In the past decade, cybercrimes in Nepal have significantly increased, reflecting the global trend as more people gain access to the Internet. This rise can be attributed to factors such as the growing digitalization of services, the expansion of Internet access across the country, and a general lack of awareness about cybersecurity among the public. As a result, there has been a surge in various types of cybercrimes including financial fraud, identity theft, phishing attacks, and the spread of malware. The Nepali government and law enforcement agencies have been working to strengthen their cybercrime units and update legal frameworks to better combat these issues and protect citizens in the digital space.
Policy Developments on Online Safety
In April, our first report emphasized increasing cases of online harassment and cyberbullying. However, since then, there have been no public records of new cybercrime cases in Nepal found, not even by the National Information Technology Center (NITC). Therefore, alternative data sources have to be identified. According to a UK-based cyber security corporation, Nepal currently ranks 101st out of 160 countries on the National Cyber Security Index, and 94th on the Global CyberSecurity Index.
According to a statement from Nepal’s Cyber Bureau, the number of cybercrime cases in the nation has sharply increased in the last 12 months. Between September 2022 and April 2023 alone, the Bureau had registered a total of 4,937 cases, a number higher than all cases registered in the whole of last fiscal year (4486 cases). Authorities cite that the problem is compounding due to inadequate technical human resources and a lack of a comprehensive framework to curb such instances effectively. According to the Bhotahity-based cyber bureau of Nepal police, there have been a total of 16,190 complaints since 2020. To visualize the frequency and intensity of online safety incidents, it gets an average of 60 to 70 complaints a day.
Switching focus to what has had the Nepali government respond to this trend in terms of legal documents, there are; The Privacy Act 2075 and The Cyber Security Bylaw 2077 and the Electronics Transactions Act 2063. The Privacy Act 2075 in 2018 has included the section “Privacy relating to Data” that every person shall have the right to keep the personal data or details related to him or her confidential.
On the other hand, The Cyber Security Bylaw 2077 published in 2020 focuses on protecting ICT infrastructure and information systems of telecommunication service providers of Nepal from various malicious attacks and threats.
Electronics Transactions Act, 2063 was created in response to the growth of Internet usage in Nepal on Sep 2, 2063. It deals with the commercial use of computers and criminalizes various computer-related illegal activities.
From these three legal acts, they attempted to protect data privacy at the individual level, IT infrastructure at the organizational level, and Internet usage at the commercial level. All of them have impacts on shaping the cybercrime sphere in Nepal. But are these regulations sufficient to be comprehensive? Have they been missing some important terms for ensuring enforcement effectiveness?
Legal experts may have more concrete information on identifying those important terms. Nevertheless, the existing framework is not very comprehensive and strong enough to deter criminals or bullies online. For instance, there is a lack of clarity on the definition of the term “cyberbullying” itself. Further, Nepal also faces challenges in terms of enforcement, awareness, coordination, and capacity building among relevant stakeholders to prevent a cyberbullying instance or reporting after it has occurred.
State of Online Safety
In the past few years, Nepal has faced escalating challenges in combating cybercrimes, highlighting the inadequacy of its current legislative measures. Despite existing laws, there are significant gaps that need to be addressed urgently. The increase in cyber incidents, particularly those targeting the country’s critical infrastructure, underscores the need for a comprehensive framework to combat cybercrime.
Notable cyber attacks in Nepal include the 2017 breach by “Paradox CyberGhost”, which compromised over 58 government websites; the 2021 hacking of the President’s official website; and a 2023 cyber attack that left 1500 government websites dysfunctional. These incidents have significantly dented Nepal’s cybersecurity capabilities.
In various regions globally, cybercrimes extend beyond mere infrastructure attacks, and Nepal is no exception. Notably, the nation has witnessed a surge in online financial frauds such as lottery scams, phishing, deceptive work-from-home propositions, and scams related to online shopping. Furthermore, instances of revenge porn and the proliferation of fake profiles have been prevalent in Nepal’s cybercrime landscape.
A particular aspect of cybercrime in Nepal is its impact on vulnerable populations. Children and the elderly are especially at risk. Reports indicate that between October 2023 and May 2023, there were nearly 36 cases of online child sexual abuse. The elderly, often, less familiar with the intricacies of digital technology, are also frequently targeted.
To effectively counter these threats, Nepal urgently needs to develop a more comprehensive legal and policy framework. This would involve creating specific policies and laws tailored to combat various aspects of cybercrimes, such as cyber terrorism, e-commerce fraud, and social media abuses. A dedicated cyber crime cell equipped with advanced technological tools and export personnel is essential for swift case filing and disposal. Such measures would not only help in promptly identifying and punishing perpetrators but also reinforce Nepal’s digital security and uphold the rule of law.
