Introduction
Globally, digital identity theft and online impersonation have been recognized as major crimes dominant in cyberspace (Alkhseilat, Ali, and Edweider Reference Alkhseilat, Ali and Edweidar2024; Padhye and Gujar Reference Padhye and Gujar2012; Solo Reference Solo and Bishop2019). In Jordan, impersonating others is a blatant violation of their rights, as protected by the extant criminal legislation. Depending on the act’s consequences, it can cause various forms of harm to the primary victim and society. These harms may be limited to moral damage, such as defamation and reputational harm, or extend to material losses, such as the unlawful seizure of the victim’s assets (Al-Ajmi Reference Al-Ajmi2022; Al-Rai and Al Omran Reference Al-Rai and Al Omran2024).
Although impersonation is an age-old crime, the rapid expansion of the Internet has given criminals unprecedented access to more personal information, consequently enabling them to commit such offences more effectively (Al-Sagheer Reference Al-Sagheer2017; Suwailem Reference Suwailem2019). Indeed, the increasing reliance on digital platforms and advancements in data storage and computing power have heightened the risks. Cybercriminals with sophisticated skills can exploit information systems and website vulnerabilities to gain unauthorized access to individuals’ data, which often comes with multiple devastating socio-economic and psychological consequences (Gies et al. Reference Gies, Piquero, Piquero, Green and Bobnis2021; Golladay and Holtfreter Reference Golladay and Holtfreter2017).
Digital identity theft and online impersonation are among Jordan’s most pervasive forms of cybercrime (Al-Rai and Al Omran Reference Al-Rai and Al Omran2024; Al-Shawabkeh and Khalil Reference Al-Shawabkeh and Khalil2024). In response to the growing scale and magnitude of the crime, the Jordanian legislature has addressed electronic impersonation under Cybercrime Law No. 17 of 2023. Specifically, Article 3(C) criminalizes intentional unauthorized access or entry when combined with impersonation of the owner of an electronic site. Furthermore, Article 5(1) penalizes individuals who create a false account, page, group, channel or similar entity on social media platforms and falsely attribute it to a natural or legal person. Further, Paragraph (B) of the same article extends this criminal liability to those who fabricate, create or design a program, application, website, email or similar entity and falsely associate it with a natural or legal person.
Additionally, to reinforce deterrence, the Jordanian legislature has legally escalated the punishment attached to the crime by classifying it as a felony punishable by temporary hard labour if the impersonation involves falsely attributing criminal acts to an official body or public employee or if the offender impersonates a public official by their position (Alkhseilat et al. Reference Alkhseilat, Ali and Edweidar2024; Khalil Reference Khalil2024). Against this background, the central concern of this paper is to critically interrogate the contents, strengths and shortcomings of Jordanian Cybercrime Law No. 17 of 2023.
Literature Review
Digital identity theft and electronic impersonation affect individuals, businesses and governments equally and have evolved into a worldwide cybersecurity threat (Solo Reference Solo and Bishop2019). Identity-based cybercrimes have grown more complicated and damaging across borders as Internet services expand rapidly and depend more on digital communication (Gies et al. Reference Gies, Piquero, Piquero, Green and Bobnis2021). Though the speed and scope of legal changes differ greatly, nations are creating legal systems to fight this threat.
The United States has claimed, among other countries, some of the most cases of identity fraud. For over 10 years, the Federal Trade Commission (FTC) has asserted that identity theft has been the most often reported consumer complaint (Solo Reference Solo and Bishop2019). Cybercriminals use phishing emails, bogus websites, malware and phony user impersonation to access personal data, fool users and commit fraud (Gies et al. Reference Gies, Piquero, Piquero, Green and Bobnis2021). American federal and state laws, including the Computer Fraud and Abuse Act (CFAA) 1998 and the Identity Theft and Assumption Deterrence Act (TADA) of 1998, were enacted to punish offenders and safeguard victims.
