[kictanet] Online debate on African Union Convention on Cyber Security (AUCC)
Alice Munyua
alice at apc.org
Sat Nov 23 19:18:55 EAT 2013
Great going GG
Appreciate it.
Best
Alice
On 22/11/2013 08:42, Grace Githaiga wrote:
>
> Good morning Listers
>
> We would like to propose an online discussion on the African Union
> Convention on Cyber
> Security(AUCC)http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20ENGLISH_0.pdfon
> multiple lists of KICTANet and ISOC-KE, in Kenya and onI-Network list
> moderated by theCollaboration on International ICT Policy in East and
> Southern Africa(CIPESA) and ISOC -Uganda,starting from Monday 25^th to
> Friday 29^th November 2013. We will also share the concerns with the
> best bits list http://bestbits.net/, the Internet Governance Caucus
> list http://igcaucus.org/ and Access Now
> https://www.accessnow.org/ since we would like to give as much input
> as possible.
>
>
> We have been in discussion with AUC and the drafters have accepted to
> receive our input despite having gone through this process two years
> ago with African governments. In light of this window of opportunity,
> we suggest we engage. AUC will discuss the convention during the AU
> ICT week scheduled for December 1-6, 2013http://www.africanictweek.org/
>
>
> For Kenya, it is important that we engage, the reason being that if
> Kenya signs into this convention in January 2014, it will become
> binding as stipulated in Kenya's 2010 Constitution Article 2 (6)
> which states:/Any treaty or convention ratified by Kenya shall form
> part of the law of Kenya under this Constitution./The Convention is
> thereforemore like a Bill of Parliament.
>
> *1.* *Background to the African Union Convention on Cyber Security (AUCC)*
>
> African Union (AU) convention (52 page document) seeks to intensify
> the fight against cybercrime across Africa in light of increase in
> cybercrime, and a lack of mastery of security risks by African
> countries. Further, that one challenge for African countries is lack
> of technological security adequate enough to prevent and effectively
> control technological and informational risks. As such "African States
> are in dire need of innovative criminal policy strategies that embody
> States, societal and technical responses to create a credible legal
> climate for cyber security".
>
> The Convention establishes a framework for cybersecurity in Africa
> "through organisation of electronic transactions, protection of
> personal data, promotion of cyber security, e-governance and combating
> cybercrime" (Conceptual framework).
>
> *2.* *Division of the Convention*
>
> *Part 1 Electronic transactions*
>
> Section I: Definition of terms
>
> Section II: Electronic Commerce (Fields of application of
> electronic commerce, Contractual responsibility of the electronic
> provider of goods and services).
>
> Section III: Publicity by electronic means.
>
> Section IV: Obligations in electronic form (Electronic
> contracts, Written matter in electronic form, Ensuring the security of
> electronic transactions).
>
> *Part II PERSONAL DATA PROTECTION*
>
> Section I: Definition
>
> Section II: Legal framework for personal data protection
> (Objectives of this Convention with respect to personal data, Scope of
> application of the Convention, Preliminary formalities for personal
> data processing).
>
> Section III: Institutional framework for protection of
> personal data (Status, composition or organization, Functions of the
> protection authority).
>
> Section IV: Obligations relating to the conditions governing
> the processing of personal data (basic principles governing the
> processing of personal data, Specific principles governing the
> processing of sensitive data, Interconnectionof personal data files).
>
> Section V: The rights of the person whose personal data are
> to be processed (Right to information, Right of access, Right of
> opposition, Right of correction or suppression).
>
> Section VI: Obligations of the personal data processing
> official (Confidentiality obligations, Security obligations,
> Conservation obligations, Sustainability obligations).
>
> **
>
> *PART III -- PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
>
> Section 1: Terminology, National cyber security framework,
> Legislative measures, National cyber security system, National cyber
> security monitoring structures).
>
> Section II: Material penal law (Offenses specific to
> Information and Communication Technologies [Attack on, computerized
> data, Content related offenses], Adapting certain information and
> communication technologies offenses).
>
> Section II: Criminal liability for corporate persons
> (Adapting certain sanctions to the Information and Communication
> Technologies, Other penal sanctions,Procedural law, Offenses specific
> to Information and Communication Technologies).
>
> **
>
> * PART IV: COMMON AND FINAL PROVISIONS*
>
> Section I: Monitoring mechanism
>
> Section II: Final responses
>
> **
>
> *The Proposed Discussion*
>
> We have picked on articles that need clarity, and would request
> listers to kindly discuss them and provide recommendations where
> necessary.Also, where necessary, listers are encouraged to identify
> and share other articles that need clarifications that we may have
> left out.
>
> *Day 1 Monday 25/ 11/2013*
>
> *We begin with Part 1 on Electronic transactions and pick on four
> articles which we will discuss on Monday (25/11) and Tuesday (26/11). *
>
> *Section III: Publicity by electronic means*
>
> * Article I -- 7:*
>
> / Without prejudice to Article I-4 any advertising action,
> irrespective of its form, accessible through online communication
> service, shall be clearly identified as such. It shall clearly
> identify the individual or corporate body on behalf of whom it is
> undertaken./
>
> *Question:*Should net anonymity be legislated?If so, what measures
> need to be or not be considered?
>
> *Question:*Should individuals or companies be obliged to reveal their
> identities and what are the implications?
>
> *
> Article I -- 8:*
>
> /The conditions governing the possibility of promotional offers as
> well as the conditions for participating in promotional competitions
> or games where such offers, competitions or games are electronically
> disseminated, shall be clearly spelt out and easily accessible./
>
> *Question:*Should aninternational (or should we call it regional)law
> legislate on promotional offers and competitions offered locally?