By adopting a specific cybercrime policy, Nepal can provide clear guidance and structure for law enforcement agencies, businesses, and citizens. This policy should outline their rights and responsibilities in the digital realm and offer a robust legal framework to address all forms of cybercrime effectively.
Education is a Critical Solution but not the Sole One
The first report stressed on the importance of Education as a better solution in Nepal. It is factual that the illiteracy of Nepali people makes people vulnerable with the increased number of cybercrime cases. According to the World Bank, as of 2022, the Internet penetration rate was estimated to be around 54.88 percent. This means that approximately 54.88 percent of the population had access to the Internet. Low digital access and awareness indicate people are less capable of identifying cybercrime attempts on them and increase their risks of suffering as victims (or even indirectly supporting the main criminals unawarely). Vivek Rana, an ICT professional with multidisciplinary experience in public administration and governance has also written about the importance of education in The Kathmandu Post.
Education has to be working on building the talent pipeline of the community, as a long-term solution. Officials at the Bhotahity-based cyber bureau of Nepal Police say they are struggling to tackle complex cyber cases without the aid of specialized technical analysis as well as certified experts. Tackling cybercrime cases are complex, but the bureau still needs to solve them without the aid of specialized technical analysis as well as certified experts. If the authorities as the gatekeeper lack the right amount and level of expertise, how could they guarantee a safe online environment for their citizens?
Insights from Neighboring Countries
While struggles to build a safer cyberspace acknowledged by the Nepali authorities cannot be overcome overnight, it would be advisable to turn to external engagement and seek insights from the various stakeholders of the Internet. Fortunately, there is only one Internet in this world, addressing online safety challenges is a shared problem and has been a priority of governments near and far. Highlighted below are some of the strategies adopted by other major South Asian governments as they are also in search of effective ways to combat cybercrimes.
- Sri Lanka: The government of Sri Lanka has taken major actions to fight and defend its nationals and businesses from cyber crimes. To improve cyber security skills, it has partnered with international organizations. For instance, Sri Lanka has signed the Budapest Convention. This Convention seeks to strengthen international collaboration, standardize national laws, and increase the efficacy of cybercrime investigations and convictions. The Convention allows Sri Lanka to work with other international organizations to combat cybercrime. As cybercrime cases frequently occur in a transboundary sphere, Nepal may consider joining the Convention in order to address the gaps in the current legal framework. Nepal can improve its cybersecurity skills, exchange best practices, and keep up with new developments in technology and trends that are connected to cyber threats.
- India: India’s cybersecurity legal framework, primarily defined by the Information Technology Act, 2000, CERT-In Directive, 2022 and the sleuth of recent regulations, provides a comprehensive approach to addressing cyber threats. In contrast, Nepal’s Electronic Transactions Act, 2063 is the only significant provision for cybercrimes, which offers limited coverage and suffers from vague language, making it insufficient for the growing challenges of cybercrimes. Nepal can adopt some of the best practices from Indian legislators. It would be ideal for Nepal to come up with a robust legal framework, incorporating detailed provisions, defined offenses, and a structured investigation and penalty process to effectively counter the rising tide of cyber threats.
- Bangladesh: In the quest to combat global cybercrimes, Bangladesh has initiated several proactive measures. It has launched the “Bangabandhu International Cyber Security Awareness Award 2023” in collaboration with the United Nations Development Programme (UNDP). This award aims to empower youth, women, marginalized communities, and institutions in safeguarding the digital space. Additionally, the government’s ICT Division, in partnership with UNDP, has commenced a cyber security awareness campaign targeting youth and children. Furthermore, Bangladesh has conducted two-day training programs in collaboration with the World Bank’s Enhancing Digital Government and Economy (EDGE) project. These initiatives collectively contribute to the goal of fostering a secure digital environment. Nepalis experts and digital rights activists have long demanded a multi-pronged approach to the problem including a nationwide awareness campaign to check the rise in cybercrimes. Drawing inspiration from Bangladesh, Nepal could enhance its cybersecurity framework by implementing similar awareness campaigns and outreach programs to protect the online community and raise awareness among Internet users regarding potential threats to their identity and assets, as several activists have been demanding for long.
As discussed above, the surge in cybercrimes in Nepal over the past decade is a concerning trend that mirrors global challenges in the digital era. It underscores the urgent need for comprehensive cybersecurity strategies that encompass effective law enforcement, robust legal frameworks, and widespread public education on digital safety. As Nepal continues to embrace technological advancement, prioritizing cybersecurity will be crucial in safeguarding the digital rights and security of its citizens. The collaborative efforts of government, law enforcement, and the tech community, along with informed and vigilant Internet users, are key to combating this growing threat and ensuring a secure digital future for Nepal. Here, Nepal can draw upon the learning from its neighboring countries which have a similar geo-political situation as the land-locked nation.
*This article is originally published in the Asia Pacific Policy Observatory December 2023 Report.