La nouvelle loi du Mali sur la cybercriminalité potentiellement problématique pour les droits numériques

Par Simone Toussi |
Le 5 décembre 2019, le président du Mali a promulgué la loi n° 2019-056 portant Répression de la Cybercriminalité. Bien qu’opportune et pertinente, certaines de ses dispositions constituent des menaces potentielles à la vie privée et la liberté d’expression en ligne, en particulier, compte tenu des défaillances démocratiques du Mali et de son faible classement en matière de liberté de la presse.
La nouvelle loi s’applique à « toute infraction commise au moyen des technologies de l’information et de la communication (TIC) en tout ou partie sur le territoire de la République du Mali, toute infraction commise dans le cyberespace et dont les effets se produisent sur le territoire national » (article 2). Elle fait partie d’un cadre législatif jugé nécessaire pour soutenir les réformes dans le secteur des TIC, conformément à la Déclaration de politique sectorielle des télécommunications du Mali, de l’année 2000.
Des atteintes à la vie privée à l’autoritarisme numérique
La Constitution du Mali garantit la confidentialité des communications en vertu de l’article 6, une disposition qui est renforcée par l’article 5 de la loi portant protection des données à caractère personnel de 2013 l’article 1er de la loi régissant les télécommunications de 1999. La loi sur la cybercriminalité est malheureusement en conflit avec ces prédispositions en faveur du droit à la vie privée.
Les articles 74 à 78 de la loi sur la cybercriminalité autorisent la perquisition et la saisie informatique de données dans les procédures d’enquêtes criminelles. En outre, en vertu de l’article 75, les données peuvent être copiées et stockées lorsque « la saisie du support ne paraît pas appropriée ». La loi ne prévoit pas comment les données copiées doivent être stockées, traitées ou supprimées à l’issue des enquêtes. Cela sape le principe de protection des données énoncé dans l’article 7 de la loi sur la protection des données à caractère personnel – selon lequel les données à caractère personnel ne doivent être conservées que pour une période et un objectif précis.
De plus, les articles 83 à 86 suggèrent une surveillance en temps réel par l’interception des communications. Les prestataires de services sont tenus de coopérer avec les autorités, notamment en veillant à ce qu’ils disposent des moyens techniques nécessaires pour faciliter l’interception des communications. Ces pouvoirs étendus doublent ceux qui sont accordés aux autorités en vertu de l’article 4 de la loi sur les télécommunications. Ce dernier stipule : « Lorsque la sécurité publique ou la défense du territoire du Mali l’exige, le gouvernement peut, pour une durée limitée, réquisitionner tous les réseaux de télécommunications établis sur le territoire du Mali, ainsi que les équipements qui y sont connectés et / ou interdire la fourniture de services de télécommunications. » Cet article a été utilisé par le passé, lorsque le gouvernement a ordonné des perturbations de réseaux sociaux en 2016 lors des manifestations publiques, et plus récemment, une coupure d’Internet lors des élections de 2018.
En outre, les prestataires de services de communication sont tenus de mettre en place des mécanismes de contrôle des systèmes d’activités illégales potentielles. Tout refus d’informer les autorités de ces activités illégales est passible d’une peine de prison allant de six mois à deux ans, une amende de 500 000 à 2 000 000 francs CFA (830 à 3 318 dollars américain – USD) ou les deux (article 25).
Des alertes pour la liberté d’expression
Bien que la constitution du Mali garantisse la liberté d’expression et d’opinion (article 4), la loi portant régime de la presse et délit de presse (2000) est vague car elle ne garantit pas explicitement la liberté de la presse ou le pluralisme médiatique, ni ne définit les délits de presse. Elle ne contient pas non plus des dispositions sur les médias en ligne. Cela constitue un vide qui précède la loi sur la répression de la cybercriminalité qui, pour sa part, contient des dispositions qui affectent directement la liberté d’expression et d’opinion.
Les articles 20 et 21 de la nouvelle loi punissent les menaces et les insultes faites par le biais d’un système d’information, avec des sanctions allant de six mois à 10 ans d’emprisonnement, et une amende de 1 000 000 à 10 000 000 CFA (1 680 à 16 800 USD), ou les deux. Sans définir ni clairement détailler les éléments constitutifs de la « menace » ou de l ‘ « insulte », ces dispositions sont sujettes à des interprétations pouvant entraver la liberté d’expression. Cela est d’autant plus critique que ces termes ne sont pas non plus définis par la loi portant régime de presse et délit de presse, dans son article 33 sur l’incitation et l’article 38 sur la diffamation.
De plus, les articles 55 et 56 condamnent la « diffusion publique » de « tous imprimés, tous écrits, dessins, affiches, gravures, peintures, photographies, films ou clichés, matrices ou reproductions photographiques, emblèmes, tous objets ou images contraires aux bonnes mœurs. » Les sanctions correspondantes vont de six mois à sept ans d’emprisonnement, une amende de 500 000 à 10 000 000 CFA (840 à 16 800 USD), ou les deux.
L’article 54 de la loi sur la cybercriminalité stipule que les infractions de presse, commises par le biais des technologies de l’information et de la communication, à l’exception de celles commises par la presse sur Internet, sont punies par les peines de droit commun ». Étant donné que la loi sur la presse ne comporte pas de disposition pour la presse en ligne, la distinction entre les délits de presse via les TIC et les délits de presse via internet n’est pas claire. En outre, il y a un manque de précision quant à déterminer si une infraction relève de la loi sur la cybercriminalité, du droit commun ou de la loi sur la presse.
L’article 23 prévoit une amende de 200 000 à 2 000 000 CFA (de 332 à 3 318 dollars américain), une peine d’emprisonnement de six mois à un an, ou les deux, pour les faux signalements d’activités ou contenus illicites, « dans le but d’en obtenir le retrait ou d’en faire cesser la diffusion par un prestataire de services de communications au public par voie électronique ». Cependant, les activités et contenus considérés comme illicites et donc soumis à dénonciation, ne sont pas définis par la loi.
Les mesures à prendre
La loi est bien orientée pour garantir une utilisation sûre et sécurisée des TIC au Mali. Elle entre cependant en vigueur dans un contexte fragile. Les dispositions relatives au traitement des données dans les procédures d’enquêtes criminelles présentent un risque important pour l’intégrité, la sécurité et la confidentialité des données personnelles. En outre, la loi impose une lourde charge aux intermédiaires de télécommunications pour suivre et surveiller l’activité du réseau, et tient ces intermédiaires responsables des actes de leurs clients. Les dispositions relatives aux délits de presse en ligne sont incompatibles avec la législation sur les médias à l’ère du numérique. La nouvelle loi et les lois connexes existantes nécessitent donc des révisions pour sauvegarder et faire respecter les garanties constitutionnelles de la liberté d’expression et de la vie privée, en ligne et hors ligne.

