In December 2013, the Kenya ICT Action Network (KICTANet) led online discussions on the proposed African Union Convention on Cyber Security (AUCC). The convention establishes a framework for cyber security in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime.”
Civil society and academia have raised concerns about some of the articles in the convention, which had earlier been expected to be signed in January 2014. Latest reports indicate that, at the earliest, the law could be signed in June this year.
The report on the discussions will be used by KICTANet and partners such as CIPESA to create awareness and lobby African governments to pass legislation and instruments that fully support the privacy of individuals and the fully enjoyment of their freedom of expression online.
The stated background to the convention is that the African Union is seeking ways to intensify the fight against cybercrime across the continent“in light of the increase in cybercrime, and the lack of mastery of security risks by African countries.”
Furthermore, the AU states that a major challenge for African countries is the lack of adequate technological security to prevent and effectively control technological and informational risks. As such, it adds, “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”.
The intentions may be legitimate but, as noted by the online discussions, some of the articles in the current version of the convention could be used to negate individuals’ privacy and their right to express themselves through online mediums.
Take, for example, Article III – 34. It states that AU member states have to “take necessary legislative or regulatory measures to set up as a penal offense the fact of creating, downloading, disseminating or circulating in whatsoever form, written matters, messages, photographs, drawings or any other presentation of ideas or theories of racist or xenophobic nature using an a computer system.”
How does this clause balance with the fundamental right to freedom of expression? Experts argue that this clause is problematic as it requires a measure of truth, which is hard to actually legislate or determine owing to the relativity of truth. They add that this sort of law would likely be unenforceable.
The discussion noted that although African countries needed legal framework on cybercrime, the current proposals need numerous amendments. The discussions also noted a need for the African Union Commission to engage with civil society to draw up progressive and enforceable laws. However, civil society had the added task of creating awareness and capacity among citizens on cyber security and the need to uphold freedoms of expression online.
These discussions were conducted on multiple lists of KICTANet and the Internet Society (ISOC) Kenya and on the I-Network and ISOC Uganda ists moderated  by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA), from 25 – 29, November 2013. They were also shared through numerous pan-Africa and global lists on ICT policy and online freedom.
Download the full discussions report here.