Promoting Effective and Inclusive ICT Policy in Africa

Tag Archives: cybercrimes

  HomeCollaboration on International ICT Policy for East and Southern Africa (CIPESA)  /  cybercrimes
13Dec

ANALYSIS: Zambia’s Proposed Cyber Laws Facilitate Suppression of Civil Liberties

Author CIPESA Writer Posted on

Zambia has published the Cyber Security Bill, 2024 and the Cyber Crimes Bill, 2024, which would repeal the Cyber Security and Cyber Crimes Act of 2021. These proposed laws’ objective of combating cyber crimes and promoting a safe and healthy digital society is welcome, as is the need for the country to strengthen its cyber security posture, including through legislation.

However, the current drafts of the laws not only miss the opportunity to cure some of the deficiencies in the 2021 cyber crimes law they are repealing but also introduce several, more regressive provisions.

In an analysis of the two Bills, the Collaboration on International ICT Policy for East and Southern Africa (CIPESA) and the Bloggers of Zambia, who also hosts the Zambia CSO Coalition on Digital Rights, point to the retrogressive and vague provisions in the two Bills, and offer recommendations that can render the proposed laws more robustly rights-respecting and effective in combating cyber crimes.

The bills have some progressive provisions, such as the separation of cybersecurity and cybercrime functions; the structured cybersecurity governance that includes the creation of dedicated bodies such as the Cyber Security Agency and the Cyber Incident Response Teams (CIRTs); and provision of a framework for mutual legal assistance and cooperation with foreign entities. The bills also introduce new offences in response to emerging cyberthreats, such as identity-related crimes, attacks on critical information infrastructure, cyber harassment, cyber terrorism, and “revenge pornography”.

However, the list of concerns is much longer, as detailed below:

  1. Weak Human Rights and procedural safeguards: The bills do not affirm adherence to regional and international human rights standards and obligations, such as privacy, freedom of expression, access to information, or due process. Also, enforcement measures lack comprehensive human rights and due process safeguards to ensure provisions and practices are proportionate, necessary, and pursue legitimate aims. 
  1. Potential for abuse of power: The bills provide law enforcement agencies significant discretion in applying their provisions, thereby increasing risks for political interference, unchecked surveillance and the widespread targeting of dissenters. These are aided by broad surveillance powers and ambiguous definitions of terms and offences, which create room for subjective interpretation and arbitrary application. These could be used to suppress freedom of expression and legitimate public discourse.
  1. Weak oversight and governance: There are limited independent or judicial review processes mandated for surveillance, data collection, or search and seizure activities. Further, the centralised control of the Cyber Security Agency and Central Monitoring and Co-ordination Centre (CMCC) and the absence of independent oversight mechanisms raise accountability concerns. Also, there is no clear separation of cybersecurity functions from the cybercrime-related functions between the two bills, which could lead to duplication and implementation challenges.
  2. Overly broad surveillance powers: Law enforcement is granted broad interception powers including real-time data collection and communication interception and extensive search-and-seizure powers. The provisions do not include clear limits or provide sufficient safeguards such as judicial oversight, proportionality, or transparency and accountability.
  1. Insufficient safeguards for privacy: The bills enable widespread surveillance and interception without clear provisions on data retention limits, purpose limitation, secure handling of intercepted data and oversight. This could allow for indefinite storage of data, increasing the risk of misuse or unauthorised access. Also, the absence of anonymity protections for whistleblowers, journalists, and researchers could criminalise legitimate anonymous or pseudonymous activities. The provisions limit privacy rights, and are in total disregard of the country’s Data Protection Act, 2021.

General Recommendations

  1. Provide adequate human rights and procedural safeguards: Incorporate a dedicated section affirming the bill’s compliance with Zambia’s constitutional and international human rights obligations. Further, align the bills with the Declaration of Principles on Freedom of Expression and Access to Information in Africa and the African Union Convention on Cybercrime and Personal Data Protection. In addition, conduct a Regulatory and Human Rights Impact Assessment and require periodic review of the bill’s implementation for potential human rights impacts.
  2. Strengthen oversight and governance mechanisms: Introduce mandatory independent judicial oversight, notification and documentation and annual reporting requirements on the use of powers under the bill, ensuring accountability and public trust. Establish independent oversight mechanisms for the Cybersecurity Agency, CMCC and surveillance practices. 

