PREFACE

On the eve of the 2nd of December 1971 an amalgamation of seven states occurred, due to the
departure of the British from the Persian Gulf, known as the versatile Arab Gulf state of the
United Arab Emirates. Due to the close proximity of religion, climate and people, both the
countries emerged as healthy member to each other. The conception of Law is of paramount
importance to the nomenclature of any country. The final quarter of the 20 th Century witnessed
this Bedouin lad underdeveloped OIC country emerge as legal powerhouse transforming into a
world class successors of the British. The United Arab Emirates have achieved remarkable
reputation amongst contemporaries in the field of Cyber Laws. Although we will be polite to a
fault, evading the role, frequent revisions of law performed, resulting in a phenomenal people
growth and development in the nascent UAE. Although inseparable, due to the regulations of the
WTO, OIC and the IMF; the pearl of the Gulf, UAE relies completely on trading, foreign direct
investments and the presence of foreigners in the country, which constitute about ninety percent
of the total population. Hitherto, the Legal structures of the UAE are albeit desirable to compare
with the West. The United Arab Emirates, as a developing country has been experiencing
cybercrime even more rapidly in the recent years. The overall Internet penetration as well as the
use of cyber-based systems in Critical Infrastructure is growing with a never seen pace in the
country just as in the rest of the world. The UAE was the first country in the Middle East to
implement its first cyber law in 2006, with 29 Articles. However, the law was repealed six years
later because of its ineffectiveness; some Articles needed to be clarified and offer more
specificity regarding the crimes they addressed. Hitherto, the UAE has emerged to be on the
forefront of many technological advances in the recent past. However, in the case of
technological advances security advances must follow or the whole state becomes vulnerable. In
the modern world there are several options for a state that wants to improve its cyber-security,
co-operating with various international agencies. This research paper will consist of an overview
of the existing cyber laws in the United Arab Emirates (UAE). Albeit, we have included a brief
explanation of each law by giving relevant examples; sensational cases of cybercrimes along
with the illustration of how the existence of cyber laws or their lack affected the prosecution of
the individuals in question is also mentioned in this section. On occasions of cases where
prosecution was difficult, a preview is provided of how the scenario would have been had there
been proper laws put in to deal with such cases. In continuation of that is a comparative study of
these laws and the laws present in technologically well developed nations such as the USA, UK,
and other nations. There is a special focus particularly on England since it is one of the first
countries to implement cyber laws in response to cybercrimes. Finally, suggestive steps have
been included which can considerably improve the control of cybercrimes, especially in fast-
developing regions like the UAE. The country has long been rather passive when it comes to
international cooperation in security. The main driving force of the research is the constantly
growing importance of cyber security all around the world, and especially in the UAE.

Our intention is to furnish adequate information to the audience of primarily the classifications of
legal prototypes, followed by a genuine comparison about the intricate details and lastly a few

1
important case studies related to the legalities of Cyber Law, which adduced the impact of legal
mechanisms in the UAE. Research plan constitutes with a rudimentary introduction to the base
constitutions, Hierarchy of Courts, Court Jurisdictions, Rights and duties of the judiciaries,
followed by the appellate law, modes of comparison and a final ting of colour to the individual
case studies, hopefully encapsulating an evinced yet profound document alluding comparison to
the Cyber ideologue. A disclaimer for the audience though; our exceptional research is
eschewed from quixotic principles which might have formed emphasis to the UAE or the
intellectual transfer of cyber ethics or vice versa. Neither this paper encompasses the reasons of
evolutions of these systems, nor is it a Magna-carta on this topic. It is merely a research
summarized to hearken the reader of base information of the Cyber Laws of the Emirates.

This diligent research is outsourced from any form of anachronistic ideas, adduced to any
further form or development of this topic. Due to the lack of publications from the UAE side on
this topic, our sources are best cited from the internet and practical Legal documents, which have
been released to us on a permission basis. We acknowledge the permissions granted to us by Mr.
Mohammed Imran Uddin of the Rochester Institute of Technology (RIT), to use materials from
his dissertation for this project. Finally, the individual research through enormous brainstorming
led to title our research work as “THE CYBER LAW OF THE UNITED ARAB
EMIRATES”. We sincerely hope the audience of this term paper finds it compelling to the core
and advise us to establish coherent facts, in order to conduct further research on this topic.

Whatever good is found in it is from the Merciful Grants of Almighty Allah Taa’laa, and
whatever frailties might be found in this research are due to our naiveté of this subject. We
Request the pleasures of Allah and we pray that Almighty Allah accepts this genuine research.

2
 TABLE OF CONTENTS

PREFACE..............................................................................................................1

CHAPTER ONE: THE CLASSIFICATION OF THE UAE LEGAL SYSTEM. 1

CHAPTER TWO: CYBER LAWS & REGULATIONS OF THE UAE

………………………………………………………………………...6

CHAPTER THREE: LEGAL PUNISHMENTS FOR CYBER CRIMES…........11

CHAPTER FOUR: CONCLUSION.....................................................................…….20

BIBLIOGRAPHY.................................................................................................21

3
List of Figures

Figure 1: UAE’s Internet Usage…………………………………………………………….15

Figure 2: NESA escalation of compliance…………………………………………………..18
Figure 3: The UAE’s National Cyber Security Strategy .......................................................19
Figure 4-Comparison of the UAE Cyber Laws with other developed
countries..................................................................................................................................19
Figure 5-Dubai Cyber Strategy...............................................................................................26
Figure 6- Dubai Cyber Security System
.................................................................................................................................................27
Figure 7 Articles on Cyber Crimes..........................................................................................29

4
List of Abbreviations

aeCERT: The Computer Emergency Response Team

C: C programming language file
CI: Critical Infrastructure
DPI: Deep Packet Inspection
GDP: Gross Domestic Product
GTM: Grounded Theory Method
GZ/SIT: Compressed file archive created by GZIP
IMF: International Monetary Fund
IT: Information Technology
NBS: National Bureau of Statistics of the United Arab Emirates
PL: PERL source code file
SH: UNIX shell script
TRA: Telecommunication Regulatory Authority
TXT: Text file
UAE: The State of the United Arab Emirates
ZIP: Compressed file archive created by PKZIP

5
CHAPTER ONE: THE CLASSIFICATION OF THE UAE LEGAL SYSTEM

1.1 Background

The country under discussion is the United Arab Emirates, which belongs to the MENA Region
and is an integral part of the “Jaziratul Arab (the Arabian Peninsula)”. Since prehistoric times
the Arabs were globally recognized for their hospitality, generosity and tradesman ship.
According to the notable biographer of the Holy Prophet (‫لم‬---‫ه وس‬---‫لى هللا علي‬---‫)ص‬, Shaykh
Mubarakpuri, who in his treatise, ‘Ar Raheeqal Makhtum’ strongly suggests, that Islam was
bestowed primarily upon the Arabs because of these three components of the Arab attitude. In
this regard, the Arabs since the time of Prophet Muhammad (‫لم‬--‫ه وس‬--‫)صلى هللا علي‬, became the
pioneer flag bearers of this religion of Islamic monotheism, disseminating the word of the
Almighty, throughout the then existent world including Persia, India, Europe, China, the Far
East, North Africa and the Caucasus. Until the mid of the Abbasid dynasty the Arabs were
experiencing the zenith of their realm in the Muslim World. Shortly after the demise of Mamoon
Ar-Rasheed, a decline amongst the Arabs was commonly observed. This downfall led to the
demise of the quest of knowledge amongst Arabs defaming them from a mighty super power into
a destitute nation as in the Pre Islamic times. Until a massive fighting broke off between dis
membered Arab states for more than three centuries.

