by self-regulation, unless there is a positive norm that establishes a vision of a certain legal certainty. And everything is because the internet evolves, advances at high speed, transforms, is always in constant development and growth.

Corporations such as the well -known ICANN government (Internet Corporation for the allocation of names and numbers) do not perform any work of regulation, direction or control in that sense, but rather is mainly responsible for technical issues, which contributes with the voidmentioned above on the cyberdelictual problem;However, working on the foundation of Internet normative bases, which at the moment places computer law in a state of impediment, since it makes it difficult for the protection of uniform regulations and controls.

Another factor of great affectation that collaborates to increase this problem is the treatment given to computer crimes, which is raised by the different countries at the national level or by means of multilateral treaties, the main referent being currently the well -known treatyEuropean or Budapest, which is considered both in terms of computer law and international cooperation in general, as an undisputed leader of new forms of assistance between states. This is created with the common aspiration of the parties to homologate results on the proper way with which different phenomena must be processed, and although it only regulates a limited number of countries and in the background does not explicitly or in particular theComputer crimes, as Rodríguez Bernal has been saying, can offer sufficient legal framework to regulate this phenomenon.

This is how through joint actions, decisions, police and judicial cooperation agreements, etc., The European Council can control an important part in this matter, providing tools that serve to follow up and that almost directly influence computer crimes.

We know that in aspects of cooperation it is difficult to achieve a coincidence between countries, since they have different particularities and interests, as well as the described tool will not solve all the problems that arise;In spite of everything, solidarity between cultures, as well as the affluence and exchange of a joint exchange of ideas and solutions is its main advantage in the correction of many of its difficulties.

The above is clear, the importance in the field of international cooperation in the persecution of computer crimes is clear;So we have the task of breaking the barriers to the diplomatic disparity of the countries and forcing states to make joint decisions to solve the problems that affect them.

Hence, we can point out that given the aforementioned circumstances, there is a great distance between computer law and its objectives.

Regulations at the national level (Panama) and its problem

Our country does not escape the global reality of globalization and much less than the disparity of the government in terms of the attention that must be given to this phenomenon, every day the technological advances increase more and therefore the commission of new criminal behaviors, which whichThey cannot be attended by the lack of laws according to these, so it is necessary, in an expeditious way, a change of perspective, a break to that bureaucracy that achieves is to hinder the development of tools that help to prosecute these.

Rojas Parra points out, the Criminal Code of the Republic of Panama, approved by Law 14 of May 18, 2007, in its title VIII, on the “Crimes against the Legal Security of Electronic Media” regulates crimes against computer security. From article 289 to 292 regulates the following criminal behaviors and their respective penalties: a) Enter or use of databases, network or computer systems;and, b) seize, copy, use or modify data in transit or contents in databases or computer systems, or interfere, intercept, hinder or prevent transmission. In addition, it determines certain behaviors as aggravating circumstances that increase the prison sentence.

Factors such as inappropriate categories of criminal types that go hand inof impositions according to this behavior because we do not have corrective mechanisms that impose a sanction after an investigation. In addition to this, the impediment of requesting collaboration or helping other states, since these criminal types are not regulated within national legislation.

That said, we present a chronology of the regulations and efforts of our country in order to control and solve this phenomenon.

By executive decree no.709 of the year 2011, the Ministry of Presidency creates the Computer Security Incident Response Team, (CSirt) under the government structure of the National Authority for Government Innovation, which has among its functions prevent and identify attacks and incidentsSecurity to the country’s critical infrastructure systems.

Then, it was approved by this same entity, in March 2013, the so -called National Cyber Security Strategy and Critical Infrastructure Protection, which establishes a series of actions to improve cybersecurity and provide protection to vital infrastructure of the country. However, once again the lack of political will hinder its implementation and development by the entities in charge.

We can point out that Panama, in international matters part of the first four countries of the American continent to be attached and ratified to the Budapest agreement.

In particular, the National Assembly of Panama approved the Convention on Cybercrime through Law 79 of October 22, 2013, which was published in the Official Gazette no. 27403-A of October 25 of the same year, its text, approved without restrictions or modifications and subsequently deposited the accession document before the European Council Secretariat, makes our country the second in Latin America to ratify this, after the Dominican Republic.

On the contrary, the 3 legislative initiatives submitted to the National Assembly since the date of its ratification, (2013, 2014 and the most recent in 2017) for the purpose of adapting the legal regulations in force in criminal matters as ordered by said agreement, they remain in discussion without satisfactory results.

Hence, we emphasize the international commitment that Panama must comply, since as we point out in previous lines, the current Criminal Code only typifies 2 behaviors as computer crimes, which do not include those carried out by electronic means, which createsa void and accentuates the importance of adapting internal criminal regulations stipulated in said agreement.

In the same way, our country currently does not have a legal personal data protection frame. 463 Personal data protection before the National Assembly, which is still under discussion in its corresponding commission, thus adding another emptiness to be resolved.