Review the structure and functioning of the newly established agencies vis-a-vis the roles of other agencies e.g. Office of the President, Ministry of ICT, Zambia Information Technology Authority (ZICTA), security agencies, among others, to enhance coordination and avoid duplication of roles and fragmentation. It is also important to have clear delineation of cybersecurity functions and cybercrime functions to avoid confusion or duplication of roles.

  1. Ensure proportionality: Many offences in the Cyber Crimes Bill criminalise minor or vague conduct without proportionality thresholds. Introduce proportionality clauses limiting criminalisation to significant harm, or graduated scales that enhance penalties based on severity, complexity and impact of offences on victims, critical infrastructure or organisations.
  2. Invest in capacity building: Provide a framework for training of law enforcement, prosecution and judiciary officials on applying the law proportionately, balancing enforcement with human rights protection.
  3. Ensure compliance with data protection laws: Ensure the bills align with the provisions of Zambia’s Data Protection Act, 2021, to protect individuals’ privacy rights.

The full analysis can be found here.

07Feb

Global Cyber Security Summit

The focus for this full-day program will be centered around strategic innovation in the war against cyber attacks — specifically addressing how cyber resilience will require an integrated approach across organizational functions, along with addressing the role of public-private partnerships in bolstering cyber defenses across sectors.
For more details on the event, click here.

02Feb

Lobby Calls For Internet Freedom, Urges Responsible Use Of Social Media

Author admin Posted on

By Lillian Mutavi |

A civil society that promotes effective and inclusive ICT policy in Africa has called for internet freedom in Kenya and responsible use of social media.
The Collaboration on International Policy for East and Southern Africa (CIPESA) has also condemned national and county governments for harassing bloggers, social activists and even journalists who use social media platforms to highlight issues of human rights, corruption and bad governance among other ills.
Speaking during a two-day media roundtable engagement in Nairobi, the CIPESA Executive Director Dr Wairagala Wakabi criticised governments for frequent harassment, legislative hurdles and public campaign to tarnish the reputation of activists who express their opinions on online platforms.
“Consequently, activism has affected the relationship between civil society and government with the relationship being characterised by mutual suspicion and apprehension in response to the scrutiny by civil society and media,” said Dr Wairagala.
Dr Wakabi urged journalists and mainstream media to advocate for online freedom and free flow of information arguing that many people consume information online than through old media such as newspapers.
He said that despite laws being put in place to govern the use of internet, they had been applied selectively targeting those who do not support the government.
Intimidation by government, he said, had discouraged may people from freely engaging and expressing their views as many turn to self-censorship.
“In the first two months of 2016, upto 10 social media users in Kenya were arrested or summoned by security authorities over their online posts. In 2015 the NGO Coordination Board issued a notice to deregister 959 organizations while in early 2017 the Kenya Human Rights Commission (KHRC) was once again threatened with closure,” said Dr Wakabi.
However, he said they are not against internet restrictions arguing that some of the information and content there posed a threat to national security and privacy and morals of citizens.
He singled out fighting child pornography, terrorism, hate speech, cybercrimes as what the government should be going after rather than curtailing individual freedom of expression.
“There is good reason to control what happens online but the laws in Kenya do not live upto the international best standards,” he said.
Photo: The Collaboration on International Policy for East and Southern Africa (CIPESA) executive director Wairagala Wakabi makes his presentation on internet freedoms in Kenya on January 27, 2017. Lillian Mutavi | Daily Nation Media Group
This article was originally published in the Daily Nation
21Apr

Is Tanzania Becoming an Internet Freedom Predator?

