Cybercrime: Solutions for Iraq and the Kurdistan Region

Last September, experts from diverse backgrounds in academia, government, and law gathered on a panel in Erbil as part of the first annual forum of the Iraq International Visitor

Cybercrime: Solutions for Iraq and the Kurdistan Region

Last September, experts from diverse backgrounds in academia, government, and law gathered on a panel in Erbil as part of the first annual forum of the Iraq International Visitor Leadership Program (IQ IVLP) Network, a professional exchange program supported by the Kurdistan Regional Government (KRG) and funded by the U.S. Department of State, to discuss one of the world’s most pressing challenges: cybercrime. Out of these meetings, experts analyzed the multifaceted problems arising from cybercrime and proposed a set of solutions for government policymakers and business operators alike that can address the multifaceted problems of cybercrime in Iraq and the Kurdistan Region.

The digital age has been a blessing in many ways, bringing many around the world closer together to share their interests and ideas. However, online seamlessness has also created new challenges, especially in keeping our online information safe. After 2003, Iraq and the Kurdistan Region opened to the world by connecting the residents to the internet, social media, and other online platforms on which financial transactions occur. While this pivotal change has transformed social and economic life, the federal government of Iraq and the KRG have struggled to provide a safe space for consumers and to regulate online content. The online space has always been exploited to destabilize the security and coexistence in the country, most notably by extremist groups like ISIS that use online platforms to promote their ideologies. 

Recently, the Iraqi federal government tried to develop a law to regulate online content, but it prompted deep disagreements among the public. Some people strongly supported this step, while others considered it an attack on their freedom of expression. Even though the drafted law by the Iraqi parliament is still under discussion, the country is facing major problems in keeping information safe and in protecting users against hate speech. Although some steps have been taken by the respective ministries of interior of both the Iraqi federal government and the KRG to treat cybercrime as equivalent to physical crime, in practice these developments have been ineffective due to the large difference between the two types of crimes. 

Context and challenges

The recent IQ IVLP Network forum in Erbil brought together the following experts to talk about these issues and suggest steps to solve them: Judge Ashti Ahmed, President of the Erbil Appellate Court; Dr. Jowan Fuad Masum, Consultant to the Iraqi Prime Minister; and Dr. Dara Sherwani, Head of the Department of Information Science at the American University of Kurdistan (AUK). In a discussion led by Dr. Salahaddin Yasin Baper, Head of the Department of Architecture at Salahaddin University-Erbil, they highlighted the major issues related to cybercrime, including identity theft and the protection of online financial life and personal information.

The panel emphasized the need to find approaches that protect people without taking away their freedom of expression. The core solution advocated by the panelists was to increase the attention that the Iraqi federal government and the KRG give to the problem and to raise people’s awareness of the problem so that they can be part of the solution. It also brought up discussion of the need to bridge the gap between academic research on different solutions and governmental implementation of laws, so that everyone can work together to keep people safe on a national, local, and personal level.

In Iraq, cybercrime is amplified by a host of complex challenges that reflect broader global concerns. According to the Global Organized Crime Index, Iraq ranked eighth from 2021-2023 for cybercrime among 193 countries. In addition, a research study conducted by law firm Al-Tamimi & Company in 2017 showed that the most common themes of cybercrime were internet fraud, identity theft, child pornography, cyber-stalking, cyber-blackmail, copyright infringement, satellite piracy, and cyberterrorism. The KRG has notably established a department within the ministry that addresses cases related to blackmailing women, a notable step of progress. 

The depth of these problems and the tools in place to address them represents a huge gap. First and foremost, the presence of outdated legal frameworks mirrors the issues faced by Iraq, as laws struggle to keep up with the rapidly evolving digital terrain, leaving individuals and businesses exposed to vulnerabilities. In many cases, this problem slowed economic development, especially issues related to online banking and financial services. 

To be sure, there is a draft law that has gone through many tiers of consultations in different ministries and security agencies, with political analysts, journalists, and more than 27 non-governmental organizations that specialize in freedom of speech weighing in on the law, which will abide by the Iraqi constitution in terms of freedom of speech while preventing defamation and hate speech and protecting users.

