BY KENNETH MATIMAIRE
GOVERNMENT has amended several controversial provisions that trampled on human rights but experts still complain about an array of clauses that stifle freedom of expression under the Cyber Security and Data Protection Bill which awaits Presidential endorsement.
The amendments came at a time digital and internet rights groups raised alarm against the initial Cyber Security Bill during the consultation stage.
One of the several clauses at the centre of dispute was the provision of keystroke loggers under Section 35 of the Bill.
Keystroke logging is a spyware used to track and record every stroke entry made on a computer, often without the permission or knowledge of the user.
The spyware was to be used by members of the security services to snoop on citizens’ private conversations, in contravention of Section 57 of the Constitution which guarantees privacy rights.
Deputy chairperson of the Parliamentary Portfolio Committee on ICT, Ability Gandawa recently indicated that the ICT ministry had made amendments to the Cyber Security Bill.
“There were issues to do with invasion of privacy which were coded in the initial Bill before it was redone. The ministry looked at it and I’m glad to report that those issues were then struck off the Bill,” said Gandawa during a recent Cyber Security and Data Protection webinar.
The webinar was co-organised by Misa-Zimbabwe and the Collaboration on International ICT Policy in East and Southern Africa (Cipesa).
“If you look at how the Bill was structured in the first instance and how it looks like now, it’s a little bit different. We really took into account the concerns and the submissions that came from our (members of the) public.
“There was serious concern to the effect that there was going to be the deployment of remote keystroke loggers which were going to invade the privacy of individuals’ gadgets — mobile phones, tablets,” he added.
Gandawa said the revised Bill now requires outright express authority coming from the data subject whose data is being a subject of discussion, be it by the police or courts.
“In the initial Bill, there was a bit of a loose end in terms of how data is shared among data controllers but the new Bill (Clause 9 to 14) that is soon to be signed into law by the President has made it a point that data cannot be shared willy-nilly like what had been proposed in the first draft,” he said.
The development comes at a time when the Ministry of Health and Child Care has been under fire for sharing sensitive health information captured for the purposes related to the Covid-19 pandemic with other unrelated departments.
In April last year, state controlled media published an article titled: “Beware of this patient! Covid-19 positive woman gallivanting around town,” exposing leaking of sensitive health information by health authorities to state media.
Clause 379A demands that any search and seizure must be backed by a warrant issued by the courts while Clause 379E requires the authentication of electronic evidence before it is made admissible in a court of law or in any dispute.
In terms of protecting the use of the cyber space, the Bill has provisions against child pornography (Clauses 165 and 165A), cyber bullying and harassment (Clause 164B) as well as the spread of false information (Clause 164C).
“We are trying to ensure that we protect the rights of people, the integrity of people, rather than just flying information from left, right and centre without protection of citizens. There are penalties, both imprisonment and fines,” Gandawa said.
MISA-Zimbabwe legal and ICT policy officer, Nompilo Simanje said the Bill takes a step in the right direction in terms of criminalising child pornography, cyber bullying and sharing of pornographic material (Clause 164E) where women are often victims of revenge pornography from bitter former lovers.
However, Simanje lamented that the Bill in its current form would promote self-censorship and stifle freedom of expression.
“We agree that the spread of misinformation and disinformation should be regulated. We also agree that false news or the prevalence of false news has been on the rise, particularly during Covid-19 but our comment really with regards to the Bill… was that it was criminalising free expression, whilst criminalising the communication of false news. So our concern has been that firstly, the law is not making a clear distinction between what is called disinformation and misinformation,” said Simanje in an interview.
Simanje said the disinformation and misinformation should be clarified in the Bill.
She further indicated that the penalties that were being imposed by the Bill were too restrictive as they range up to level 14 fines and 10 years imprisonment.
“People will not feel free to communicate on social media platforms, on Facebook, Twitter and WhatsApp for fear that if they communicated that information and it’s found to be false, they will be criminalised and pay hefty penalties,” Simanje said.
The African Declaration on Internet Rights and Freedoms (AfDec) seeks to give guidance to governments and other public stakeholders in the regulation of the internet and the use of communication technologies.
The AfDEC 13 Principle Charter hinges on promoting internet or cyberspace use.
However, Simanje noted that the Bill has a long controversial provision which criminalises promotion or incitement to commit public violence or damage to property under Clause 164.
She indicated that the clause was vague in all the pieces of legislation such as in the Criminal Law (Codification and Reform) Act Chapter 9:23, which makes it subject to abuse by authorities against citizens.
Section 187(1)(a) as read with Section 36 (1)(a) and Section 37(1)(a)(i) of the Criminal Law criminalises “inciting the public to engage in a gathering with intent to commit public violence” or incitement to commit public violence.”
The same law has been used to prosecute human rights defenders such as cleric Evan Mawarire and journalist Hopewell Chin’ono, among others.
Simanje said it was disturbing that the same law featured in the Cyber Security Bill under Clause 164.
“This law has been used to criminalise or arrest people for online communication under the pretext that they are inciting public violence or that they are promoting violence.
“We saw that provision again in the Cyber Security Bill (Clause 164) and I think it is also one of the provisions that are promoting internet censorship. People will not feel free to comment on issues of national interest. They will not feel free to hold public officials or public institutions to account for fear that that communication might be misconstrued as promoting public violence,” she said.
There are growing fears that the clause will be used to clamp down on dissenting voices, target civic society and opposition party leaders as the government has already made chilling warnings regarding the Bill.
Information minister Monica Mutsvangwa, warned that the Cybersecurity Bill “is coming and is going to be heavy on people that spread false information.”
The late army commander, Lieutenant-General Edzai Chimonyo also warned the army would snoop on citizen’s private communication to “guard against subversion” as the use of social media poses a threat to national security.
United Kingdom-based policy officer for Privacy International Kuda Hove said the Bill would restrict online use.
“There are fears that once the Cybersecurity Bill comes into law, it would be used to restrict people’s use of social media by further criminalising legitimate expression that people have and use on social media by also criminalising some activities on the grounds of protecting the nation’s cyberspace,” said Hove.