Guilty of spam? – here are 13 offences in Zimbabwe’s draft Computer Crime & Cybercrime Bill

Ignorantia legis neminem excusat, which is Latin for “ignorance of law excuses no one” is a legal principle which states that you cannot escape liability for breaking the law just because you didn’t know about it.

Even the most ridiculous of charges that are tucked in any law can get you fined or prosecuted. Which is why it’s important to know what’s stated in any law, especially the new ones.

Zimbabwe is currently in the process of crafting new legislation for ICT, covering e-commerce, cybercrime and data protection.

All three bills related to this are still in draft form, and there have been calls to take part in how they will be framed before they are passed as law.

The draft Computer Crime and Cybercrime Bill has attracted the most attention mostly because it spills into how we use technology everyday through services like social media and even sharing a WiFi connection.

That being said, we have listed 13 potential offences from the draft bill. Assuming that the bill isn’t altered to remove or adjust the clauses that relate to these potential offences, violating them could land you in some legal trouble.

NB – in the draft Bill an electronic device is an “electronic programmable device used, whether by itself or as part of a computer network, a database, a critical database, an electronic communications network or a national critical information infrastructure or any other device or equipment or any part thereof, to perform predetermined arithmetic, logical, routing or storage operations in accordance with set instructions and includes all:- input devices, output devices, processing devices, computer data storage mediums, programmes and other equipment and devices, that are related to, connected with or used with such a device or any part thereof”

this basically means every laptop, desktop, smartphone, tablet or smart device.

1. Illegally accessing a device

   
   Anyone who illegally accesses an electronic device which includes your phone or laptop can face a fine plus up to 5 years in prison. The same offence attracts up to 10 years in prison if it’s aggravated – this means if it’s through State owned equipment or if it’s to commit other crimes like banditry, espionage or theft.

2. Interfering with Data

   
   Hackers be warned; If you damage, delete, corrupt, alter data, deny access to it or block it (so much for innocent DDoS attacks) or are in the process of “mischievously creating, altering or manipulating any data, programme or system in whole or in part which is intended for installation in a computer” you could face 5 years in prison along with a fine. Still on that hacking tip,

   Illegally interfering with a system which is listed as a separate offence and described as the use of a computer or information network, computer device, electronic communications network or critical information infrastructure by blocking, hindering, impeding, interrupting, altering or impairing the functioning of, access to or the integrity of a computer device, computer or information network, electronic communications network or critical information infrastructure

   has a potential penalty of 10 years

3. Sharing access codes

   

   If you don’t have authorization, don’t share codes either by “communicating, disclosing or transmitting any computer data, program, access code or command”. This offence has a 5-year jail term.

   The same fine is extended to anyone who “activates or installs or downloads a program that is designed to create, destroy, mutilate, remove or modify data, program or any other form of information existing within or outside a computer or computer network”

4. Altering or destroying a password or PIN code

   Sharing codes illegally is a crime, so is the unauthorised creation alteration or destruction of a PIN code or password used to access any device. There’s a 5-year term and fine attached to this

5. Data Espionage

   
   Anyone unlawfully and intentionally performing, authorising,procuring data or allowing someone else to possess, communicate, deliver, avail or receive computer data or to intercept classified State data could face up to 20 years in prison. This is the stiffest penalty in the bill, which isn’t surprising. All espionage cases are treated this way because of the national security connotations.

6. Computer-related forgery

   
   Forgery is already illegal but this bill has added electronic forgery to the list of offences you shouldn’t be caught committing.
   Anyone caught unlawfully and intentionally entering altering, deleting, or suppressing computer data, “resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible to the actual or potential prejudice of another person” faces up to 5 years behind bars.

7. Computer related terrorism activities

   

   This has already been sensationalised by State media and is expected to reign in social media abuse that has national security risks.

   If you are caught providing, participating in training or recruiting anyone for effecting computer related terrorist activities; or if you happen to have “data, any software or hardware tool, malware, a password, access code or similar data and device, or computer data, computer device, computer network or information infrastructure network” that can be used for computer related terrorism; or if you finance computer related terrorism – You could face up to 20 years in prison, just like data espionage.

8. Child Porn

   It shouldn’t be surprising that this ended up here. The creation, distribution, possession, offers to make available, or access/procurement of child porn through any computer system has a penalty of up to 10 yrars in prison. if you provide children with child porn through nay computer system you can face up to 5 years in prison.

9. Pornography

   

   Pornography is illegal in Zimbabwe and there’s a proposed 10-year term possessing, distributing, producing, procuring it for someone else, or offering to obtain it for someone via any computer system. This also sweeps up revenge porn crimes as well all sorts of WhatsApp Group and social media sharing of porn.

10. Identity theft

    

    Identity theft under identity-related crimes committed via any computer or electronic device are set to have a penalty of up to 3 years in prison. This means that purporting to be someone else on Facebook or via SMS can land you behind bars.

11. Racist/Xenophobic/tribalist insults

    Racist slurs or insults and xenophobic material that are created, shared or distributed via an electronic device are expected to attract a fine and/or a 3-year jail term.

12. Spam

    
    New age marketers be warned – if without lawful or just cause you initiate the transmission of multiple electronic mail messages from or through a computer system you could be fined or spend a year in jail.

    The same penalty applies to anyone who “uses a protected computer system to relay or retransmit multiple electronic mail messages, with the intent to deceive or mislead users, or any electronic mail or Internet service provider, as to the origin of such messages”; or “materially falsifies header information in multiple electronic mail messages and intentionally initiates the transmission of such messages”.

    There is, however,an important caveat. This law and its penalties will be effected,

    “Provided that it shall not be an offence under this Act where the transmission of multiple electronic mail messages from or through such computer system is done within customer or business relationships”

    So those repeated messages on your latest phone accessories blasted in your Zim Entrepreneurs Facebook Group probably won’t be admissible as spam.

13. Online Harassment

    
    This is targeted at all those cases of cyberbullying and online threats.

    Any person who, unlawfully and intentionally generates, possesses, and distributes an electronic communication, with the intent to coerce, intimidate, harass, threaten bully or cause emotional distress, degrade humiliate or demean the person of another person, using a computer system or information system,

    can be fined and/or face up to 5 years in prison. If it’s implemented and enforced there are going to be a lot of Facebook harassment cases lined up in local courts.

By the way, it’s also illegal to refuse to help the law with your IT skills

There’s one other aspect of the bill that wasn’t listed under the offences section but should be noted as a prison-worthy issue.

Under the draft bill’s procedural section, if you are asked to use your skills to help in the investigation of a crime listed in this act, you should say yes. States the law,

Any person, other than the person suspected of having committed an offence under this Act who has knowledge about the functioning of the computer system or measures applied to protect the computer data therein that is the subject of a search under section 28 shall, if required or requested, provide assistance to the person authorized to make the search.

This assistance has been listed as providing information for the investigation, accessing a system or its storage, obtaining and copying data, obtaining “intelligible output” for use as evidence or using devices to make copies.

If, without lawful excuse, you do not comply you could be locked up for up to three months.

The offences we have listed here are in no way the complete bill or the entire list of offences under this draft.

Since it’s still going through consultations it would be great if you also took time out to check out the bill and find out what makes sense and what you think should be added or subtracted to make the law comprehensive.