COMPUTER SOCIETY OF ZIMBABWE SUMMER SCHOOL 2018: VIC FALLS 07-10 - PowerPoint PPT Presentation

COMPUTER SOCIETY OF ZIMBABWE SUMMER SCHOOL 2018: VIC FALLS 07-10 November 2018 “EVERYTHING ICT – THE DIGITAL AGE & CYBER SECURITY” RUFARO E. MHANDU SENIOR ASSOCIATE CRIMINAL LAW & CYBERLAW SPECIALIST MUVINGI AND MUGADZA LEGAL PRACTITIONERS www.mmmlawfirm.co.zw rmhandu@mmmlawfirm.co.zw 0717717567/ 0771417458

Worldwide, the ever-increasing surge of technology has brought with it a myriad of legal problems - D.P. van der Merwe at al, Information and Communications Technology Law, 2 nd Edition, 2016, Lexis Nexis: South Africa

An Analytical Approach To Cybersecurity And Cybercrime From A Legislative Perspective In The New Digital Age In Zimbabwe • Statistics gathered by the Ministry of Information Communication Technology and Cybersecurity when they drafted the Zimbabwe National Policy on Information and Communication Technology shows that the number of ICT users is escalating as technology continues to evolve. • According to the Ministry, as at 31 December 2015, mobile users had risen to 95.4% and internet use had risen to 45%. From a cybersecurity perspective, the need for legislative intervention regulating internet activities is a matter of urgency. • The legal landscape itself has been evolving greatly with a surge of cybercrimes being reported to the police daily. A look at the nature of offences being reported is a cry in itself for legislative intervention. • The legislature needs to engage the computer science experts in order to craft technologically sound legislation and governance. The role to be played by the computer science community should not be undermined.

An Analytical Approach To Cybersecurity And Cybercrime From A Legislative Perspective In The New Digital Age In Zimbabwe • This must occur as a team work. The legislative office of the Attorney General’s Office needs to engage the computer science experts. • The development of the Cybercrime and Cybersecurity Bill shows very little engagement between the stakeholders: litigants, computer science experts and the investigator. Without the experts’ input, the legislation cannot be amplified to the optimum. • Current legislation is inadequate towards governance of cyberspace activities. Proposed legislation needs serious revision. • Whilst imploring a legislative perspective to cybersecurity and cybercrime, it will be an injustice to our legal system if we overlook the importance of cyberforensics in this equation. • Again, the role of computer science experts cannot be overemphasized nor overlooked. In order to develop an effective procedural legislation to govern gathering of evidence using cyberforensics and cyber forensic related aspects, the Zimbabwe Republic Police burdened with the investigative mandate must continue to undergo rigorous cyberforensic training.

Report on the world’s legislative landscape in 2000 by McConnell International LLC:

Report on Africa’s legislative landscape by OAfrica on the 3 rd of October 2012: Botswana: • Cybercrime and Computer Related Crimes Bill 2007 • Financial Intelligence 2008 • e-Legislation Committee formed in 2010 • Chapter 08:06 cybercrime and computer related crimes act Ghana: • Electronic Transaction Act (2008) • Criminal Code Act 29/60 Section 131 for Cybercrime Prosecution • MoC is drafting a national Cyber Security Strategy • e-Crime Project Kenya: • Kenya Information and Communication Act • Kenya Communications Regulations, 2001 (Broadcasting, 2009) • No national cyber security policy in place yet Morocco: • Morocco Numeric 2013 contains a variety of acts addressing information and cyber security Mozambique: • National Cybersecurity Management System is in the process of being implemented • Electronic Transactions Act

Report on Africa’s legislative landscape by OAfrica on the 3 rd of October 2012: Namibia: • Computer Misuse and Cybercrime Act 2003 • Electronic Transactions and Communications Bill Nigeria: • Harmonized Cybersecurity Bill 2011 (ready for National Assembly) • Nigerian Cyber-Crime Working Group Initiative Sudan: • Cyber Crime Law of 2007 • Electronic transactions law (2007) • Informatics Crimes Law 2007 • CERT Sudan Tunisia: • National Plan and Strategy in IT (2003) • Law on protection of Privacy and Personal Information (2004) • Law on Electronic signature and e-commerce (2000) • Law Against Cyber-Crimes • Law related to IT Security (2004) Zimbabwe: • No law on cyber crime