The General Data Protection Regulation (GDPR) indirectly addresses identity theft inside the European Union by stressing personal data protection. Member states also apply particular criminal laws on unauthorized access and impersonation. For example, Section 202a of the German Criminal Code penalizes illegal data access, especially concerning fraud or impersonation. Furthermore, the Fraud Act 2006 and Computer Misuse Act 1990 of the United Kingdom offer structures for handling illegal access and online impersonation (Solo Reference Solo and Bishop2019).
Digital identity theft has also exploded in Asia, especially with the expansion of social networking and e-commerce. Under Section 66D of the Information Technology Act of 2000, India has acknowledged impersonation as a criminal activity, punishing cheating by impersonation using computer resources (Padhye and Gujar Reference Padhye and Gujar2012). Both highly digital societies, China and South Korea have passed strict laws and monitoring systems to identify and punish impersonation crimes.
Furthermore, Arab countries have instituted strict laws, including those of Saudi Arabia and the United Arab Emirates (UAE). Emphasizing the preservation of social order and personal privacy, the UAE’s Cybercrime Law criminalizes, for instance, illegal access, impersonation and the use of false online identities. These initiatives complement Jordan’s legislative approach under Cybercrime Law No. 17 of 2023, even if harmonizing enforcement with changing digital threats still presents difficulties (Alkhseilat et al. Reference Alkhseilat, Ali and Edweidar2024).
Transnational fraud schemes, where offenders take advantage of jurisdictional gaps, highlight the globality of digital impersonation even more. These programs sometimes call for phony emails to fool consumers across several nations, fake websites and counterfeit social media profiles. To find and destroy such networks, agencies like INTERPOL and Europol have stepped up cooperation (Solo Reference Solo and Bishop2019).
Studies point to the significant psychological and financial costs of online impersonation. Anxiety, mistrust and long-term reputation damage are just a few of the possible effects on victims (Golladay and Holtfreter Reference Golladay and Holtfreter2017). The speed at which technology is developing also means that current legislation usually lags behind new criminal strategies, which calls for constant legal adaptation (Alkhseilat et al. Reference Alkhseilat, Ali and Edweidar2024). Though the settings differ, a common issue across countries is the growing need for legal clarity, international cooperation and public awareness. Globally, best practices, including improving digital literacy, requiring strong cybersecurity policies and creating specialized cybercrime teams, are being embraced to fight this developing threat (Suwailem Reference Suwailem2019).
Elements of the Crime of Electronic Impersonation of a Website Owner’s Identity or Personality
The Jordanian legislature addressed the crime of impersonating a website owner in Article 3(C) of the Cybercrime Law, which states that:
Anyone who intentionally enters a website to change, cancel, destroy, modify its contents, occupy it, impersonate its character or impersonate its owner shall be punished with imprisonment for not less than three months and not more than one year, and with a fine of not less than two hundred (200) dinars and not more than one thousand (1,000) dinars.
Crime Scene
For this crime to be committed, there must be an intentional act of entering or accessing a website. Therefore, the crime scene is the website itself. Article 2 of the Jordanian Cybercrime Law defines a website as:
A space where information is made available on the information network through a specific address.
The same article defines the information network as:
A connection between more than one system to make data and information available and obtain them.
This means that websites are electronic pages that can be accessed via a computer or smartphone connected to the Internet.
As for data, Article 2 defines it as:
Everything that can be processed, stored, supplied or transferred using information technology, including writing, images, numbers, videos, letters, symbols, signals, etc.
Meanwhile, information is defined as:
Data that has been processed electronically and has acquired significance.
This definition is notably broad, as it does not restrict data to written documents but extends to all forms of digital expression, such as images, numbers, videos and symbols. The distinction between data and information is that the term data refers to raw, unprocessed elements, whereas information is data that has been electronically processed and holds meaning.
The Jordanian legislature has also distinguished information technology from the information system, the latter referring to a collection of programs, applications, social media platforms, devices or tools designed to create, transmit, process, store, manage or display data and information electronically.
