Child porn, spam & everything illegal under Zimbabwe’s draft Cybercrime Bill

Parliament of Zimbabwe

I guess everyone with the slightest bit of appreciation of technology will agree that our country’s laws haven’t caught up with the changes that have been happening in the tech space.

A lot of cases that we’ve seen being handled in court rely on laws that aren’t specific enough to identify when a crime has been committed and in some instances downplay the potential damage that a perpetrator might have caused.

To be fair, the rate at which technology is used in every other field essentially means that legislation won’t be able to fully catch up. it is commendable, however if the law does at least try to do that.

We recently managed to look through the draft Computer Crime and Cybercrime Bill that is set for final deliberations in the Parliament of Zimbabwe. It’s part of a raft of proposed legislation that includes the ICT Policy, e-Transactions bill, Data Protection Bill and Interception of Communications Bill which are set for parliamentary deliberation.

Though it’s still a draft and will likely go through some changes before it passes through the House and goes for Presidential assent, there were some notable aspects in the draft which indicate an approach to cybercrime that is a lot more aware of changes in technology.

What constitutes a cybercrime?

One major leap from previous legislation has been the acknowledgement of certain computer aided offences that have been canvassed under other offences in the Criminal Law Act of Zimbabwe.

Some offences that have been highlighted specifically include:

  • Pornography – possessing, distributing, selling, lending or hiring it out
  • Child porn -this includes acquiring producing, distributing, possessing or offering it through a computer system as well as gaining access to it through ICT
  • Handling racist or xenophobic material
  • the deliberate introduction of a virus into a system
  • The unauthorised use or possession of credit or debit cards
  • Spam – “the transmission of multiple electronic mail messages from or through a computer system”
  • The illegal access to or use of a computer, or the illegal interception of information,
  • illegal data interference – this extends to illegally deleting or altering data or obstructing its lawful use, as well as fraudulently creating or manipulating data through a computer system. It also covers downloading and creating software used to alter or destroy data
  • Data espionage – this covers accessing of data that is under special authority
  • Illegal system interference through illegal devices
  • Computer related forgery and fraud
  • The violation of  any intellectual property rights protected under any law or treaty applicable to intellectual property rights in Zimbabwe

All these offences are yet to have specified penalties and sentences, though imprisonment and forfeiture of systems used in a crime are highlighted.

Assuming that this bill becomes law, it creates a very different landscape regarding the acknowledgement of IT in criminal procedures in Zimbabwe. From the looks of the specific nature of the offences it should also set into motion the action around IT forensic in Zimbabwean law enforcement.

It also brings into play the issue of skills development for every other person in law enforcement and the adoption of systems that will play a part in the delivery of justice.

These considerations will invariably create opportunities for people in ICT that are able to create solutions or offer support to the Zimbabwean legal system.

23 comments

  1. black hat hacker

    game on i will distribute some malware just for the sake of it want to see how long the e-police will take to shutdown my overseas proxy muhahahaha!(evil laugh)

    1. macd chip

      ZRP will ask whoever you are spamming or spammed to catch and bring you to police station so that they can arrest you.

    2. White Hat hacker

      dont be ignorant there is no such thing as being anonymous on the internet. By virtue of using it you leave footprints everywhere whether intentional or not.
      the long arm of the law will get you eventually.
      thats why all laws address extradiction and jurisdiction

      1. fourwallsinaroom

        ok well, i run cyberghost edward snowden edition. then i create a tunnel via vpn book which is free and anonymous, finally i create a third tunnel using us1 vpn. i distribute what i need to distribute using tor network! i can guarantee you zrp will not even get past tor network… all of this is done using tor flash linux which is not persistent. so the moment i shut down all details are gone. my isp can just see that i used cyber ghost nd that is that! if they could not track down my stolen phone for a year, using information given by econet, i doubt they can track down cyber ghost – vpn book – us1 vpn all under a tor network! yes not impossible but highly improbable, but where is the expertise coming from? ehhh sorry sir, we do not have transport, you said there is a thief in your house… can you come and get us from the station? really lol.

