Cybercrime threat to national security
Zimbabwe’s national security is under threat from a plethora of cybercrimes that are causing havoc across the world.
Urgent action is actually required because the country is vulnerable to online crimes.
The ongoing debate on the draft Cyber Security and Data Protection Bill should be undertaken honestly and objectively. Partisan inclinations and polarisation should not stop people from objectively debating such an important piece of legislation.
At the moment, Zimbabwe needs a comprehensive national legislation against cybercrime.
Such legislation should adopt international best practices as outlined in both the Budapest Convention and the Malabo African Union Convention on Cyber Security and Personal Data Protection.
The world is under siege from the proliferation of cybercrimes that range from attacks against computer hardware and software; financial crimes such as online fraud; penetration of online financial services and phishing; and heinous child sexual exploitation related crimes.
This is not to mention millions of data records being stolen through cyber-attacks.
In other words, what is being said here is that crime on digital platforms is growing at alarming rates as more and more criminals are making use of the speed, convenience and anonymity of the cyber space to commit various crimes across borders.
The Budapest Convention, the Malabo Convention and the Zimbabwe Bill on cybercrimes are some of the efforts meant to criminalise conduct that include illegal accessing of the whole or any part of a computer system without right; illegal interception of computer data; data interference; system interference; misuse of devices; fraud and forgery; offences related to child pornography; offences related to infringements of copyright and related rights.
The impact of cybercrimes is enormous, thus, the reader may not need to be burdened by statistics. Suffice to say millions of records have been stolen through cyber-attacks.
Several trillions of dollars (US$4,2 billion in 2019 and to US$10,5 trillion by 2025) are to be lost annually through cybercrimes.
Our children’s future has been destroyed by child sexual exploitation happening online.
This year alone, the 2021 Report on Cyberwarfare in the C-Suite predicts that cybercrime damages will amount to a staggering US$6 trillion annually.
The world is also expected to witness a sharp rise from the total cost of cybercrime for each company, which reached US$13 million in 2019.
These are scary figures, which spell doom for the world if urgent action is not taken.
It is believed that this is the best way the world can help address the current situation before it degenerates into a worst case scenario.
Just like Covid-19, the global effort against cybercrime depends on actions taken by every country.
Without collaboration, it is difficult to tackle cybercrimes as many of them know no borders.
Collaboration is needed because the nature of the problem demands it.
It is important to note that the number of cyber-attacks is rapidly increasing with higher levels of sophistication and new paradigms that enlarge the surface of attack.
As a result, the world has witnessed more dangerous criminal syndicates, state sponsored hackers; convergence between cybercrime and state-sponsored hacking; proliferation of government-built malware and cyber weapons; cyberbullying and child sexual exploitation, which keep on rising at alarming rates.
What is now needed is that the law on cybersecurity is finalised with speed, adopting from international or regional best practices.
On the international front, the Budapest Convention is a comprehensive model law that can be used to support countries to strengthen their criminal justice capacities on cybercrime and electronic evidence.
The Convention forms the basis on which states can utilise to promote consistent cybercrime legislation, policies and strategies as stand-alone and as part of broader cybersecurity.
Furthermore, the Budapest Convention is the best piece of law that can be used to strengthen the capacity of Zimbabwe’s police authorities to investigate cybercrime and engage in effective police-to-police cooperation with each other, as well as with cybercrime units in the region and the whole world.
Without international cooperation, smaller states like Zimbabwe will not be able to effectively fight cybercrime.
A good example is Article 19 of the Budapest Convention on production order, which compels a service provider offering its services in the territory of the party to submit subscriber information relating to such services.
Belgium was able to utilise this Article to order Yahoo to release the information.
This empowers law enforcement agencies to order provision of data in the prosecution of crime irrespective of where that data is kept.
Unlike the regional Malabo Convention, the Budapest Convention is comprehensive, for it outlines in detail the conduct being criminalised and procedural tools that should be used.
It is also a framework for international cooperation.
In other words, the Budapest Convention allows criminal justice authorities to apply legislation, prosecute and adjudicate cases of cybercrime and electronic evidence, as well as engage in international cooperation.
However, this does not mean that the Malabo Convention is not significant. The two complement each other.
The Malabo Convention provides a strong starting point from the regional perspective, which should then lead to international cooperation through the Budapest Convention.
The Budapest Convention has the advantage of being the only binding international instrument on cybercrimes that serves as a guideline for any country developing comprehensive national legislation against cybercrime.
It functions as a framework for international cooperation between state Parties to the treaty. It can be moulded to match individual circumstances by member countries in the fight against cybercrimes.
Though not a member, Zimbabwe has done well in borrowing some aspects from both the Budapest and Malabo Conventions, for its Cyber Bill has progressive clauses that strengthen data protection, consolidate cyber-related offences and promote technology for businesses to flourish.
Therefore, Zimbabwe should consider joining the Budapest Convention to enhance cooperation on cybercrime.
As the country develops its legislation on cybercrime, it should also guard against over-criminalisation and unnecessary infringement of the fundamental human rights as provided for in the Constitution.
Individual rights should always be protected.
A fine balance between rights and the need for encroaching should be established. Otherwise, unnecessary controversial clauses usually discredit legitimate action against cybercrime.
Livit Mugejo is a deputy director in the Ministry of Foreign Affairs and International Trade. The views expressed in this article are personal.