Republic of Mauritius

The Mauritian National Assembly passed on July 15, 2003, the Computer Misuse and Cybercrime Act.

THE COMPUTER MISUSE AND CYBERCRIME ACT 2003
Act 22 of 2003

3. Unauthorised access to computer data
(1) Subject to subsections (2) and (3), any person who causes a computer system to perform a function, knowing that the access he intends to secure is unauthorised, shall commit an offence and shall on conviction be liable to a fine not exceeding 50,000 rupees and to penal servitude not exceeding 5 years.
(2) A person shall not be liable under subsection (1) where –
(a) he is a person with a right to control the operation or use of the computer system and exercises such right in good faith;
(b) he has the express or implied consent of the person, empowered to authorise him, to have such an access;
(c) he has reasonable grounds to believe that he had such consent as specified in paragraph (b);
(d) he is acting pursuant to measures that can be taken under Part III of this Act; or
(e) he is acting in reliance of any statutory power arising under any enactment for the purpose of obtaining information, or of taking possession of, any document or other property.
(3) An access by a person to a computer system is unauthorised where the person –
(a) is not himself entitled to control access of the kind in question; and
(b) does not have consent to access by him of the kind in question from any person who is so entitled.
(4) For the purposes of this section, it is immaterial that the unauthorised access is not directed at -
(a) any particular program or data;
(b) a program or data of any kind; or
(c) a program or data held in any particular computer system.

4. Access with intent to commit offences
(1) Any person who causes a computer system to perform any function for the purpose of securing access to any program or data held in any computer system, with intent to commit an offence under any other enactment, shall commit an offence and shall, on conviction be liable to a fine not exceeding 200,000 rupees and to penal servitude for a term not exceeding 20 years.
(2) For the purposes of this section, it is immaterial that -
(a) the access referred to in subsection (1) is authorised or unauthorised;
(b) the further offence to which this section applies is committed at the same time when the access is secured or at any other time.

5. Unauthorised access to and interception of computer service
(1) Subject to subsection (5), any person who, by any means, knowingly -
(a) secures access to any computer system for the purpose of obtaining, directly or indirectly, any computer service;
(b) intercepts or causes to be intercepted, directly or indirectly, any function of, or any data within a computer system,
shall commit an offence.
(2) (a) A person convicted for an offence under subsection (1) shall be liable to a fine not exceeding 100,000 rupees and to penal servitude for a term not exceeding 10 years.
(b) Where as a result of the commission of an offence under subsection (1), the operation of the computer system, is impaired, or data contained in the computer system is suppressed or modified, a person convicted of such offence shall be liable to a fine not exceeding 200,000 rupees and to penal servitude for a term not exceeding 20 years.
(3) For the purpose of this section, it is immaterial that the unauthorised access or interception is not directed at -
(a) any particular program or data;

(b) a program or data of any kind; or
(c) a program or data held in any particular computer system.
(4) A person shall not be liable under subsection (1) where he –
(a) has the express or implied consent of both the person who sent the data and the intended recipient of such data;
(b) is acting in reliance of any statutory power.

6. Unauthorised modification of computer material
(1) Subject to subsections (3) and (4), any person who, knowingly does an act which causes an unauthorised modification of data held in any computer system shall, on conviction be liable to a fine not exceeding 100,000 rupees and to penal servitude for a term not exceeding 10 years.
(2) Where as a result of the commission of an offence under this section -
(a) the operation of the computer system;
(b) access to any program or data held in any computer; or
(c) the operation of any program or the reliability of any data,
is suppressed, modified or otherwise impaired, a person convicted for the offence shall be liable to a fine not exceeding 200,000 rupees and to penal servitude for a term not exceeding 20 years.
(3) A person shall not be liable under this section where -
(a) he is acting pursuant to measures that can be taken under Part III of this Act; or
(b) he is acting in reliance of any other statutory power.

(4) A modification is unauthorised if –
(a) the person whose act causes it is not himself entitled to determine whether the modification should be made; and
(b) he does not have consent to the modification from any person who is so entitled.
(5) For the purposes of this section, it is immaterial whether an unauthorised modification or any intended effect of it, be permanent or merely temporary.

7. Damaging or denying access to computer system
Any person who without lawful authority or lawful excuse, does an act which causes directly or indirectly –
(a) a degradation, failure, interruption or obstruction of the operation of a computer system; or
(b) a denial of access to, or impairment of any program or data stored in, the computer system,
shall commit an offence and shall, on conviction be liable to a fine not exceeding 200,000 and to penal servitude not exceeding 20 years.

8. Unauthorised disclosure of password
Any person who, knowingly discloses any password, access code, or any other means of gaining access to any program or data held in any computer system –
(1) for any wrongful gain;
(2) for any unlawful purpose; or
(3) knowing that it is likely to cause prejudice to any person,
shall commit an offence and shall, on conviction, be liable to a fine not exceeding 50,000 rupees and to a term of imprisonment not exceeding 5 years.

9. Unlawful possession of devices and data
(1) Any person who knowingly manufactures, sells, procures for use, imports, distributes or otherwise makes available, a computer system or any other device, designed or adapted primarily for the purpose of committing any offence under sections 3 to 8, shall commit an offence.
(2) Any person who knowingly receives, or is in possession of without sufficient excuse or justification, one or more of the devices under subsection (1) shall commit an offence.
(3) Any person who is found in possession of any data or program with the intention that the data or program be used, by the person himself or another person, to commit or facilitate the commission of an offence under this Act, shall commit an offence.
(4) For the purposes of subsection (3), possession of any data or program includes -
(a) having possession of a computer system or data storage device that holds or contains the data or program;
(b) having possession of a document in which the data or program is recorded; or
(c) having control of data or program that is in the possession of another person.
(5) Where a person is convicted under this section, he shall be liable to a fine not exceeding 50,000 and to a term of imprisonment not exceeding 5 years.

HomeCybercrimelaw.htmlCybercrimelaw.htmlshapeimage_1_link_0