The Material Element of the Crime of Impersonation
Unauthorized access to an information system is a fundamental step in committing the crime of impersonating a website owner. Article 4 of the explanatory memorandum to the now-repealed Information Systems Law defines intrusion as:
The intrusion or hacking into a website or information system that is not publicly accessible without authorization or in violation of or exceeding authorization.
From a legal perspective, scholars have attempted to define entry, distinguishing between hypothetical and actual entry to eliminate ambiguity. Some have broadly defined entry as:
Any successful interaction with a computer.
This broad definition is justified by the rapid evolution of Internet technology and its expanding capabilities (Al-Nawaisa Reference Al-Nawaisa2017:218). Another definition states:
All actions that allow access to an information system and the ability to view or control the data it contains or the services it provides (Al-Qoura 2003/Reference Al-Qoura2004:343).
Accordingly, the entry does not refer to a physical location but to a logical entry – accessing a website or information system electronically. This can be achieved through various means, ranging from simple actions, such as turning on a computer or opening a program, to more complex methods, such as obtaining an access code using a decoder.
Article 3(C) of the Jordanian Cybercrime Law does not specify a particular method of unauthorized access. Instead, the law considers all forms of unauthorized access – direct or indirect, remote or via communication networks – criminal offences. However, accessing a website or an information system does not constitute a crime unless the access is illegal.
Unauthorized Access and Permission
In website owner impersonation, illegitimacy arises when access occurs without permission. Article 1 of the Jordanian Cybercrime Law defines permission as:
The authorization granted by the concerned person to one or more individuals or the public to enter or access the information system, information technology or information network, or to use it.
Thus, criminal entry refers to access that occurs without the consent of the individual authorized to grant permission. If a website owner imposes restrictions on access, and an offender bypasses these restrictions – such as accessing a paid website without payment – the entry is considered unauthorized (Al-Qoura 2003/Reference Al-Qoura2004:343).
Article 3(C) of the Jordanian Cybercrime Law states that:
Whoever intentionally enters or accesses a website to change, cancel, destroy, modify its contents, occupy, encrypt, stop, disable it or impersonate its owner shall be punished by imprisonment for not less than three months and a fine of not less than six hundred (600) dinars and not more than three thousand (3,000) dinars.
The forms of attack covered under this provision include:
-
Changing, cancelling, destroying or modifying website content.
-
Occupying or impersonating a website.
-
Impersonating the website owner.
The material element of the crime is fulfilled when unauthorized entry occurs – whether by exceeding granted permission or by accessing without permission. The law criminalizes mere entry or access, meaning that if access is unintentional or accidental, no crime is committed, provided the offender can prove their lack of intent.
The Deficiencies in the Legal Text
Article 3(C) of the Jordanian Cybercrime Law is notable for a deficiency. The Jordanian legislature should have explicitly included the act of “remaining” on a website without authorization. This addition would strengthen the case against offenders, preventing them from falsely claiming good faith.
The Egyptian legislature addressed this issue in Law No. 175 of 2018 on Combating Cybercrime, where Article 14 states:
Whoever intentionally enters, or enters by unintentional error and remains without right, on a website, private account or information system that is prohibited from being accessed, shall be punished …
Forms of website manipulation include:
-
Alteration – Tampering with or manipulating data so that it loses its original authenticity.
-
Deletion – Removing data, either partially or entirely.
-
Modification – Making changes by adding, deleting or replacing content.
-
Destruction – Physically damaging data or reducing its function.
-
Occupation – Taking control of a website (known as site occupation).
-
Impersonation – Pretending to own or control a website without revealing the true identity of the legitimate owner.
Website Impersonation: A Sophisticated Cybercrime
Website impersonation is a relatively new cybercrime but is more dangerous and difficult to detect than individual impersonation. The perpetrator positions themselves between an Internet user and a legitimate website, allowing them to:
-
Monitor and steal exchanged information.
-
Modify or alter transmitted data.
