Big loopholes lurk in African cybercrime law – where it even exists

If you’ve never received an invitation to pay a modest fee in order to receive millions of dollars from an African prince, check your junk folder. The Nigerian phishing scams – known as 419s – have become infamous. However, Nigeria’s government is trying to eradicate the networks that perpetrate these scams – and they are just a drop in the ocean compared to the full scale of the modern cyberthreat across Africa.

Since May 2011 the International Telecommunication Union (ITU) – the UN agency that specialises in information and communication technology – has worked with the UN Office on Drugs and Crime (UNODC) to help countries mitigate against the risks posed by cybercrime.

Large-scale gaps

According to the ITU, out of the 52 countries that it looked at in Africa, 44 do not criminalise computer-facilitated offences. Only two have legislation deemed sufficient to combat online sexual abuse, and 40 do not have any legislation at all addressing online child sexual abuse. Nearly all – 49 countries – do not criminalise the simple possession and distribution of indecent images of children, and 51 of the countries do not mandate Internet Service Providers to report on the activity that they facilitate. ITU cautioned that children in Africa have yet to be identified as among the most vulnerable in the online community, an omission it is working hard to address.

The scale of the legal gaps illustrates just how far there is to go before there is adequate and appropriate legislation in place to protect individuals across the continent, particularly children.

At a meeting in August, countries from across East Africa along with Nigeria and Côte d'Ivoire joined UNODC, Interpol and the Commonwealth Secretariat at the UN regional headquarters in Nairobi to establish a Regional Justice Network for fighting cybercrime. The new network will create focal points for law enforcement agencies, prosecution services and central authorities in order to support informal and formal collaboration in criminal matters involving cybercrime and electronic evidence.

High costs and the lack of fixed line infrastructure for broadband access ensure that mobiles are the most popular way for people to get online in Africa. As prices fall and coverage rises, the UN has predicted that by 2017, 70% of the world’s population will have mobile broadband subscriptions and Africa’s smartphone market will have doubled.

An internet cafe in Cameroon.SarahTz/flickr, CC BY

As the internet expands, criminals have been equally fast (if not faster) to exploit the hyperconnected nature of the online world.

There is no single shared definition of cybercrime, but it is generally considered to include any offence where the computer is the object of the crime (hacking, phishing, spamming) or is used as the tool (child pornography, hate crimes). Its borderless nature brings with it complexities of jurisdiction, evidence and international extradition. These can only be addressed with transnational legal assistance, mutual recognition of foreign judgements, and informal police-to-police cooperation.

In countries that are struggling to meet the most basic needs of many of their citizens, the sophistication of such requirements is often low down the list of priorities.

Diversity of legislation

A 2013 report warned of Africa becoming a “safe harbour for cybercrime” is frequently quoted in articles about online security. It cited increased internet availability at lower costs, a rapidly growing internet user base and the dearth of cybercrime laws on the continent as contributing to this threat.

At that time, only South Africa had a cybercrime law in place, with Kenyan legislation on the horizon (this has now been passed).

The diversity of laws in those countries that have now begun to address cybersecurity is also a hindrance to international cooperation. For example, the Tanzania cybercrimes bill, passed by parliament in April 2015 and awaiting ratification from president Jakaya Kikwete, attempts to address a wide range of issues but has attracted criticism for seemingly favouring the powers of police over the protection of citizens.

The bill prohibits the online publication of “misleading, deceptive or false” information, which could be interpreted as a direct threat to free speech, and requires very little justification for police to search or seize computer equipment.

On social media, critics have questioned the timing and content of the bill, suggesting it was intended to control the media and bloggers ahead of the October 2015 elections. While Tanzania may view political bloggers as malicious actors who should be prosecuted accordingly, other nations may support their right to free speech.

Governments in Africa are working with Interpol and regulatory bodies to develop global strategies to tackle cybercrime and bring together evidence, academic research and innovative practice from around the world. They are also recognising the value of education and training, not just for those who work to fight crime but as a means to prevent it by empowering people to stay safe online. If criminals can exploit the power of networking, then networking on a global scale is vital in the fight against them.

Anna Childs does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond the academic appointment above.