        1. tinonetic

          VPN isnt as secure as believed.

          Tor browsing is as anonymous and secure as your exit node(which isnt guaranteed secure, like open WIFI)

          Unless you’re pedantically careful, single-minded and disciplined in the malicious tasks you will be performing, your browsing patterns can easily be identified (if someone really wants to catch you and commits resources to do so).

          If you are in any way dangerously malicious and Governments wants you, all packets could be routed, stored and later analysed(what NSA-dragnet does). Remember, internet traffic is relayed ultimately through some Government/Government regulated infrastructure… that Government could easily govern(so to speak)

          So whilst minimal and resource-intensive, there certainly is a degree of risk of being caught.

  2. Observer

    Not to be a stickler or anything but I think it’s advisable to define them as “malicious software” rather than simply saying “viruses”. That leaves a huge loophole coz viruses are just one kind of malicious software… Is there any platform for citizens to post comments n suggestions regarding this?

  3. fortune

    This is a rather interesting development, we hope this bill is quickly turned into law to protect business and individuals losing out thousands of dollars each year to cybercrime. For those who think they have brilliant ideas like Black Hat please come through with your innovative solutions not to reverse the gains to be realised through this law but for us to create a robust system to protect citizens of our great nation Zimbabwe.

  4. Bob not Job

    Damn, that definition of spam is criminal in itself. jere for ‘sending multiple messages’?

    1. fourwallsinaroom

      yes good bye axa media!

    2. Tired of SPAM

      Also opt out is bad practice and generally frowned upon too. Bulk emails should be on an opt in basis

  5. Anonymous

    Its all well and good for gov to an initiative on cyber-crimes bill, but there is no way for them to handle and setup an infrastructure to handle this. They’ll depend on local ICT to support it, but whose to say those people will still be around in a years time with this economy.

    Teaching business and individuals on security issues would be more worthwhile until there ready. Cause next thing all our internet connections are just going to be piped through China and monitered because they won’t have the capacity or knowledge to maintain the system

    1. non

      its not skills we lack but monetary resources

  6. macd chip

    This is really a good start to fight cyber crime, although a lot of fine tuning is needed.

    This particular crime is not fought by common police officers. A highly trained cyber division is needed to specifically focus on this with state lawyers who understand technology.

    This reminds me of a case, Bennet vs State and Beatrice Mtetwa as his lawyer. The State was trying to prove that Bennet did send the emails, they had their IT specialist.

    What was interesting about it is that the state specialist didnt understand IP header or IP transmision.

    For justice to be served, our state need to have real specialist. Public also need to be made aware.

  7. dillaa

    The army ws recruiting in ict proffessionals recently …it makes sense nw..

  8. john

    where’s the resources to fight cyber crime??? An what cyber crime like theirs xxx amounts of valuable data around or e commerce why waste time??? can’t even cope with current everyday crimes come onn waste of time!!

  9. defender

    i wonder if you would spew this ignorance if a cyber gang steals money from your bank i think not
    and those pics and messages when they posted on the Internet by hackers would you not want gov, facebook to track them
    these laws guaratee that

  10. Anonymous

    NIGEL
    PLEASE KNOW interception of communications is already a law
    http://www.parliament.gov.zw

  11. kundai(infosec researcher)

    i would wait for the law to become an act instead of speculating. the current cyber crime landscape is sooooooooooooooooo broad the some things you cant say is good or evil. look at open source intelligence or the authoring of proof of concept exploits both are grey areas.

  12. Tonderai

    Can you upload a draft of the bill? The best search result I’ve gotten is a powerpoint presentation that simply highlights the structure.

    1. Nigel Gambanga

      Unfortunately we can’t share the version that we have at the moment but we will put it up as soon as we have one that is ready for that.

  13. Tonderai

    Can you upload the draft bill?

  14. tsokoz

    ZRP doesn’t even have a website. Saka vanozvifambisa sei

    1. tinm@n

      If you seriously believe that having a website somehow enables or gives credibility on the ability to tackle cybercrime, then you have no clue what you’re talking about.

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.
Exit mobile version