FIFAfrica21: Africa Must be Assertive in International Cybercrime Negotiations

By Apolo Kakaire |

Local nuances, technology neutrality and cross-border cooperation should be at the heart of multi-stakeholder negotiations by African states as part of the United Nations (UN) process on elaborating an international convention on cybercrime. This is according to experts who brainstormed on how African stakeholders can contribute to the planned negotiations, and the role African civil society organisations can play in this process.

Speaking at a session on Africa and the Future of International Cybercrime Cooperation as part of the eighth edition of the Forum on Internet Freedom in Africa (FIFAfrica), Dr. Katherine Getao, the Chief Executive Officer of the Information and Communication Technology Authority of Kenya, stated that African countries have grown some capacity and are better equipped to negotiate in international norm-setting fora. However, she urged states not to “just send lawyers and diplomats” but assemble balanced teams including technical experts that enrich the negotiations. 

According to Dr. Getao, while contexts vary between the different countries on the continent, given the complexity of cybercrime, it is imperative that African countries strategically focus on what works for their countries to ensure clarity on priorities. Moreover,  she called for a local process to coordinate participation in the international process but also to ensure eventual implementation of the agreed conventions. 

George-Maria Tyendezwa, the Africa Group Vice Chair of the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes, urged African countries to engage with the negotiations “irrespective of their installed capacity”. Since countries are at different levels of growth in the area of cybercrime, cooperation would enable continued peer learning. 

Globally, Ransomware attacks have surged drastically with damage estimated to hit USD 6 trillion in 2021. Such attacks and other cybercrimes affect all countries, but in Africa, weak network infrastructure security especially within financial institutions, governments, and e-commerce companies makes countries especially vulnerable. In March 2021 Interpol established the African Joint Operation Against Cybercrime (AFJOC), a project to drive intelligence-led, coordinated actions against cybercrime and its perpetrators in African member countries.

Speakers at the FIFAfrica21 session acknowledged that the African cybercrimes landscape presents unique challenges related to detection and investigations, and poor technical capacity among law enforcement officials to retrieve evidence to support criminal prosecution. Given the transnational nature of cybercrime, international cooperation at infrastructure level is key in the recovery of evidence to prosecute perpetrators.

However, the regulatory framework for international cooperation on cybercrime remains weak and fraught with lack of commitment. For instance, while the Budapest Convention is 20 years old, only 66 countries have ratified it across the world. Similarly, the Malabo Convention whose implementation in Africa requires 15 ratifications has only registered eight so far. 

Citing the example of the cost of cybercrime in Africa, which in comparison to other economies and the monetary threshold of cybercrime under international law may seem paltry, Michael Ilishebo, a Digital Forensic Analyst and Cyber Crime Investigator with the Zambia Police Service, emphasised that the legal framework governing cybercrime on the continent should be home- grown and resonate with the region’s crime patterns. To strengthen their bargaining power during negotiations, however, African states need to develop national and regional positions and synchronise these with the UN ad hoc committee. “We should have a consensus on [the] Malabo [Convention] before we start talking about Budapest. We should first ensure that African cyberspace is safe before we rush to the UN,” said Ilishebo. 

For her part, Tatiana Tropina from Leiden University said negotiations should ensure that frameworks are technology neutral so as to deal with emerging unanticipated aspects. By defining illegal conduct irrespective of the medium, technology neutral legislation would give some certainty to criminal justice. “When the instrument at the global level says this is what should be stopped, this should trigger domestication which can vary in as much as it does not violate the agreed principles,” said Tropina.

On the multi-faceted approach to tackling cybercrime, Dr. Getao emphasised that focus should not only be on individual perpetrators but also technology service providers who expose consumers to crimes.  “There are civil and criminal aspects that should be taken into account,” she said. As such, a truly global solution must be developed in a participatory way, balancing law enforcement, foreign policy and human rights interests. 

Among the suggested ways to achieve the balance was consensus on key principles, clarity that emerging concerns resonate with existing principles, and human rights due diligence as part of the processes. “Vulnerable communities take the main brunt of cybercrime and this must be taken into consideration as duties of states to guarantee non-discrimination, fair trial, respect for human rights law, access to information and to legal attorney,” said Klara Jordan, the Chief Public Policy Officer of the Cyber Peace Institute. The Institute has recently launched a Multi-stakeholder Manifesto as a guide ahead of treaty negotiations at the UN. 

Ultimately, cybercrime should be considered beyond law enforcement and include the perspectives of civil society who also have a role to play in the implementation of conventions and yet also happen to be victims. “Civil society and individuals being part of the solution is very key and governments must open up,” said Jordan.

Council of Europe to Host Session on Cybercrime Legislation in Africa at the Forum on Internet Freedom in Africa 2018 (FIFAfrica18)

Announcement |
The Forum on Internet Freedom in Africa 2018 (#FIFAfrica18) is pleased to announce the participation of the Council of Europe (CoE), through its Cybercrime Division, at the landmark event which is set to take place in Accra, Ghana, at the end of September.
The panel aims to contribute to the on-going efforts on harmonisation of national cybercrime laws with international and regional standards in the African continent, and provide a specific focus on human rights safeguards. International experts, with background on drafting, implementing and enforcing cybercrime legislation, will facilitate an interactive discussion with the participants by introducing the current state of cybercrime legislation in the African continent, debating the progress made in the recent years and discussing the entailed human rights challenges.
FIFAfrica convenes various stakeholders from the internet governance and online rights arenas in Africa and beyond to deliberate on gaps, concerns and opportunities for advancing privacy, access to information, free expression, non-discrimination and the free flow of information online. This year’s forum, which runs from September 26 to 28, is hosted by the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Media Foundation for West Africa (MFWA).
According to recent statistics, Africa is exhibiting one of the fastest growth rates in Internet penetration worldwide, with digital connectivity that has almost tripled in the last five years. In the same period, both governments and private sector entities in Africa have been experiencing an equally increasing trend of cyber-attacks.
The CoE has taken steps to protect the pillars of democracy in the digital age particularly as  large-scale theft of personal data, computer intrusions, bullying, harassment and other forms of cyber violence, or sexual violence against children online, affect the extent to which the use of online tools enables participation in democratic processes. Moreover, it is notable that hate speech, xenophobia and racism may contribute to radicalisation, leading to violent extremism.
Attacks against computers used in elections and election campaigns are attacks against democracy. Daily attacks against critical information infrastructure affect national security and economic and other national interests as well as international peace and stability. Moreover, evidence in relation to fraud, corruption, murder, rape, terrorism, the sexual abuse of children and, in fact, any type of crime may take the form of electronic evidence, which is volatile, often intangible and probably in other jurisdictions. And accessing such evidence also has implications for human rights and the rule of law. Effective, legally compliant and robust procedures for the identification, collection and preservation of electronic evidence are therefore essential.
It is in regard to these trends that the CoE will host a panel discussion at FIFAfrica18 that will include reference to the Budapest Convention. The convention is an international treaty that aims at providing substantive legislation and procedural powers for criminal justice authorities to effectively tackle cybercrime, while upholding rule of law and human rights. Since its entry into force in 2004, the Budapest Convention has proven to be a solid baseline for enhanced cooperation across borders, and many governments in Africa, as well as in the rest of the world, have undertaken legal reforms using it as a guideline.