As stated above, what is sought with the approval of the regulatory framework in the matter is to allow a better precision of legal assets that must be protected from the phenomenon of cybercrime, such as: the protection of information, typify criminal behaviors , related to new trends that include: illegal access to computer systems, identity supplant (pshishing), illegal interception of networks, interference, information damage (erased, damaged, alteration or suppression of computer data), extortion, extortion, extortion, Electronic fraud, scams, attacks on computer systems, slander and online defamation, digitalfts to banks, attacks made by hackers, zombies computers (botnets), violation of copyright, child pornography, pedophilia, service denial attacks, cyberbullying (cyberbullying and cybergrooming), violation of confidential information, the installation of software such as worms, malware, ransomwa Re, spam, among others.

On the other hand, the lack of adequate preparation and capacity for the criminal investigation of crimes carried out by technological means has generated that Panama, through the Public Ministry, established as mechanisms for investigation and criminal persecution in cybercrime the usual standards applied to crimescommon. In other words, it eliminates the definitive element of a cybercrime, its characteristic of electronic, technological or communications media, by the fact of controlling a common action. However, this can only be done in those acts that constitute a crime, without the compound of its digital particularity. As a consequence, those crimes that are developed within the framework of cyberspace, by their nature, cannot be investigated or judged by their specific parameters in Panama.

For example, in the case of illegal capture of bank data (Phishing or Pharming) under the conceptualization of rector verbs of the criminal type, in the current Panamanian legislation, the mere fact of the illegal capture of personal data could not be sanctioned, you must wait for the offender to use the information obtained illegally, so that the Panama Public Ministry has the legal ability to initiate the crime investigation process.

The reform that derives from the implementation of the Budapest agreement requires the adaptation of the Criminal Code as well as the Criminal Procedure Code. The adequate reform of the latter would allow the mechanisms for criminal investigation to ensure the correct guide and safeguard of human rights and procedural guarantees recognized by international treaties and the Constitution.

The legislative modifications presented in the initiatives, only focus on the modalities of the crime commission, in this case only extend the existing criminal types executed by electronic means. These crimes can be grouped according to the legal good protected as: crimes against sexual freedom and integrity, crimes against the inviolability of secret and the right to privacy and crimes against legal certainty of electronic media.

Crimes against sexual freedom and integrity contained within the projects respond to what is described in article 9 of the agreement, on crimes related to child pornography, as part of crimes related to digital content.

The set of crimes against the legal certainty of electronic media refers to articles 7 and 8 of the agreement, on the counterfeit and computer fraud.

For its part, the set of articles referring to crimes against the inviolability of secret and the right to privacy are, the contents in articles 2 to 6 of the agreement, such as illegal access and interception, attacks on the integrity of the dataand system and device abuse. Which within the agreement are contemplated as crimes against confidentiality, integrity and availability of data and computer systems.

In general terms, the three bills presented so far, have only focused on modifyand incorporate new criminal types.

The three initiatives for reforming the Criminal Code that have been presented as a result of the implementation of the Budapest agreement, are mainly focused on the regulation of criminal types with electronic aspects and have left behind, reforms in procedural matters;with the exception of one that refers to digital evidence. The latter would hinder the proper national and international implementation of the Cybercrequence Research Mechanisms, as well as the processing of the people involved in these acts.

In addition to what is typified in the Criminal Code, it also has other laws and decrees that are framed in crimes that are related to the issue of our investigation such as:

• National Assembly of Panama. Bill no.558. (September 27, 2017). Which modifies and adds articles to the Criminal Code, related to cybercrime.
• Law 15 of August 8, 1994 and its decree does not. 261 of October 3, 1995, which regulate copyright and related rights, in its chapter II, entitled computer programs.
• Law 43 of July 31, 2001 where it is regulated by the electronic signature and electronic businesses.
• Executive Decree 101 of May 17, 2005, which prohibits access to minors to pornographic websites.
• Law 14 of May 18, 2007. By which articles to the Criminal Code related to CIBER CRIME are added.
• Law 51 of November 18, 2009, which dictates rules for conservation, protection, supply of user data of telecommunications services and their bill 327 March 2011, which makes modifications and adds articles to Law 51 of2009.

