Key highlights of the Cybersecurity Bill

0
102
Key highlights of the Cybersecurity Bill

By Joel Mandaza

Zimbabweans have been waiting with baited breath on the impending law which is set to govern the manner in which the internet is used.

The Cybersecurity and Data Protection Bill (Cyber Bill), has been dreaded by proponents of free speech. There is a belief that it can become a tool of repression against those who offer alternatives to the administration’s view.

Authorities have shown propensity and appetite to police opinions. And the manner in which the law has been applied on matters relating to digital activity has been interpreted as red flags.

Perhaps there is a need to re-look into the key provisions of the Bill and its effect once effected into law.

Establishment of a Data Protection Authority

Key highlights of the Cybersecurity Bill
Key highlights of the Cybersecurity Bill

Under this provision, POTRAZ is going to be the Data Protection Authority.

Put simply, it means in addition to the work they are already doing which includes, regulating the telecommunications sector, radiofrequency allocations as well as the expansion of telecommunications and postal services.

If the law is passed it means POTRAZ will have to add running a centralized data centre to their responsibilities.

POTRAZ will be advising the government on policy matters. It will also have a computer response team meant to observe activity online and the development of a whistle-blowing platform.

While in theory, this appears like a simple decision of allowing a key player to expand their functionality, POTRAZ, as it stands already, has too much power controlling network operators.

Extending their influence to user activity would make them the judge, jury and the executioner.

Reporting only to the Minister of Information Communication Technology, Postal and Courier Services this complicates the systems of accountability, as they will have power to arbitrarily control anything relating to the internet.

The Media Institute of Southern Africa criticised the provision found in Section 5 and 7 of the Bill as problematic.

In their comment, MISA said;

“Recommendation: the setting up of Cybersecurity Centre and public designation of an institution is commendable.

The recommendation will be a separate institution to be set up for the Cybersecurity Centre.

However, if the Bill retains POTRAZ in this role then POTRAZ must now report and be accountable to Parliament. Its mandate and enforcement of human rights require independent oversight and not the executive.”

Criminalisation of falsehoods

Key highlights of the Cybersecurity Bill
Key highlights of the Cybersecurity Bill

The Cyber Bill has a provision with the potential to reverse the freedom of expression gains brought by 2013.

Section 31 (a) (iii) of the Criminal Law Codification Reform Act made the communication of false news a crime punishable with a high fine and a prison sentence of up to 25 years.

However, in 2014, in Constantine Chimakure Vs Attorney General at the Constitutional Court, it was found that the law was ultra vires with the old Zimbabwean constitution.

It was on this ruling, that the interpretation was made that no one was to be arrested on allegations of spreading falsehoods.

This is why Hopewell Chin’ono after his recent arrest, argued that he wanted to challenge the charge, as it was found unjustifiable in the highest court of the land.

However, the new Cyber Bill makes an attempt to smuggle the legal provision back to law.

Section 164C of the Bill criminalises the use of a computer or information system to avail, broadcast, distribute data knowing it to be false and intending to cause psychological or economic harm to someone, and also seems to be targeted against the spread of false information on social media.

Critics have seen this as an attempt to evoke the threat of arrest in the discourse, which will in turn diminish the robust element of discourse on the internet.

With elections being on the horizon, there has been a concern on the effect the law will have on campaigning.

Revenge Porn

The Bill is not bad in its entirety, it carries some good elements which have the potential to inspire landmark changes.

It is coming in to address the issue of revenge porn, which is defined as the sharing of explicit or sexual images or videos, without the consent of the person in the image.

In Zimbabwe, women have been most affected by this practice with some prominent figures like Pokello Nare and Tinopona Katsande being victims of this act.

For long, it has been an area which the law has not lucidly addressed as existent statutes were not clamping down on the act with specificity.

Section 164E of the Bill seeks to criminalize the transmission of intimate images without consent.

This may have an effect of making the internet a safe space for women, something existing laws have failed to guarantee.

Hacking

Key highlights of the Cybersecurity Bill
Key highlights of the Cybersecurity Bill

The Bill is set to give legal spine to the clampdown against hackers.

In the past, the Criminal Law (Codification and Reform) Act Section 133-136 spoke vaguely on systems, computer data, data storage mediums, data codes and devices.

The provisions were a starting point but they did not address hacking specifically.

With the increase in digital crimes, precipitated by hacking and intrusion of privacy, there has been a need for laws that are more nuanced and the Cyber Bill is coming to address that question.

Sections 163 to 163F contain definitions and set out computer-related crimes such as hacking, the use of viruses and malware to unlawfully interrupt with computer data and the proper functioning of computer systems.

The law unless changed drastically will also decriminalize ethical or white-hat hacking.

Ethical hacking, also known as penetration testing or pen testing, is legally breaking into computers and devices to test an organization’s defences. It’s among the most exciting IT jobs any person can be involved in. You are literally getting paid to keep up with the latest technology and get to break into computers without the threat of being arrested.

There are questions some are asking, on whether or not the element of ethical hacking will only be used to strengthen systems or absolve those who would have been caught snooping on citizens data?

The jury is still out on the strength of the law and the effect of its utility.

It remains to be seen how it will be effected by the powers that be. However, it is important for citizens to understand how their internet activity stands to be affected.

Key highlights of the Cybersecurity Bill