#LeyFayad: The Worst Bill in Internet History


Mexico: On Tuesday October 27, Senator Omar Fayad of the Institutional Revolutionary Party (PRI), presented an initiative to the Senate called the Federal Law to Prevent and Punish Computer Crimes, drafted in collaboration with the Federal Police. The #LeyFayad seems like a bad joke, unfortunately it is not.

The following is a translation of analysis by Luis García from r3d.mx outlining the 10 worst points of the #LeyFayad.

1. Using a computer is a crime. Throw your computer away.

One of the main problems with the #LeyFayad is that the wording is so poorly written, literally using a computer is a crime.

Article 17 states:

Anyone who willfully destroys, disables, damages or performs any act that alters the functioning of a computer system or any of its components, shall be liable to a penalty of five to fifteen years in prison and a fine of up to one thousand days of minimum wage.

According to this article, “any action that alters the functioning of a computer system or any component” is a crime. So for example updating software, downloading a program or application, using your computer in any way which essentially changes the operation of your computer system is a crime and can send you to jail for 5 to 15 years. Destroying or disabling a computer system is also an offense.

2. Violating those Terms of Use that you never read could make you a criminal.

Article 16 states:

Any person who, without authorization or exceeding that to whom authorization has been granted, accesses, intercepts, interferes with or uses a computer system, will receive a penalty of one to eight years in prison and a fine of eight hundred to one thousand days minimum wage.

This article can be interpreted that in violating the terms of use of a website you could be committing a crime. Lying about your age when you open your Facebook profile (clause 4.1) or breaching any of the absurd terms that nobody reads when you click “OK” (like being 17 years old to enter the seventeen.com page) you will become a criminal.

Web scraping to make that great app you designed at a hackathon, something many websites unlawfully banned, will be a crime and you would receive a sentence of up to eight years.

This risk is not hypothetical: in other parts of the world there have been attempts to consider the violation of terms of use (for example lying about your age) as “unauthorized use” same as the #LeyFayad is considering. You could be the next Aaron Swartz (if you don’t know who he is, see this documentary)

3. Hey you on the computer! You’re a cyber-terrorist!

The #LeyFayad creates, in Article 3, section XX, the term “Computer Terrorism” to punish the use of information technology, communication and Internet for purposes of terrorism.” Among the noted terrorist purposes, “spreading information with the aim of causing panic and destabilization of the public peace.”

Disseminating information to “destabilize the public peace” would make you a terrorist. So stop retweeting articles about the Casa Blanca, Ayotzinapa, Tlatlaya. Just to be sure, don’t talk about anything if you don’t want to spend 15 to 28 years in prison.

With #LeyFayad, #RexisteMX would be a “cyberterrorist” and #Droncita a “cyber weapon”

4. Troll @OmarFayad now or forever hold your peace.

If you are looking for the twitter account of Omar Fayad to swear at him and demand he withdraw his initiative, here it is: omarfayad. It is your right. But do it fast because if the law passes, you too could become a criminal.

Article 21 states that “bullying” is committing a crime.

Who, through using information technology, harasses, intimidates, assaults or utters any form of physical, psychological or verbal abuse against internet users, repeatedly and systematically, will receive a penalty of six months to two years imprisonment and a fine of fifty to eighty times the daily minimum wage.

Bullying online is a serious matter that requires serious societal responses. But such new offenses go far beyond online harassment and eventually criminalize legitimate uses of the right to freedom of expression on the internet.

By making a criminal of anyone who “assaults or utters any form of verbal abuse,” Mexico reinstates the “honor crimes” – like libel, which had already been eradicated from the federal criminal law and opens the door to criminalize dissent, minority or unpopular voices.

5. All code is malicious code.

Article 3, Section V defines “malicious code” as any “program or computer system code created specifically to damage, interrupt or disrupt a computer system as well as obtain information or commit cyber espionage.”

Again due to vague phrasing, virtually any code becomes malicious code, since the article criminalizes “any program or code” created to, among other things, “obtain information.” That is, almost any software on your computer that your machine uses to perform any function.

This is particularly worrying for software developers because it is unclear how they would determine whether a program is designed “specifically” for a certain malicious purpose, or if the amplitude of the concept of “damage”, “interruption” or “affectation” turns developers into criminals.

The situation is even worse for security researchers who use tools that “affect” computer systems to detect vulnerabilities. If the intent of this rule was to protect computer security, it is very likely to produce the opposite effect.

6. Digital gag on online journalism and anti-Snowden crimes

Articles 22, 23 and 24 of the #LeyFayad establish a series of crimes called “crimes against improper disclosure of personal information.” These crimes seriously threaten the right to freedom of expression, preventing any person or media from disseminating information of public interest that is “private”, which does not have “approval” or “consent of its owner.”