In the early 18th century the arrival for the Portuguese at the coast of the Ras Al Khaimah,
located in the East of Arabian Peninsula, marked the beginning of colonization in this region.
Since the demise of the Abbasid caliphate there had been no objection to the authority of the
Ottomans, but now the colonizing forces realizing the grudge of the local tribal chiefs, started to
make friends with the locals. It was this breakthrough that the majority of Arabs were waiting
for. By the turn of the eighteenth century the colonial powers, representing Portugal, Spain,
Holland, France and Britain mobilized and marshaled their troops, resources and influences to
establish rule in most of the Muslim lands. Although most of these powers were driven out by
the local tribes, the Englishmen remained an exception. The British turned out to be more
cunning than their contemporaries, as they were the cleverest amongst all; they realized the
psychological wound of the Arabs quite clearly, resulting in the methodical policy being devised.
Instead of applying the divide and rule policy, as in the case of British India, a precisely
unorthodox approach was adopted by the British to deal with the Arabs of the Arabian Peninsula;
that is “I scratch your back and you scratch mine”. Hence a treaty by the name of ‘the General
Maritime Treaty’ was signed later in 1822 with Britain, accepting a protectorate to keep the
Ottoman Turks out of the Arabian Peninsula.

On the eve of the suspension of the British mandate of the Arabian Gulf, the United Arab
Emirates came into existence at the stroke of midnight on 2 nd of December 1971 of the Common
Era. Seven independent States united to form a single state, known as the UAE. These partners
comprised of the Emirates of Abu Dhabi, Ajman, Dubai, Fujairah, Sharjah and Umm al Quwain.
Ras Al Khaimah joined in later in 1972 by institutionalizing the United Arab Emirates. 1 The
United Arab Emirates is also known as the UAE. UAE is located in the gulf region of the world.
1
Ibrahim Abed, Peter Hellyer. United Arab Emirates: A New Perspective. (Cape Town: Trident Press Ltd, 2001),
145.

6
Due to several tourist attractions in the country every year millions of tourists from all over the
world visit UAE with their families and this gives a boom to the business activities and thereby
necessitates development of the Information technology infrastructure in the country. In the
recent years, there has been such tremendous development in the UAE that it is now included in
the list of the most developed countries of the world. The United Arab Emirates is situated
strategically across the Straits of Hormuz from Iran. The country is among the richest countries
of the Middle East having a population of approximately 5 million which includes 78 per cent
immigrants. The immigrant population has increased with the progress taking place in the
UAEThe legal system of the United Arab Emirates is based on the Constitution of the United
Arab Emirates which came into promulgation on that same day; this system is comprehensive
and rather mixed in nature, as it has local and federal courts within a Supreme Court Based at
Abu Dhabi, the Capital of the UAE. 2. Top priorities for the ruling sheikhs include the source
power of the state, growth of the economy, and the Islamic integrity. The biggest, richest, and
politically most dominant of the 7 inherited sheikhdoms or emirates which include the UAE is
Abu Dhabi. Dubai is the 2nd major and most densely populated emirate. Dubai has developed
into an important city-state and has become a globalized economic hub.

Unlike the Islamic Republic of Pakistan, Malaysia and the Republic of Singapore, who share
Great Britain as a precursor alongside the UAE, as all of the former British colonies inherited
court systems adapted from the United Kingdom’s Common law, where court judgments are
regularly employed as legal precedents. On the contrary, the UAE court judgments don’t depend
that much on precedents, although sometimes the judgements of higher courts can be applied by
lower courts in similar cases, provided the ratio decidendi is based on the Shariah. 3 The Shariah
court system remains intact and law often becomes irresponsive to solutions provided by Civil,
Common Law jurisdictions. The UAE law is codified by Shariah.
Where legislative provisions do not cover a specific issue, the court will make a decision in
accordance with Shariah law. Islamic jurisprudence is widely used in the construction and
interpretation of the UAE law and it is the Prime source of Legal Methodology in this country.
Hence now we can explain the classification of Court types in the UAE:

1.2 The Supreme Court

The Supreme Court of the UAE is based at Abu Dhabi, the Capital and the richest Emirate in the
UAE. Although, the highest judicial instance in the UAE, the rulings of the Supreme Court often
do not apply to the seven Emirates, Dubai and Ras Al Khaimah, have their own local judicial
system. Article 96 of the UAE Constitution reads as follows:

“The Supreme Court of the Union shall consist of a President and a number of Judges, not
exceeding five in all, who shall be appointed by decree, issued by the President of the Union
after approval by the Supreme Council”.4

The constitution also divides courts into two types, namely the federal and the local courts. The
president and the members of the Supreme Court can by no means be removed from their
2
Viktor Gorgennder. A Strategic Analysis of the Construction Industry in the United Arab Emirates: Opportunities
and Threats in the Construction Business. (Hamburg: Diplomica Verlag, 2011), 54.
3
Michael Grose, Construction Law in the United Arab Emirates and the Gulf, (New York City: John Wiley & Sons,
2016), 9.
4
Ann Griffiths, Handbook of Federal Countries, (Kingston: McGill-Queen's Press - MQUP, 2005), 363.

7
offices, except in the following cases: Death, resignation, completion of term or postponement,
retirement, permanent disability that prevent a judge from undertaking their duties, disciplinary
discharge and finally “appointment to other offices, with their agreement”. Any court has it
jurisdiction, the judgments of the UAE Supreme Court cover matters like Miscellaneous disputes
raising between the Member Emirates, law constitutionality, constitution interpretation,
interrogation of senior officials of the Union like Ministers, crimes threatening affecting the
interests of the Union.

Article 101 of the Emirati Constitution stipulates:

“The judgements of the Supreme Court of the Union shall be final and binding upon all.”5
The first President of the Union Supreme Court of the United Arab Emirates is H.E Judge Dr.
Abdul Wahab Abdul (incumbent). 6

1.3 Federal Courts (‫)المحاكم االتحادية‬

As their names suggests, Federal Courts are competent to consider all cases arising within the
UAE territory, like disputes, domiciliary, transactions, etc. "Furthermore, UAE courts have a
kind of “emergency jurisdiction,” whereby a UAE court can determine preliminary applications
for attachment of a defendant’s assets as well as urgent applications, even where the court would
otherwise lack jurisdiction" . Cases are commenced in Federal Courts when the complaint is filed
with the Reconciliation and Settlement Committee. “The relevant reconciliation committee will
attempt reconciliation, and refer complaints to the court only after resolution efforts have failed.”

1.4 Local Courts

Local courts (First Instance Court) in the UAE basically consider “cases, authentications and all
urgent matters related to disputes among the people as well as the safeguard of their rights,
security and safety. It also undertakes forcible judicial execution for execution deed stipulated by
law, as well as executions by deputation or reference”.7

1.5 The Shariah Courts (Mahakamaat)

Shariah Courts (commonly referred to as Mahakamah tush Shariah) focus on civil disputes in
which the parties are Muslims. They depend on the juristic provisions provided for in the Quran
and in the Hadeeth to render decisions.
“The Shariah Court may, at the Federal level only (which, as mentioned earlier, excludes Dubai
and Ras Al Khaimah), also hear appeals of certain criminal cases including rape, robbery,
driving under the influence of alcohol and related crimes, which were originally tried in lower
criminal courts." 8

1.6 Civil Courts of the United Arab Emirates

The jurisdiction of civil courts is generic as they can consider urgent cases and petitions of all
types, including petitions of attachments, orders of payment and complaints. A civil Court also
5
IBP Incorporated, United Arab Emirates Country Study Guide Volume 1 Strategic Information and Developments,
(Dakota Dunes: Int'l Business Publications, 2013), 64.
6
B. Hunter, The Statesman's Year Book: 1992-93, (Berlin: Springer, 2016), 1148.
7
The first Instance Courts of the UAE.
8
IBP Incorporated, UAE Insolvency (Bankruptcy) Laws and Regulations Handbook - Strategic Information and
Basic Laws, (Washington DC: Int'l Business Publications, 2014), 47.