Author admin Posted on

By Juliet Nanfuka |
Tanzania appears to be steadily sliding into a predator of critical social media users, as state authorities continue to arrest and prosecute users for expressing what many see as legitimate opinions. In recent months, the country’s newly elected government has used  a controversial new law  to prosecute at least seven social media users, in spite of  constitutional guarantees of free speech.
Tanzanian netizens are falling foul of the Cybercrimes Act enacted last year, whose stated goal is “criminalizing offences related to computer systems and Information Communication Technologies”. The law has been used to charge citizens for “publication of false information” in accordance with Section 16 of the Act. It states: “Any person who publishes information or data, presented in a picture, text, symbol or any other form in a computer system knowing that such information or data is false, deceptive, misleading or inaccurate and with intent to defame, threaten, abuse, insult or otherwise deceive or mislead the public or councelling the commission of an offence, commits an offence, and shall on conviction be liable to a fine not less than five million shillings or to imprisonment for a term not less than three years or to both.“
On April 15, 2016 Isaac Habakuk Emily was appeared in court for the publication of false information using a computer system – in this instance Facebook. In a post, Emily referred to President Pombe Magufuli as an imbecile that could not be compared to the country’s founding leader, Julius Nyerere.  He appeared in court for insulting the president after his post was reported to the Tanzania Communications Regulatory Authority (TCRA).
See report on State of Internet Freedom in Tanzania 2015
Since the Cybercrimes Act took effect last September, Tanzanian social media users have “gone a little quiet”, according to journalist Joseph Warungu. And for good reason, as Emily is not the first individual against whom the law has been used. In October 2015, Benedict Angelo Ngonyani was charged for “spreading misleading information” after he posted on Facebook that Tanzania’s Chief of Defence Forces, General Davis Mwamunyange, had been hospitalised following food poisoning. In the same month, Sospiter Jonas was charged for posting to Facebook content stating that Tanzanian Prime Minister Mizengo Pinda “will only become a gospel preacher.” The following month, four staff of an opposition party were charged for publishing “inaccurate” election results on Facebook and Twitter.
The stated objective of the Cybercrimes Act was to fight rising incidents of cybercrime such as bank fraud, mobile money theft, phishing attacks, website hacking and spoofing. However, even as it was being debated, human rights defenders warned that the government would use the law to suppress critical voices. As one activist stated, “We usually use various internet platforms to communicate our information—Twitter, Facebook, blogs, SMS, WhatsApp, etc. The use of all these forms will be rendered useless by the Act which in part criminalises transmission of any information deemed misleading, defamatory, false or inaccurate by the government.”
The Cybercrimes Act was reportedly passed in the middle of the night and has been criticised for disregarding press freedom and freedom of expression, granting excessive powers to police, and offering limited protections to ordinary citizens.
Clamping down on social media users is a trend that has been increasingly witnessed in East Africa and beyond.  In Kenya, Section 29 of the Kenya Information and Communications Act (2013) has been used to charge up to 10 social media users for “the improper use of a telecommunication system” in 2016 alone. In Uganda, Section 25 of the Computer Misuse Act bears similar language and states, “Any person who willfully and repeatedly uses electronic communication to disturb or attempts to disturb the peace, quiet or right of privacy of any person with no purpose of legitimate communication whether or not a conversation ensues commits a misdemeanor.” In the lead up to the February 2016 general elections, a series of arrest were made which saw social media users charged using this law.
Further afield, South Africa’s Cybercrimes and Cybersecurity Bill (2014) also bears similar vague clauses that muzzle opinion of the media, bloggers and other independent actors that promote freedom of expression and increased state transparency. In Nigeria, the Frivolous Petitions Bill (2015), popularly known as the Social Media Bill, threatens to muzzle public expression online.
The Cybercrimes Act is one of several laws Tanzania  enacted in the lead up to the October 2015 general elections despite public outcry that these laws granted excessive powers to the police criminalised  expression and access to information, and did not provide clear legal recourse to citizens.
As affronts to citizens’ online rights in Tanzania and other countries continue, self-censorship is likely to prevail which in turn would have a negative impact on citizen participation, transparency and accountability in governance.
NB: Section 16 of the Cybercrimes Act 2015 has been adjusted to reflect the fine of not less than five million shillings or to imprisonment for a term not less than three years or to both.