InternationalTelecommunicationUnion

HIPSSA ProjectHIPSSA Project

Support for Harmonization of the ICT Policies Support for Harmonization of the ICT Policies in Sub-Sahara Africa, in Sub-Sahara Africa,

22ndnd Workshop on Tanzania National Transposition of SADC Workshop on Tanzania National Transposition of SADC Cybersecurity Model Laws, Dar-es-Salaam 4Cybersecurity Model Laws, Dar-es-Salaam 4 - - 8 8thth March2013 March2013

Overview of Draft Tanzania Computer Crime and Cybercrime Bill Overview of Draft Tanzania Computer Crime and Cybercrime Bill

Presenter: Judith M.C.Tembo HIPSSA International Expert on cybercrime

Draft Computer Crime and Cybercrime Bill Tanzania

Draft Computer Crime and Cybercrime Bill TanzaniaA. Objectives Act provides a legal framework for the criminalisation of computer and

network related offences. Principal aims are to criminalize certain illegal content in line with

regional and international best practices, provide the necessary specific procedural instruments for the investigation of such offences and define the liability of service providers.

B. Provisions Draft Bill divided into nine parts – All provisions of Model law on

cybercerime transposed and expanded as appropriate to suit Tanzania situation.

Terms used and provisions other than those peculiar to Tanzania law, are further explained in explanatory notes in respect of them.

Proposed Bill, drafted using technology neutral language.

2

Draft Computer Crime and Cybercrime Bill Tanzania

Bill avoids over‐legislating and facilitates both technological advancements and new and innovative developments in cybercrime.

Part 1 - provides definitions and sets the objective of the Act, scope/application and the date when the Act will come into force;

defines terms such as “computer system”, “access provider” and “hinder” etc., using sufficiently broad wording and where possible illustrative examples.

Eg “Computer system” or “information system” - a device or a group of inter-connected or related devices, one or more of which, pursuant to a program, performs automatic processing of data or any other function;

Sec. 3 (1) - term “access provider” can be both a legal person as well as a natural person. In light of this, even the operator of a private network can therefore be considered an access provider.

3

Draft Computer Crime and Cybercrime Bill Tanzania

Part I Cont’d

“Hinder” - (includes cutting the electricity supply to a computer system; and causing electromagnetic interference to a computer system; and corrupting a computer system by any means; andinputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data;

“Critical infrastructure” - computer systems, devices, networks, computer programs, computer data, so vital to the country that the incapacity or destruction of or interference with such systems and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters

4

Draft Computer Crime and Cybercrime Bill Tanzania

Part I Cont’d -As far as possible, technical terms been defined to provide

certainty as to which terminology’s been left to judicial construction

Part II - provides Substantive criminal law provisions (offences)

-purpose of Sections 5‐26 of the Act is to improve means to prevent and address computer– and network‐related crime by defining a common minimum standard of relevant offences based on best practice prevailing within the region as well as international standards. (eg CoECC, C/wealth Model Law)

- Ss.5‐26 therefore provides minimum standards and therefore allows for more extensive criminalisation should the country so desire.

5

Draft Computer Crime and Cybercrime Bill Tanzania

Part II Cont’d

all offences established in this Act, require that offender is carrying out the offences intentionally. Reckless acts are therefore not covered.

“person who intentionally, without lawful excuse or justification or in excess of a lawful excuse or justification...”

- eg Section 5 requires that the offender is carrying out the offences intentionally. Reckless acts are not covered. (c/f Penal Code Cap 16, S10)

6

Draft Computer Crime and Cybercrime Bill Tanzania

Part II Cont’d provides a set of substantive criminal law provisions

that criminalise certain offences - eg illegally accessing and remaining logged into a computer system without lawful excuse or justification, obstructing, interrupting or interfering with the lawful use of computer data and disclosing details of a cybercrime investigation

Other than illegally accessing a computer, none of these types of behaviours or acts are currently legislated against by existing legislation in Tanzania.

7

Draft Computer Crime and Cybercrime Bill Tanzania

Part III provides procedures to determine jurisdiction the criminal offences enumerated in Sections 5‐26

Jurisdiction territorial and extra-territorial (ship/aircraft registered in enacting country, citizen etc)

S.27 (1)- Territorial jurisdiction applicable if - both the person attacking a computer system and the victim

system are located within the same territory or country. -the computer system attacked is within its territory, even if

the attacker is not.

8

Draft Computer Crime and Cybercrime Bill Tanzania

- S25(2) – applies if a national commits an offence abroad, and the conduct is also an offence under the law of the state in which it was committed or the conduct has taken place outside the territorial jurisdiction of any State

Part IV. Electronic evidence – deals with admissibility of electronic evidence and incorporates by reference the law dealing with electronic transactions & communication to apply

Part V. Procedural law – Provides a set of procedural instruments necessary to investigate Cybercrime;

identification of offenders, protection of the integrity of computer data during an investigation contains several inherently unique challenges for law enforcement authorities.

