Mugabe’s cybersecurity bill criminalizes Zimbabweans’ access to computer systems
Zimbabwean activists and rights defenders are increasingly harnessing the power of the Internet, digital activism, social media platforms, and modern communication technologies to plan and coordinate effective collective actions. For example, in 2016, Internet-enabled mobile phones, social media platforms and communication apps such as WhatsApp were driving forces behind Pastor Evan Mawarire’s #ThisFlag protest and youth-led Tajamuka/Sesijukile’s #ShutDownZim protests. Undoubtedly, the Internet and modern communications technologies will improve political participation during Zimbabwe’s much-anticipated 2018 elections.
Robert Mugabe’s dictatorial regime is not about to let that happen. It’s responding Zimbabweans’ growing use of the Internet, social media and modern communication technologies by extending its authoritarian agenda into cyberspace. The regime is proposing a cybersecurity law that will criminalize Zimbabweans’ access to computers systems.
First introduced in August 2016, the “Computer Crime and Cyber Crime Bill” was initially marketed as an anti-hacking law for the digital age. In reality, it criminalizes on and offline activism. A draft version (PDF) of the bill reads:
A Bill for An Act to criminalize offences against computers and network related crime; to consolidate the criminal law on computer crime and network crime; to provide for investigation and collection of evidence for computer and network related crime; to provide for the admission of electronic evidence for such offences, and to provide for matters connected with or incidental to the foregoing.
The “Computer Crime and Cyber Crime Bill” is all about policing Zimbabweans’ use of the Internet. Once it becomes law, it will criminalize Zimbabweans’ access to computer systems. I’m reminded of the U.S. Computer Fraud and Abuse Act (CFAA), which was used to unfairly prosecute programmer and Internet activist Aaron Swartz until he took his own life in January 2013.
Zimbabwe’s future cybersecurity law also proposes the creation of a Computer Crime and Cybercrime Management Centre dedicated to the interception of Zimbabweans’ communications, and seizure of computers and mobile communications devices.
Zimbabwe already has a bucketful of draconian information control laws. The Posts and Telecommunications Act of 2000, Access to Information and Protection of Privacy Act (2002), and the Interception of Communications Act (ICA), enacted in 2007, allows the government to intercept communications. The ICA boosted the surveillance powers of the military, Central Intelligence Organization (CIO), Mugabe’s “secret police”, and the Zimbabwe Republic Police. It even granted the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ), Zimbabwe’s telecommunications regulator, and the Zimbabwe Revenue Authority, the power to intercept Zimbabweans’ on and off-line communications in the name of national security.
Back in 2016, POTRAZ confirmed that members of Zimbabwe’s growing army of Internet-savvy freedom fighters “can easily be identified” by the all-seeing surveillance state. According to the agency:
All sim cards in Zimbabwe are registered in the name of the user. Perpetrators can easily be identified.
According to Freedom House’s 2016 Freedom on the Net report, ICA “established a Monitoring of Interception of Communications Center that has the power to oversee traffic in all telecommunications services and to intercept phone calls, emails, and faxes under the pretext of national security, though it is uncertain whether the center is operating.” The Centre is reportedly the “sole facility through which authorised interceptions shall be effected.”
The ICA coopted telecom companies and internet service providers (ISPs) into the government’s surveillance project. ISPs must “provide a telecommunications service which has the capacity to be intercepted.”
Meanwhile, Mugabe’s “Computer Crime and Cyber Crime Bill” says next to nothing when it comes to the protection of human rights and individual liberties. It makes no guarantees that the dictator’s law enforcement and spying agencies will be accountable while in the processes of tackling cybercrime. And, as you’d expect, the proposed law would grand the authorities access to at-risk Zimbabweans’ electronic devices. Under Section 36 of the Bill, the police will be authorized to “utilise a remote forensic tool with the specific task required for the investigation”. The tool will be installed on a “suspect’s computer system in order to collect the relevant evidence.”
To understand where Mugabe is taking Zimbabwe with his latest draconian law, please consider the world of his former security minister, Didymus Mutasa. Before being expelled from the ruling Zanu PF party in 2014, Mutasa claimed that the government “sees everything,” including what happens in Zimbabweans’ bedrooms. Mutasa, who once presided over the CIO reportedly said:
No one can hide from us in this country.
In its current form, Mugabe’s proposed cybersecurity law threatens the open Internet, democracy, human rights, free flow of information, and Zimbabweans’ privacy rights, which are guaranteed under the country’s 2013 constitution. According to Section 57 states:
Every person has the right to privacy, which includes the right not to have – (a) their home, premises or property entered without their permission, (b) their person, home, premises or property searched; (c) their possessions seized; (d) the privacy of their communications infringed; or (e) their health disclosed.
Finally, Mugabe’s “Computer Crime and Cyber Crime Bill” confirms a disturbing trend across Africa. In the past few years, several countries have created harmful cybersecurity laws without providing basic privacy and human rights protections. These include: Uganda’s Computer Misuse Act of 2011, Tanzania’s Computer Crime and Cybercrime Bill (2013), Kenya’s Cybercrime and Computer Related Crimes Bill (2014), and South Africa’s Cybercrimes and Cybersecurity Bill of 2015. A 2016 examination (PDF) of some of these bills by Access Now raised several concerns, including the criminalization of computer use, mandatory data retention, government hacking, and lack of judicial oversight. Citing the African Union Convention on Cyber Security and Personal Data Protection, which Zimbabwe is yet to sign, the paper recommended that these countries “fulfill their obligations under the African Charter on Human and People’s Rights and other international on human rights treaties”.
Obert Madondo is an Ottawa-based blogger, activist, photographer, digital rights enthusiast, former political aide, and former international development administrator. He’s the founder and editor of these blogs: The Canadian Progressive, Zimbabwean Progressive, and Charity Files. Follow him on Twitter: @Obiemad
This article is published under a Creative Commons Attribution-NonCommercial 4.0 International licence. No permission is required for non-commercial reuse and distribution. However, you’re strictly required to cite the original source in accordance with the terms of the license.