THE Law Association of Zambia (LAZ) has called for the complete withdrawal of the Cyber Security and Cyber Crimes Bill No. 2 of 2021, arguing that most of the provisions fall short of important constitutional requirements.
And Chapter One Foundation has insisted that the Bill has been rushed despite its broad implications which are detrimental to society.
Speaking when she made a submission to the joint Committee on Media Information & Communication Technology and Committee on National Security and Foreign Affairs on behalf of LAZ, Margaret Mudenda said most of the provisions of the Bill were also in conflict with other Acts of Parliament.
“It is our view…that most of the provisions in this Bill fall short of important constitutional requirements as well as being in conflict with other Acts of Parliament. We, therefore, submit that the Bill be withdrawn for a thorough and critical review given its importance and requirement in our society,” Mudenda said.
In her submissions, Mudenda noted that definitions such as that of “critical information” were not well defined as the power and definition lies with the Minister.
“Our initial comments on the Bill is that the Bill gives excessive powers to the Executive. What is severely lacking in the Bill are provisions that appropriately curtail the powers that are set out. With regards to definitions, we note that the definition of critical information infrastructure is not well defined. In order to align with international best practice, the Global Action on Cybercrime extended recommends that critical information should be defined in relation to the effect that damage, destruction or incapacitation would have on a country. In our Bill, this power and definition lies with the Minister who has unfettered power to define critical information and infrastructure where he so chooses. We believe that the unfettered power to clearly define the critical information infrastructure in relation to factors such as damage to human welfare, the environment and the economy and national security among others should be relooked,” she said.
She added that the Bill equally gave wide powers to inspectors to arbitrarily access private premises without any justifiable cause, hence the need to revise the powers as they should only be exercised with a warrant or a court order.
“Section nine gives wide powers to cyber inspectors to enter upon premises and the section provides that a cyber inspector may monitor and inspect a computer system or activity on an information system in the public domain for any unlawful activity, and in subsection A it reads that the cyber security officer may enter and inspect the premises of a cyber security service provider if there are reasonable grounds for believing that the licencee has personal possession of any document or article that has a bearing on the inspection. It is to be noted that the definition of premises, includes a computer and data messages, meaning that the inspectors not only have the power to enter upon physical premises, but have uninhibited access to the virtual realm. Section nine gives cyber inspectors the power to arbitrarily access private data without any justifiable cause and without any visible feter on such power. This is in contrast with part four, which makes an effort to provide for independent oversight of the power to intercept. We are of the firm view, as LAZ, that the powers given to cyber inspectors are overboard and need to be revised as such powers ought only to be exercised with a warrant or court order,” she said.
“We recommend that all interception of communication be accompanied by a warrant signed by a judge to ensure that arbitrary interceptions are prevented.”
She argued that section 49 of the Bill criminalised unauthorised access to data, which left journalists and whistle-blowers open to prosecution.
“Section 49 criminalised unauthorised access to data. We are of the view that the exception in subsection 6 relating inter alia to whistleblowing ought to apply in subsection one as well as because authorisation is intractably bound by unauthorised access. Therefore, leaving out the exception under subsection one opens the possibility of prosecution of whistle-blowers and journalists who access information and their agents. This proposed amendment is particularly important given the exceedingly high penalty under subsection 3 where the information relates to critical information infrastructure, which is usually the interest of whistle-blower and journalistic pursuits,” said Mudenda.
She further said that LAZ recommended that the penalty threshold of 2.5 million penalty units as a fine and 25-year imprisonment for the offense be reduced as it was disproportionately high in comparison with the other offenses.
Mudenda further submitted that Section 72, which declares all offenses under the Act to be cognisable offenses lacks logical jurisdiction as some offenses under the Act are not cognisable in nature such as unsolicited electronic messages, identity-related crimes cannot be placed in the same category as cyber terrorism and child pornography.
And during a question and answer session after making a presentation, Chapter One Foundation executive director Linda Kasonde said; “…Did we think we needed more time for the Bill? We certainly do! We think that this Bill has been rushed through when the implications of the Bill are so broad and so potentially detrimental to our society. So, we think there is need for broader consultation on this issue, more time needs to be spent fine-tuning the provisions so that it correctly captures what the intended objectives of the Bill are supposed to be,” Kasonde replied.
And in response to Namwala UPND member of parliament Moono Lubezhi, who asked whether COF was comfortable with the Bill being passed in its current form, Kasonde cautioned that it was not safe for the Bill to pass as it had dangerous provisions, which remained detrimental to the rights to freedom of expression and the right to privacy.
“As you can tell from our recommendations that we have given on the Bill, we do not think that it is safe for the Bill to be enacted in its current form. It has extremely dangerous provisions, which have a detrimental effect on the right to freedom of expression and the right to privacy in Zambia. I have made the comparison on other platforms between how the Public Order Act has been used to curtail activities in the physical space in terms of protests and I believe that this Bill will do the same in the digital space. I am going to particularly provide a chilling effect to ordinary citizens who should express their views freely over the Internet. We have highlighted the stiff penalties, there is one fine of up to K150,000 for merely failing to provide information, which you may or may not have. These are very serious penalties, which include imprisonment so we do not believe that it is safe to pass it in its current form,” replied Kasonde.
“We believe that the definitions of a lot of the provisions are too loose so they are open to abuse, we believe that there are many provisions that have yet to be defined, which, again, would be open to arbitrary enforcement and we believe that it would lead to a situation where ordinary citizens would be under surveillance by the State. We do recognise that it also attempts to deal with cybercrime…But again, because the definitions of so many of the terms are either not there, non-existent, or too broad, they can be subject to abuse. So, really, the Bill needs much more tightening and we have made reference to Zambia being signatories to both the Malabo Convention and the Budapest Convention on Cyber Security and Cybercrimes, which provide international standards as to how the protection of rights to freedom of expression and privacy can be maintained. And we would like to recommend that those guidelines be followed.”
Meanwhile, a consortium of civil society organisations expressed concern over the rush and secrecy in formulating the Bill describing it as worrisome and a sabotage to the tenets of democracy
“We, undersigned Civil Society Organizations (CSOs) hereby express our concerns with the manner in which government has drafted, rushed and now wants to enact the Cyber Security and Cyber Crimes Bill of 2021 into law against the backdrop of limited or no consultations with the public and key stakeholders…We wish to retaliate that from the outset of the formulation of this law there has been little to no engagement and/or consultation of NGOs, CSOs and other stakeholders in the processes. The rush and the secrecy is not only suspicious, worrisome and a sabotage to the democratic tenancy of inclusivity and consensus building,” they said at a press briefing, Monday.
“This proposed law is and will be a new Public Order Act in the cyber space after the state has realised that the current public order Act has been rendered redundant with the increasingly use of the cyber space by citizens to assemble, associate, movement and expression.”
The CSOs include: ActionAid Zambia, Alliance for Community Action, Chapter One Foundation, Council of Christian Churches in Zambia, GEARS Zambia, Transparency International Zambia and the Zambia Council for Social Development.