GOVERNMENT is in the process of updating its cyber statutory Bills ostensibly to protect online users and curb cybercrimes, but the measures will strengthen its spying activities on citizens.
The proposed legislative measures, which would give government greater control of cyber space, are the Data Protection Bill, the Electronic Transaction and Electronic Commerce Bill, and the Computer Crime and Cybercrime Bills.
The Zimbabwe Independent is in possession of the preliminary versions of the draft Bills.
The initial Electronic Transaction and Electronic Commerce Bill intends to promote legal certainty and enforce ability to electronic transactions and electronic commerce. It also aims to grant legal recognition to electronic communications and writing and would also provide for the legal effect of electronic signatures as well as secure electronic signatures.
Reads the draft Bill: “(The Bill intends) to provide for the time and place of the dispatch and receipt of electronic communications as well as electronic contract formation and transactions. (The Bill intends) to protect consumers in the online environment and to prohibit certain electronic marketing practices, to provide for the limitation of liability of service providers and to provide for matters incidental to or connected with the foregoing.”
If passed, the Data Protection Bill will govern the processing of personal information by private and public bodies to prevent unauthorised and arbitrary use, collection, processing, transmission and storage of data of identifiable persons. “(The Bill intends) to provide for the regulation of data protection, to establish a Data Protection Authority and to provide for matters connected therewith or incidental to the foregoing,”it reads.
The Computer Crime and Cyber Crime Bills, if passed, would allow government to remotely instal forensic spying tools onto citizens’ communication devices. A remote forensic tool is defined in the draft Bill as an “investigative tool, including software or hardware installed on or in relation to a computer system or part of a computer system and used to perform tasks that include but are not limited to keystroke logging or transmission of an IP address”.
An Information Communication and Technology consultant, Chris Musodza said in an interview on Wednesday: “Globally, it is imperative for any nation to have legislation to govern the way we collect and process data. Cyber security laws and regulations are changing rapidly around the world, but Zimbabwe’s have been at draft stage for a long time now.
“The early version of the data protection legislation lacks components such as consent as a requirement for data to be processed; consent must be given explicitly rather than assumed. The Bill should comply with the constitutional age of consent stipulation and specify what happens when a person is below the age of consent,” said Musodza. A key component of data protection legislation internationally is the data controller, he said.
“Zimbabwe’s draft data protection Bills states that the President, in consultation with the ICT minister, is responsible for the appointment of a data control board which insinuates that their appointments can easily be political,” he added.
Last week this paper reported that government is moving to consolidate its grip on the telecoms sector through forcing mobile operators into infrastructure sharing as it seeks to control cyberspace.
Among the concerns is that the cyber bill could also be used to shut down web-based publications.
Due to the government’s suppression of media, there has been a rise in the number of internet publications run by Zimbabweans living in Diaspora and some of these are New Zimbabwe, Zimnewsblog owned by Victor Chatikobo based in Australia, My Zimbabwe, Nehanda Radio, among many others