News / National
Concern over CIO operatives on spooky cybercrime panel
26 Jul 2019 at 12:10hrs | Views
CIVIC society organisations have raised grave concerns over the involvement of the Central Intelligence Organisation (CIO), among other security organs, on the committee which will be responsible for enforcing the Computer Crime and Cybercrime Bill.
The civic groups say that the proposed legislation will give the state wide discretionary scope and undue power to spy on citizens.
The Bill, first introduced in 2012 during former president Robert Mugabe's rule, is largely perceived as an instrument by government to tighten its grip on the control of cyberspace, while unlawfully prying into the privacy of citizens.
Under the proposed legislation, which is yet to be passed by parliament, the State security minister, in consultation with the Finance minister, will have the power to set up the Computer and Cybercrime Management Centre, which will be headed by a CIO deputy director-general.
The Cybercrime Management Centre will be administered by an 11-member Cyber Security Committee, some of whose members will be drawn from the CIO, Zimbabwe Republic Police (ZRP), Ministry of Defence, Prisons and Correctional Services and the National Prosecuting Authority (NPA). It will also have representatives from the Postal and Telecommunications Regulatory Authority (Potraz), Ministry of Science and Technology and the Ministry of Information and Communication Technology.
Media Institute of Southern Africa Zimbabwe (Misa) legal expert Kudakwashe Hove said the composition of the Cyber Security Committee raises fears that the legislation is prone to abuse by the state, thereby compromising the privacy of citizens and other freedoms.
The proposed legislation will give the investigating authorities the right to seize computer devices and mobile phones during investigations, even if the equipment is not directly involved in the criminal activity being investigated.
"Misa is lobbying for the inclusion of non-security players — professionals — because the internet cannot be regulated by the security sector only, so there is a need to involve other players as well," he said.
Information Systems Audit and Control Association president Douglas Mapuranga said it was imperative to strike a balance between the need to protect citizens' rights and curtailing cybercrime in an age of rapid technological advancement.
"There is always a balance which has to be struck in terms of regulation," Mapuranga said.
"There is need to ensure that the legislation is robust to counter an attack and at the same time ensuring that the citizen's information stays private." Mapuranga said intelligence officers are distrusted "anywhere in the world" hence could not be trusted to run the committee.
Misa has also expressed concern over the Bill, saying the proposed law is vague in its definition of devices that can be confiscated by investigating authorities during investigations.
"This wide definition includes traditional data storage devices such as external hard drives but, most importantly, it is broad enough to also include mobile phones," Misa said.
Section three of the Bill defines computer data storage medium as: "any device or location on which data is capable of being reproduced or on which data is capable of being stored, by a computer device, irrespective of whether the device is physically attached to or connected with the computer device".
There are already instances where the police has seized mobile devices during investigations, triggering condemnation from human rights groups.
For instance, during investigations in the Martha O'Donovan case in November 2017, investigating officers seized her mobile phone alongside her laptop, triggering condemnation from international human rights groups.
O'Donovan, an American journalist visiting the country at the time, was accused of subversion and insulting Mugabe on social media.
Internet service provider Dandemutande engineer Kevin Ngolande said the cyber security committee was teeming with security agents, raising fears that the state was using the instrument as a ploy to stifle citizens' rights.
"The committee should have between 30% to 50% engineers, and programmers," Ngolande said. "Cyber security is no longer about manual searches and papers. It is now about sophisticated information communication technology attacks."
Zimbabwe has a slew of other laws which have been criticised for restricting political and civil liberties.
Mnangagwa rose to power in 2017 on the back of military tanks, promising to scrap repressive laws which Mugabe used to ensure repressive rule during his 37 years in power.
The civic groups say that the proposed legislation will give the state wide discretionary scope and undue power to spy on citizens.
The Bill, first introduced in 2012 during former president Robert Mugabe's rule, is largely perceived as an instrument by government to tighten its grip on the control of cyberspace, while unlawfully prying into the privacy of citizens.
Under the proposed legislation, which is yet to be passed by parliament, the State security minister, in consultation with the Finance minister, will have the power to set up the Computer and Cybercrime Management Centre, which will be headed by a CIO deputy director-general.
The Cybercrime Management Centre will be administered by an 11-member Cyber Security Committee, some of whose members will be drawn from the CIO, Zimbabwe Republic Police (ZRP), Ministry of Defence, Prisons and Correctional Services and the National Prosecuting Authority (NPA). It will also have representatives from the Postal and Telecommunications Regulatory Authority (Potraz), Ministry of Science and Technology and the Ministry of Information and Communication Technology.
Media Institute of Southern Africa Zimbabwe (Misa) legal expert Kudakwashe Hove said the composition of the Cyber Security Committee raises fears that the legislation is prone to abuse by the state, thereby compromising the privacy of citizens and other freedoms.
The proposed legislation will give the investigating authorities the right to seize computer devices and mobile phones during investigations, even if the equipment is not directly involved in the criminal activity being investigated.
"Misa is lobbying for the inclusion of non-security players — professionals — because the internet cannot be regulated by the security sector only, so there is a need to involve other players as well," he said.
Information Systems Audit and Control Association president Douglas Mapuranga said it was imperative to strike a balance between the need to protect citizens' rights and curtailing cybercrime in an age of rapid technological advancement.
"There is always a balance which has to be struck in terms of regulation," Mapuranga said.
"There is need to ensure that the legislation is robust to counter an attack and at the same time ensuring that the citizen's information stays private." Mapuranga said intelligence officers are distrusted "anywhere in the world" hence could not be trusted to run the committee.
Misa has also expressed concern over the Bill, saying the proposed law is vague in its definition of devices that can be confiscated by investigating authorities during investigations.
"This wide definition includes traditional data storage devices such as external hard drives but, most importantly, it is broad enough to also include mobile phones," Misa said.
Section three of the Bill defines computer data storage medium as: "any device or location on which data is capable of being reproduced or on which data is capable of being stored, by a computer device, irrespective of whether the device is physically attached to or connected with the computer device".
There are already instances where the police has seized mobile devices during investigations, triggering condemnation from human rights groups.
For instance, during investigations in the Martha O'Donovan case in November 2017, investigating officers seized her mobile phone alongside her laptop, triggering condemnation from international human rights groups.
O'Donovan, an American journalist visiting the country at the time, was accused of subversion and insulting Mugabe on social media.
Internet service provider Dandemutande engineer Kevin Ngolande said the cyber security committee was teeming with security agents, raising fears that the state was using the instrument as a ploy to stifle citizens' rights.
"The committee should have between 30% to 50% engineers, and programmers," Ngolande said. "Cyber security is no longer about manual searches and papers. It is now about sophisticated information communication technology attacks."
Zimbabwe has a slew of other laws which have been criticised for restricting political and civil liberties.
Mnangagwa rose to power in 2017 on the back of military tanks, promising to scrap repressive laws which Mugabe used to ensure repressive rule during his 37 years in power.
Source - the independent