When the African Heads of State meet in Malabo, Equatorial Guinea, for the 23rd AU Summit from June 26, 2014, they are scheduled to adopt the African Union Convention on Security in Cyberspace and Personal Data Protection. This is a laudable response by the AU towards growing insecurity in cyberspace and the need to manage its attendant technological, information and legal risks.
A closer look at the draft convention, however, shows elements that, if unchecked, undermine the very objective it was conceived around: To contribute to economic and socio-political development through cyberspace resources.
With the adoption of this legislation, Africa’s online economy, human rights and international co-operation could be seriously compromised.
As more Africans use the Internet — 20 per cent of the continent is expected to go online by end of the year, up from 10 per cent in 2010, the world’s fastest rate of Internet penetration — digital dividends are expected to follow.
For the past two years, Africa’s population of 1.1 billion has been adding 167,000 mobile handsets daily to the connectivity matrix. The annual mobile broadband connectivity growth rate of over 40 per cent is twice as high as the global average.
The impact of this connectivity is clear: In 2013 alone, Internet operators in sub-Saharan Africa made $52 billion, including $21 billion in taxes, and created more than 6 million jobs.
A new report by the Centre for Strategic and International Studies (CSIS) and McAfee, titled Net Losses: Estimating the Global Cost of Cybercrime, estimates that the annual cost of cybercrime to the global economy is more than $400 billion. According to the report, Africa may have lost the least amounts to cybercrime, compared with other regions, but when the actual loss is expressed as a percentage of the continent’s GDP, the amounts lost are significant — more than maritime piracy.
Concerns about intellectual property, child trafficking, corporate surveillance, website defacement and identity theft are rising. As broadband speeds increase, so do cybercrimes.
The AU’s draft convention, seeking to secure online commerce requires full disclosure of identity information between contracting parties. This raises two issues: Enforceability and privacy.
First, implementing these requirements will prove almost impossible for traders and their agents since acquisition, verification and safe storage are complicated processes demanding extra time and human resources.
Second, promotion of online commerce requires striking a delicate balance between security and privacy. If a brick-and-mortar shop in Nairobi does not ask for my home address and tax PIN number, why should an online shop in Indonesia ask for it?
This compounds fears associated with online scams due to the risks of posting sensitive data online. The ease of using these platforms plays a huge role in attracting and retaining users online.
The African Economic Outlook reports that in 2013, Africa grew by about 4 per cent, compared with 3 per cent for the global economy. The role of ICT in sustaining this growth is in connecting Africa to the global marketplace and vice versa.
The easier and safer it is for Africans to conduct online commerce, the more resilient the overall economy gets.
Human rights, national security
The most contentious item in the convention is perhaps the provision that processing of personal data of public interest shall be undertaken after authorisation by a protection authority. This is problematic, considering the concept “public interest” is ambiguous, but it is used without a statutory definition.
In May 2010, as Kenyans were readying themselves to vote in the August constitutional referendum, the words “national security” were illegally inserted in the approved draft Bill of Rights to read: “The need to ensure that the enjoyment of rights and fundamental freedoms by any individuals does not prejudice national security, the rights and fundamental freedoms of others.”
This ambiguous concept offers legal cushioning for repressive regimes. The possibilities of profiling of political adversaries and non-supporters based on socially constructed identities in a statistical manner using big data repositories will be enhanced.
The transnational nature of cybercrime should be understood and jurisdictional enforceability provided for in the Convention.
The lack of mutual legal assistance treaties (MLAT) has been the greatest setback to international co-operation over cyber offences among other provisions for co-operation, including extradition and information sharing. The AU should seek to improve the convention towards extradition. This will enhance national security across Africa.
If Africa wants to sustain the adoption of the Internet and opportunities it brings, it is advisable to defer the adopting of the draft convention in its current form. It is easier to fix the issues now rather than wait until they cause problems.
Moses Karanja is a research fellow at the Centre for Intellectual Property and Information Law, Strathmore University.