-
Bypass secure communication systems (Al-Atoum 2023:39).
One method of committing this crime is hijacking a frequently visited website and converting it into an intermediary site. This requires either advanced programming skills or hacking into the website of a well-known service provider. Once an unsuspecting user enters the manipulated website, the perpetrator can intercept their interactions and steal sensitive information (Suleiman Reference Suleiman2003:313).
Legal Implications of Website Owner Impersonation
Website owner impersonation involves deception – the perpetrator falsely presents themselves as the legitimate owner, engaging in interactions and transactions under the stolen identity. Some common methods include:
-
Convincing victims to enter their login credentials under the pretence of website maintenance.
-
Launching cyberattacks on a targeted website to take control and repurpose it for fraudulent activities.
-
Hacking a well-known service provider’s website and installing malicious software redirecting users to a fake website.
Even the most secure systems can be vulnerable to such attacks, as perpetrators exploit difficult-to-detect security loopholes (Ibeneh Reference Ibeneh2021:93–4).
Crime Classification: A Formal Crime
Jordanian legal scholars – and we support this view – consider website impersonation a formal crime, punishable regardless of whether the attempt succeeds. The crime is committed when an unauthorized entry intending to impersonate occurs, regardless of whether the attack is completed.
The Moral Element
The crime of impersonating a website owner is an intentional offence where the moral element is established through criminal intent. Article 3(C) of the Jordanian Cybercrime Law states: “Anyone who intentionally enters or accesses a website shall be punished.” This indicates that the crime cannot be committed unintentionally.
Criminal Intent: Knowledge and Will
Criminal intent consists of two key elements:
-
Knowledge – The offender must be aware of the elements of the crime, the unlawfulness of their actions and the consequences of their behaviour.
-
Will – The offender’s actions must be deliberate and directed toward the prohibited conduct, which, in this case, is unauthorized entry into a website.
For instance, if a programmer mistakenly accesses someone else’s website, genuinely believing it to be their own, criminal liability does not apply, as the element of knowledge is absent. However, suppose the programmer continues accessing and viewing the website data, fully aware that it does not belong to them. In that case, they become criminally liable, as they now possess knowledge of their unlawful behaviour (Bani Khalid Reference Khalid and Zaid2021:40).
General versus Specific Criminal Intent
In addition to general criminal intent (the deliberate act of unauthorized entry), impersonating a website owner requires specific intent. Simply entering the website is insufficient – the offender must intend to impersonate the owner.
If the entry lacks a fraudulent purpose, the crime of impersonation does not occur. Instead, the act falls under the crime of hacking, as defined in Article 3(A) of the Jordanian Cybercrime Law (Al-Sagheer Reference Al-Sagheer2017:133–83).
This distinction is important:
-
If an unauthorized entry occurs without intent to impersonate, it constitutes hacking.
-
If the unauthorized entry is committed to impersonating the website owner, it is considered impersonation.
Unauthorized Entry versus Lawful Entry
For criminal liability to arise, the offender must knowingly engage in unauthorized access and understand that their actions are illegal. If unauthorized access occurs by mistake, the crime is not established. For example:
-
Suppose a system administrator or cybersecurity expert accesses a system at the request of its owner to test its security. This is not a crime, as the entry is authorized and lacks fraudulent intent (Khalil Reference Khalil2024:109).
-
If an individual believes they have proper access but unknowingly exceeds their permitted authority, criminal intent is absent, as knowledge of illegality is lacking (Al-Qoura Reference Al-Qoura2005:222).
The Role of Will in Criminal Intent
In addition to knowledge, the offender’s will must be directed towards carrying out one of the prohibited acts mentioned in the law. If the act was committed:
Criminal intent is absent if an individual accidentally or, due to error, recklessness or negligence, immediately leaves the website without unlawfully or exceeding authorized access (Al-Malt Reference Al-Malt2006:549).