Report on the world’s legislative landscape by David Banisar in January 2018:

LEGISLATION CONVENTION • Legislation is the law or body of rules • A convention is an agreement in that has been enacted by the legislature international law that is made between or any governing body that has the countries to address particular legal mandate to make the law in a country. issues of concern. • Legislation also refers to a law that is yet • Member states agree to a convention by to be enacted by the legislature or way of being signatories – signing the governing body, known as a “bill”. convention, ratifying or acceding to the convention (i.e. ratification or accession of a convention). • Legislation can be drafted in such a • The convention can set out how it is manner so as to adopt principles deemed to come into force; subject to contained in a convention. the provisions of various statutes of the member states’ domestic laws. • Member states can domesticate the convention (done by legislation) • Non-member states can adopt principles contained in the convention during legislative processes.

An Analytical Approach To Cybersecurity And Cybercrime From A Legislative Perspective In The New Digital Age In Zimbabwe World and Regional legislative perspective: • Budapest Convention – Convention on Cybercrime 2001 - Adopted at Budapest on the 23 rd of November 2001 by the Council of Europe • Malabo Convention - African Union Convention on Cybersecurity and Personal Data 2012 - Adopted at the 23 rd Ordinary Session of the Assembly held at Malabo in Equatorial Guinea on the 27 th of June 2014

An Analytical Approach To Cybersecurity And Cybercrime From A Legislative Perspective In The New Digital Age In Zimbabwe • BUDAPEST CONVENTION - Convention on cybercrime. - This convention can be acceded by any country. - This convention works as a guideline to countries in their law-making processes, regardless of them being member states or non-member states - An analysis of the laws in Zimbabwe, from the reading of the Cybersecurity and Cybercrime Bill, 2017; the legislature seemingly adopted the Budapest Convention.

An Analytical Approach To Cybersecurity And Cybercrime From A Legislative Perspective In The New Digital Age In Zimbabwe BUDAPEST CONVENTION – PREAMBLE: • Convinced of the need to pursue, as a matter of priority, a common criminal policy aimed at the protection of society against cybercrime, inter alia, by adopting appropriate legislation and fostering international co-operation; • Conscious of the profound changes brought about by the digitalisation, convergence and continuing globalisation of computer networks; • Concerned by the risk that computer networks and electronic information may also be used for committing criminal offences and that evidence relating to such offences may be stored and transferred by these networks;

An Analytical Approach To Cybersecurity And Cybercrime From A Legislative Perspective In The New Digital Age In Zimbabwe

An Analytical Approach To Cybersecurity And Cybercrime From A Legislative Perspective In The New Digital Age In Zimbabwe Comparison between the provisions of the Budapest Convention and the Cybercrime and Cybersecurity Bill, 2017 of Zimbabwe Budapest convention Cybercrime and Cybersecurity Bill, 2017 Article Description Section Description Art. 1 Definitions s3 Interpretation section Art. 2 Illegal access s6; s8 Unlawful access; unlawful acquisition of data. Art. 3 Illegal interception s7 Unlawful interception of data. Art. 4 Data interference s9 Unlawful interference with data or data storage system Art. 5 System interference s10; Unlawful interference with s11 computer system; unlawful disclosure of data code

An Analytical Approach To Cybersecurity And Cybercrime From A Legislative Perspective In The New Digital Age In Zimbabwe Comparison between the provisions of the Budapest Convention and the Cybercrime and Cybersecurity Bill, 2017 of Zimbabwe Budapest Convention Cybercrime and Cybersecurity Bill, 2017 Article Description Section Description Art. 6 Misuse of devices s12 Unlawful use of data or devices Art. 7 Computer-related forgery s23 Cyber-forgery and transmission thereof Art. 8 Computer-related fraud s21; s24 Cyber-fraud; Computer-related financial offences Art. 9 Child pornography s30; s31 Child pornography; Exposing children to pornography Art. 10 IPR offences s25 Violation of intellectual PRs Art. 12 Corporate liability s37 Obligations of service providers