8
"deals with financial and corporeal rights and legal positions meant to protect by virtue of it, it
does not includes commercial, realty, labor, personal status or endowment or inheritance cases".9

1.7 Common Law Courts

The United Arab Emirates, did implement a policy of accommodating all forms of Laws
in the Country. Hence the Common Law realm also got accommodated. There are
various types of the Common Law courts.

i. Dubai International Financial Center Courts (DIFC)

The DIFC Courts are an independent English language common law judiciary, with jurisdiction
governing civil and commercial disputes nationally, regionally and worldwide. The Courts began
operations in 2006.
Originally, the jurisdiction of the DIFC Courts was limited to the geographical area of
the DIFC. In October 2011, the signing of Dubai Law No 16. , allowed the DIFC Courts to hear
any local or international cases and to resolve commercial disputes with the consent of all
parties. The DIFC has now transformed into the greatest financial hub in Asia, where the DFM is
also located. Shares trading have enormously resulted in a phenomenal growth of the overall
market, tantamount to make UAE the most favored place for investments.

ii. Abu Dhabi Global Market Courts (ADGM)

Established in accordance with Abu Dhabi Law No (4) of 2013, ADGM Courts are broadly
modelled on the English judicial system. The common law of England, including the principles
and rules of Equity, apply and form part of the law of the Abu Dhabi Global Market. The
Regulations for ADGM Courts were also drawn from Scots and Australian Federal law and have
been tailored specifically to meet the requirements of ADGM Courts. The direct application
of English law makes ADGM the first jurisdiction in the Middle East to adopt a similar approach
to that of Singapore and Hong Kong.10

Neither DIFC nor ADGM courts have jurisdiction in criminal matters.

iii. Dubai Court System & Ras Al Khaimah Court System

Dubai and Ras Al Khaimah have two independent legal systems. For instance, Dubai’s court
system three stages: The Court of First Instance, the Court of Appeal, and the Court of Cassation.
Generally speaking, Dubai and Ras Al Khaimah courts consider local disputes concerning
property and domestic disputes. However, it can also enforce foreign judgments, arbitration
awards, and awards from other tribunals such as the dispute resolution bodies within the Free
Zones & Special Economic Zones. The legal systems of the two emirates are different from one
another at several levels, but there is at least one important similarity which that of being
independent from the federal system, and from the authority of the federal Supreme Court.

iv. The Dubai Rental Disputes Center (RDC)

9
“Dubai Court System”, e-services, https://www.dc.gov.ae/PublicServices/MainFlow.CMSPage. (accessed 16 April,
2018).
10
Abu Dhabi Global Markets Court. https://www.adgm.com/doing-business/adgm-courts/adgm-legal-
framework/adgm-courts-legal-framework/ (accessed 16 April, 2018).

9
Established pursuant to Local Decree No.26 of 2013, the RDC has almost exclusive jurisdiction
to settle disputes arising between landlords and tenants in Dubai, as per Dubai Law No.26 of
2007 Regulating Relationship between Landlords and Tenants in the Emirate of Dubai.
Alternative Dispute Resolution (ADR) is a penal court in the UAE, which precedes the RDC.
The Rental dispute center is one of the forerunners of the foreign Public interest in the UAE.

There are various Alternative Dispute Resolution (ADR) mechanisms available for

individuals and business in the UAE. All of these courts apply speedy recovery to the matter.
This expedition has been envisioned by the Vision of the Rulers of the United Arab Emirates,
who have left no stone unturned in helping both foreign and local Public alike.

1.8 Arbitration
Arbitration has long been recognized as a dispute resolution mechanism in the region, and one
that has been quoted in Islamic religious texts.[13] There have been numerous initiatives in the
UAE to build up a strong presence in international commercial arbitration, including the
codification of modern arbitration rules in federal and other laws.

i. Dubai International Arbitration Centre (DIAC)

First created in 1994 as the "Centre for Commercial Conciliation and Arbitration", the current
DIAC is non-profit institution located in the Dubai Chamber of Commerce & Industry (DCCI).

ii. The DIFC/LCIA Arbitration Centre

A joint venture between the Dubai International Financial Centre (DIFC) and the London Court
of International Arbitration (LCIA) came into existence as the DIFC. The arbitration rules for the
Center are closely modeled on the LCIA’s own rules with some modifications.

iii. The International Islamic Centre for Reconciliation and Arbitration (IICRA)
IICRA is an international, independent, non-profit organization supporting the Islamic finance
industry. The center settles all financial and commercial disputes that arise between financial or
business institutions that choose to apply the provisions of Islamic law, Sharia principles, in
resolving disputes that arise between these institutions and their clients or between them and
third parties through reconciliation or arbitration.

1.9 Mediation Courts

i. Employment disputes
Under the UAE Federal Labor Law, all unresolved employment disputes must be lodged
first at the Ministry of Labor office where a settlement is negotiated between employers
and workers. If the negotiations fail, either party may take up the matter at court. Since
there are no trade unions in the UAE, collective disputes are handled by a special
committee composed of the Minister of Labor, a Supreme Court Judge, and one expert.
In Dubai, individuals can also refer to a similar service provided by the General
Directorate of Residency and Foreigners Affairs as a first step before going to court. In
2015, a new department dedicated to resolving disputes between domestic helpers and

10
 sponsors has opened at the General Directorate of Residency and Foreigners Affairs
(GDRFA) branch in Al Aweer.11 The department, a sub-branch of the Follow up on
Illegals and Foreigners Sector, handles complaints from domestic helpers in Dubai.
In Dubai, the General Department of Human Rights at Dubai Police receives
individual and collective complaints filed by workers against their employers. Complaints would
be related to living conditions, wages, and security and safety of labor accommodations and this
service is accessible online.
As to civil servants in Dubai, employment complaints can be filed at the office of the Ruler
of Dubai, which will attempt to find an agreement between the two parties. If it fails, it will issue
the employee a letter addressed to the Dubai courts regarding the complaint.  In 2015, the Crown
Prince of Dubai approved the establishment of the Dubai government staff central grievances
committee. Members of the committee include a representative from the General Secretariat of
the Executive Council of the Emirate of Dubai, the higher legislation committee and the
department of human resources.
ii. The Dubai Courts Centre for Amicable Dispute Resolution
Disputes that fall under the jurisdiction of the Centre are not registered at the courts unless they
are submitted first and a referral is issued. Claims are handled by experienced mediators under
the supervision of a judge.  Once a settlement is reached, the legally enforceable agreement will
be signed by the parties and attested by a judge.
iii. The Family Guidance Department
The Family Guidance Department forms an essential part of the family court. All divorce
applications are handled first through the department where experienced mediators work to
resolve the issues between couples and family members.
iv. The Commercial Compliance and Consumer Protection (CCCP)
CCCP is part of Dubai's Department of Economic Development. Consumers can approach CCCP
by phone, email or fax to lodge their complaints (and soon through dedicated counters at all
retail outlets). Upon receiving a complaint, CCCP will contact each person involved to try and
find a satisfactory resolution. The aim is to resolve most complaints within 30 days.
v. The Dubai Chamber of Commerce
Mediation is one of the legal services provided by the Chamber. The value of mediation cases
which were settled by the chamber during 2015 reached Dh18.3 million ($4.9 millions). The first
mediation smart app in the Middle East was announced in 2015.[22]
vi. Mediation at the DIFC Courts
The Small Claims Tribunal (SCT) of the DIFC Courts, features a formal session of mediation as
part of its procedure. Approximately 90% of applications before the SCT settle at the
“consultation” phase which is a mandatory court–guided mediation session. Only if the parties
are unable to reach a settlement will a judge of the DIFC Courts go on to hold a hearing and
deliver a Court judgment. SCT proceedings are confidential and parties are not normally legally
represented.

CHAPTER TWO: CYBER LAWS & REGULATIONS OF THE UAE

11
Al-Aweer or Al-Awir is a an outskirt district of Dubai, located towards the Hatta mountain plateau.

11
2.1 Background and Problem Definition:

The UAE is one of the emerging economies of the world, and there is an urgent need to have
cyber-security measures implemented in the country. This study will help us to understand the
present cybercrime status in the United Arab Emirates, the cyber security measures taken to
control them and the further improvements required in the cyber security in the international
domain. Even though the western world is contributing towards developing the cyber security in
the UAE still UAE is fairly a young and fast growing economy which is presently in its way of
upgrading its cybercrime laws to protect the interests of the people and also of the companies.
This study will prove to be significant to understand the present cyber security measures that are
being adopted by UAE and understanding the up gradation of the cyber security measures
required in United Arab Emirates. The objectives of my research include determining various
patterns of Cyber-attacks in the United Arab Emirates. The research aims to unravel the different
variables involved directly or indirectly with such crimes in the country. The identification of the
effects and counter effects posed by each variable will lead to the finding of their individual roles
in the cybercrime events. The research shall prove fruitful in consolidating the study of patterns
of attacks since one of the major questions tried to be answered is the relation between
occurrence of cyber-attacks and holidays in the UAE (TRA. gov. ae., 2010). Yet another
objective of the present study is formulated in a way to study the outcome of cyber-attacks on
political and Military arenas in the country. Overall, this is a very comprehensive research work
that shall prove to be a valuable source of learning about cyber-attacks and different measures
implemented by the Government of UAE in order to control them in the country. This study will
also be helpful to identify the different variables which can be used to anticipate future cyber-
attacks in the country. So, the results of this research shall contribute towards the efforts in
controlling the cybercrime activity in the United Arab Emirates.