Regarding computer crimes related to electronic banking operations, the Super Intendance of Banks, the highest regulatory entity of the banking business in the Republic of Panama, issues agreements related to the issue among which we can point out:

• NO Agreement. 002-2005 (of January 26, 2005), in which bank transfers made through credit and debit cards are regulated and also through ACH, in order to control the money laundering by this electronic means.
• NO Agreement. 007-2011 of December 20, 2011, in which the rules on operational risk and their modifications are established, no agreement. 002-2013 which modifies article 28 of the Agreement no. 007-2011 on operational risk. G.EITHER. No 27223-A of February 8, 2013. Repealed by agreement 11-2014 of October 14, 2014. See SBP-RG-0001-2013 resolution.
• NO Agreement. 003-2012, of May 22, 2012 in which guidelines for the management of the information technology are established. G.EITHER. 27047-A of June 1, 2012. See Circular 22-2008.
• NO Agreement.004-2013, of May 28, 2013 in which provisions on credit risk management and administration are issued. Repealed the agreement no. 6-2000, the agreement does not. 6-2002 and article 7 of the Agreement no. 2-2003. G.EITHER. 27305 of June 10, 2013. Modified by the agreement no.8-2014. ‘Compiled document’. 
• NO Agreement. 001-2016 (of January 26, 2016), in which general parameters and guidelines in relation to the compensation of transactions carried out through the ACH network and the availability of their funds and the availability of its funds and the availability of its funds.

Now let’s see the norms of the International Organization of ISO Standardization, in which we can mention the #27001, which deals with the security of information and that says:

In order to preserve the information, it has been shown that the implementation of security controls and procedures carried out frequently without a common criterion, about the purchase of technical products and without considering all the essential information that must be protected.

The International Standardization Organization (ISO), through the standards included in ISO / IEC 27001, establishes an effective implementation of business information security developed in ISO 27001 / ISO 27002.

The requirements of ISO 27001 standard provide us with an Information Security Management System (SGSI), consisting of measures aimed at protecting the information, indistinctly from the format of the same, against any threat, so that we guarantee in everythingmoment the continuity of the company’s activities.

The objectives of the SGSI are to preserve the confidentiality, integrity and availability of information.

conclusion

Currently, the technical, operational and logistics needs to combat computer crimes every day are more urgent and demand the need for new laws since the national security forces of each country are limited by their borders, which creates difficulty in the worldVirtual for the application of the concrete law.

We have against the factor that cyber criminals collaborate each.

It should be taken into account that for cybercounts it is irrelevant that there is legislation that sanctions them since their knowledge regarding technology allows them to perform criminals from anywhere in the world.

It is important that there is a global communication, since the information related to the investigation of this type of crime is fragmented and every day the illicit in this order increase exponentially.

Because the characteristics of this type of crime are universal, there is the situation that at the time of investigation is difficult to investigate a criminal, the collection of evidence, the negotiation of the jurisdiction between the investigation agencies and the agreementof extraditions.

Although we have an international legal instrument that serves us as a model or guide to countries to legislate in the field of computer crimes, and taking into account other countries which already have the computer crimes legislated, we see that the laws are not enough to reduce theComputer Crime Indices.

We observe that in many countries, for trying to regulate and specifically describe a computer crime, it quickly makes the norm obsolete, for such to avoid falling into this situation, it is necessary to carry out the respective investigations to delve into the nature of the problem andWith the transnational characteristic of computer crime.

Undoubtedly, a global solution is necessary, in addition to having a serious legislation that is compatible towards different countries, also international cooperation that would be the only infallible mechanism to combat computer crime.

A comprehensive, complete, collective approach to the various sectors to combat computer crime is necessary.

Regarding Panamanian regulations, as we mentioned in advance in this case, we find very complete legislation on the issue of the regulation of computer crimes, which imposes as a sanction prison sentences of one to six years, regulates criminal behaviors,But as we have evidenced in this study, computer crimes every day are perfected and grow to the extent that technological advances do so, so you have to try to be on the same time.

Bibliography

• Alfaro, l. (2002). Computer crimes – criminological, dogmatic and criminal policy, jurist editors and.Yo.R.L. Lime. p.125
• Europe’s Council. (2001). Cybercrime Agreement. Budapest.
• Concepción, m. (2014). Cybercrime: particularities in your research and prosecution. Escurianse Legal and Economic Yearbook, XLVII (2014) 209-234. Spain.
• United Nations Office against Drugs and Crime. (2013). Exhaustive study on cyber crime. New York.
• International Standardization Organization (ISO). (2013). Standard 27001.
• Estrada, m. (2006). Cybercrime. Open University. Mexico.
• Gómez, a. (2010). The computer crime its problem and international cooperation as a paradigm of its solution: the Budapest agreement. Electronic Law Magazine of the University of La Rioja (Redur). p. 183
• Rayón. Et al. (2014). Cybercrime: particularities in your research and prosecution. Complutense University of Madrid.
• Rúa Ceballos, N. (2006). The globalization of scientific-technological knowledge and its impact on innovation in less developed countries. Tecno Logic Magazine. Colombia. P.35-57.
• Morales, c. and others. (2017). Computer crimes in the state of Guerrero. Autonomous University of Guerrero. Mexico.
• Téllez, j. (2008). Computer law. MC Graw Hill Education. Mexico. Fourth edition.
• Temperini, m. (2013). Computer crimes in Latin America: a comparative law study. 1st. Part.