Therefore, for the crime of impersonation to be established, the offender must:
-
1. Know that they are entering the website without authorization.
-
2. Willfully engage in the prohibited act.
-
3. Intend to impersonate the website owner.
The Crime of Creating an Account, Page, Group, Channel or Similar on Social Media Platforms and Falsely Attributing It to a Natural or Legal Person
Article 5(A) of the Jordanian Cybercrime Law states:
Anyone who creates an account, page, group, channel or similar on social media platforms and falsely attributes it to a natural or legal person shall be punished with imprisonment for no less than three months or a fine of no less than 1,500 dinars and not more than 15,000 dinars, or both penalties.
This crime consists of two key elements:
-
1. The material element (the act of creating and falsely attributing the account or platform).
-
2. The moral element (criminal intent).
The Material Element
The Jordanian legislature has recognized the need to combat digital identity theft, an essential aspect of digital privacy. Under Article 5, digital identity theft may occur in several forms, including:
-
Creating a page, channel or website in the name of another person.
-
Fabricating a website or email and falsely attributing it to a natural or legal person.
-
Designing a program or application and fraudulently associating it with an official body, public employee or another entity.
Similarly, the Egyptian legislature has addressed the crime of digital identity usurpation through Law No. 175 of 2018 on combatting cybercrime. It criminalizes actions such as:
-
Fabricating an email, website or social media account and falsely attributing it to a natural or legal person.
-
Enhancing the penalty if the fabricated identity is used to defame, harm or mislead others.
However, Egyptian law does not provide a detailed list of digital identity theft methods beyond email, website and account forgery (Suwailem Reference Suwailem2019:113).
Forms of Physical Conduct in the Crime
The physical act of this crime involves:
-
1. Creating, fabricating or manufacturing an account, page, group, channel or similar on social media platforms.
-
2. Falsely attributing it to a natural person (an individual with legal rights from birth) or a legal person (an entity recognized by law, such as a company or institution).
A social media account refers to a profile or group belonging to a natural or legal person, granting them access to specific services on a website or digital platform. Creating a page differs from creating a website – the former is a specific subsection within the broader framework of a website.
The Legal Definitions and Scope of Social Media
According to Article 2 of the Jordanian Cybercrime Law, a social media platform is:
Any electronic space that allows users to create an account, page, channel or similar, through which the user publishes, sends or receives images, videos, comments, writings, symbols or audio recordings.
Social media platforms serve as digital networking spaces, allowing users to communicate, share content and engage in virtual communities. These platforms include:
-
Twitter/X, Facebook, YouTube, Instagram and other widely used applications (Khalil Reference Khalil2024:120).
-
These platforms enable users to define personal details, share photographs, connect with others and access public information (Al-Ajimi Reference Al-Ajmi2022:186).
Criminal Liability and Examples
For this crime to be established, the perpetrator must falsely attribute the created content to a natural or legal person, as defined below:
-
A natural person gains legal personality upon birth, granting them the right to acquire legal rights and obligations.
-
A legal person (or corporate entity) is a recognized legal entity consisting of multiple individuals or assets (as defined in Article 50 of the Jordanian Civil Code).
Examples of criminal conduct are:
-
An offender creates a fake Twitter/X account, impersonating a well-known individual.
-
They use the person’s name, profile picture and writing style to make the account appear genuine.
-
The impersonator may post defamatory, inappropriate or misleading content, deceiving the public into believing they are the real person.
Such actions harm the reputation of the impersonated individual and mislead others, fulfilling the elements of the crime.
The Moral Pillar
This crime is classified as an intentional offence, where the moral element is represented by general criminal intent, which consists of two key components:
-
1. Knowledge – The perpetrator must be aware that they are engaging in criminal behaviour by creating an account, page, group, channel or similar on social media platforms and falsely attributing it to a natural or legal person.
-
2. Will – The perpetrator must have a deliberate intention to commit the act, meaning their will must be directed towards:
-
Creating an account, page, group, channel or similar on social media.
