Identity Theft and Proposed Remedial Efforts: Case of Uganda

By:Ambrose Ruyooka, PMP®

Ag. Commissioner for Information Technology,Ministry of Information and Communications Technology (ICT), Uganda.

ambrose.ruyooka@ict.go.ug

26th -27th August.2010 Uganda11

UNAFRI Launch of the African Centre for Cyber law and Crime Prevention (ACCP)

Presented at

BackgroundBackground• The way of carrying out business in the world The way of carrying out business in the world

today is changing at a very high speed with today is changing at a very high speed with new technologies taking a center stage.new technologies taking a center stage.

• Government of Uganda recognizes the role of Government of Uganda recognizes the role of ICT in fostering social economic development.ICT in fostering social economic development.

• ICT to be utilized to transform Govt of ICT to be utilized to transform Govt of Uganda(GoU) into the era of electronic Uganda(GoU) into the era of electronic Government (e-Government) to simplify Government (e-Government) to simplify procedures, bring transparency, accountability procedures, bring transparency, accountability & access to timely information.& access to timely information.

22

Digital IdentityDigital Identity

Identity refers to specifications of Identity refers to specifications of persons/entitiespersons/entities

The rights of individuals and entities to The rights of individuals and entities to control access to, and use of information control access to, and use of information about themselves which is created, about themselves which is created, presented and stored in a digital format.presented and stored in a digital format.

33

Digital IdentityDigital Identity

Forms:Forms: Email accounts IDs and PasswordsEmail accounts IDs and Passwords Online banking user IDOnline banking user ID Mobile Money PINMobile Money PIN ATM PINATM PIN

(user ID, email, login, username)(user ID, email, login, username) Social Security NumberSocial Security Number

44

Identity TheftIdentity Theft deliberate appropriation of someone deliberate appropriation of someone

else's identity (without that person's else's identity (without that person's permission) for criminal purposespermission) for criminal purposes

someone pretends to be someone elsesomeone pretends to be someone else assumes that person's identity,assumes that person's identity,

typically in order to access resources typically in order to access resources or obtain credit and other benefits in or obtain credit and other benefits in that person‘sthat person‘s

55

Identity theft: Proposed remedial Identity theft: Proposed remedial responsesresponses

66

Identity theft: Remedial effortsIdentity theft: Remedial efforts

Gov’t of Uganda has a systematic Gov’t of Uganda has a systematic agenda for developing a policy, agenda for developing a policy, legal and regulatory frameworklegal and regulatory framework

A number of initiatives being taken A number of initiatives being taken in a multipronged approachin a multipronged approach

77

Policy frameworkPolicy framework

Draft National IT PolicyDraft National IT Policy Identifies enhancing Information Security as Identifies enhancing Information Security as

one of the key Policy objectivesone of the key Policy objectives National e-Government implementation National e-Government implementation

frameworkframework Information security as a pillar to delivery of Information security as a pillar to delivery of

e-servicese-services National Information Security Strategy National Information Security Strategy

being developedbeing developed

88

Legal frameworkLegal framework

GoU is in the process of enacting GoU is in the process of enacting “Cyber laws” based on the following “Cyber laws” based on the following benchmarks; benchmarks; UNICTRAL model law on e-commerce (1996) UNICTRAL model law on e-commerce (1996) UNICTRAL model law on e-signature (2001)UNICTRAL model law on e-signature (2001) United Nations convention on the use of electronic United Nations convention on the use of electronic

communication in international contracts (2005)communication in international contracts (2005) The council of Europe's convention on cyber crimes ( The council of Europe's convention on cyber crimes (

2001)2001) EAC harmonized framework for Cyber Laws (2009)EAC harmonized framework for Cyber Laws (2009)

99

Legal frameworkLegal framework

The “Cyber Bills” currently before The “Cyber Bills” currently before Parliament include:Parliament include: Electronic Transactions BillElectronic Transactions Bill Electronic Signatures BillElectronic Signatures Bill Computer Misuse BillComputer Misuse Bill

The Computer Misuse Bill has been passed by The Computer Misuse Bill has been passed by Parliament and awaits assent by H.E The Parliament and awaits assent by H.E The PresidentPresident

1010

Legal frameworkLegal framework

Electronic Transactions BillElectronic Transactions Bill The object of the Bill is The object of the Bill is

to make provision for the use, security, facilitation to make provision for the use, security, facilitation and regulation of electronic communications and and regulation of electronic communications and transactions; transactions;

to encourage the use of e-Government service to encourage the use of e-Government service and to provide for related matters.and to provide for related matters.

1111

Legal frameworkLegal framework

Electronic Signatures BillElectronic Signatures Bill The object of the Bill :The object of the Bill :

make provision for and regulate the use of make provision for and regulate the use of electronic signatures,electronic signatures,

criminalization or unauthorized access and criminalization or unauthorized access and modification of electronic signatures,modification of electronic signatures,

determination of minimum requirements for determination of minimum requirements for functional equivalence of electronic signatures,functional equivalence of electronic signatures,

provision for admissibility and evidential weight provision for admissibility and evidential weight of electronic communications.of electronic communications.

1212

Legal frameworkLegal framework

Computer Misuse BillComputer Misuse Bill The object of the Bill isThe object of the Bill is

to make provision for the safety and security of to make provision for the safety and security of electronic transactions and information systems;electronic transactions and information systems;

to prevent unlawful access, abuse or misuse of to prevent unlawful access, abuse or misuse of information systems, including computers, andinformation systems, including computers, and

to make provision for securing the conduct of to make provision for securing the conduct of electronic transactions in a trustworthy electronic electronic transactions in a trustworthy electronic environment and to provide for other related environment and to provide for other related matters.matters.

1313

Institutional FrameworkInstitutional Framework Ministry of ICT

Coordinate all efforts for policy development Chair the Multi-stakeholder National ICT

Security Working Group Uganda Communications Commission

Regulates the Communications environment and ensures compliance

National IT Authority Uganda Sets security standards and guidelines for IT

deployment and utilization and for both Public and Private entities

Host to the proposed Computer Incident Response Team (CIRT)

1414

Identity Theft: Conclusion Identity Theft: Conclusion

1515

Awareness, Awareness, and Awareness