Advancing Collaborations in Strategic Litigation for Digital Rights in East Africa

By Edrine Wanyama |

Strategic litigation has gained recognition as a tool for pushing back against restrictions on rights to privacy, access to information and freedom of expression, assembly and association in the digital sphere in Africa. Notable cases have been recorded in Burundi, Kenya, Tanzania, Uganda, Cameroon, Gambia, Zimbabwe, and Sudan.

However, litigation for digital rights remains under-utilised across the continent due to lack of effective collaboration between actors such as lawyers, activists, academia, civil society organisations and other technical experts.

At the 2019 Forum on Internet Freedom in Africa (FIFAfrica19) in Addis Ababa, Ethiopia, a workshop was hosted to promote best practices for more effective collaboration across disciplinary silos in digital rights litigation. The session also aimed to raise the visibility of the outcomes and lessons learned from three recent digital rights cases and campaigns in Kenya, Tanzania and Uganda, alongside global experiences by Access Now, the Electronic Frontier Foundation (EFF) and the Media Legal Defense Initiative (MLDI), so as to inform future intervention. It was attended by 22 participants comprising of parliamentarians, lawyers, academics, journalists, digital rights activists, civil society actors and representatives of government agencies.

The workshop and case analysis were premised on the catalysts for collaboration which outline 12 principles in advancing digital rights campaigns using litigation.

The 12 Catalysts for Collaboration

Various issues emerged during the workshop and in many instances echoed the experiences of cases in East Africa and beyond. In his presentation, “Litigating Digital Rights and Online Freedom of Expression in East, West and Southern Africa”, Padraig Hughes from MLDI explored  internet regulation and international human rights instruments provisions related to digital rights, including data protection and privacy, the right to be forgotten, encryption, anonymity and cybercrime. He noted that whereas countries across the world were party to many of the instruments, case law on internet regulation in Africa was not as advanced as in other continents. Indeed, a study of the case of The Bloggers Association of Kenya (BAKE) v Hon. Attorney General & Three Others in Kenya indicates that due to limited precedent and case law on strategic litigation in Africa, BAKE had to rely heavily on European Union case law as a reference point.