-
Falsely attributing it to a natural or legal person.
-
However, if the perpetrator’s will is absent due to a legal impediment to criminal liability, such as physical coercion, they cannot be held criminally responsible. For example, if an individual is forced under threat or duress to create a Facebook account impersonating another person, their will is nullified, and criminal liability is not established. In such cases, coercion serves as a legal barrier to punishment.
The Crime of Fabricating, Creating or Designing a Program, Application, Website, Email or Similar and Falsely Attributing It to a Natural or Legal Person
Article 5(B) of the Jordanian Cybercrime Law states:
Anyone who fabricates, creates or designs a program, application, website, email or similar and falsely attributes it to a natural or legal person shall be punished with imprisonment for not less than six months and a fine of not less than nine thousand (9,000) dinars and not more than fifteen thousand (15,000) dinars.
The Material Element
Criminal conduct under Article 5(B) of the Jordanian Cybercrime Law involves one of the following actions:
-
Fabricating, creating or designing a program, application, website, email or similar.
-
Falsely attributing it to a natural or legal person.
Key definitions and legal interpretations are as follows:
-
Designing refers to the development of websites and computer chips. It involves linking various digital elements (e.g. images) together, regardless of the installation method or encryption.
-
Forgery means altering the truth in an electronic document. This includes:
-
Presenting a program, application, website or email in a form different from its original state.
-
Misrepresenting data or modifying a document under pretences.
-
Under Article 3(B) of the Jordanian Cybercrime Law, destroying or deleting digital documents may constitute another crime, such as unauthorized access.
-
Article 3(B) of the Jordanian Cybercrime Law states:
If unauthorized entry into an information network, system or website leads to the cancellation, deletion, addition, destruction, disclosure, damage, blockage, modification, transfer or copying of data or information – or to the disruption of the network’s operation – the perpetrator shall be punished with imprisonment for no less than three months and no more than one year, along with a fine ranging from two hundred (200) to one thousand (1,000) dinars.
Some legal scholars argue that the Jordanian legislature’s use of terms such as “amendment” or “change” encompasses the meaning of verbal forgery, as it targets the alteration of digital data without focusing on its physical form.
Forgery versus Imitation
Forgery differs from imitation, which applies to paper documents, where the document’s substance, seals or signature are reproduced. Digital forgery, however, is unique in that it pertains to electronic data and documents rather than handwritten records.
The Physical Elements of the Crime
The crime occurs about the following digital platforms and tools. Programs are defined in Article 2 of the Jordanian Cybercrime Law as:
A set of technical commands and instructions designed to accomplish a task executable using information systems or any electronic means.
Applications are defined in Article 2 of the Jordanian Cybercrime Law as:
Sets of programs that provide services via smartphones and online platforms.
Websites are defined in Islamic jurisprudence as:
A rented space on the information network where individuals or organizations publish content, share images or create links to other sites.
Websites serve various purposes, including marketing, research, job searches and entertainment.
In respect of email:
-
Email is a system for electronic correspondence, widely used for personal and professional communication.
-
Users can send and receive messages, documents, images and attachments.
-
Examples include email services like Outlook, Gmail and Yahoo Mail.
The Requirement of False Attribution
For this crime to occur, the perpetrator must falsely attribute the fabricated, created or designed program, application, website or email to another individual or entity. This means:
-
Attributing the forged content to a natural person (a human with a legal personality).
-
Attributing the forged content to a legal person (an entity with corporate legal standing, as defined in Article 50 of the Jordanian Civil Code).
An example would be: a perpetrator creates a fake website or application in the name of a well-known company and uses it to conduct fraudulent activities. This deception misleads people into believing they are interacting with a legitimate company.
The Nature of the Crime
-
This offence is classified as a formal crime, meaning it is complete as soon as the criminal act is committed.
-
No harm or consequence is required for prosecution – simply creating and falsely attributing the digital content is sufficient.
-
The Jordanian Cybercrime Law does not recognize attempted forgery and does not explicitly penalize attempted misdemeanours.
