Problems With the Cybercrime Bill

The final draft of the cybercrime bill was circulated last week ahead of a validation workshop convened by the Ministry of Information and Communication Technology.

Many civil society groups had little or no notice of this workshop – even those which made written submissions on earlier drafts of the bill.

The latest version still has serious flaws. Even though legislative action on cybercrime is urgent, this bill is not yet fit for purpose. This column offers a sample of the bill’s many shortcomings.

COMPUTER VIRUSES

The bill makes the deliberate or malicious spreading of a computer virus or malware an offence only if the virus causes damage to “critical information” in a computer, but there is no definition of “critical information”.

Separate offences cover “modification” of computer data and “interference with the functioning of a computer system”, but these may also fail to capture all the harms that can result from viruses and malware.

Some Southern African Development Community (SADC) countries make knowingly introducing a virus or malware into a computer system a crime, regardless of its impact.

CYBERBULLYING

Cyberbullying is a serious offence in the bill, but what it constitutes is not defined.

The relevant provision states only that it includes “any act committed through a computer system or network that harasses, intimidates or causes harm to a person on the basis of their gender or sex including acts that amount to technology facilitated gender-based violence”.

An online search for the term “technology facilitated gender-based violence” indicates it refers to a rapidly evolving field with hundreds of manifestations – which is not sufficiently specific to be the basis for criminal prosecution.

A clear definition of cyberbullying is important to ensure that this offence is not misused to stifle robust debate or silence criticism.

CYBER-EXTORTION

The bill similarly criminalises ‘cyber-extortion’ without defining or describing what it constitutes.

This would make the offence difficult if not impossible to apply in practice as crimes must be clearly formulated so that the public knows what is prohibited.

Some SADC countries define it as involving threats to commit specific cyber-offences with a view to obtaining some benefit. Others define it as using an electronic medium to communicate any threat for the purpose of obtaining a benefit.

OBSCENE IMAGES

The bill would make it a crime to publish pornography through a computer system or any other information and communication technology (ICT) system.

Pornography is defined as including the representation in books, magazines, photographs, films and other media of sexual behaviour that is “erotic or lewd” and “designed to arouse sexual interest”.

There are higher penalties for “lascivious or obscene” pornography.

This provision is plagued by vague terms and concepts.

A separate offence covers digital publication or dissemination of the “intimate or obscene image” of another person. There is a definition of “intimate image” that covers images of a person that show sexual parts or sexual activity that took place in a private setting, but there is no attempt to define the “obscene images” also covered by the crime.

In the 1998 Fantasy Enterprises case, the Namibian High Court struck down the Indecent and Obscene Photographic Matter Act which criminalised the possession of “any indecent or obscene photographic matter”.

The court found the offence was overly broad and could result in an unreasonable restriction of the constitutional right of freedom of speech and expression. It noted that the offence could prohibit “a virtually limitless range of expressions”, from commercial advertising to art, simply because they contain some reference to sexual matters.

This ruling provides a strong indication that similarly worded cybercrime offences might be similarly unconstitutional.

CHILD PORNOGRAPHY

Child pornography is a global problem.

The proposed offence covers the production, possession, distribution and procuring of child pornography but only where these actions involve electronic devices.

Another problem is that all children below the age of 18 are lumped together, even though some child-related offences in the bill make no sense if applied to children who have reached the age of sexual consent.

For example, digitally proposing sexual activity to a “child” would make it a crime for one 17-year-old to send a text proposing any kind of sexual activity to another 17-year-old – even though both are legally old enough to engage in consensual sex.

At the same time, there is no protection for grooming or exploiting people with severe mental disabilities for sexual purposes, even though this is a vulnerable group that is targeted for sexual wrongdoing in practice.

CONTROL OF ONLINE CONTENT

The bill would give administrators of online accounts power to “moderate and control undesirable content” brought to their attention by an investigating authority or else face criminal sanctions.

The definition of “undesirable content” includes any deceptive or inaccurate online content posted with intent to defame, threaten, abuse or mislead; that threatens public health or public safety; that threatens national security; or that promotes racism.

These are broad categories, and the “intent” of the person who posted the content is not something the account administrator could be expected to know.

This provision is vague and probably unworkable in practice.

Moreover, it doesn’t require any notice or opportunity to be heard for the person who posted the online content.

This provision is likely to inhibit online speech and is open to abuse – meaning it would likely infringe on constitutionally guaranteed freedom of speech and expression.

INADEQUATE PROTECTION

The bill gives little attention to integrating protections and safeguards for victims, particularly children.
While it does provide for “deletion orders” ordering the removal of unlawful material from a computer system, it is not clear how quickly this can take place.
There is a need for urgent interim court procedures to remove offending material from public access, provisions prohibiting contact between accused people and victims while cases are pending, and mechanisms to protect children where parents or caregivers were involved in the exploitation or failed to protect the victims.

ONLINE AND OFFLINE OFFENCES

The bill focuses on digital offences. Yet in practice, online and offline offences are often intertwined.

It makes no practical sense to prohibit child pornography or the non-consensual sharing of intimate images online while leaving it open for someone to post photocopies of such images on every street corner.

Many countries focus on online harms in their cybercrime laws as a supplement to underlying laws that pre-date the digital age, but Namibia has no existing laws specific to child pornography or sexual exploitation.

A combating of sexual exploitation bill that would comprehensively cover both online and offline sexual exploitation was prepared several years ago, in consultation with key ministries, the United Nations Children’s Fund (Unicef) and the Law Reform and Development Commission.

The Ministry of Gender Equality and Child Welfare has suggested that provisions in this law could form a new chapter in the Child Care and Protection Act if not enacted as a stand-alone statute.

When it comes to investigative or procedural issues related to digital forms of these crimes – such as preserving and collecting electronic evidence – the cybercrime law could be cross-referenced.

But the elements of crimes such as revenge pornography, child pornography and grooming should be the same, regardless of the modality used to commit the crime.

In its current form, the cybercrime bill does not seem adequate to provide effective protection against many of the harms it targets.

Rushing it through in its current state could lead to confusion as well as constitutional challenges. It would be better to improve it before it goes to parliament.

• Dianne Hubbard is the author of ‘Impact of Cyber Security and Cybercrime Laws enacted by Southern Africa Governments on Media Freedom and Digital Rights’. It is available at https://internews.org/wp-content/uploads/2023/11/IEA-Impact-of-Cyber-Security-and-Cybercrime-Laws-FULL-REPORT.pdf.
• For more information about the bill’s shortcomings, see the submission made to the ministry by the Institute for Public Policy Research at ippr.org.na.

In an age of information overload, Sunrise is The Namibian’s morning briefing, delivered at 6h00 from Monday to Friday. It offers a curated rundown of the most important stories from the past 24 hours – occasionally with a light, witty touch. It’s an essential way to stay informed. Subscribe and join our newsletter community.