The criminalisation of identity theft in Saudi Arabia: balancing security and privacy to mitigate data crimes

Abstract

This thesis offers a critical analysis of Saudi Arabia‘s cybercrime enforcement framework. Emphasis is placed on identity theft. It identifies and maps key concepts and debates in this fast-paced area of legal reform and considers the many ways in which identity theft related offences challenge or undermine traditional theories of Saudi criminal law. It shows that identity theft related offences often involve the use of techniques which are not necessarily defined or regulated as criminal offences under the relevant laws of Saudi Arabia. The Kingdom of Saudi Arabia operates within an Islamic legal system and many aspects of Islamic Sharia (law) continue to influence elements of the Kingdom‘s criminal law, policy and procedure. However, many aspects of Sharia law remain ill-suited to computer crime. In 2007, Saudi Arabia passed and began implementing dedicated cybercrime legislation, but it is shown that this law fails to explicitly and effectively criminalise identity theft and other preparatory offences. Identity theft is by nature a global phenomenon which transcends international policy debates on data privacy and security. Saudi Arabia‘s limited participation in the most important international frameworks on cybercrime is a major impediment to the effectiveness of the investigation and prosecution of identity theft in the Kingdom. It is argued that Saudi Arabia‘s rate of criminal prosecution would be improved by greater cooperation at the international level. Legislative reform, though essential, will not be effective to combat identity theft, if it is not enforced and supplemented with adequate extra-territorial data protection laws and, crucially, industry-led security solutions. The latter should be enacted through cooperation with other states on information sharing initiatives and solutions which can be used to identify and detect threats.