[kictanet] Online debate on African Union Convention on Cyber Security (AUCC)
Poncelet Ileleji
pileleji at ymca.gm
Sun Nov 24 01:26:57 EAT 2013
Great move indeed
Regards
Poncelet
On 23 November 2013 16:18, Alice Munyua <alice at apc.org> wrote:
> Great going GG
>
> Appreciate it.
>
> Best
> Alice
>
>
>
> On 22/11/2013 08:42, Grace Githaiga wrote:
>
> Good morning Listers
>
> We would like to propose an online discussion on the African Union
> Convention on Cyber Security(AUCC)
> http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20ENGLISH_0.pdf
> on multiple lists of KICTANet and ISOC-KE, in Kenya and on I-Network
> list moderated by the Collaboration on International ICT Policy in East
> and Southern Africa (CIPESA) and ISOC -Uganda, starting from Monday 25th
> to Friday 29th November 2013. We will also share the concerns with the
> best bits list http://bestbits.net/, the Internet Governance Caucus list
> http://igcaucus.org/ and Access Now https://www.accessnow.org/ since we
> would like to give as much input as possible.
>
>
> We have been in discussion with AUC and the drafters have accepted to
> receive our input despite having gone through this process two years ago
> with African governments. In light of this window of opportunity, we
> suggest we engage. AUC will discuss the convention during the AU ICT week
> scheduled for December 1-6, 2013http://www.africanictweek.org/
>
>
> For Kenya, it is important that we engage, the reason being that if
> Kenya signs into this convention in January 2014, it will become binding as
> stipulated in Kenya’s 2010 Constitution Article 2 (6) which states: *Any
> treaty or convention ratified by Kenya shall form part of the law of Kenya
> under this Constitution. *The Convention is therefore more like a Bill of
> Parliament.
>
>
>
> *1.* *Background to the African Union Convention on Cyber Security
> (AUCC)*
>
> African Union (AU) convention (52 page document) seeks to intensify the
> fight against cybercrime across Africa in light of increase in cybercrime,
> and a lack of mastery of security risks by African countries. Further, that
> one challenge for African countries is lack of technological security
> adequate enough to prevent and effectively control technological and
> informational risks. As such “African States are in dire need of innovative
> criminal policy strategies that embody States, societal and technical
> responses to create a credible legal climate for cyber security”.
>
> The Convention establishes a framework for cybersecurity in Africa
> “through organisation of electronic transactions, protection of personal
> data, promotion of cyber security, e-governance and combating cybercrime”
> (Conceptual framework).
>
>
>
> *2.* *Division of the Convention*
>
> *Part 1 Electronic transactions*
>
> Section I: Definition of terms
>
> Section II: Electronic Commerce (Fields of application of
> electronic commerce, Contractual responsibility of the electronic provider
> of goods and services).
>
> Section III: Publicity by electronic means.
>
> Section IV: Obligations in electronic form (Electronic contracts,
> Written matter in electronic form, Ensuring the security of electronic
> transactions).
>
>
>
> *Part II PERSONAL DATA PROTECTION*
>
> Section I: Definition
>
> Section II: Legal framework for personal data protection
> (Objectives of this Convention with respect to personal data, Scope of
> application of the Convention, Preliminary formalities for personal data
> processing).
>
> Section III: Institutional framework for protection of personal
> data (Status, composition or organization, Functions of the protection
> authority).
>
> Section IV: Obligations relating to the conditions governing the
> processing of personal data (basic principles governing the processing of
> personal data, Specific principles governing the processing of sensitive
> data, Interconnection of personal data files).
>
> Section V: The rights of the person whose personal data are to
> be processed (Right to information, Right of access, Right of opposition,
> Right of correction or suppression).
>
> Section VI: Obligations of the personal data processing official
> (Confidentiality obligations, Security obligations, Conservation
> obligations, Sustainability obligations).
>
>
>
> *PART III – PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
>
> Section 1: Terminology, National cyber security framework,
> Legislative measures, National cyber security system, National cyber
> security monitoring structures).
>
> Section II: Material penal law (Offenses specific to
> Information and Communication Technologies [Attack on, computerized data,
> Content related offenses], Adapting certain information and communication
> technologies offenses).