Regulation and prevention

Striking this balance between security and freedom online is not a unique predicament to Iraq and Kurdistan. One important step has been taken locally, namely the creation of an online reporting mechanism through which Iraqis can alert authorities to harmful content online, although some see this as a silencing tool and an attempt to restrict online advocacy that undermines the governments’ position. 

Judge Ahmed underscored how the lack of clear laws has predictably hindered the ability to investigate and prosecute cybercrimes. “We still depend on the old content creation law that was issued in 1992. The lack of revised law hinders effective investigation since we cannot fully depend on online evidence,” he argued.

The complexities involved in investigating cybercrimes often impede timely and effective legal actions. The shortage of legal cyber experts in Iraq exacerbates the struggle to combat digital threats especially when it comes to investigation. Compounding these issues is the scarcity of dedicated centers for monitoring and analyzing cyber threats, leaving digital spaces vulnerable to a multitude of emerging risks. “We still do not know what approaches are effective to address these problems, since we lack a national monitoring center that can evaluate the process,” said Dr. Masum. 

Even though many sectors and stakeholders are frequently damaged by cyberattacks, the panelists cited the lack of coordination among various stakeholders, including law enforcement agencies, as a significant hindrance to effective threat mitigation.

Bridging the gap in cybersecurity education, both within Iraq and internationally, will be essential in empowering individuals and institutions to proactively solve cyber threats, emphasizing the pressing need for comprehensive education programs. The international collaboration and exchange of learning will further shorten the path to a more effective solution, according to Dr. Sherwani. 

“For instance, the UAE is a successful example of data protection in the region. Along with a few other countries in the Middle East, the UAE has very strict laws and technological solutions to protect the country and individuals’ data from cybercrime threats,” he said. “We can take other countries as an example and tailor solutions to Iraq and Kurdistan because data is the new oil, hence; we need to protect it well.” 

Finally, the absence of robust data-protection laws in Iraq and Kurdistan reflects the global challenges in regulating the collection and utilization of personal data, underscoring the critical need for a more strict and uniform data protection framework. Above all, the Iraqi government has not prioritized this issue. “There is zero budget designated to addressing cybercrime in the newly released three-year approved budget,” said Dr. Masum. 

Results and recommendations

During the panel discussion, the experts proposed a series of comprehensive solutions aimed at fortifying Iraq and Kurdistan’s response to cybercrime. Above all, the panelists agreed that both governments need to recognize that this is a critical issue that needs an immediate response, namely a budget, as Dr. Masum pointed out. 

The panelists also urged up-to-date cyber laws, acknowledging the necessity for legal frameworks to adapt swiftly to the evolving cyber landscape and effectively address emerging threats. The importance of having a balance in regulations that simultaneously enhances cybersecurity while preserving the fundamental right to freedom of speech. This solution can be more effectively implemented by consulting members of the legal system, the security forces, and civil activists to come up with inclusive law that can be swiftly implemented. 

This solution can also be adapted by learning from experience; hence, the establishment of specialized agencies and national centers dedicated to addressing cybercrimes was highlighted as a vital step, signaling a need for focused attention and resources in this critical area. Furthermore, there was a shared consensus on the imperative of empowering legal professionals with specialized cyber expertise, underscoring the need for capacity building within legal systems that have learned from other countries’ experiences, as Dr. Sherwani underscored, who can then build a strategy tailored to Iraq and Kurdistan. The discussion also underscored the necessity of implementing robust data protection regulations to safeguard personal information from unauthorized access and misuse, recognizing the significance of a comprehensive national approach to data security. Finally, the experts stressed shared responsibility to elevate community awareness about cybercrime, emphasizing education as the foremost line of defense, and highlighting the critical role of community engagement and education in fostering a vigilant and cyber-resilient society.

Lavin J. Putrus is a civil activist who holds master degree in Plastic and Reconstructive surgery.

Diana A. Kako is an assistant lecturer at University of Duhok, College of Nursing.

Bahar Aljammoor is the director at Counterpart international/USAID program.

Raneen Taher Alkjimimi is working with the UN organisations and pursuing MA in Genocide at Stockton University.

Copyright ©2023 All rights reserved