By Apolo Kakaire |
Local nuances, technology neutrality and cross-border cooperation should be at the heart of multi-stakeholder negotiations by African states as part of the United Nations (UN) process on elaborating an international convention on cybercrime. This is according to experts who brainstormed on how African stakeholders can contribute to the planned negotiations, and the role African civil society organisations can play in this process.
Speaking at a session on Africa and the Future of International Cybercrime Cooperation as part of the eighth edition of the Forum on Internet Freedom in Africa (FIFAfrica), Dr. Katherine Getao, the Chief Executive Officer of the Information and Communication Technology Authority of Kenya, stated that African countries have grown some capacity and are better equipped to negotiate in international norm-setting fora. However, she urged states not to “just send lawyers and diplomats” but assemble balanced teams including technical experts that enrich the negotiations.
According to Dr. Getao, while contexts vary between the different countries on the continent, given the complexity of cybercrime, it is imperative that African countries strategically focus on what works for their countries to ensure clarity on priorities. Moreover, she called for a local process to coordinate participation in the international process but also to ensure eventual implementation of the agreed conventions.
George-Maria Tyendezwa, the Africa Group Vice Chair of the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes, urged African countries to engage with the negotiations “irrespective of their installed capacity”. Since countries are at different levels of growth in the area of cybercrime, cooperation would enable continued peer learning.
Globally, Ransomware attacks have surged drastically with damage estimated to hit USD 6 trillion in 2021. Such attacks and other cybercrimes affect all countries, but in Africa, weak network infrastructure security especially within financial institutions, governments, and e-commerce companies makes countries especially vulnerable. In March 2021 Interpol established the African Joint Operation Against Cybercrime (AFJOC), a project to drive intelligence-led, coordinated actions against cybercrime and its perpetrators in African member countries.
Speakers at the FIFAfrica21 session acknowledged that the African cybercrimes landscape presents unique challenges related to detection and investigations, and poor technical capacity among law enforcement officials to retrieve evidence to support criminal prosecution. Given the transnational nature of cybercrime, international cooperation at infrastructure level is key in the recovery of evidence to prosecute perpetrators.
However, the regulatory framework for international cooperation on cybercrime remains weak and fraught with lack of commitment. For instance, while the Budapest Convention is 20 years old, only 66 countries have ratified it across the world. Similarly, the Malabo Convention whose implementation in Africa requires 15 ratifications has only registered eight so far.
Citing the example of the cost of cybercrime in Africa, which in comparison to other economies and the monetary threshold of cybercrime under international law may seem paltry, Michael Ilishebo, a Digital Forensic Analyst and Cyber Crime Investigator with the Zambia Police Service, emphasised that the legal framework governing cybercrime on the continent should be home- grown and resonate with the region’s crime patterns. To strengthen their bargaining power during negotiations, however, African states need to develop national and regional positions and synchronise these with the UN ad hoc committee. “We should have a consensus on [the] Malabo [Convention] before we start talking about Budapest. We should first ensure that African cyberspace is safe before we rush to the UN,” said Ilishebo.
For her part, Tatiana Tropina from Leiden University said negotiations should ensure that frameworks are technology neutral so as to deal with emerging unanticipated aspects. By defining illegal conduct irrespective of the medium, technology neutral legislation would give some certainty to criminal justice. “When the instrument at the global level says this is what should be stopped, this should trigger domestication which can vary in as much as it does not violate the agreed principles,” said Tropina.
On the multi-faceted approach to tackling cybercrime, Dr. Getao emphasised that focus should not only be on individual perpetrators but also technology service providers who expose consumers to crimes. “There are civil and criminal aspects that should be taken into account,” she said. As such, a truly global solution must be developed in a participatory way, balancing law enforcement, foreign policy and human rights interests.
Among the suggested ways to achieve the balance was consensus on key principles, clarity that emerging concerns resonate with existing principles, and human rights due diligence as part of the processes. “Vulnerable communities take the main brunt of cybercrime and this must be taken into consideration as duties of states to guarantee non-discrimination, fair trial, respect for human rights law, access to information and to legal attorney,” said Klara Jordan, the Chief Public Policy Officer of the Cyber Peace Institute. The Institute has recently launched a Multi-stakeholder Manifesto as a guide ahead of treaty negotiations at the UN.
Ultimately, cybercrime should be considered beyond law enforcement and include the perspectives of civil society who also have a role to play in the implementation of conventions and yet also happen to be victims. “Civil society and individuals being part of the solution is very key and governments must open up,” said Jordan.