2.2 The Evaluation of Computers in the UAE

The economy of the UAE has developed at a rapid rate in the recent years and one of the
consequences has been an increase on internet penetration and increasing dependence of critical
infrastructure on advanced electronic systems which could be vulnerable to cyber-attacks.
Contrary to popular belief, the economy of the UAE is not anymore overwhelmingly oil- based.
With the passage of time use of information and technology has also increased in the country
than previously. It became the responsibility of the UAE Government to safeguard the interests
of the foreign investors. One of the major threats to the foreign investors was the large numbers
of cyber-attacks launched by the hackers on the systems and servers of the companies and it cost
loss of millions of dollars to the foreign companies as they always lost something important as a
result of these cyber-attacks (Khaleejtimes.com)12

Cyber Crime A crime committed or facilitated via the Internet is a Cybercrime. It is any criminal
activity involving computers and networks. Cybercrime fraud can range from illegitimate emails
12
http://www.khaleejtimes.com/nation/general/uae-major-target-for-cyber-criminals

12
to theft of government information or corporate sensitive data through remote devices around the
world. Cyber-crime is not only hacking into others system or stealing millions from bank transfer
but also downloading pirated or other illegal music files. 22 Cybercrime is also defined as non-
money offenses like developing and spreading virus on other systems and posting confidential
information on social media.

2.3 The Purpose and Definition of Cyber Security

The definition of cybercrime given by Babu & Parishat in 2009 ; An illegal act where computer
systems are used against a person, his property or the state to commit a cybercrime (Wiesen,
2012).13 Sukhai reported in 2004 that 60% of cyber-attacks are not even detected and out of the
ones which are; only a paltry 15% are brought to the attention of the governing authorities
(Townson, 2006). There is no doubt that cybercrime is one of the most rapidly accelerating kinds
of crime today. An increasing number of felons are making good use of the easiness, quickness
and inconspicuousness offered by advanced technologies of the 21st century to indulge in a wide
range of unlawful activities most of which consist of attacks on systems and data, stealing
identities, the circulation of pictures pertaining to child sexual abuse, fraud involving online
auctions, misusing financial services available on the internet, spreading viruses, botnets and
numerous scams operated through electronic mail, of which phishing is a prime example (Julia,
2012).14 Every country in the world needs to constantly modify its local offline controls in order
to be well equipped to combat cybercrimes as the internet does not adhere to geographical
boundaries and allows wrongdoers to carry out unlawful activities worldwide (Townson, 2006).
One of the most potent threats to national and international security lies in the use of the internet
by extremists specially to spread fundamentalism and to attract more people. (Lunjevich, 2010).15

2.4 Evolution of Cyber Laws in UAE

The UAE has the most detailed and comprehensive cyber-crime law in the Arabian Gulf and
wider Middle East. The UAE-Law No. 5 of 2012 concerns with the Combating of Information
Technology Crimes. Better known as the Cyber Crimes Law 2012, this law replaced the earlier
Cyber Crimes Law 2006. The Cyber Crimes Law 2012 provides for a range of new offences,
including offences intended to address the UAE’s obligations pursuant to international treaties.
Additionally, in 2006 cyber-criminal law declares high penalties to those who commit the
offense. The range of crimes committed by using the internet is codified by the first time along
with sentences for a fraudster found guilty. Punishable crimes are declared under the new law,
for promoting or publishing pornographic material or indecent act and gambling activities. To
protect the possible vulnerability these types of laws are implemented to manage to reduce the
risk of cybercrime which can easily take place in this advanced world of technology. Publishing
of others information and photos on internet and offences of violating others privacy by
eavesdropping and publishing the information using the social media all comes under the
cybercrime offences for which law is created and its sentence and punishment is declared. When
13
http://www.zawya.com/Story.cfm/sidZAWYA20100118085552/UAEToEstablishSpecialistCybercrimeCourts/
14
https://www2.cs.arizona.edu/~collberg/Teaching/466-566/2012/Resources/presentations/2012/reports.pdf
15
http://www.cybercrimejournal.com/ibrahimmarcusdec2009.htm

13
talking about the positive points of the cybercrime law of the United Arab Emirates, the local
government specifically the Telecommunications Regulatory Authority (TRA) realizes the need
for such law and how it is important to stay up-to-date in the world of Cyber Crime. Since the
legal framework of the law covers a good number of different crimes categories such as Human
Trafficking, Data Forgery of prohibitive data, and unauthorized use and interception of computer
services. It includes penalties for imprisonment for a term which may extend to ten years and a
fine up to 200,000 AED. The Act also stresses the respect for religion and the Islamic identity of
the state and respect for other religions as a total of 202 different nationalities exist in the UAE
labour market according to the Under- Secretary of the Ministry of Labor {khaleejtimes.com
2006). Dwyer (2010)16 supports the idea that with the increase in cyber-attacks and the motives
behind them, governments should be more encouraged to avoid letting the crimes divert their
attention from the Cyber Crimes. Moreover, the local government has created a Computer
Emergency Response Team (aeCERT) with a dictated website to provide awareness,
information, advice, and receive problem alerts from users, as well as has created Cyber Crime
Courts to deal with the jump in the computer-related crimes {UAEinteract.com, 2007)17

Carrying out electronic businesses in a well-defined legal structure will definitely contribute
positively to the nation's economy and even create more opportunities to the businesses
themselves (Robertetal.; 2010)18

UAE government has legalized entities to process the cyber security legal Frame Works. The
entities are,

2.5 UAE Telecommunications Regulatory Authority (TRA)19

They send government authorities policies to follow, and security rating, they are one step above
the ISP (Etisalat/Du) Cabinet Resolution No. (42/23) of 2008 Session No. (3), Regarding the
Abolition of the Supreme Committee for the Supervision of the Telecommunication Sector and
delegating its functions to the Board of Directors of the Telecommunications Regulatory
Authority (TRA). http://www.tra.gov.ae. Etisalat was formed in 1972; a year after the Union
came into existence; whereas, DU came into creation on the 16 th of December 2006. Both
Companies form a cent percent Legal monopoly of the Sheikhdoms. Figuew 3 will explain the
details of the telecommunications usage in the UAE.

16
http://www.independent.ie/irish-news/cyber-attacks-are-like-biological-warfare-and-our-government-mustshow-
leadership-security-expert-35715467.html
17
http://www.uaeinteract.com/uaeint_misc/pdf_2007/English_2007/eyb6.pdf
18
Robert,E.,Okonigene & Bola, Adekanle. (2010) Cybercrime in Nigeria. Business Intelligence Journal.
19
https://www.tra.gov.ae/en/about-tra.aspx

14
 Figure 1-UAE’s Internet Usage

2.6 UAE aeCERT The UAE CERT (Computer Emergency Response Teams)

The UAE CERT20 (Computer Emergency Response Teams) was established under the
supervision of TRA of UAE to help the Government Sectors and Educational sectors for cyber
security information sharing and improving the overall Cyber Security condition in the country.
They are first institution to report the Cyber Incidents and they follow proactive approach to
protect the systems, they collaborate with different government and law enforcement agencies to
design policies and methodologies to counter the Cyber Threats. aeCERT collaborates and shares
data with other countries CERTS around the globe, which provides opportunities for researchers
to improve the posture of Information Security

20
https://www.tra.gov.ae/aecert/en/home.aspx

15
2.7 Standard Information Security Policy (SISP21)

