Last month, media channels in Uganda reported on how Kampala Central Member of Parliament, Hon. Muhammed Nsereko was granted leave by Parliament of Uganda to introduce a private members bill on a new cybercrime law in Uganda. It’s reported that the legislature seeks to amend Sections of the Computer Misuse Act of 2011 in order to regulate social media posts and other unauthorized sharing of data and information e.g., of underage persons. The bill according to the motion seeking leave as per rules 56, 121 and 122 of the rules and procedures of parliament proposes hefty fines, lengthy jail terms, loss of office for convicted offenders and a ban from holding public office.
Respect for human rights and freedom of expression is a central and fundamental pillar of a democratic and pluralistic society. Cybercrime legislations must respect human rights and should not infringe on freedom of expression. While there is no single universally used definition of cybercrime, it’s important to divide cybercrime into two categories to make sense of what particular crime is committed using Information and Communications Technologies (ICTs) or can be facilitated or abetted by the same. For instance, there is the cyber-dependent crime. These are crimes that can be committed through the use of computers and other information and communication technologies. For example, unauthorized data access and interference (hacking). Then there is the cyber-enabled crime and these relates to crimes which are committed without computers or ICTs but can also be committed and potentially increase in scale or reach with them e.g., fraud. This distinction is important.
The new proposed amendment of the Computer Misuse Act 2011 as per Nserekeo’s motion will introduce new substantive element outlining new criminal offences prohibited under the amended Act. While procedural elements that provides mechanisms and powers established by the legislation to facilitate investigation and prosecution of those offences may be instituted, the challenge arises from adherence and always the lack of respect by law enforcement to abide by such procedures. This has often undermined human rights and infringed on free expression in Uganda.
It’s important that the framers of this proposed legislations follow the country’s commitment as required by International Human Rights Law. The International Covenant on Civil and Political Rights (ICCPR) and the Council of Europe’s Convention on Cybercrime (the Budapest Convention) of 2004 is a clear example of multilateral treaties that Uganda’s cybercrime law should conform to. The legislation must be drafted, implemented and enforced in ways that are consistent with state’s obligations and respect for human rights.
Indeed, the Budapest Convention according to Article 15, requires state parties to “ensure that the establishment and application of the powers and procedures provided for in this Section are subject to conditions and safeguards provided for under its domestic law, which shall, provide for adequate protection of human rights and liberties…”
Unfortunately, many countries are yet to ratify this important treaty. But what is even upsetting is that African states do not actively engage in these processes at the United Nations (UN) level, neither do regional groups such as the African Union Commission. This limits awareness on these treaties and the required need to ratify and domesticate them. Currently, the United Nations Adhoc Committee on Cybercrime has been created and largely tasked with the responsibility to draft a new cybercrime convention by 2023. In particular, the Committee is tasked to elaborate on a comprehensive international cybercrime convention on countering the use of information and communications technologies for criminal purposes. On March 2nd the Centre for Multilateral Affairs made a passionate call to the Chair Adhoc Committee on Cybercrime H.E Faouzia Boumaiza, Amb. and Permanent Representative of Algeria to the United Nations – to ensure involvement of African groups and sustained multi-stakeholder consultations in the entire process; which she welcomed. This was during a hybrid event hosted by Catham House and EU Cyber Direct. However, there is need to see a more deliberate action by African groups and African member states in these processes so that the benefits accruing from their engagements and understanding of these processes at the global level (UN and UN processes) translates into better domestic legislations that conforms to these international conventions
Uganda’s cybercrime legislation sets a worrying precedent for freedom of expression online and particularly on social media. For instance, threats to free expression can be covered under broad and vague definitions of terms such as ‘indecent, obscene, lewd and lascivious’’ etc. March 10, 2022 saw Ugandan Parliament voting to remove an opposition Parliamentary Commissioner from his docket for alleged disparaging remarks to the Deputy Speaker of Parliament via social media. If this can happen to a Ugandan legislature, what about the common person? The implications are dire and threatening to free speech.
The Country’s Computer Misuse Act of 2011 is already problematic in its vague use of terms. For example, the Act which is being amended already provides for very broad definitions of cyber harassment. Section 24 (2) of the Act 2011 prohibits ‘cyber harassment’ and provides that “For purposes of this Section, cyber harassment is the use of a computer for any of the following purposes a) making any request, suggestion or proposal which is obscene, lewd, lascivious or indecent and b) threatening to inflict injury or physical harm to the person or property of any person or c) knowingly permits any electronic communications device to be used for any of the purposes mentioned in this Section. Section 24 (a) poses clear threat to free expression as it broadly prohibits any requests, suggestions or proposals which are “obscene, lewd, lascivious or indecent”.
Therefore, Uganda’s proposed cybercrime bill should be drafted, implemented and enforced in ways that uphold and protects human rights. It should conform to international human rights law and procedural provisions granting law enforcement powers, should only be used in relation to specific cybercrimes and more importantly, there should be a clearly articulated thresholds that must be met before a judge is able for instance, to authorize access or interception. African member states to the United Nations, regional groupings such as the African Union should deliberately and actively engage in these multilateral processes, develop positions and ensure consultations of all stakeholder groups but more importantly raise awareness on these international conventions amongst governmental actors and ensure, it’s ratified and domesticated at state level. This will ensure human rights are upheld and protected in cybercrime legislations at state level.
Moses Owiny, is the Chief Executive Officer, Centre for Multilateral Affairs
Sources:
Assessing Cybercrime Law from a Human Rights Perspective – Global Partners Digital
Computer Misuse Act 2011
