Technological advancement in communication technology makes people’s interaction simpler and enjoyable. However, it can equally be dangerous and can even send individuals to prison for up to 25 years, according to a new cybercrime draft proclamation that was endorsed by the Council of Ministers and tabled before the House of People’s Representatives for approval on Tuesday.
The bill aims to control and prosecute criminal activities that were carried out via computers. These criminal activities include cyber-attacks, electronics thefts and disseminating information that results in public disorder or violence.
The newly introduced draft proclamation proposed punishments for cybercrimes ranging between three years to 25 years in prison. Apart from the lengthy prison terms, the draft bill also correspondingly imposes fines that extend between 5,000 birr to 200,000 birr.
In many countries, computer crime law deals with the broad range of criminal offenses committed using a computer or similar electronic devices. Nearly all of these crimes are perpetrated online. The internet provides a degree of anonymity to offenders, as well as potential access to personal, business, and government data. Many computer crimes are committed as a means of stealing money or valuable information, although financial gain is not always the objective. In fact, some of the most notorious incidents of computer crime involved hackers seeking “bragging rights” by overcoming government or corporate cyber security measures. But the government of Ethiopia believes such crimes will be real anytime. In addition, government earlier hinted that there is a need for controlling such communication, which it calls a threat to national security.
However, experts in the field and commentators are shocked by some of the provisions. They particularly fear that the bill could harm their business operations. Others fear that some of the provisions would limit publics communication and information exchange right.
Some even accuse the government of intending to introduce another draconian law like the infamous Anti-terrorism Proclamation and the Charities and Societies proclamation.
In its preamble, the draft proclamation says that the unless appropriate protection and security measures are taken, the utilization of information and communication technology is vulnerable to various types of computed crimes and other threats that can impede the overall development of the country and endanger individual rights.
It also explains that the existing laws are not adequately tuned with the technological changes in order to prevent, control, investigate and prosecute the suspects of computer crime.
The draft law particularly in its second part designates various types of computer crimes and their subsequent punishment imposed on the suspects that include the crime level that are punishable in terms of imprisonment as well as fine.
According to the documents attached with the draft proclamation, the provision that designates Computer crimes particularly, Crimes against Computer System and Computer Data are the major types of crimes that are born out of the technological changes and advancement but are not covered by the existing laws. These crimes, as listed in the provision in accordance with their level of criminal weight, are identified as key criminal activities that are commuted in other computer systems without authorization. The crime types include Illegal Access, Illegal Interception, Interference with Computer System, Causing Damage to Computer Data, Criminal Acts Related to Usage of Computer Devices and Data, and Aggravated Cases.
Aggravated Cases, which is designated as a crime, as stipulated by other articles before this one, “is committed against computer data or a computer system or network which is designated as top secret by the concerned body for military interest or international relation, and while the country is at a state of emergency or threat, the punishment shall be rigorous imprisonment from 15 to 25 years”.
There are provisions and sub articles that are also deemed to be controversial particularly with regard to the rights of individuals and the power granted to investigators.
However, legal analysts like Kinfe Micheal Yilma, an internet law expert and lecturer at Addis Ababa University Law School, describe the draft bill as “a worrisome privacy-unfriendly proviso” fearing that the bill proposes warrantless ‘digital forensic investigation’.
According to the draft bill, where there are reasonable grounds to believe that computer crimes are likely to be committed, Information Network Security Agency (INSA) investigators can conduct—without any judicial oversight—virtual forensic investigation into computers suspected to be sources of attack or to be subjected to attacks.
Another worrying provision for Kinfe is the ‘duty to report’ proviso on communication service providers. It requires service providers to report to INSA and the police when they come to know of cybercrimes being committed or circulation of illegal content (such as child pornography) over their computer systems. The concern with such an obligation is that it has the potential to prompt service providers to preemptively monitor communication on their networks.
According to Kinfe, the draft cybercrime law also entails rules that negate crucial principles of procedural justice such as ‘due process of law’. The bill, for instance, allows courts to rule ex parte on a request by investigators for a production order against a person thought to be in possession of computer data needed for investigation.
Social media cases are another worrisome issues covered in the bill. Computer Crimes Against Public Safety target information exchanges transmitted through computer systems via social media, websites, blogs and related means of communication.