New Law on prosecution of organized crime establishes new obligations and penalties for telecom companies and internet service providers
Several of these modifications have a direct impact on the operations and liability of telecommunications companies and Internet service providers, especially, in wiretapping, interceptions, and accessing call logs, personal data, and other general information related to communications.
Firstly, Section 222 of the Criminal Procedure Code (“CPC”) allows the interception and recording of telephone communications but now also of any other form of communication, which the previous regulation did not make explicit. At the same time, it replaces the expression "telephone and communications" with the phrase "concessionaires of public telecommunications services and Internet service providers", to expand the entities that could be subject to these measures.
Secondly, one of the most innovative aspects of the New Law is the inclusion of a new Section 218 ter in the CPC establishing new obligations for communication service providers and sanctions to those who do not comply:
- The Prosecutor's Office can require any service provider, with a warrant, to deliver the information it has stored regarding the traffic of telephone calls, messages, or internet data traffic of its subscribers, referring to the period determined in the court order. A detailed description of the information that may be requested is included. As mentioned above, the New Law includes a broad concept of service providers and does not limit it to telecommunications companies.
- The Prosecutor's Office may request any provider that offers services in Chilean territory, without the need for a warrant, to provide the “subscriber data” (defined in the law) of its subscribers, as well as the information regarding the IP addresses used by them, to facilitate the identification of those who may be involved in the framework of the investigation. This modification is new in our system since it allows The Prosecutor to request specific information which, in some contexts, could be understood as personal data and a warrant may be necessary.
- Obligations for the preservation of the information are regulated by the concessionary companies of public telecommunications services and Internet providers. They must maintain at the disposal of the Public Prosecutor's Office, confidentially and adopting the appropriate security measures, for a criminal investigation and a period of one year, an updated list and record of their authorized IP addresses and IP numbers of connections made by their clients or users, with their corresponding traffic data, as well as their domiciles or residences.
- Warning measures are regulated in the event of failure to deliver the information within the period granted, and the court may even request the arrest of the legal representative.
- The law imposes criminal sanctions on those who fail to maintain an updated list and registry of background information, breach the confidentiality of the information, as well as the failure to adopt the proper security measures for the data, based on the criminal offenses regulated in the Chilean General Telecommunications Law.
Thirdly, the law also incorporates a new Section 225 bis, which allows remote access to informatic devices. The Prosecutor's Office can request the judge to authorize the use of computer programs that allow remote access and seizure of the contents of a device, computer, or informatic system, without the knowledge of its users.
Fourthly, regarding the collaboration of telecommunications service providers and other services, Section 225 quinquies is included, which imposes a duty to collaborate with the police officers in charge of executing the measure. They are also required to provide the necessary assistance when the seizure is being executed. Those required to collaborate in this type of proceedings must maintain confidentiality unless they are summoned to testify.
Link to article