Catalyzing the growth of the Kenya tech community

New Draft AU Convention on Confidence and Security in Cyberspace that you should review

By Angela Okune
iHub Research
  Published 04 Nov 2013
Share this Article
New Draft AU Convention on Confidence and Security in Cyberspace that you should review

By: Faith Morara & Nanjira Sambuli (Umati)

A draft convention, dubbed the "African Union Convention on Confidence and Security in Cyberspace,” has been put forth by the AU. If ratified, the convention will affect a large part of the ICT sector across the continent. The growing developer communities, including those at the iHub and other ICT Hubs will be impacted. The convention was drafted by the African Union Commission (AUC) with little (if any) consultation from major stakeholders in Africa Union Member states, and is scheduled for passage at an AU meeting in January 2014, if none of its members oppose it. A majority of the public remains unaware of the existence of this draft.

Discussions with various stakeholders from industry, academia, and NGOs have highlighted numerous shortcomings. Should the draft be ratified in its current state, certain provisions will have substantial negative impact across the continent. Some of the contentious clauses and issues include:

  1. The AUCC draft attempts to address the ongoing issue of online hate speech but is flawed in that it fails to define the speech it is attempting to curtain and therefore leaves room for subjective interpretation. Specifically, Article III (34-37) is problematic in that it does not define the racist or xenophobic content it is attempting to curb. Furthermore, the clause makes the same mistake found in the NCIC 2008 Act, which fails to include hate speech against gender and sexual orientation, two additional groups that the Umati project has found to be targets of online hate speech. [See Article III (34-37)].

  2. Article  II (20) of the AUCC gives full authority to members of a data protection authority who are not held accountable to anyone else and can operate with free rein (“Members of the protection authority shall not receive instructions from any authority in the exercise of their functions”). The lack of checks to this power are problematic.

  3. Regarding mobile money and mobile banking transactions, Article I (4) compels that a person or corporation engaging in electronic financial transactions (e.g M-PESA) must provide full identity information as prescribed in the clause. Such a requirement is risky as it remains unclear how such data will be protected and how confidentiality will be maintained.

It is without a doubt, that Africa is faced with a security gap in a world characterized by the globalization of risks, crimes and threats to cyber security, and that African states are in need of innovative criminal policy strategies, as stated in the draft convention’s conceptual framework. Laudable articles in the convention include the prohibition of direct marketing through any form of indirect communication including messages forwarded with automatic message senders, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent [See Article I (9)]. (We all know how irking those ‘spam’ messages can be!)

Different stakeholders have come together to lobby against the ratification of the AUCC, in its current form. The public should also understand that once it is ratified, all countries within the AU (including Kenya) would be required to adopt it, contentious clauses and all.

Google, iHub, iLab Africa and Strathmore University’s Centre for Internet Protocol and IT Law (CIPIT) are among the stakeholders who have signed the petition pressing the AU to review the document before it is ratified. Given the anomalies provided, which will likely have adverse effects on businesses, individual rights, and freedoms, it is crucial to incorporate greater public participation in revising this legislation. The industry has already recently suffered legal setbacks with the passing of the Kenya 2013 VAT bill, which already has and will continue to dampen growth of the national ICT sector (for more information, see an earlier iHub blog post).

Other disconcerting trends include the recent passing of the Kenya Information and Communications (Amendment) Bill, that has worrying clauses that give the government immense control over the Communications and Multimedia sector. These clauses pull back the gains the country has made in ensuring Freedom of the Press, crucial for democracy, transparency and accountability. There are quite a number of challenges to beset the media industry if such a bill is passed and it also takes away society’s right to information and hits at the guarantee to freedom of speech that is enshrined in the Constitution. The Miscellaneous Amendment Act 2013 also purports to put a cap on foreign funding for Public Benefit Organizations in the country. These moves can be interpreted as dissent on freedoms that have been fought for and are currently enjoyed by Kenyans, as well as enshrined in our Constitution.

What can you do?

  1. Sign the public petition to the AU here.

  1. Write to your legislator. If you don't know who your legislator is, Mzalendo is a great tool to help you find out! Then, pull out your pen and paper (or keyboard and printer)! Write a letter to your relevant legislator and attach a copy of the AUCC draft pointing out the contentious clauses in the draft.

  1. Share widely!

Time is of the essence as it is only two months before the AU meets to discuss on final passage of the AUCC. We will continue to share more information on next steps that we’ll be taking to ensure that the African Union lawmakers take heed to our worries and concerns with the proposed convention.

The Draft AUCC Bill is accessible here.
Other analyses into the draft convention can be found here, here and here.

 

comments powered by Disqus