It is defined as a set of standards, guidelines and procedures that specify in more or less detail
the expectations in regard to the appropriate use of information and/or information assets and
network infrastructure. SISP is a policy approved and supported by the senior management. The
intentions for publishing an Information Security Policy are not to impose restrictions that are
contrary to the organization’s established culture of openness, trust and integrity, however, it is
the Information Security Department’s commitment to protect the organization and its users from
illegal or damaging actions by individuals, either intentionally or unintentionally.
Internet/Intranet/Extranet-related systems, including but not limited to computer equipment,
software, operating systems, applications, data storage media, network accounts providing
electronic mail, Internet browsing, and FTP, are the property of the organization. These systems
are to be used for business purposes in serving the interests of the organization, and of our users
in the course of their normal business operations. Effective security is a team effort involving the
participation and support of every employee in the organization and affiliate who deals with
information and/or information systems. It is the responsibility of every user using the
organization’s resources to know these standards, guidelines and procedures and conduct their
activities in compliance to this policy. The SISP contains and is not limited to the following sub
policies to be adhered by all users:

• Anti-Virus Policy
• Password Management Policy
• E-mail Usage Policy
• Information Handling and Classification Policy
• Encryption Policy
• Desktop & Laptop Usage Policy
• Software Compliance Policy
• Backup and Restoration Policy
• Remote Access Policy
• Wireless Communication Policy
• Mobile Phone Policy
• Disposable of Media Policy
• Visitor Premises Policy
• Physical Access for Data Centre Policy
• Patch Management Policy
• Physical Access for Operation Centre Policy
• Change Management Policy
• User Access Management Policy
• Information Security and Business Continuity Incident Management Policy
• Acceptable Use of IT Equipment Policy
• Clear Desk and Clear Screen Policy
• Data Centre Document Management Policy
• Log Management Policy

21
European, Mediterranean & Middle Eastern Conference on Information Systems 2010 (EMCIS2010) April 12-13
2010, Abu Dhabi, UAE https://www.academia.edu/RegisterToDownload#ChooseAccountChecklists

16
 • Physical Access for organization office Policy Adapting these policies will assist in complying
with Information Security Management standard (ISO 27001:2005) and Business Continuity (BS
25999-2:2007)

2.8 NESA (National Electronic Security Authority)22

The UAE's National Electronic Security Authority (NESA), the federal body set up to oversee
the country's cyberspace, On June 25th 2014 announced the publication of a range of strategies,
policies and standards to "align and direct national cyber-security efforts". His Highness Sheikh
Khalifa bin Zayed Al Nahyan, President of the UAE and Ruler of Abu Dhabi, established NESA
through Decree No. 3 of 2012. The National Electronic Security Authority (NESA) is a UAE
federal authority responsible for the advancement of the nation’s cybersecurity, expanding cyber
education and creating a collaborative culture rooted in information technology and innovation.
NESA is committed to protecting our nation’s infrastructure from all cyber threats, utilizing the
latest innovative technologies and setting cybersecurity strategies and policies. 

NESA’s mandate is to create a Cyber Secure environment that enables the unimpeded progress
of the UAE by Develop national cybersecurity standards, policies and regulations and oversee
their development, implementation and monitor compliance. 

NESA is looking for talented Emiratis willing to support this mission. Applicants must be
ambitious and determined individuals who have an aptitude for working collaboratively with
team members as well as a desire to serve their country.

Escalation of
Impact
Compliance Process

Maturity-based self-assessment by stakeholders in line with mandatory

Reporting
vs. voluntary requirement

When appropriate, NESA can audit stakeholders by requesting specific

Auditing
evidence in support of self-assessment report

When appropriate, NESA can commission tests of information security

Testing
measures in place at stakeholders

National Security In extreme cases, NESA should be able to directly intervene when an

Intervention entity’s activities are leading to unacceptable national security risks

Figure 2: NESA escalation of compliance

22
https://www.mwrinfosecurity.com/our-thinking/nesa-the-new-standard-of-information-security-in-the-uae/

17
 Figure 3: The UAE’s National Cyber Security Strategy23

2.9 DUBAI ISR Information Security Regulation (ISR)24 standards

ISR standards from Dubai Smart Government mandates government entities in Dubai to
implement requirements and controls stated in the standard to ensure appropriate level of
confidentiality, integrity, and availability of information assets. By complying with ISR standard,
organizations can ensure the following: Protection of information assets Compliance with local
regulations Effective mitigation of information security risks Raising information security
awareness Mandatory for Dubai governments Close alignment with ISO/IEC 27001 Dubai Smart
Government has issued an implementation plan that was planned to end in December 2015.

2.10 Abu Dhabi (ADSIC25)

Information Security Standards of Abu Dhabi Government Version 2.0, January 2013 The
Control Standards contained within this document provide an expression of the Information
Security expectations that the government has upon Entities and business partners handling
classified government data. The control standards manifest in twelve fields of information
security which are mutual and interrelated. The second version aims to enhance information
security and its consistence across governmental organizations of Abu Dhabi. This programed
has already started and is planned to go into 2016 Part of this program is regular feedback from

23
http://www.innovationandtech.ae/cybersecurity-mobility-age/
24
http://isc.dubai.gov.ae/en/Pages/default.aspx,
25
https://www.abudhabi.ae/cs/groups/public/documents/attachment/mtmz/njg0/~edisp/adsic_nd_133684_en.pdf

18
entities to ADSIC to measure their progress. ISO/IEC 27001:2013 Information Security
Management System

2.11 A brief Comparison of the UAE with other Developed Countries

Figure 4-Comparison of the UAE Cyber Laws with other developed countries

CHAPTER THREE: LEGAL PUNISHMENTS FOR CYBER CRIMES

3.1 Cyber Crime Threats in UAE

19
The Computer Emergency Readiness Team (aeCERT)26 of Telecommunications Regulatory
Authority (TRA) successfully foiled 1,054 cyber-attacks in 2016. Mohammed Al Zarooni has
stated that the cyber-attacks are mainly targeted upon the government websites. The attack
involves fraud, deception, hacking, denial of service and other threats like document theft as
mentioned by the director of TRA’s policy department to Emirates News. He noted that private
companies were the most vulnerable to such attacks registering 510 attacks targeted at them
followed by 463 against government entities 27. aeCERT conducts several workshops under the
aegis of its Advisory, Education and Awareness program services. These workshops emphasize
its role in spreading information security awareness across the corporate levels and the role of
the employees in protecting their organization. The workshops under the information security
awareness campaign cover a wide range of topics, including social media, social engineering,
email security and computer protection. The government sector experienced phishing, fraud, web
defacement, malicious code, unauthorized access, scans, theft of credentials and others while the
private sector experienced phishing, fraud, malicious code, inappropriate content, and denial of
service. As a Cyber security, Coordination centre, aeCERT aims to improve the UAE’s overall
cyber security conditions by coordinating the exchange of cyber information and copes with the
cyber risks faced by the UAE. aeCERT also enlightens the UAE government and its educational
sectors regarding information security. It collaborates with different sectors of the government to
design policies and methodologies to counter cyber threats. Organization should monitor the
employees’ internet browsing activity which will reflect on the company’s growth and
productivity If the organization fails to monitor the user activity of the employees, and then they
would not know where they are investing their time whether in business or for personal activity.

3.2 UAE Cybersecurity Laws28

 Cyber Crimes Laws: President His Highness Shaikh Khalifa Bin Zayed Al Nahyan issued
Federal Law No. 5 of 2012 (“New Cyber Crime Law") a comprehensive piece of
legislation on combating cybercrimes. Issued on 25 Ramadan 1433 AH, Corresponding
to 13 August 2012 AD, ON COMBATING CYBERCRIMES Abrogating: Federal law
no.2/2006 dated 3/1/2006 AD

Federal Law no. 5. Of 2012 have broadened the range of offences, definition of privacy
violation and monetary penalties.

• Offenses: Any unauthorized access to the information or to the electronic sites is strictly
charged under liability standard.

