As readers may be aware, the Computer and Cybercrimes Bill 2017 was recently tabled in Parliament for the first reading. The Bill has been the focus of numerous posts on this blog by both CIPIT staff and students. This blogger recently received a copy of the Bill and would like to share some comments. These comments cover several aspects of the Bill including: interpretation, the offence of unauthorised access, the offence of unauthorised interference, the offence of false publication, the offence of child pornography, Search and seizure of stored computer data, power to search without a warrant in special circumstances, production order, real-time collection of traffic data and finally, appeal.
In the interpretation section, it is noted that several key definitions are missing such as “computer”, “critical infrastructure”, “child”, “means of identification”, “publish”, “film” and “photograph”, among others. On unauthorised access, the drafting of this offence could be a challenge for informers, investigators, whistleblowers and others, as they could end up being arrested and charged in court under this provision. Therefore due consideration ought to be given to persons who gain unauthorised access for investigation, whistle-blowing or any such access on grounds of overwhelming public interest. On unauthorised interference, the term interference is not defined which is crucial for purposes of establishing that the offence has been committed. Interference in this context may be defined as permanently or temporarily (a) deleting, altering, damaging, a computer system, program or data; (b) obstructing or denying access to a computer system, program or data; or (c) interrupting or impairing the functioning, confidentiality, integrity or availability of a computer system or program.
With regard to the offences, this blogger concurs with others that false publication and child pornography should be deleted from the Bill. As for false publication, this offence appears to unjustifiably limit the freedoms of opinion and expression as well as the right of access to information guaranteed under Articles 32, 33 and 35 of the Constitution respectively. As for child pornography, a similar offence already exists in Section 16 of the Sexual Offences Act, 2006. On section 22 of the Bill, the scope of procedural provisions requires attention. The Bill ought to require that any action under the Act could be commenced only after a written claim is presented to the appropriate authority which in this case is proposed to be the Central Authority. In addition, the Bill should prescribe that any procedures under this Part should be commenced by 6 months and within 2 years after a written claim accrues.
On search and seizure of stored computer data, the Bill ought to make it mandatory for police officers or authorised persons to apply to the court for issue of a warrant to enter any premises to enter any premises to access, search and similarly seize such data. Regarding the power to search without a warrant in special circumstances, this section should be deleted as it unjustifiably limits the right to privacy guaranteed under Article 31 of the Constitution. On production orders, the Bill ought to make it mandatory for police officers or authorised persons to apply to court for an order requiring submission of personal data or subscriber information. In this connection, this section unjustifiably limits the right to privacy guaranteed under Article 31 of the Constitution. On the real-time collection of traffic data, the Bill ought to reduce the latitude of police and authorised persons to engage in surveillance. Entrenching due process and oversight.
Although these comments echo those made by KICTANET, CEWG and others, it remains to be seen how they will shape the formulation and outcome of the Bill pending before Parliament.