Upload
stephanie-ramirez
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
InternationalTelecommunicationUnion
HIPSSA ProjectHIPSSA Project
Support for Harmonization of the ICT Policies Support for Harmonization of the ICT Policies in Sub-Sahara Africa, in Sub-Sahara Africa,
22ndnd Workshop on Tanzania National Transposition of SADC Workshop on Tanzania National Transposition of SADC Cybersecurity Model Laws, Dar-es-Salaam 4Cybersecurity Model Laws, Dar-es-Salaam 4 - - 8 8thth March2013 March2013
Overview of Draft Tanzania Computer Crime and Cybercrime Bill Overview of Draft Tanzania Computer Crime and Cybercrime Bill
Presenter: Judith M.C.Tembo HIPSSA International Expert on cybercrime
Draft Computer Crime and Cybercrime Bill Tanzania
Draft Computer Crime and Cybercrime Bill TanzaniaA. Objectives Act provides a legal framework for the criminalisation of computer and
network related offences. Principal aims are to criminalize certain illegal content in line with
regional and international best practices, provide the necessary specific procedural instruments for the investigation of such offences and define the liability of service providers.
B. Provisions Draft Bill divided into nine parts – All provisions of Model law on
cybercerime transposed and expanded as appropriate to suit Tanzania situation.
Terms used and provisions other than those peculiar to Tanzania law, are further explained in explanatory notes in respect of them.
Proposed Bill, drafted using technology neutral language.
2
Draft Computer Crime and Cybercrime Bill Tanzania
Bill avoids over‐legislating and facilitates both technological advancements and new and innovative developments in cybercrime.
Part 1 - provides definitions and sets the objective of the Act, scope/application and the date when the Act will come into force;
defines terms such as “computer system”, “access provider” and “hinder” etc., using sufficiently broad wording and where possible illustrative examples.
Eg “Computer system” or “information system” - a device or a group of inter-connected or related devices, one or more of which, pursuant to a program, performs automatic processing of data or any other function;
Sec. 3 (1) - term “access provider” can be both a legal person as well as a natural person. In light of this, even the operator of a private network can therefore be considered an access provider.
3
Draft Computer Crime and Cybercrime Bill Tanzania
Part I Cont’d
“Hinder” - (includes cutting the electricity supply to a computer system; and causing electromagnetic interference to a computer system; and corrupting a computer system by any means; andinputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data;
“Critical infrastructure” - computer systems, devices, networks, computer programs, computer data, so vital to the country that the incapacity or destruction of or interference with such systems and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters
4
Draft Computer Crime and Cybercrime Bill Tanzania
Part I Cont’d -As far as possible, technical terms been defined to provide
certainty as to which terminology’s been left to judicial construction
Part II - provides Substantive criminal law provisions (offences)
-purpose of Sections 5‐26 of the Act is to improve means to prevent and address computer– and network‐related crime by defining a common minimum standard of relevant offences based on best practice prevailing within the region as well as international standards. (eg CoECC, C/wealth Model Law)
- Ss.5‐26 therefore provides minimum standards and therefore allows for more extensive criminalisation should the country so desire.
5
Draft Computer Crime and Cybercrime Bill Tanzania
Part II Cont’d
all offences established in this Act, require that offender is carrying out the offences intentionally. Reckless acts are therefore not covered.
“person who intentionally, without lawful excuse or justification or in excess of a lawful excuse or justification...”
- eg Section 5 requires that the offender is carrying out the offences intentionally. Reckless acts are not covered. (c/f Penal Code Cap 16, S10)
6
Draft Computer Crime and Cybercrime Bill Tanzania
Part II Cont’d provides a set of substantive criminal law provisions
that criminalise certain offences - eg illegally accessing and remaining logged into a computer system without lawful excuse or justification, obstructing, interrupting or interfering with the lawful use of computer data and disclosing details of a cybercrime investigation
Other than illegally accessing a computer, none of these types of behaviours or acts are currently legislated against by existing legislation in Tanzania.
7
Draft Computer Crime and Cybercrime Bill Tanzania
Part III provides procedures to determine jurisdiction the criminal offences enumerated in Sections 5‐26
Jurisdiction territorial and extra-territorial (ship/aircraft registered in enacting country, citizen etc)
S.27 (1)- Territorial jurisdiction applicable if - both the person attacking a computer system and the victim
system are located within the same territory or country. -the computer system attacked is within its territory, even if
the attacker is not.
8
Draft Computer Crime and Cybercrime Bill Tanzania
- S25(2) – applies if a national commits an offence abroad, and the conduct is also an offence under the law of the state in which it was committed or the conduct has taken place outside the territorial jurisdiction of any State
Part IV. Electronic evidence – deals with admissibility of electronic evidence and incorporates by reference the law dealing with electronic transactions & communication to apply
Part V. Procedural law – Provides a set of procedural instruments necessary to investigate Cybercrime;
identification of offenders, protection of the integrity of computer data during an investigation contains several inherently unique challenges for law enforcement authorities.