26
http://www.emirates247.com/crime/local/tra-foiled-more-than-1000-cyber-attacks-last-year-2017- 03-16-
1.649766
27
http://gulfbusiness.com/uaes-telecoms-regulator-says-1054-cyber-attacks-foiled-2016/
28
http://ejustice.gov.ae/downloads/latest_laws/cybercrimes_5_2012_en.pdf

20
• Penalties: Disclosure or access to sensitive information shall raise the penalty and most of the
violation crimes are entitled to deportation or imprisonment.
• Limitation on data protection law for comprehensive data.
• Information and policy related to internet regulation, information technology and another
overseas telecommunication.
• Those caught gaining access to a website, network or system without authorization are to
be imprisoned and fined at least Dh50,000, but fines can go as high as Dh1 million if
personal information is stolen or deleted.
• Additionally, the law stipulates various penalties for a number of other cybercrimes,
including insulting religions and their rituals, slandering public officials, forging
electronic official documents, sending or re-publishing pornographic materials,
reproducing credit or debit card data, and obtaining secret pin codes or passwords.
• The UAE has clear - and strict - laws with 51 Articles against cybercrimes, with various
penalties that can include lengthy prison terms and fines of up to AED 3 million.
• All 51 Articles mentioned in the Appendix 1 on Page :84.

3.3 UAE tightens cyber-crime laws

UAE President Sheikh Khalifa bin Zayed Al Nahyan has issued a federal decree to replace
articles of the country’s 2012 law for combatting IT and cyber crimes, according to state news
agency WAM.
Under the amendments, article 26 of the law will see those who establish or manage websites or
means to networks for terrorist and associated groups or other illegal bodies to attract members,
promote, fund or favor their ideas punished with between 10 and 25 years in jail and a fine of
between Dhs2m ($544,510) and Dhs4m ($1.089m).
In addition those found to have rebroadcast or published any contents of sites associated with
these activities, which include instructions on how to build explosives or other tools and hate
incitement, will face up to five years in prison and a fine of Dhs500,000 ($136,128).
Other punishments will include a period of probation involving electronic monitoring or a ban
from information technology in lieu of the maximum prison sentence.
Furthermore, article 28 of the law will include a provision stating applying to anyone who
establishes, manages or supervises websites or uses information on the internet or an IT device
for the purpose of “inciting acts, publishing or broadcasting information, news or cartoons or any
other images that would endanger the security of the state and its supreme interests, jeopardise
public order or attack judicial inspectors or any of those charged with implementing the
provisions of the law”.
They will face a Dhs1m ($272,255) fine and temporary imprisonment for an unspecified period.
While article 42 provides for the expulsion of any non-citizen who is convicted of any crime or
subject to a penalty in relation to any of the offences covered by the country’s IT laws after the
execution of the sentence.
“Any provision or provision contrary to the provisions of this decree-law shall be repealed and
published in the latest issue of the Official Gazette,” state news agency WAM said.

21
The UAE has very strict laws on activity carried out by individuals on the internet or in cyber
space.
In May of 2016, an Emirati man was sentenced to 10 years in jail along with a fine of Dhs1m
($272,265) after he was convicted of “insulting the UAE and its leaders” on social media.29

3.4 The State of Cybersecurity in the UAE

The counter risks many states have adopted cyber capability as an integral part of economic
development plans. The challenge for UAE is that has real and compounding intensity of risky
incursion to accessibility, integrity and resilience of its critical networking systems and
infrastructure. Threats to their sector are distinctly on a rise. To counter balance this vulnerability
UAE plans to launch a Military Cyber Command in Armed Forces Headquarters to run parallel
to National Security Authority(NESA).
In order to improve efficiency of cyber defense force UAE needs to compound its human capital.
This requires recruiting and hiring security professionals and training for cyber security sector.
National Cyber Security Alliance’s (NCSA) and Raytheon survey on cyber career interest and
the knowledge in educational preparedness. Schools sectors will not provide much awareness
about the cybercrime and activities or about the cyber career information and also they don’t
encourage developing the cyber skills, schools need to conduct seminars and arrange cyber
career awareness programs. Cyber defense is lacking due to insufficient cyber talent which is
considered as a gap in cyber knowledge. According to a research private sectors offer more cyber
security plan to government sector and leave the public sectors with insufficient manpower.

3.5 Cyber-wellness profile of UAE.

a) Cyber Security and legal measures. Following are the specific legislations on
cybercrime.
• Cyber-crime Decree No.5 of 2012 is introduced by the Federal Law.
• To prevent the technology crime federal law no.2 of 2006.
• Electronic commerce and transaction regulation related to legislation and cybersecurity
federal law no.1 of 2006 was introduced.

b) Technical Measures and Certifications. CIRT also known as aeCERT is a UAE official
recognized security standard. For implementing standard cyber security framework
internationally UAE doesn’t have recognized cybersecurity standards. UAE also doesn’t
have any cybersecurity framework certifications and accreditation of national agencies
and professionals.

c) Recommended Security measures for Organization sectors.

• Policy- Adopt the officially recognized policy of telecommunication sector. • Road-map –

According to the further study there is no cybersecurity for national governance There is need to
improve such kind of activities. • Responsible agency-TRA (Telecommunications Regulatory

29
http://gulfbusiness.com/uae-tightens-cyber-crime-laws/

22
Authority) is responsible for implementing security policies and the cybersecurity strategies
should improve security measures and perform penetrating testing.

d) Building the capacity, manpower development and certifications.

• Standardization- aeCERT is the only recognized and officially responsible body of research
and analysis of cyber security standards. • Manpower – Both recognized and standard TRA and
aeCERT launched an awareness program for safety of cyber security where aeCERT is also a
legal advisor of cybersecurity education and awareness. • Professional certifications –Database
which records all the public sector professionals under the aeCERT.

3.6 Child Online Protection.

• Rights- Article 12 .16,17(e) and 34(c) specifies the convention of child rights
• Institution support – there is no declaration and protection against the child online act, there is
no agency responsible for children online protection

3.7 Practical Approach

i. Building knowledge and promoting cybersecurity protection policies.

 Conducting awareness programs in universities with support from government.
 Certifying the programs.
 Information about economic potential for investing in the cyber security programs and
training.

ii. Professional training to promote competence

 Training for state personnel’s.
 Merging with professional certification
 Private sector security improvement.
 Professionalism in cybersecurity and knowledge framework.

iii. Capabilities and cybersecurity updates.

 Updating the security policies.
 Introducing a global and standard culture of cybersecurity.
 Collaborating with national CERTs to strengthen the cooperation.
 Developing capabilities and strategies for ICT capacity-building.

iv. Promoting the actual behavior of cybersecurity.

 Training programs to overcome the limitations.
 Preparing cybersecurity international legal framework.

3.8 KEEPING CHILDREN SAFE ONLINE: TIPS FOR PARENTS

23
An RIT study reveals that a high percentage of cybercrimes against children are committed by
other children. The perpetrator is also significantly more likely to be a fellow student than an
adult.
There are some basic steps parents can take to help protect their children against Internet
dangers. The Cyber Safety and Ethics Initiative offer the following tips for parents to help keep
their children safe online:

• Keep your computer in a common area of your home, such as the family room.
• Monitor your children's Internet habits and ask them to show you websites they visit.
• Talk to your children about cyber ethics. Remind them that bullying, cheating and illegally
downloading music, movies and software are wrong.
• Develop an "Internet usage contract" for your children and sign it.
• Review your children's instant messenger profiles and messages, in addition to their social
networking profiles on sites such as Facebook and Myspace. Periodically take a look at the
profiles of their friends as well.
• Set time limits on Internet usage.
• Know your children's friends — online as well as in person.
• Stress Internet "stranger danger."
• Do a Google search for your children's names to make sure that their personal information and
photos are not easily searchable on the Internet. The Cyber Safety and Ethics Initiative is a
partnership between Rochester Institute of Technology, more than 20 Rochester area district
school, Time Warner Cable, the National Centre for Missing and Exploited Children, the
Information Systems Security Association and InfraGard Member Alliance of Rochester, a
program of the Federal Bureau of Investigations.