>
> Section II: Criminal liability for corporate persons (Adapting
> certain sanctions to the Information and Communication Technologies, Other
> penal sanctions, Procedural law, Offenses specific to Information and
> Communication Technologies).
>
>
>
> * PART IV: COMMON AND FINAL PROVISIONS*
>
> Section I: Monitoring mechanism
>
> Section II: Final responses
>
>
>
> *The Proposed Discussion*
>
> We have picked on articles that need clarity, and would request listers to
> kindly discuss them and provide recommendations where necessary. Also,
> where necessary, listers are encouraged to identify and share other
> articles that need clarifications that we may have left out.
>
>
>
> *Day 1 Monday 25/ 11/2013*
>
> *We begin with Part 1 on Electronic transactions and pick on four articles
> which we will discuss on Monday (25/11) and Tuesday (26/11). *
>
> *Section III: Publicity by electronic means*
>
> * Article I – 7:*
>
> * Without prejudice to Article I-4 any advertising action, irrespective of
> its form, accessible through online communication service, shall be clearly
> identified as such. It shall clearly identify the individual or corporate
> body on behalf of whom it is undertaken.*
>
> *Question:* Should net anonymity be legislated? If so, what measures need
> to be or not be considered?
>
> *Question:* Should individuals or companies be obliged to reveal their
> identities and what are the implications?
>
>
> * Article I – 8:*
>
> *The conditions governing the possibility of promotional offers as well as
> the conditions for participating in promotional competitions or games
> where such offers, competitions or games are electronically disseminated,
> shall be clearly spelt out and easily accessible.*
>
> *Question:* Should an international (or should we call it regional) law
> legislate on promotional offers and competitions offered locally?
>
> *Day 2 Tuesday 26/11/13*
>
>
> *Article I – 9: **Direct marketing through any form of indirect
> communication including messages forwarded with automatic message sender,
> facsimile or electronic mails in whatsoever form, using the particulars of
> an individual who has not given prior consent to receiving the said direct
> marketing through the means indicated, shall be prohibited by the member
> states of the African Union.*
>
>
> *Article I – 10:*
>
> * The provisions of Article I – 9 above notwithstanding, direct marketing
> prospection by electronic mails shall be permissible where:*
>
> *1) The particulars of the addressee have been obtained directly from
> him/her,*
>
> *2) The recipient has given consent to be contacted by the prospector
> partners*
>
> *3) The direct prospection concerns similar products or services provided
> by the same individual or corporate body.*
>
> *Question:* Is this a realistic way of dealing with spam?
>
>
> *Article I – 27*
>
> *Where the legislative provisions of Member States have not laid down
> other provisions, and where there is no valid agreement between the
> parties, the judge shall resolve proof related conflicts by determining by
> all possible means the most plausible claim regardless of the message base
> employed.*
>
> *Question:* What is the meaning of this article and is it necessary? Some
> clarity needed!
>
>
>
> *Day 3 Wednesday 27 /11/13*
>
> *Today, we move onto PART II: PERSONAL DATA PROTECTION and will deal with
> three questions.*
>
> *Objectives of this Convention with respect to personal data*
>
> *Article II – 2:*
>
> *Each Member State of the African Union shall put in place a legal
> framework with a view to establishing a mechanism to combat breaches of
> private life likely to arise from the gathering, processing, transmission,
> storage and use of personal data.*
>
> *The mechanism so established shall ensure that any data processing, in
> whatsoever form, respects the freedoms and fundamental rights of physical
> persons while recognizing the prerogatives of the State, the rights of
> local communities and the target for which the businesses were established.*
>
> *Question:* What is the relevance of this article? What are these state
> prerogatives? And given the increased interest of state surveillance, how
> can states balance respect of FOE while recognising state prerogatives?
>
> *Article II-6, II-7, 11-8, II-11, II-12, II-13 refer to a Protection
> Authority* which is meant to establish standards for data protection.
