Cybercrimes Act 2015 Tanzania; The Challenge in the Hands of Both Corporates and Individuals
The government tabled the highly public-feared Cybercrimes Bill, 2015 sometime in early February 2015. The Bill focused on protecting Tanzanians against cybercrimes. The large percentage of the public and the opposition parties have been voicing their outcry against the enactment of the law, citing “limitation of freedom of information” as one possible vice of the impugned law. Most of the provisions of the Bill touch and are likely to affect corporations equally as much as they would to individuals.
The Bill was assented on the 25th April, 2015 by the President of United Republic of Tanzania into law. The government has however maintained that the main objectives behind the Act is to protect sensitive infrastructures, reduce vulnerability and cyberbullying, and minimize the damage that cyber-attacks may cause. The Cybercrimes Act 2015 Tanzania (hereafter “the Act”) is expected to come into force upon the publication in the government gazette by the minister responsible.
Breakthrough Attorneys in review of the Act has narrowed down the key issues stemming up from the Cybercrimes Act 2015 Tanzania
- The Act illegalizes the following;
- Access and possession of devices.
Illegal access to a computer system, illegal interception in a computer system, illegal remaining in a computer system, illegal data interference in computer system, data espionage, illegal system interference, illegal devices, forgery related to computer, fraud related to computer,
- Publishing of materials in computer systems
Publishing child pornography and any pornography in computer systems, identity related crimes, publication of false information, racist and xenophobic material, racist and xenophobic motivated insult, unsolicited massages, disclosure of details of an investigation, obstruction of investigation, cyber bulling, violation of intellectual property rights,
- Other offences
Aiding and abetting, attempts, conspiracy to commit offence and offences relating to critical infrastructure.
Upon conviction the offender maybe condemned to a jail term or a fine or compensation or all the above depending on the offence. The heaviest sentence under the Act is imprisonment for not less than seven years and a fine of not less than one hundred million.
- According to the Act Section 3, publish means distribution, transmitting, disseminating, circulating, delivering, exhibit, exchanging, barter, printing, copying, selling or offering for sale, letting on hire or offering to let on hire, offering in any other way or making available in any way. Therefore, publication doesn’t mean printing out or uploading in the magazine or a website alone. This means emailing, blogging and texting unauthorized data is an offence under the Act. It has taken the traditional inference of the word “publish” which means and refers to “make generally known or disseminate something to the public”.
- Computer systems is what makes the medium a cybercrime. Under the Act, Section 3 it is defined as a device or combination of devices, including network, input or output devices capable of being used in conjunction with external files which contain computer programmes, electronic instructions, input data and output data that perform logic, arithmetic data storage and retrieval communication control and other functions. Example of devices that fall under the ambit of the definition of a computer system in the Act are computers, laptops, tablets and mobile phones.
- Intellectual Property & Fraud Matters
Violation of intellectual property rights has been addressed in other legislation in Tanzania. Previously, violation of the same would expose the violator to only civil liability. With this new enactment, corporate bodies and their top managements that violate intellectual property rights may now be held accountable in both civil and criminal law. The law has also imposed a heftier penalty and sentence if any cyber IP infringement is deemed to have been “commercially calculated”.
- Enforcement woes
The law enforcement officers according to the Act are police officers ranking from assistant inspector and above, an investigator of equivalent rank of inspector and above, member of Tanzania Intelligence Service, prosecutor and any other authorized person. The Act confers excessive powers to the police for search and seizure of computer systems; and disclosure of data. In the course of a criminal investigation or the prosecution of an offence, a police officer in charge of a police station or a law enforcement officer of a similar rank may issue an order to any person in possession of such data compelling him to disclose such data or the device to be handed over. The officer is not required to seek a court order. Breakthrough Attorneys understands that this means any data or device, personal or corporate can be accessed, removed and/or retained by a law enforcement officer under this Act. Furthermore, obtaining the data or device in custody of the law enforcement officer is in the discretion of the officer. The officer may agree or refuse a person access to one’s data or device that is in custody of the law enforcement officers under the Act.
- Service Providers
The Act addresses the liability of service provider. Service providers will not be held liable for information stored, accessed, published, linked or transmitted by a user, provided such information was disabled or removed after the provider is notified, ordered or becomes aware of such criminal activity. This means, when it comes to the attention of the service provider that the data uploaded is unauthorized, the service provider shall remove or disable access to such data, then notify the relevant authorities.
The Act amends the Electronic and Postal Communications Act, the Penal Code making destruction of any device which contains evidence a crime. The Act also amends The Anti-Money Laundering Act and Extradition Act by inserting the words cybercrime in offences under the said statutes, making it an offence under the Anti-Money Laundering Act and an extraditable offence. It should be noted that, the Act confers jurisdiction to convict any Tanzanian citizen within or outside the country or a foreigner within or outside the country if this foreigner committed a crime against a person located in Tanzania.
The Cybercrimes Act 2015 Tanzania faces a lot of criticism. Some have argued to be a violation of human rights. Provisions such as section 7(2) (b) which holds a person guilty of merely receiving unauthorized information or computer data with or without intention of accessing the same. At Breakthrough Attorneys we believe that it is high time that cyber security in the country be addressed. We however are cautious that the said security should not be attained at the expense of individual privacy, integrity and right to due process of the law. The Act creates room for abuse by the law enforcement officers for example where disclosure of data is required for purposes of criminal investigation or the prosecution of an offence, a police officer in charge of a police station or a law enforcement officer of a similar rank may issue an order to any person in possession of such data compelling him to disclose such data. At least, such should have been made possible under an order of the Court.
Breakthrough Attorneys thinks that the Cybercrimes Act 2015 Tanzania may be exposed to abuse and is a clear violation of privacy. This calls into question the Privacy Law which was prepared alongside the Cybercrimes Act 2015 but the public has lost track of its whereabouts to date. The Cybercrimes Act 2015 Tanzania is likely to be challenged in Court as being unconstitutional.