Skip to main content

In 2021, 34-year-old PhD student Salma al-Shehab was sentenced by Saudi Arabia to 34 years in prison and 34 years of travel restrictions for a cybercrime. In 2022, 73-year-old Olga Mata was confronted with a potential sentence of 10 to 20 years for what the Venezuelan government deemed a hate crime online. In 2023, 19-year-old Russian student Olesya Krivtsova was charged with the crime of “fake news” and “acts justifying terrorism” – charges that could mean a 10-year prison term.

On the face of it, one would imagine these were dire crimes that warranted such severe punishment. But in each of these cases, the accused had merely posted social media posts critiquing the government – Krivtsova, an Instagram post criticising the Russian invasion of Ukraine; Mata, a TikTok video in which she made arepas (a popular Venezuelan dish) and gave them nicknames inspired by infamous Venezuelan political figures; al-Shehab, for having a Twitter account that followed and occasionally retweeted dissidents.

A new APC and Derechos Digitales report entitled When protection becomes an excuse for criminalisation: Gender considerations on cybercrime frameworks shows that these are far from isolated cases. Around the world, governments are using cybercrime laws to criminalise women and LGBTQIA+ people, validate increased surveillance and reduce freedom of expression. As the report says, these laws criminalise “online discourse to an extent that exceeds current standards on freedom of expression.” The report details 11 cases in nine countries – Russia, Egypt, Jordan, Uganda, Saudi Arabia, Cuba, Venezuela, Libya and Nicaragua – and makes a timely and vital argument to rethink the nature of cybercrime legislation.

Many studies show how women and gender-diverse people are more commonly targeted by technology-facilitated violence. This problem is now further compounded by the legislative reaction of governments. Over 180 countries have passed alarmist laws on cybercrime and electronic evidence, and often use them as a weapon to silence women and LGBTQIA+ people. These cybercrime laws are often ineffective and disproportionate and used by political and economic powers to silence critics and restrict civic space. They not only legitimise censorship and surveillance, they are actually used against those who invoke them for their protection. And so laws intended to fight disinformation are used to silence dissent.

Back in 2008, APC published an edition of on the issue of cybercrime legislation through a gendered perspective. The issue remains surprisingly pertinent, and now there is a United Nations effort to formulate a new global treaty on the issue, which is also problematic since a new convention might well lower the already problematic and insufficient standards set forth in the Budapest Convention that addresses cybercrime. In this scenario, the new report by APC and Derechos Digitales provides a timely intervention in the urgent debate on the need and efficacy of such laws.

A growing menace to freedom

The internet has been valorised for being an empowering place for women and queer communities, but it is also increasingly a place where they face technology-facilitated gender-based violence (TFGBV). Instead of the complex institutional work that is required to reduce gender violence, governments usually turn to criminal laws. However, this seemingly obvious solution is rife with danger for the very communities it is supposed to protect. Two stunning examples appear in the report.

One is the case of Amal Fathy. In 2018. Fathy, an Egyptian human rights activist, posted a video on social media about her experience of being sexually harassed and criticised the government for not doing enough to protect women. Two days later, in a dawn raid, Fathy, her husband and their three-year-old son were arrested. Fathy was sentenced to two years in prison for “spreading false news,” the possession of “indecent material” and using the internet to “promote ideas and beliefs calling for terrorists acts” – based on the Egyptian cybercrime laws. Eventually, Fathy spent a year in jail – all for the crime of talking online about being sexually harassed.

The second case is from 2021 when Yamen, a 25-year-old gay man in Jordan, filed a complaint with the cybercrime unit of the Amman police because a man he had met on a dating app was blackmailing him. He hoped that this specialised unit of the police would protect him from the man’s threat of disseminating an intimate video he had made without Yamen’s consent. The police turned around and accused Yamen himself of “soliciting prostitution online”. He spent a month in prison and had to pay a fine for his “crime”.

As Derechos Digitales wrote earlier this year, these criminal laws around the world govern “a wide range of vaguely typified conducts, accompanied by lengthy sentences, [and] facilitate discretional interpretation, used by those who wield political and economic power as a legal tool to silence their critics.” In country after country, the gaping maw of power has been camouflaged with the protectionist rationale of cybercrime laws. These laws are often so vaguely worded and so broad that pretty much any online interaction can be cast in a criminal and anti-national light.

In 2012, Yaremis Flores, a Cuban lawyer and former judge, was picked up off the street by state security and interrogated for two days about her journalistic work. Those who interrogated her wanted to charge her with the crime of disseminating “false news with the purpose of disturbing international peace or endangering the prestige or credit of the Cuban state.” Punishment could be prison from one to four years. She was eventually released, but that was not the case for Stella Nyanzi, a well-known feminist from Uganda who spent over 18 months in prison. She, too, was treated like a violent criminal, arrested in a dawn raid and placed in maximum security prison – because she had written that the president was no more than “a pair of buttocks” and that his wife was “empty brained”.

When such cybercrime laws are invoked in the name of national interest and security, it often pivots on opaque claims of violations of public morality. When Haneen al-Abdali, a Libyan blogger, was arrested in February 2023, she was accused of insulting “the status of the chaste and dignified Libyan woman in our conservative society with acts and behaviours that are alien to us and offend our customs, traditions and true religion.” No details have followed. As the report says, “the analysis of freedom of expression from a gender lens is crucial to make explicit why the criminalisation of speech is such a serious concern for women and gender-diverse people. ‘Public morals’ and cultural values have been weaponised against them when they seek to express their identities, their sexuality, their views and opinions, especially when these views and opinions relate to gender-related issues.”

This exploratory report reminds us that we must consider these varied contexts as the world progresses towards a new UN cybercrime convention, one that has the potential to reset national standards for cybercrime legislation.

The Russian student Olesya Krivtsova came to the conclusion that she would not leave prison camp alive – she managed to escape and secretly crossed the border and now lives in Lithuania. One of the first things she did? Record a video of herself breaking the electronic tracking bracelet on her ankle. A powerful reminder of the digital tracking bracelets that cybercrime laws can become, and the risks of unwarranted international cooperation in this regard.


Cover image via Stella Nyanzi's X (formerly Twitter) account. 

Gaurav Jain is Lead Editor at APC. He is an award-winning editor, writer and media innovator who co-founded a feminist digital media site and an independent longform media house. He has also been a content and community consultant, literary and investigative journalist, and research manager.