> Article II – 14 *provides for each Member State of the African Union to
> establish an authority with responsibility to protect personal data. It* *shall
> be an independent administrative authority with the task of ensuring that
> the processing of personal data is conducted in accordance with domestic
> legislations.*
>
> In article II-17 states that ‘*Sworn agents may be invited to participate
> in audit missions in accordance with extant provisions in Member States of
> the African Union’.*
>
> *Question:* Considering that this article seems to be tied to the
> Protection Authority, what is its relevance? And who is a ‘sworn agent?’ What
> should this authority look like in terms of its composition?
>
>
> *Article II – 20:*
>
> *…Members of the protection authority shall not receive instructions from
> any authority in the exercise of their functions. *
>
>
> *Article II – 21:*
>
> *Member States are engaged to provide the national protection authority
> human, technical and financial resources necessary to accomplish their
> mission.*
>
> *Question:* It appears that this Data Protection Authority is envisaged
> to be fully government supported. Therefore, should we be talking of its
> independence? In what way should this article be framed so that it ensures
> independence of the Authority?
>
>
> *Article II – 28 to II-34 *outlines six principles governing the
> processing of personal data namely:
>
> Consent and of legitimacy,
>
> Honesty,
>
> Objective, relevance and conservation of processed personal data,
>
> Accuracy,
>
> Transparency and
>
> Confidentiality and security of personal data.
>
> Under each of the specific principles, detailed explanation of how each
> should be undertaken is offered.
>
> *Question:* Is this explanation and detailing of how to undertake each
> necessary in an international (regional) law necessary or needed? Is this
> legislation overkill?
>
>
> *Day 4 Thursdsay 28/11/2013 Part III*
>
> *Day 4 will focus on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME*
>
>
> *Article III – 14: Harmonization*
>
> *1) Member States have to undertake necessary measures to ensure that the
> legislative measures and / or regulations adopted to fight against
> cybercrime enhance the possibility of regional harmonization of these
> measures and respect the principle of double criminality.*
>
> *Question*: What is the principle of double criminality here?
>
>
>
> *Section II: Other penal sanctions*
>
> *Article III – 48*
>
> *Each Member State of the African Union have to take necessary legislative
> measures to ensure that, in the case of conviction for an offense committed
> by means of digital communication facility, the competent jurisdiction or
> the judge handling the case gives a ruling imposing additional punishment.*
>
> *Question: * What is the interpretation of additional punishment? Is this
> not granting of absolute powers to judges?
>
>
>
> *Day Five 29/11/2013*
>
> This will be dedicated to any other issue(s)that listers may want to raise
> in regard to the Convention. Further, listers can go back to issues of any
> other day and discuss them here.
>
> What other issue(s) would you like to raise?
>
>
>
> *References*
>
> DRAFT AFRICAN UNION CONVENTION ON THE CONFIDENCE AND SECURITY IN CYBERSPACE
> http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20ENGLISH_0.pdf
>
> http://daucc.wordpress.com/
>
> http://www.thepetitionsite.com/takeaction/262/148/817/
>
>
> http://daucc.wordpress.com/2013/10/29/paper-review-basic-drawbacks-of-the-draft-african-union-convention-on-the-confidence-and-security-in-cyberspace/
>
>
> http://michaelmurungi.blogspot.com/2012/08/comments-on-draft-african-union.html
>
>
>
> Have a great weekend and see you on Monday.
>
>
> Rgds
>
> Grace
>
>
> _______________________________________________
> kictanet mailing listkictanet at lists.kictanet.or.kehttps://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/pileleji%40ymca.gm
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
--
Poncelet O. Ileleji MBCS
Coordinator
The Gambia YMCAs Computer Training Centre & Digital Studio
MDI Road Kanifing South
P. O. Box 421 Banjul
The Gambia, West Africa
Tel: (220) 4370240
Fax:(220) 4390793
Cell:(220) 9912508
Skype: pons_utd
*www.ymca.gm <http://www.ymca.gm>www.waigf.org
<http://www.waigf.org>www.aficta.org <http://www.aficta.org>www.itag.gm
<http://www.itag.gm>www.npoc.org
<http://www.npoc.org>http://www.wsa-mobile.org/node/753
<http://www.wsa-mobile.org/node/753>*www.diplointernetgovernance.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20131123/f5e16507/attachment.htm>
More information about the KICTANet
mailing list