BAKE’s petition challenged the Computer and Misuse Act, 2018, stating that it violated, infringed and threatened fundamental freedoms protected in the Bill of Rights in the Constitution of Kenya, 2010. In May 2018, a judge granted interim conservatory orders, suspending 26 clauses in the Act. To-date, a hearing date is yet to be set for the case. However, the orders granted remain in force pending the hearing.

The EFF’s Corynne McSherryn presented collaborative cases which challenged border device search and seizures in the United States of America, as part of which border and pocket guides have been issued to help travellers in securing their digital data before travelling. The publicity and awareness approach of the guides is similar to that adopted in pushing back against a social media tax in Uganda by encouraging the use of Virtual Private Networks (VPNs). A case related to this pushback is the Cyber Law Initiative (U) Limited and Five Others Versus The Attorney General of Uganda and Two Others.

On July 2, 2018, Cyber Law Initiative (U) Limited and four individuals – Opio Daniel Bill, Baguma Moses, Okiror Emmanuel and Silver Kayondo – sued the Attorney General, the Uganda Communications Commission (UCC), and the Uganda Revenue Authority (URA) in the Constitutional Court over an amendment to the Excise and Duty Act. The amendment introduced a tax of Uganda Shillings (UGX) 200 (USD 0.05) per day in order to access Facebook, WhatsApp, Twitter, and Viber, among other social media platforms. The case relied heavily on print, broadcast and online media to raise public awareness and push back against the tax through encouraging use of Virtual Private Networks (VPNs). It is over a year since the case was filed and all relevant submissions have been tabled before court. However, a hearing date has not been fixed. Efforts to have the case hearing date fixed have included a petition to the Deputy Chief Justice with an annexation of over 400 signatures, to no avail.

Aaron Kiiza, part of the legal team on the Uganda social media tax case, noted that collaborative litigation remains a major challenge due to group dynamics and unforeseen circumstances. This was the case in Tanzania where three collaborators withdrew from Legal and Human Rights Center and Two Others v. The Minister for Information, Culture, Arts and Sports, the Tanzania Communications Regulatory Authority and the Attorney General, which demoralised the group and was deemed as the “starting point of defeat” in the case.

The Legal and Human Rights Centre, Media Council of Tanzania, Tanzania Media Women Association (TMWA), Jamii Media, Tanzania Human Rights Defenders Coalition (THRDC), and the Tanzania Editors Forum (TEF) filed a case in the High Court of Tanzania challenging enforcement of the Electronic and Postal Communications Act (EPOCA) (Online Content Regulations) of 2018. The applicants argued that the regulations were promulgated in excess of power, illegal, against the principles of natural justice, unreasonable, arbitrary and ambiguous. However, three applicants (Jamii Media, TAMWA and TEF), later withdrew from the case. TAMWA and TEF’s withdrawal from the case was attributed to waning interest, while that of Jamii Media was due to separate criminal proceedings against its Executive Director, which had already put a strain on the organisation’s operations.

 On May 4, 2018, the Court issued a temporary injunction preventing the implementation of the Regulations which were to take effect the following day on May 5, 2018. However, the government of Tanzania appealed against the decision, and Court overturned the injunction and dismissed the case, with each party bearing its own costs.

Meanwhile, in the Zimbabwean case against the network disruption of January 2019, Kuda Hove from the Media Institution of Southern Africa (MISA) Zimbabwe observed that collaborative litigation sometimes leads to delays which can affect justice. In the Kenyan case, time constraints required BAKE to draft and file the petition, under certificate of urgency, with only two days left before the Computer Misuse and Cybercrimes Act, 2018 came into force. Hove noted that there is always the need to strengthen communications among parties and collaborators who may fail on their duties and obligations during the litigation.

Participants also highlighted the lack of digital rights knowledge, skills and competencies amongst judges and lawyers a shared experience across all three cases studied. Resource constraints which affect evidence gathering are another shared challenge.

Furthermore, the slow nature of legal processes was acknowledged. The cases in East Africa have been fraught with setbacks, including case backlog and judiciary transfers leading to fatigue of both the legal counsel and the general public.