9
Draft Computer Crime and Cybercrime Bill Tanzania
purpose of Part V - to improve national procedural instruments by defining common minimum standards based on best practices within the region as well as international standards. - definition of standards will help national lawmakers to discover possible gaps in the domestic procedural law. Sections 28‐35 only define minimum standards and therefore do not preclude creation of more extensive criminalization on at national level.
introduces new investigation instruments (such as Section 35) and also aims to adapt traditional procedural measures (such as Section 28). All instruments referred to aim at permitting obtaining and/or collection of data for purpose of conducting specific criminal investigations or proceedings.
instruments described in Part V to be used in both traditional computer crime investigation but in any investigation that involves computer data and computer systems.
6.
10
Draft Computer Crime and Cybercrime Bill Tanzania
Part VI Liability (Service Providers) defines limitations of liability of Internet service
providers. responsibility of certain Internet Service Providers are
limited in Act, if their ability to prevent users from committing crimes is limited. It was therefore necessary to differentiate between the different types of providers
Without clear regulation, uncertainty created as to whether there is an obligation to monitor activities and, whether the providers could be prosecuted based on a violation of the obligation to monitor users’ activities.
11
Draft Computer Crime and Cybercrime Bill Tanzania
Part VI Cont’d Limitation (Service Providers) apart from possible conflicts with data protection
regulations and secrecy of telecommunication, such obligation would especially cause difficulties for hosting providers that store significant number of websites. To avoid these conflicts S. 36 excludes general obligation to monitor transmitted or stored information.
provision limits liability of providers with regard to criminal liability.
12
Draft Computer Crime and Cybercrime Bill Tanzania
Part VII General Provisions – includes issuance of Regulations – eg interception of computer data (security, functional and technical
requirements for interception, etc), - critical information infrastructure (identification, securing the integrity
and authenticity of, registration and other procedures relating to critical information infrastructure, etc)
Part VIII(Consequential Amendments And Savings) of legislation needing to be amended for purposes of bringing it in line with draft Bill ie
Electronic And Postal Communications Act, 2010 Amendment of Section 124 – removal of provision on unauthorized
access, and correction of marginal notes dealing with CIRT
13
Draft Computer Crime and Cybercrime Bill Tanzania
Part IX (Penal Code Cap 16) Amendment of Section 109 by adding two new
provisions expanding the meaning of thing to included computer system and where the destruction of the thing involved is committed is a computer system, for the crime to be categorized as an offence and not a misdemeanor.
14
Draft Computer Crime and Cybercrime Bill Tanzania
Detailed Provisions PART I. Preliminary Short Title & Commencement Application Objectives Interpretation
15
Draft Computer Crime and Cybercrime Bill Tanzania
PART II. Offences5.Illegal Access6.Illegal Remaining7.Illegal Interception8.Illegal Data Interference9..Data Espionage10.Illegal System Interference11..Illegal Devices12.Computer-related Forgery13.Computer-related Fraud
16
Draft Computer Crime and Cybercrime Bill Tanzania
14.Child Pornography15.Pornography16.Identity-related crimes17.Racist and Xenophobic Material18.Racist and Xenophobic Motivated Insult19.Denial of Genocide and Crimes Again Humanity20.SPAM21.Illegal Commerce and Trade22.Disclosure of details of an investigation23.Failure to permit assistance24.Harassment utilizing means of electronic
communication
17
Draft Computer Crime and Cybercrime Bill Tanzania
PART III. JURISDICTION25.Jurisdiction26. ExtraditionPART IV. ELECTRONIC EVIDENCE
27.Admissibility of Electronic Evidence
18
Draft Computer Crime and Cybercrime Bill Tanzania
PART V. Procedural law28.Search and Seizure29.Assistance30.Production Order31.Expedited preservation32.Partial Disclosure of traffic data33.Collection of traffic data34.Interception of content data35.Forensic Tool
19
Draft Computer Crime and Cybercrime Bill Tanzania
PART VI.Liability 36.No Monitoring Obligation37.Access Provider38.Hosting Provider39.Caching Provider40.Hyperlinks Provider41.Search Engine Provider
20
Draft Computer Crime and Cybercrime Bill Tanzania
Part VIIGeneral Provisions44. Limitation of Liability 45. Forefeiture of Assets46. General Provision on Cybercrimes47. Regulations48. Offence by body corporate or un-incorporate49. Prosecutions50. Compounding of Offences
21
Draft Computer Crime and Cybercrime Bill Tanzania
Part VIIIConsequential AMENDMENTS AND SAVINGSElectronic And Postal Communications Act, 2010 51. Construction52.Amendment of Section 124 (“unauthorised access”)Part IXPenal Code Cap 16 53.Construction54. Amendment of Section 109 (def. of “thing”)
22