THE Zimbabwe chapter of the Media Institute of Southern Africa (Misa) has raised concerns over sections of the Cybercrime and Cybersecurity Bill which allow investigating authorities to seize computer devices and mobile phones during investigations, even if the equipment is not directly involved in the criminal activity being investigated.
By Hazel Ndebele
Although the Bill has been amended several times, it has largely been seen as an instrument for government to tighten its grip over the control of cyberspace while spying on citizens. The Bill is yet to be passed by parliament.
In a commentary on the Cybercrime and Cybersecurity Bill, Misa Zimbabwe said the current definition of computer data storage medium exposes personal devices such as mobile phones to search and seizure during cybercrime investigations.
“The definition of computer data storage medium is too wide. It gives room for the seizure of personal equipment, which might not fall in the category of traditional data storage devices and equipment,” reads the Misa Zimbabwe commentary.
“The current definition will entrench and legitimise the illegal practice by investigating officers of seizing electronic equipment that is not linked to a cybercrime.”
Misa Zimbabwe said if the matter is not dealt with, it may lead to the violation of fundamental human rights such as the right to privacy.
Section three of the draft Bill defines computer data storage medium as: “any device or location from which data is capable of being reproduced or on which data is capable of being stored, by a computer device, irrespective of whether the device is physically attached to or connected with the computer device.”
Misa feels the definition needs to be amended as it considers any device that can either produce data, or be used to store data as a computer data storage medium.
“This wide definition includes traditional data storage devices such as external hard drives, but most importantly, it is broad enough to also include cellphones,” Misa Zimbabwe said.
Section three of the Bill also defines data as “any representation of facts, concepts, information, whether in text, audio, video, images, machine-readable code or instructions, in a form suitable for communications, interpretation or processing in a computer device, computer system, database, electronic communications network or related devices and includes a computer programme and traffic data.”
According to Misa Zimbabwe, this will enable investigating authorities to seize computer devices, including mobile phones, even if there is no evidence that the mobile phones have been plugged into any computer devices belonging to persons under investigation.
“The possibility of the inclusion of mobile phones in this definition is based on the fact that mobile phones, by their nature, can reproduce data. The unauthorised access to data on computer data storage mediums is criminalised in terms of Section 6 (1) of the Bill. Section 9, on the other hand, criminalises the unlawful interference of data kept on a computer data storage medium. Such unlawful interference can be in the form of altering, damaging, or deleting the data without lawful consent. These are all welcome safeguards meant to ensure the integrity of data stored on all forms of computer data storage mediums,” notes Misa Zimbabwe.
The media advocacy group noted that definitions in the Bill need to be dealt with as they could pose potential problems when viewed against Section 33 of the Bill which regulates search and seizure procedures for the process of investigating cybercrime. In Section 33 (1)(b), computer data storage mediums are listed as equipment that can be seized in terms of the Act.
There are already instances where the Zimbabwe Republic Police (ZRP) Criminal Investigations Department, has seized mobile devices during investigations. For instance, during investigations in the Martha O’Donovan case in November 2017, investigating officers seized her mobile phone alongside her laptop.