9

Draft Computer Crime and Cybercrime Bill Tanzania

purpose of Part V - to improve national procedural instruments by defining common minimum standards based on best practices within the region as well as international standards. - definition of standards will help national lawmakers to discover possible gaps in the domestic procedural law. Sections 28‐35 only define minimum standards and therefore do not preclude creation of more extensive criminalization on at national level.

introduces new investigation instruments (such as Section 35) and also aims to adapt traditional procedural measures (such as Section 28). All instruments referred to aim at permitting obtaining and/or collection of data for purpose of conducting specific criminal investigations or proceedings.

instruments described in Part V to be used in both traditional computer crime investigation but in any investigation that involves computer data and computer systems.

6.

10

Draft Computer Crime and Cybercrime Bill Tanzania

Part VI Liability (Service Providers) defines limitations of liability of Internet service

providers. responsibility of certain Internet Service Providers are

limited in Act, if their ability to prevent users from committing crimes is limited. It was therefore necessary to differentiate between the different types of providers

Without clear regulation, uncertainty created as to whether there is an obligation to monitor activities and, whether the providers could be prosecuted based on a violation of the obligation to monitor users’ activities.

11

Draft Computer Crime and Cybercrime Bill Tanzania

Part VI Cont’d Limitation (Service Providers) apart from possible conflicts with data protection

regulations and secrecy of telecommunication, such obligation would especially cause difficulties for hosting providers that store significant number of websites. To avoid these conflicts S. 36 excludes general obligation to monitor transmitted or stored information.

provision limits liability of providers with regard to criminal liability.

12

Draft Computer Crime and Cybercrime Bill Tanzania

Part VII General Provisions – includes issuance of Regulations – eg interception of computer data (security, functional and technical

requirements for interception, etc), - critical information infrastructure (identification, securing the integrity

and authenticity of, registration and other procedures relating to critical information infrastructure, etc)

Part VIII(Consequential Amendments And Savings) of legislation needing to be amended for purposes of bringing it in line with draft Bill ie

Electronic And Postal Communications Act, 2010 Amendment of Section 124 – removal of provision on unauthorized

access, and correction of marginal notes dealing with CIRT

13

Draft Computer Crime and Cybercrime Bill Tanzania

Part IX (Penal Code Cap 16) Amendment of Section 109 by adding two new

provisions expanding the meaning of thing to included computer system and where the destruction of the thing involved is committed is a computer system, for the crime to be categorized as an offence and not a misdemeanor.

14

Draft Computer Crime and Cybercrime Bill Tanzania

Detailed Provisions PART I. Preliminary Short Title & Commencement Application Objectives Interpretation

15

Draft Computer Crime and Cybercrime Bill Tanzania

PART II. Offences5.Illegal Access6.Illegal Remaining7.Illegal Interception8.Illegal Data Interference9..Data Espionage10.Illegal System Interference11..Illegal Devices12.Computer-related Forgery13.Computer-related Fraud

16

Draft Computer Crime and Cybercrime Bill Tanzania

14.Child Pornography15.Pornography16.Identity-related crimes17.Racist and Xenophobic Material18.Racist and Xenophobic Motivated Insult19.Denial of Genocide and Crimes Again Humanity20.SPAM21.Illegal Commerce and Trade22.Disclosure of details of an investigation23.Failure to permit assistance24.Harassment utilizing means of electronic

communication

17

Draft Computer Crime and Cybercrime Bill Tanzania

PART III. JURISDICTION25.Jurisdiction26. ExtraditionPART IV. ELECTRONIC EVIDENCE

27.Admissibility of Electronic Evidence

18

Draft Computer Crime and Cybercrime Bill Tanzania

PART V. Procedural law28.Search and Seizure29.Assistance30.Production Order31.Expedited preservation32.Partial Disclosure of traffic data33.Collection of traffic data34.Interception of content data35.Forensic Tool

19

Draft Computer Crime and Cybercrime Bill Tanzania

PART VI.Liability 36.No Monitoring Obligation37.Access Provider38.Hosting Provider39.Caching Provider40.Hyperlinks Provider41.Search Engine Provider

20

Draft Computer Crime and Cybercrime Bill Tanzania

Part VIIGeneral Provisions44. Limitation of Liability 45. Forefeiture of Assets46. General Provision on Cybercrimes47. Regulations48. Offence by body corporate or un-incorporate49. Prosecutions50. Compounding of Offences 

21

Draft Computer Crime and Cybercrime Bill Tanzania

Part VIIIConsequential AMENDMENTS AND SAVINGSElectronic And Postal Communications Act, 2010 51. Construction52.Amendment of Section 124 (“unauthorised access”)Part IXPenal Code Cap 16 53.Construction54. Amendment of Section 109 (def. of “thing”)

22

Thank you for your attention!Thank you for your attention!jjmctembo@hotmail.commctembo@hotmail.com

23