In other words, it would be an offense for a journalist to publish a document, picture, audio or disclose any private information of anyone, reveal an act of corruption, a violation of human rights or something otherwise in the public interest, if they do not have the consent of that person.

Possessing, disclosing, disseminating and even watching a video of a scandal would be a crime. Those who publish newspaper articles reporting on contracts that reveal corruption would become criminals. Even those who have retweeted an article – all would receive up to 18 years in prison.

These articles also severely criminalize anyone inspired by Edward Snowden (whistleblowers) or anyone who dares to reveal internal information of public interest such as corruption, impunity and human rights violations.

7. Platforms such as Méxicoleaks would be a “cyber weapon”

The articles mentioned in the previous point particularly criminalize web platforms like Méxicoleaks or organizations such as Wikileaks.

Article 25 of the #LeyFayad imposes up to ten years in prison to those “who offer or provide services aimed” to obtain or disclose private information to which the articles mentioned above refer, even if it is in the public interest.

Technologies like Globaleaks and SecureDrop used by Méxicoleaks or Wikileaks would be classified as “cyber weapons.” The #LeyFayad defines “cyber weapons” as “any software, computer system, or generally any device or material created or designed for the purpose of committing a computer crime.”

Since the disclosure of private information without authorization or consent of its owner, even when this information is in the public interest, would be considered a cybercrime, platforms like Méxicoleaks would be considered “cyber weapons.”

This clearly violates the right to freedom of expression and the right of journalists to protect the identity of their sources; rights that technologies used by Wikileaks or Méxicoleaks allow to be exercised.

8. Actually, what they want is more and better surveillance

To protect everyone from all the terrible cybercriminals, also known as all present and future internet users, the #LeyFayad seeks to create a bureaucracy of “cyber police” (which will hardly cost anything) with the power to monitor the network and obtain personal information of any user.

Article 6, for example, points out that the prevention of computer crimes will take place through mechanisms such as “monitoring the safety and rights of people on the public internet.”

Furthermore, Article 11 requires any telecommunications company (such as Telmex, Movistar, AT&T) and any provider of internet services (such as Google, Facebook, Twitter, Uber) to give the “cyber police” any information they require of any user and cooperate with them on what they see fit. Without a warrant, without any control or safeguard against abuse.

“PRI introduces bill: anything you do on the internet is a crime”

9. With #LeyFayad everyone must become spies

To better spy on everyone, the #LeyFayad requires that all companies providing internet services save data of users activity. To this end, Article 14 provides that:

Service Providers and in general, any private institution which maintains that infrastructure for supplying services to telecommunications and internet applications, must retain data of traffic source and destination of the communication or any other information that may be useful to the investigation, under the terms laid down in Article 190 of the Federal Telecommunications Act and Broadcasting, and regulations issued for such purpose.

In this manner, it’s not just the telecommunications companies that have to maintain data on the origin and destination of communications about your identity, IP address and the geographic location of your device. Now Google, Facebook, Twitter and any application or any company that owns servers must keep that information on all users without exception and give it to any “cyber police” without any democratic oversight or control.

10. The “cyber police” also want to (try to) censor Internet

To top it all off, Article 9 of the #LeyFayad aims to give the Federal Police the ability to “manage (…) cooperation with companies providing internet service to suspend websites, web pages and any content that threaten public safety, and to prevent and combat crimes in which electronic means are used for the commission of said crime.”

Thus, the Federal Police is looking to be able to tell companies that provide internet service to block access to websites that they believe “threaten the public safety.”

This is an extremely dangerous arena as the Federal Police have already tried to censor sites for political reasons (as in the case of 1dmx.org). The problem is greater in cases where it would be justified to take action to prevent access to sites (such as distributing child pornography). The type of “suspension” the Federal Police intends to manage would be absolutely ineffective, since blocking an “internet service provider” to prevent access to a certain site would, on the one hand, be easy to circumvent (using a proxy, VPN or Tor). It could also cause the overblocking of internet sites, such as happened in Denmark where the intention to block child pornography ended blocking Google and Facebook.

Sexual abuse of children is a crime that should be investigated and prosecuted seriously, not by cosmetic measures which, far from helping to combat the problem, wastes human and financial resources and can cause the censorship of legitimate information.

For these 10 reasons (and many more), the #LeyFayad is the worst legislative initiative of the internet ever seen and, consequently, R3D will do everything possible to prevent this bad joke from coming true.

Follow r3d.mx, @r3dmx on Twitter, r3dmx on Facebook for more information.

Sources and additional reading:
R3D: Red en Defensa de los Derechos Digitales


About Author

Erin Gallagher is a multimedia artist, translator and writer for Revolution News.