3.6 Cyber safety

Under the Federal Law No. 5 of 2012 on Combatting Cybercrimes (PDF, 120 KB)   and its
amendment by Federal Law No. 12 of 2016, the UAE criminalises the use of the internet to
invade privacy of another person, the recording of audio or video conversation or
communication, photographing others or copying the same and publishing news, statements or
information. Violation of the law will be punishable with imprisonment and/or a fine between
AED 500,000 and AED 2,000,000.

Studies showed that cybercriminals often choose to operate in countries with weak or non-
existent cybercrime laws and within communities that lack awareness about the subject. Hence,
the UAE launched many initiatives to counter cybercrimes and raise people's awareness. One of
them is Salim.
 
Computer Emergency Response Team (aeCERT) of Telecommunication Regulatory
Authority aims to improve the standards of information security in the UAE and protect the IT
infrastructure from potential risks and violations. aeCERT aims to support and ensure a safer
cyber space for the UAE nationals and residents and disseminate information about threats,

24
vulnerabilities and cyber security incidents. Public may report any cyber security
incidents through aeCERT.
 
3.8 Salim

The UAE Computer Emergency Response Team (aeCERT) under Telecommunications

Regulatory Authority (TRA) jointly with Aqdar (Khalifa Empowerment Programme for
Students), launched the initiative Salim, your online cyber security advisor, with the slogan

'Towards a safe cyber culture'.

The initiative aims to spread a safe cyber culture by giving simple and easy-to-use tips and
advices. The goal of this initiative is to spread knowledge about cyber safety to the entire
community and have a generation that has integrated knowledge about information security and
is mindful when conducting activities online.

Salim will interact with various target audiences through awareness programs, such as
workshops, presentations and events at schools, universities and others

3.9 DUBAI CYBER SECURITY STRATEGY

Another vital develomentis Highness Sheikh Mohammed bin Rashid Al Maktoum, Vice
President and Prime Minister of the United Arab Emirates, and Ruler of Dubai, with the
attendance of His Highness Sheikh Hamdan bin Mohammed bin Rashid Al Maktoum, Crown
Prince of Dubai, and Chairman of the Executive Council, and His Highness Maktoum bin
Mohammed bin Rashid Al Maktoum, Deputy Ruler of Dubai, launched the "Dubai Cyber
Security Strategy" that aims to strengthen Dubai's position as a world leader in innovation,
safety and security.

His Highness called for unifying the efforts of governmental and private institutions and
individuals to provide a secure cyber space and to make Dubai the safest electronic city in the
world.

The plan focuses on five main domains; the first is the cyber smart nation which aims to raise
public awareness on the importance of cyber security, ensuring building a society that is fully
aware of the dangers of cybercrime, as well as developing the skills and capabilities required
to manage cyber security risks among government and private institutions and individuals in
Dubai.

The second domain is concerned with innovation in the field of cyber security, and the
establishment of a secure and safe cyberspace characterized by freedom and justice, so as it
encourages innovation in Dubai.

The objective of the third domain is to build a secure cyberspace "Cyber Security" by
establishing controls to protect the confidentiality, integrity, availability and privacy of data.

25
The fourth domain will focus on maintaining the flexibility of the cyberspace "Cyber
Resilience" and ensuring the continuity and availability of IT systems in cyberspace. These
objectives can only be achieved through the national and international collaboration among
different sectors, and thus, the fifth domain is concerned with this aspect.

The next phase will witness number of effective initiatives that will contribute to achieving the
strategy's objectives and providing a secure cyberspace for users, making Dubai's cyber
security experience a global model.30

Figure 5-Dubai Cyber Strategy

30
http://www.dubai.ae/en/Pages/DCSS.aspx

26
 Figure 6- Dubai Cyber Security System

CHAPTER FOUR: CONCLUSION

It is indeed amazing to witness the growth of a Muslim Country as a hub for technology. The
United Arab Emirates’ performance as a lead global giant in the field of Internet technology,

27
aviation hub and industrial gateway has enables itself to garner international reputation at all
levels. The advent of Cyber Space in the late 1990’s, evaded the resolve of the Government by
ensuring social freedom, albeit despotically. It is a sobering thought to consider the regularity
and scale of attacks on large corporations and governments in areas where cyber preparedness is
more mature than the MENA region. It is widely accepted among experts that systems can never
be 100 per cent secure, so it is often a question of 'when' rather than 'if' security is breached. The
legal ramifications of this are evident in numerous spheres.

The United States has another version of cyber security as in the case of Verizon's $4.8bn
acquisition of Yahoo Inc.'s core business illustrates this point. The deal could possibly collapse
or be substantially renegotiated due to the hacking of possibly more than a billion user accounts
– something that would be a seismic legal event. As often follows in the US, there is a class-
action lawsuit by Yahoo users seeking remedy for the breaches. The merger agreement's MAC
(material adverse change) clause may become especially relevant as lawyers address whether a
data breach on that scale has had such a serious impact on the value of the target that the buyer
can withdraw from or substantially renegotiate the deal.

Data security issues will become increasingly important areas of inquiry in the mergers and
acquisitions area for two distinct reasons. Firstly, acquirers want to know that what they are
buying doesn't come with hidden costs. Secondly, acquirers want to be sure that in acquiring a
company they aren't exposing their own systems to risks from the acquired company's systems.
For those governments and companies in the Middle East that are now beginning to take
cybersecurity seriously, the focus still remains heavily on securing systems against attack. This is
done predominantly with training and IT-driven solutions with insurance tools gaining traction
slowly.

However, without a deep understanding of the relevant risks and the technical and legal
strategies to manage risk, such organizations will remain vulnerable.
For governments and legislators in the region, there is simply no time to lose. Developing a
serious and cohesive regulatory framework around information security and data protection is
critical.

Although the UAE cybercrime law covers an accepted number of cybercrimes which sounds
good, however, some articles of that law are punctuated with a lack of clarification and shrouded
in mystery which seems evident in many of the law articles we are going to review from an
analytical point of view. The Institute of Training and Judicial Studies of Abu Dhabi held a
discussion debate right after the issuance of the UAE cybercrime law in 2006, revealing that the
Act contains many loopholes that need further explanation and that specialized courts should be
assigned for its implementation. Confirmation of this, and from a judicial point of view, the
judge Mohammed Obeid Al-Kaaby assured that "some articles may cause the prosecutor to be
puzzled because of the contradictory penalties that might exist in the same
article"(Openarab.net, 2006).In consonance with the mentioned above, for instance, the law
ignored the criminalization of gambling while criminalized prostitution and temptation. The law
also failed to clarify the penalty of constructing terrorist websites or spreading terrorist
information online using vague pretexts. These controversial loopholes vary between unclear
terms, penalties, and fines. Moreover, the current Act contains no specific article that clearly

28
declares if this Act applies to expatriates living in the United Arab Emirates or not. It's notable
that the word "minor" has been mentioned only twice through this Act specifically in articles
(12) & (13) in case of that the minor was the victim. But what if the "minor" was the
perpetrator himself? This means that all types of crimes mentioned in the Act are not applicable
to minors! Does that apply to reality? And how should these minor offenders be treated and
punished?

Figure 7 Articles on Cyber Crimes

None of the articles of the UAE Federal Cyber Laws discusses the issue of cross border
cybercrime.

What if the perpetrator was from outside the UAE? What procedures should be taken and what
would be the punishment for such situation?

Indeed, there is no single article that criminalizes minors in case they commit any type of crimes
presented in the Act. As well as, it is true that none of the articles presented in the cybercrime
Act clearly describe any kind of compensation for cybercrime victims. Providing that, there are
no clear benchmarks or studies determine the effectiveness of this law and the results achieved

29
since it was placed into use. As cybercrimes can be broadly\categorized into three categories
namely- crimes against persons, property and government, the existing law does not provide
sufficient coverage against more recent computer-related crimes such as:

 Against persons: including but not limited to Defamation, Cyber-stalking, Harassment

through e-mail, Indecent exposure.