>
> *_Day 2 Tuesday 26/11/13_*
>
> *Article I -- 9:
> */Direct marketing through any form of indirect communication
> including messages forwarded with automatic message sender, facsimile
> or electronic mails in whatsoever form, using the particulars of an
> individual who has not given prior consent to receiving the said
> direct marketing through the means indicated, shall be prohibited by
> the member states of the African Union./
>
> *
> *
>
> *Article I -- 10:*
>
> / The provisions of Article I -- 9 above notwithstanding, direct
> marketing prospection by electronic mails shall be permissible where:/
>
> /1) The particulars of the addressee have been obtained directly from
> him/her,/
>
> /2) The recipient has given consent to be contacted by the prospector
> partners/
>
> /3) The direct prospection concerns similar products or services
> provided by the same individual or corporate body./
>
> *Question:*Is this a realistic way of dealing with spam?
>
> *
> *
>
> *Article I -- 27*
>
> /Where the legislative provisions of Member States have not laid down
> other provisions, and where there is no valid agreement between the
> parties, the judge shall resolve proof related conflicts by
> determining by all possible means the most plausible claim regardless
> of the message base employed./
>
> *Question:*What is the meaning of this article and is it
> necessary?Some clarity needed!
>
> *_Day 3 Wednesday 27 /11/13_*
>
> *_Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal
> with three questions._*
>
> *Objectives of this Convention with respect to personal data*
>
> *Article II -- 2:*
>
> /Each Member State of the African Union shall put in place a legal
> framework with a view to establishing a mechanism to combat breaches
> of private life likely to arise from the gathering, processing,
> transmission, storage and use of personal data./
>
> /The mechanism so established shall ensure that any data processing,
> in whatsoever form, respects the freedoms and fundamental rights of
> physical persons while recognizing the prerogatives of the State, the
> rights of local communities and the target for which the businesses
> were established./
>
> *Question:*What is the relevance of this article?What are these state
> prerogatives? And given the increased interest of state surveillance,
> how can states balance respect of FOE while recognising state
> prerogatives?
>
> *Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection
> Authority*which is meant to establish standards for data protection.
> Article II -- 14///provides for each Member State of the African Union
> to establish an authority with responsibility to protect personal
> data. It//shall be an independent administrative authority with the
> task of ensuring that the processing of personal data is conducted in
> accordance with domestic legislations./
>
> In article II-17 states that '/Sworn agents may be invited to
> participate in audit missions in accordance with extant provisions in
> Member States of the African Union'./
>
> *Question:*Considering that this article seems to be tied to the
> Protection Authority, what is its relevance? And who is a 'sworn
> agent?'What should this authority look like in terms of its composition?
>
> *
> *
>
> *Article II -- 20:*
>
> /...Members of the protection authority shall not receive instructions
> from any authority in the exercise of their functions. /
>
> *
> *
>
> *Article II -- 21:*
>
> /Member States are engaged to provide the national protection
> authority human, technical and financial resources necessary to
> accomplish their mission./
>
> *Question:*It appears that this Data Protection Authority is envisaged
> to be fully government supported. Therefore, should we be talking of
> its independence? In what way should this article be framed so that it
> ensures independence of the Authority?
>
> *
> *
>
> *Article II -- 28 to II-34*outlines six principles governing the
> processing of personal data namely:
>
> Consent and of legitimacy,
>
> Honesty,
>
> Objective, relevance and conservation of processed personal data,
>
> Accuracy,
>
> Transparency and
>
> Confidentiality and security of personal data.
>
> Under each of the specific principles, detailed explanation of how
> each should be undertaken is offered.
>
> *Question:*Is this explanation and detailing of how to undertake each
> necessary in aninternational (regional) law necessary or needed?Is
> this legislation overkill?
>
> *
> *
>
> *Day 4 Thursdsay 28/11/2013 Part III*
>
> *Day 4 will focus on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
>
>
> *Article III -- 14: Harmonization*
>
> /1) Member States have to undertake necessary measures to ensure that
> the legislative measures and / or regulations adopted to fight against
> cybercrime enhance the possibility of regional harmonization of these
> measures and respect the principle of double criminality./
>
> *Question*: What is the principle of double criminality here?
>
> **
>
> *Section II: Other penal sanctions*
>
> *Article III -- 48*
>
> /Each Member State of the African Union have to take necessary
> legislative measures to ensure that, in the case of conviction for an
> offense committed by means of digital communication facility, the
> competent jurisdiction or the judge handling the case gives a ruling
> imposing additional punishment./
>
> *Question:* What is the interpretation of additional punishment? Is
> this not granting of absolute powers to judges?
>
> **
>
> *Day Five 29/11/2013*
>
> This will be dedicated to any other issue(s)that listers may want to
> raise in regard to the Convention. Further, listers can go back to
> issues of any other day and discuss them here.
>
> What other issue(s) would you like to raise?
>
> **
>
> *References*
>
> DRAFT AFRICAN UNION CONVENTION ON THE CONFIDENCE AND SECURITY IN
> CYBERSPACEhttp://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20ENGLISH_0.pdf
>
> http://daucc.wordpress.com/
>
> http://www.thepetitionsite.com/takeaction/262/148/817/
>
> http://daucc.wordpress.com/2013/10/29/paper-review-basic-drawbacks-of-the-draft-african-union-convention-on-the-confidence-and-security-in-cyberspace/
>
> http://michaelmurungi.blogspot.com/2012/08/comments-on-draft-african-union.html
>
> Have a great weekend and see you on Monday.
>
>
> Rgds
>
> Grace
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20131123/7491abbe/attachment.htm>
More information about the KICTANet
mailing list