The Moral Element
This crime is classified as an intentional crime, requiring the presence of general criminal intent, which consists of two elements: knowledge and will.
-
The perpetrators must know that their actions constitute a criminal offence, specifically creating, designing or fabricating a program, application, website, email or similar digital entity and falsely attributing it to a natural or legal person.
-
The perpetrator’s will must be freely directed toward both:
-
1. Creating, designing or fabricating a program, application, website or email.
-
2. Falsely attributing it to a natural or legal person.
-
The criminal intent is negated if the perpetrator’s will is impaired due to an impediment to criminal responsibility (e.g. coercion) (Suwailem Reference Suwailem2019:213).
Regarding motive and its legal relevance, the motive behind committing this crime is legally irrelevant to establishing guilt. However, motives may vary and include:
-
Personal satisfaction or amusement, demonstrating technical skills in cyberspace.
-
Revenge against an employer or personal enmity with the impersonated person.
Circumstances can be aggravated under Article 5(C) of the Jordanian Cybercrime Law. According to Article 5(C), the crime is elevated to a felony punishable by temporary hard labour in cases where:
-
1. The false attribution is made to an official body or a public employee.
-
2. The identity of a public employee is impersonated due to their official position.
In such cases, the penalty is increased due to the greater social harm and risk of public deception.
Conclusion
The Jordanian Cybercrime Law has made significant strides in addressing digital crimes, particularly in cases involving identity theft, unauthorized access and digital forgery. The law criminalizes acts such as creating fraudulent social media accounts, fabricating websites or emails, and impersonating individuals or entities. These offences are considered intentional crimes, requiring both knowledge and will from the perpetrator. The legal framework also recognizes the ongoing nature of identity impersonation, treating it as a crime that persists as long as the fraudulent identity is maintained.
Despite these advancements, the law still has specific gaps that must be addressed. One key issue is the differentiation between unauthorized access with malicious intent and access that unintentionally leads to impersonation. Strengthening penalties for deliberate identity theft and refining legal definitions would enhance the law’s effectiveness. Furthermore, criminalizing accidental entry into an electronic system followed by continued presence would help prevent loopholes that allow perpetrators to exploit personal data.
Aligning the Jordanian Cybercrime Law with international best practices, such as those adopted by the Egyptian legislature, would further strengthen protections against digital crimes. Amending Article 3(C) to explicitly criminalize remaining in an unauthorized system would help eliminate the defence of good faith access. Overall, while the existing legal framework provides a strong foundation for combatting cybercrimes, further refinements are necessary to ensure comprehensive protection against emerging digital threats.
Therefore, the following recommendations are suggested to strengthen the extant Jordanian Cybercrime Law No. 17 of 2023. First, the Jordanian legislature should distinguish between unauthorized access intended to impersonate the website owner and access that unintentionally results in impersonation. The penalty for cases where the impersonation is deliberate should be more severe, as proving malicious intent can be challenging. A clear distinction between these two scenarios would improve the effectiveness of the law in deterring such crimes. Second, it would benefit the Jordanian legislature to criminalize accidental access followed by a continued presence in an electronic data processing system, treating it as an offence against personal data. This helps close legal loopholes, allowing individuals to claim they accessed a system unintentionally while exploiting its data. Finally, Article 3(C) of the Jordanian Cybercrime Law also has a notable deficiency, which should be amended to include the word “remaining”. Therefore, by explicitly criminalizing unauthorized access followed by continued presence, the law would prevent individuals from claiming good faith after gaining entry. This approach would align Jordanian legislation with that of Egypt, which has adopted a stricter stance against unauthorized access and its consequences.
Competing interests
The authors have no conflicts of interest to declare.
Ibtisam Mousa Saleh is an Associate Professor at Amman Arab University, Jordan.
Abdul Raheem Adel Ghnaimat is a Master’s student in public law at Amman Arab University, Jordan.
Open access
