Two major issues emerged from the Global Conference on Cyber Space (GCCS 2015) held from 16-17 April in The Hague in the Netherlands. First, the fact that the world over, mass surveillance remains the elephant in the room. Second, the importance of multi-stakeholder participation in cyber security public policies has been severely under-estimated.
Many African states were absent from GCCS 2015, presumably because they were participating in the 13th edition of the Innovative Digital Summit (IAD) hosted in Zimbabwe in the same week. At the IAD, the Postal and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) announced that three new laws aimed at fighting cyber crime had been drafted with the involvement of ‘various stakeholders’ in the security sector and the government. These new laws would soon be tabled in Parliament.
The three draft bills are the Computer Crime and Cyber Crime Bill, the Electronic Transaction and Electronic Commerce Bill and the Data Protection Bill. As usual, POTRAZ will not divulge details of their proposed pieces of legislation to the public until they are tabled in parliament. These latest draft bills are of key interest precisely because while POTRAZ purportedly exists to promote and serve the interests of consumers, the bills that they have previously tabled have not only fallen short, but have actually been counter to that ideal.
In the past, POTRAZ has failed to recognize the importance of meaningful multi-stakeholder input – particularly that of civil society – in public policy development and continues to do so. But civil society brings to the table important expertise as well as concrete human rights and civil liberties concerns that should be considered in any cyber security policy efforts. Civil society would also make sure that cyber laws do not grant the government authority to trample on consumer human rights.
So who are these stakeholders that POTRAZ always consults that remain nameless? As far as can be seen, POTRAZ consults no more than the usual suspects. These are: the Ministry of Information and Communication Technology, Postal and Courier Services; the Ministry of Information, Media and Broadcasting and the Ministry of Finance and Economic Development.
We should not forget that this is the same POTRAZ that not so long ago (with input from nameless ‘stakeholders’) influenced the brief enforcement of Statutory Instrument (SI) 142/2013 Postal and Telecommunications (Subscriber Registration) Regulations. This required all mobile and telephone subscribers to submit personal data to a centralized national database managed by POTRAZ. Although the maintenance of a telephone subscriber database was deemed constitutional, the proposed regulations allowed POTRAZ to hand over the personal information of subscribers to law enforcement without a warrant or any judicial oversight, among other problematic things.
POTRAZ temporarily succeeded in hoodwinking Parliament into adopting SI 142/2013 for the eight months it was enforced, before Parliament realized just how bad it was and repealed it due to concerns about infringements on constitutional rights to privacy and freedom of expression.
Essentially, POTRAZ attempted at least twice before, to have draconian pieces of legislation passed: SI142/2013 and SI95/2014 – which is basically a regurgitation of the former. The problem is, there is never any need for the public to be consulted as far as POTRAZ is concerned. It should not be an unrealistic expectation for the regulatory authority to carry out wide public consultation before seeking to gazette regulations with far-reaching implications. Such consultations would be in line with the principles of good governance in the Constitution instructing all agencies of government to ‘show respect for the people of Zimbabwe, from whom the authority to govern is derived’.
Secondly, POTRAZ occupies a precarious space where it supposedly protects the rights of consumers, but through its activities, also acts as the conduit that can potentially enable and facilitate governmental mass surveillance on citizens. Yes, POTRAZ has the responsibility to come up with legislation to police cyber crime, but historically their previous bills have left a lot to be desired. In the past, POTRAZ have advocated for systems that would place individuals at risk of investigation and discrimination or that are serious infringements on privacy. In other words, they undermine the enjoyment of fundamental rights such as freedoms of expression, association, and political participation.
This begs the question of just how objective can POTRAZ really be? Is it even possible for a regulatory authority to be both a public protector while also serving as an arm of the repressive state apparatus?
POTRAZ claims that in their functions, they shall not be ‘subject to the direction or control of any person or authority.’ Quite ironic given that POTRAZ since 2013 is carefully hidden in the Office of the President and Cabinet (OPC), the same office that also oversees the Central Intelligence Office (CIO).
The long and short of it is, we probably shouldn’t hold our breath over POTRAZ’s new proposed bills taking the welfare of the citizenry into account. But we should definitely be worried because previous submissions by them have been anything but in the public interest.
History has shown that this is a fresh challenge for civil society to organize itself and demand engagement with POTRAZ in the crafting of cyber bills. If not, we are going to wake up one day and find that all our online freedoms and civil liberties have been taken away.
Main photograph is taken from www.ibtimes.co.uk