The workshop and case analysis were carried out as part of a CIPESA-MLDI project aimed at increasing the availability of information on digital rights cases in Africa and lessons learned to inform future intervention for effectiveness, creativity and resilience of cases. The documenting of the case studies was conducted by CIPESA in partnership with the Kenya ICT Action Network (KICTANet) and Tanzania Human Rights Defender’s Coalition (THRDC), and involved expert consultations, literature review and interviews.

Call for Applications: Round Two of the Africa Digital Rights Fund (ADRF)

Call for Applications |
The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is pleased to invite applications for round two of the Africa Digital Rights Fund (ADRF).
Launched in April 2019, the ADRF responds to rising digital rights violations such as arrests and intimidation of internet users, network shutdowns, and a proliferation of laws and regulations that hamper internet access and affordability. It offers flexible and rapid response grants to select initiatives in Africa to implement activities that advance digital rights and the potential of technology to uphold human rights, advance democratic governance or drive innovation.
In the inaugural round of ADRF, initiatives with activities spanning 16 African countries received a total of USD 65,000.
In round two, the ADRF seeks to support initiatives in various thematic areas, including but not limited to the following:

  • Access and affordability
  • Access to Information
  • Cybercrime
  • Data protection and privacy
  • Digital economy
  • Digital Identity (ID)
  • Digital security
  • Diversity and inclusion
  • eGovernance
  • Freedom of expression
  • Hate speech
  • Innovation for democratic participation, transparency and accountability (civic and social tech)
  • Misinformation/Disinformation
  • Network disruptions
  • Strategic litigation
  • Surveillance

Grant amounts range between USD 1,000 and USD 20,000, depending on the need and scope of the proposed intervention. The ADRF strongly encourages cost-sharing. The grant period will not exceed 10 months. It is anticipated that around 15 grants will be awarded in this round.
Together with the inaugural winners, round two grantees will be eligible for technical and institutional capacity building, including on data literacy and advocacy skills through the Data4Change initiative. As such, applicants are encouraged to identify existing data sets or indicate willingness to collect and collate data as may be relevant to the proposed initiatives.
The deadline for submissions is Friday December 6, 2019. Read more about the Fund and round two guidelines here.  The application form can be accessed here.

Call For Proposals: Operations, Strategic Communication and Capacity Building Support for the African Internet Rights Alliance (AIRA)

Call for Proposals |
The African Internet Rights Alliance (AIRA) – an alliance of ten civil society organizations based in Uganda, Nigeria, Kenya, South Africa and Senegal – are pleased to issue this open call for proposals for a consultancy to support the operation, strategic planning and communications capacity building of the Alliance. Members of the Alliance agree to work in collaboration with each other to advance a positive environment around Digital Rights on the African continent within the next three to five years.
Further information on the call can be found here.
 

Inaugural Winners of the Africa Digital Rights Fund Announced

Announcement |
The Collaboration on International ICT Policy for East and Southern Africa (CIPESA) is pleased to announce the winners of the first round of the Africa Digital Rights Fund (ADRF). A total of USD 65,000 has been awarded to 10 initiatives that will advance digital rights in 16 African countries – Algeria, Burundi, Egypt, Ethiopia, Gambia, Mozambique, Namibia, Nigeria, Sierra Leone, Senegal, South Sudan, Tanzania, Tunisia, Uganda, Zambia and Zimbabwe.
Launched in April 2019, the ADRF is aimed at growing the number of individuals and organisations that work to advance digital rights in Africa, amidst rising digital rights violations such as arrests and intimidation of internet users, network disruptions, and a proliferation of laws and regulations that hamper internet access and affordability, and undermine the potential of digital technologies to catalyse free expression, civic participation, and innovation.
Although it is still early days, the Fund has received profuse interest from across the continent, with several worthy initiatives proposing projects including in countries with numerous digital rights challenges but little effort to address them. 
According to Ashnah Kalemera, the CIPESA Programmes Manager, the first call for proposals attracted more than 150 applications from 30 countries. “Digital rights advocacy, digital safety and security skills building, innovating for social enterprises’ efficiency, litigating for digital rights, and empowerment for marginalised communities, were among the prevalent lines of work proposed. There were few proposals in the area of research, and much fewer on engagement in legislative processes, despite the ongoing enactment of often retrogressive laws and regulations governing digital rights,” she said. 
The applicants were assessed by a panel of experts based on the following attributes:

  • The applicant’s experience in advancing digital rights/track record on similar work;
  • Demonstrated need for the project including relevance to described context and  priorities of the Fund;
  • Eligibility in terms of geographic coverage, proposed activities, duration, and evidence of the applicant’s formal registration or operations;
  • Demonstration of innovation with regards to approach, feasibility of deliverables and timelines, and potential impact of the intervention;
  • Budget feasibility; and
  • Diversity considerations.

