Trying to tame the Internet Wild West

EXACTLY a decade after the Internet came to Namibia in September 1995, parliament is expected to approve the country’s first cyber law, or “e-law”, this year.

Deputy Secretary to Cabinet Steve Katjiuanjo confirmed that a layman’s draft of the e-law had been completed and would be circulated for comment. “We are fast-tracking it … and hope to have a final draft ready for the next session of parliament starting in September.”In effect, Namibia – like many other countries in the world – has been operating in a kind of a cyber Wild West, with no laws on cyber-crimes like hacking or the stealing of credit card numbers.But Namibia is by no means an exception.South Africa, generally considered the leader in African information technology (IT) development, only passed its own e-law three years ago, says Madryn Cosburn, an acknowledged Namibian Internet pioneer.”Cyber crime goes across so many international borders that legal jurisdiction becomes a nightmare,” Cosburn said.”You’ve got a guy sitting in Bulgaria, trying to steal credit card numbers from a client in Windhoek via a porn server based in Nauru … who do you prosecute first? It can get complicated.”The South African Electronic Communications and Transactions Act, passed in 2002, has so far failed to prevent the proliferation of less desirable aspects of the Internet, such as porn sites and junk e-mail (spam).Both occur in Namibia – as do other forms of cyber-crime, as recently demonstrated when a top legal firm and a prominent advocate declined to prosecute their service provider over electronic snooping on their e-mail accounts.They also declined to discuss the matter on the record because of legal implications for their clients.One victim said the hacking of e-mail accounts was not general practice at this ISP, and related only to a specific legal battle, which had now been settled out of court.As for aggressive attacks on banks and their clients’ information, that was slightly more complex.Most banks have so-called mainframe computer systems that are very difficult to hack – but that does not stop people from trying.”We get between 30 and 50 attempts to get into the system, every day,” said the IT manager of a bank in Windhoek.Most attempts are by amateurs – “kids messing around on the Internet”, as the IT manager puts it, but generally, banks effectively take care of their own Internet security.From the proprietary nature of their banking systems, hackers would only be able to gain access via South Africa – where clients would be covered under the SA ECT Act, another IT manager said.But legal concern has been mounting, especially with the proliferation of increasingly sophisticated Internet scams.At the recent SADC Lawyers Association congress in Windhoek, the association – which includes lawyers and judges – resolved to urgently address the issue.According to the OPM’s Katjiuanjo, once the draft had been accepted, it was to be drafted into legal terms, and “then it is up to the lawmakers,” he said.”But we all know it is very, very urgent.”For now, Internet users have to be careful out there.”The moment you connect to the Internet, you assume full responsibility for your own (on-line) security,” says Cosburn.* John Grobler is a freelance journalist johngrob@iway.na”We are fast-tracking it … and hope to have a final draft ready for the next session of parliament starting in September.”In effect, Namibia – like many other countries in the world – has been operating in a kind of a cyber Wild West, with no laws on cyber-crimes like hacking or the stealing of credit card numbers.But Namibia is by no means an exception.South Africa, generally considered the leader in African information technology (IT) development, only passed its own e-law three years ago, says Madryn Cosburn, an acknowledged Namibian Internet pioneer.”Cyber crime goes across so many international borders that legal jurisdiction becomes a nightmare,” Cosburn said.”You’ve got a guy sitting in Bulgaria, trying to steal credit card numbers from a client in Windhoek via a porn server based in Nauru … who do you prosecute first? It can get complicated.”The South African Electronic Communications and Transactions Act, passed in 2002, has so far failed to prevent the proliferation of less desirable aspects of the Internet, such as porn sites and junk e-mail (spam).Both occur in Namibia – as do other forms of cyber-crime, as recently demonstrated when a top legal firm and a prominent advocate declined to prosecute their service provider over electronic snooping on their e-mail accounts.They also declined to discuss the matter on the record because of legal implications for their clients.One victim said the hacking of e-mail accounts was not general practice at this ISP, and related only to a specific legal battle, which had now been settled out of court.As for aggressive attacks on banks and their clients’ information, that was slightly more complex.Most banks have so-called mainframe computer systems that are very difficult to hack – but that does not stop people from trying.”We get between 30 and 50 attempts to get into the system, every day,” said the IT manager of a bank in Windhoek.Most attempts are by amateurs – “kids messing around on the Internet”, as the IT manager puts it, but generally, banks effectively take care of their own Internet security. From the proprietary nature of their banking systems, hackers would only be able to gain access via South Africa – where clients would be covered under the SA ECT Act, another IT manager said.But legal concern has been mounting, especially with the proliferation of increasingly sophisticated Internet scams.At the recent SADC Lawyers Association congress in Windhoek, the association – which includes lawyers and judges – resolved to urgently address the issue.According to the OPM’s Katjiuanjo, once the draft had been accepted, it was to be drafted into legal terms, and “then it is up to the lawmakers,” he said.”But we all know it is very, very urgent.”For now, Internet users have to be careful out there.”The moment you connect to the Internet, you assume full responsibility for your own (on-line) security,” says Cosburn.* John Grobler is a freelance journalist johngrob@iway.na