 Against property: Transmitting virus, worm, Trojan or spyware, computer vandalism,

Hacking/cracking, Violation of intellectual property right, Phishing, Online gambling

 Against organizations: Hacking & Cracking, Transmitting virus, worm, Trojan or

spyware, Distribution of pirated software, Discretization, Cyber terrorism against
the government organization, any Violation of intellectual property right

According to the points stated above, these points should be taken into account if any coming
amendment happens in the future as more and more sophisticated types of crime are developing
every day. Speaking at AusCERT 2011, Kaspersky Labs founder and security expert, Eugene
Kaspersky argued that "cybercrime now is the second largest criminal activity in the world"
(Barwick, 2011). As cybercrime was proving difficult to fight due to a combination of its
secretive nature and underground forums along with a lack of cooperation between international
anti-cybercriminal police forces (Barwick, 2011).However, it is still recommended to have few
more amendments in order to include explicit topics such as viruses, malware, online gambling,
Data diddling and spam email attacks which are considered as the main motives behind the cyber
criminals nowadays due to its huge financial returns (Dwyer, 2010, Hopkins, 2003). According
to Dwyer (2010), dealing with cybercrimes requires decisive security awareness. The Middle
East region, especially Gulf Cooperation Countries including the United Arab Emirates, lack
many of the awareness programs, training and education in the field of cybercrime due to the late
interest in this topic. With sufficient training programs and campaigns and the involvement of
parties starting from IT professionals, to organizations’ decision makers and also the general
public, the level of awareness will gradually increase which in turn leads higher levels of
protection that users might take into consideration.

The United Arab Emirates enjoys great economic position among other countries in the Middle
East region which requires her to take stronger and quicker steps to use all available
opportunities to improve its current Cyber Law status to increase the level of security in a fertile
environment replete with e-businesses. As discussed earlier in the strengths section, and as
provided by Robert et al. (2010), the country could attract a more diverse economic environment
to take place that supports both consumers and organizations performing electronic businesses.
Therefore, with more solid and specific defined cybercrime laws, the country could attract more
electronic based services. The government still has the chance to update its cyber law and make
the necessary amendments to cover any loopholes and include new sophisticated topics and other
types of upcoming cybercrimes. Several steps have been taken. The Ministry of Justice, in order
to combat cybercrime in the UAE, new "Cybercrime" courts with specialist judges have been
established to expedite litigation and serve litigants more effectively (Zawaya.com, 2010).And,
the creation of a Computer Emergency Response Team (aeCERT) for the detection and

30
prevention of cybercrime in the country will help improve the efficiency and the effectivity of
the current law. In addition, hosting international conferences will help the UAE government
benefit from international expertise which will contribute in boosting the level of knowledge
related to cyber security and provide access to the latest findings and results in the field of cyber
security.

 The Telecommunications Regulatory Authority (TRA) has done a survey during the course
of 2010 (TRA.gov.ae, 2010) reporting that the number of internet users in the country was
estimated to 65% of the population and the ratio can increase significantly. This means that half
of the UAE population is prone to the risk of cybercrime, especially lots of hacking tools are
freely available and downloadable from the Internet. In addition, sluggish responsiveness in
taking corrective actions to cover the existing loopholes in the current law would result
in negative consequences. Information revolution era makes it even easier for hackers to share
hacking details and techniques. This produces a more skilled breed of Cyber Criminals that
continuously introduce new types of crimes which leave governments behind in coping with
technology related laws (Ghosh, 2010). Due to the lack of the awareness discussed earlier, many
of the victims are unwilling to report cybercrimes. Therefore, educating people on how to deal
with cybercrimes at the time of occurrence is necessary to make users report such incidents. This
could help TRA recognize most frequently committed crimes and their time of occurrence and to
produce important statistical surveys that could help fight such crimes.

The cyber-world is full of immediate changes that can't be predicted. As a result, all cyber laws
are limited. Since cyber laws are limited, it must be up-to-date and need continuous improvement
and follow-up. Accordingly, UAE cyber law has to be amended to include other types of
computer-related crimes like cyber-stalking, email harassment and defamation. Similarly, the
aforementioned articles need more clarification and justification in terms of fine and
imprisonment to miss up the opportunity on law breakers through benchmarking with other
cybercrime laws of other countries like the United States, the United Kingdom and the Republic
of India. Furthermore, the concept of the perpetrator (offender) has to be redefined to include
minors not only adults, taking into consideration the scope of the law. In fact this research paper
is one of the few papers if not the only that is written on the UAE cybercrime law, therefore, it is
advised that more studies need to be done on this law to shape different views and for better
outcomes. Finally, it can be said, that there are countries doing bold moves in developing their
own national policies and laws to defend against this new type of e-crime coming from the cyber
world. And the United Arab Emirates is one of these countries. Above all, the UAE seeks to be
proactive as the country is thriving economically, which requires the state to build a safe, secure,
and supportive environment for electronic based services. Nonetheless, we commend the United
Arab Emirates for her extraordinary stance on Cyber Security. Yet, we are just alluding to a few
loopholes, which may be filled up for a better safe and secure environment.

BIBLIOGRAPHY

31
Abu Dhabi Global Markets Court. https://www.adgm.com/doing-business/adgm-
courts/adgm-legal-framework/adgm-courts-legal-framework/ (accessed 16 April, 2018).

Agnes Czajka, (2016). Democracy and Justice: Reading Derrida in Istanbul-Routledge

Advances in Democratic Theory. Abingdon: Routledge.

B. Hunter, (2016). The Statesman's Year Book: 1992-93. Berlin: Springer.

Cleveland, William L & Martin Bunton. (2009). A History of the Modern Middle East: 4th
Edition. Colorado: Westview Press.

Curtis J. Berger. (1983). Land ownership and use. Los Angeles: Little, Brown

“Dubai Court System”, e-services,

https://www.dc.gov.ae/PublicServices/MainFlow.CMSPage. (accessed 16 April, 2018).

IBP Incorporated, (2013). United Arab Emirates Country Study Guide Volume 1 Strategic
Information and Developments. Dakota Dunes: Int'l Business Publications.

IBP Incorporated, (2014). UAE Insolvency (Bankruptcy) Laws and Regulations Handbook
- Strategic Information and Basic Laws, Washington DC: Int'l Business Publications.

Ibrahim Abed, Peter Hellyer, (2001). United Arab Emirates: A New Perspective. Cape
Town: Trident Press Limited.

Martin Goodman, (2008). Rome and Jerusalem: The Clash of Ancient Civilizations. New
York: Knopf Doubleday Publishing Group.

Martin Lau, (2006). The Role of Islam in the Legal System of Pakistan
Volume 9 of The London-Leiden series on law, administration and development. LEIDEN:
BRILL Publishers.

Michael Grose, (2016). Construction Law in the United Arab Emirates and the Gulf. New
York City: John Wiley & Sons.

Nathan J. Brown. (2002). Constitutions in a Nonconstituitonal World. New York: State

University of New York Press.

Norman Bentwich, Helen Bentwich. (1965). Mandate Memories, 1918-1948. London:

Hogarth Press.

Randall Price. (2003). Fast Facts on the Middle East Conflict. Oregon: Harvest House

32
Publishers.

Rebecca Stefoff. (2007). A Century of Immigration: 1820-1924 American Voices from.

Singapore: Marshall Cavendish.

Rhodes Murphey. (2016). Imperial lineages and legacies in the Eastern Mediterranean.
New York: Routledge.

Rhodes H. Davison. (1990). Essays in Ottoman and Turkish History, 1774-1923- the
impact of the West. Austin: Saqi Books.

Robert Alter. (2009). The David Story: A Translation with Commentary of 1 and 2 Samuel.
New York: W. W. Norton & Company.

Robert Devereux. (1963). The First Ottoman Constitutional Period: A Study of the Midhat
Constitution and Parliament Volume 81 of The Johns Hopkins University studies in
historical and political science. Michigan: University Microfilms.

Rowland Simpson. (1978). Land, Law and Registration. Cambridge: Cambridge

University Press

Scott Anderson. (2017). Fractured Lands: How the Arab World Came Apart. New York
City, Knopf Doubleday Publishing Group

Thomas D. Grant. (2009). Admissions into the United Nations: Charter Article 4 and the
rise of Universal Organization. Netherlands: Koninkliye Brill NV.

Viktor Gorgennder, (2011). A Strategic Analysis of the Construction Industry in the

United Arab Emirates: Opportunities and Threats in the Construction Business. Hamburg:
Diplomica Verlag.

33