On the issue of cybersecurity in Information and
Communication Technologies, currently Venezuela has the following
rulings:
1. Law on protection of communications privacy;
2. Administrative Procedure containing the rulings
associated with the request of information on the mobile telephony
service;
3. Law on Data Messages and Electronic Signatures
and its Regulation;
4. Special Law against Informatics Crime;
The law on protection of privacy in
telecommunications was published in the Official Gazette of the
Bolivarian Republic of Venezuela, N° 34.863, dated 16 December 1991,
and its objective is to protect the privacy, confidentiality,
inviolability and secrecy of communications between two or more
individuals.
The aforementioned Law establishes sanctions for
those individuals who:
-
In an arbitrary, clandestine or fraudulent manner,
record, impose, interrupt or prevent communications between
individuals;
-
Without being authorized by the referenced Law,
installs devices or instruments for the purpose of recording or
preventing communications between individuals;
-
Disturbs the tranquility of another person
through the use of information obtained through procedures banned by
the same Law.
Notwithstanding the above mentioned, the law in
Venezuela allows for compelling the telecommunication companies and
Internet service suppliers to reveal to investigation officials
information related with communication activities, including some
users’ personal data, in accordance with the provisions of the Organic
Legal Penal Code and the related terms established by the Law on
Protection of Privacy of Telecommunications; these rulings allow the
interception or recording of conversations by telephone or other radio
electric means of communication, as long as the Prosecutor’s Office
obtains a warrant from the local judge in the area of the
investigation, which shall be granted to the effect of investigating
the following punishable actions:
a) Crimes against the security or independence of
the State;
b) Crimes foreseen by the Organic Law to Safeguard
Public Patrimony;
c) Crimes contemplated by the Organic Law on
Narcotic and Psychotropic Substances; and
d) Crimes of Kidnapping and Extortion.
Likewise, at a sub-legal level, Venezuela has the
Administrative Ruling containing the rulings related with the request
of information in mobile telephony services, mandated by CONATEL and
published in the Official Gazette of the Bolivarian Republic of
Venezuela N° 38.157, dated 1 April 2005, whose objective is to
establish the rulings related with the request for personal data to
mobile telephone subscribers by service operators at the time of
subscribing their service contracts, as well as the rulings associated
with the provision of information by the mobile telephone service
operators to the State security organizations on the occasion of a
legal investigation.
With respect to the Law on Data Messages and
Electronic Signatures, published in Official Gazette N° 37.148 dated
28 February 2001, its objective is to award and acknowledge the
efficacy and legal value of the Electronic Signature, the Data Message
and all intelligible information in electronic format, regardless of
its material support, attributable to individuals or legal entities,
public or private, as well as to regulate that related with Certified
Service Providers and Electronic Certificates.
The Law on Data Messages and Electronic Signatures
is applicable to Data Messages and Electronic Signatures regardless of
its technological characteristics or any future technological
developments. To this effect, its rulings will be developed and
interpreted progressively, oriented towards acknowledging the validity
and probatory efficacy of the Data Messages and the Electronic
Signatures.
Through the Law on Data Messages and Electronic
Signatures, the Electronic Certification Service Superintendence,
SUSCERTE, is created as an autonomous service, with budgetary,
administrative, financial and managerial autonomy, on the subjects of
its jurisdiction, under the Ministry of Science and Technology. This
Superintendence is responsible for accrediting, supervising and
controlling the Certification Service Providers, both public and
private, under the terms provided by this Decree-Law and its
regulations.
Some of the responsibilities of SUSCERTE are:
-
Provide accreditation and corresponding renewal
to the Certification Service Providers.
-
Revoke or suspend the granted accreditation
whenever any of the required terms, requirements or obligations is
not fulfilled.
-
Maintain, process, classify, safeguard and
protect the Registry of Certification Service Providers, public or
private.
-
Verify that the Certification Service Providers
comply with the requirements of the Law on Data Messages and
Electronic Signatures.
-
Supervise the activities of the Certification
Service Providers.
-
Inspect and supervise
the installation, operation and service provision of the
Certification Service Providers.
-
Act as mediator in the resolution of conflicts
that may arise between the Certification
-
Service Providers and their users.
With respect to the Special Law against Informatics
Crimes, it was published in the Official Gazette N° 37.313 of the
Bolivarian Republic of Venezuela dated 30 October 2001, with the
objective of providing comprehensive protection to the systems using
information technology, as well as the prevention and sanction of
crimes committed against such systems or any of its components or
those committed with the use of said technology. This Law categorizes
the following crimes:
-
Crimes Against Systems Using Information
Technology;
-
Crimes Against Property;
-
Crimes against the privacy of individuals and
communications;
-
Crimes against children or adolescents;
-
Crimes against economic order.
Currently, cyber security has increased in
importance given the changing conditions and new computer platforms
available. The possibility of connecting through networks has opened
new horizons to explore beyond national borders, a situation which has
brought about the rise of new threats to computer systems. This has
led many governmental and non-governmental organizations to develop
documents and directives that provide guidance in the proper use of
these technological skills, as well as recommendations to obtain the
maximum benefit from these advantages and avoid improper use of the
same, which could lead to serious problems in the goods and services
of the business enterprises of the world. In this sense, cyber
security policies rise from the Superintendence of Services of
Electronic Certification SUSCERTE, as an organizational tool to raise
awareness among each of the members of an organization regarding the
importance and sensitivity of the information. In keeping with the
above said, in Official Journal No. 345.394 dated April 6, 2006 the
Organic Law on Public Administration was published in accord with the
Organic Law on Science, Technology and Innovation, which considers
that the Ministry of Science and Technology must establish policies
for a better use, protection and conservation of the information that
is processed and stored in the computer equipments of the State, where
the Cyber Security Policies will be directed at implementing necessary
controls aimed at preserving the operability and continuity of the
Bodies and Entities of the National Public Administration.
The manual presented by the Superintendence of
Services of Electronic Certification SUSCERTE includes almost all the
policies currently considered part of the non-military professional
standard in cyber security. The standard of professional care defines
the minimum set of cyber security measures expected from an
institution. In this material many additional policies have been
included which go beyond this standard of due diligence, because they
provide a higher degree of security.
Although currently there is no worldwide standard
that defines the specific policies of cyber security, the closest is
document number 17799 of the ISO, which defines a scheme and provides
high level guidance on cyber security policies. The policies in this
manual are organized on the basis of ISO scheme 17799. Given the speed
of significant developments in the legal, business, state and
information areas, still a number of people wonder if we will ever
have a specific set of standardized policies at the international
level.
Domenico Pirillo y Karina Da Costa
CONATEL-Venezuela
Additional Information: Submitted as part of document
CCP.I-TEL/doc. 803/06cor.1 ar the VIII
meeting of PCC.I.
|
|