The review panel consisted of three internal CIPESA programme staff and four external experts with extensive experience in the digital rights field. The external reviewers were Neil Blazevic -Technology Manager at DefendDefenders (formerly East and Horn of Africa Human Rights Defenders Project), Sadibou Sow – West and Central Africa Regional Technology Advisor of Amnesty International, Dr. Edgar Napoleon  Asiimwe – Research Manager at the Swedish Programme for ICT in Developing Regions (Spider), and Koliwe Majama – Organiser of the Africa School of Internet Governance at the Association for Progressive Communications (APC).
The winners of the ADRF’s first call are:
1. Access for All – South Sudan
Access for All will  build the advocacy and digital security capacity of South Sudanese women refugees and human rights defenders. These engagements, which will be conducted in Arabic and English, will explore current human rights defenders’ security/ protection concerns in South Sudan, and the mechanisms to address them.  
2. African Human Rights Network (AHRN) Foundation – Tanzania
The project will strengthen the capacity of human rights defenders (HRDs) and their organisations on digital security and provide them with essential tools. A total of 60 Tanzania HRDs will be provided with training and exchange opportunities to reduce digital security risks. The project complements the activities of Shelter City Dar es Salaam which is a regional temporary relocation program for HRDs in the Great Lakes region.
3. Burundi Youths Training Centre – Burundi
The project will build the capacity of human rights defenders and media organisations in digital rights advocacy. The engaged organisations will be mentored to develop and implement strategic advocacy campaigns for digital rights, including the right to privacy and personal data protection in Burundi.
4. Centre for Human Rights, University of Pretoria – South Africa
The centre will document and analyse threats and mounting pushbacks against civil society in the digital age in Egypt, Sierra Leone, Uganda, and Zambia. Leveraging its network of former graduates and local partner tertiary institutions, the centre will map the legal and digital threats to civil society in the focus countries in order for stakeholders to have full evidence-based knowledge of these threats and how to navigate them. The bilingual (French and English) research outputs will feed into the centre’s Master’s programme curriculum module on civil society studies in Africa and short courses on human rights and good governance.
5. Freedom of Expression Hub (FoE Hub) – Uganda
In collaboration with the Uganda Law Society, the Freedom of Expression Hub will conduct digital literacy and litigation surgeries for lawyers and journalists in northern Uganda’s West Nile sub-region on emerging digital rights issues affecting freedom of expression, access to information and media rights. The surgeries aim to promote collaboration and rapid response to digital rights violations especially through courts of law. Furthermore, the Hub will work on creating a database of advocates who can adequately respond to digital rights cases in the sub-region.
6. Global Voices – Sub-Saharan Africa, Middle East and North Africa 
As part of its wider Advox programme, Global Voices will document experiences of  online mis/disinformation and the impact of internet shutdowns on citizens’ rights to freedom of expression and access to information during elections and protests in seven countries – Algeria, Ethiopia, Mozambique, Nigeria, Tunisia, Uganda and Zimbabwe. Through translation and targeted outreach, the project will contribute African perspectives to the global debate on mis/disinformation and shutdowns, and train local writers to improve their digital rights reporting skills.
7. Internet Society (ISOC) Namibia Chapter – Namibia
In the run up to the November 2019 elections, ISOC Namibia will work to build the capacity of journalists and editors to fact-check misinformation. It will also work with women parliamentarians, political activists and various other actors in a campaign to tackle politically motivated-gender based violence online.
8. Jonction – Senegal 
Jonction will  implement advocacy and awareness creation campaigns among state, private sector and civil society actors in Senegal to foster an enabling environment for freedom of expression, privacy and data protection online.
9. Kuza STEAM Generation (KsGEN) and Centre for Youth Empowerment and Leadership (CYEL) – Tanzania
The grant will be used to organise “Schools” on Internet Governance (IG) and digital rights through which various stakeholders will be trained and mentored to lead IG-related discussions at national and regional level. One of the schools will specifically target girls and women in Arusha so as to increase Tanzanian women’s participation in internet governance
10. YMCA Computer Training Centre and Digital Studio – The Gambia
Building on its youth-empowerment initiatives, YMCA Gambia will undertake a sensitisation drive on cyber-bullying and online safety among youths as a means of combating harassment and online abuse of women and girls.