On Thursday, September 9, 2022, the Parliament of Uganda passed the Computer Misuse (Amendment) Bill, 2022, which was privately moved by Kampala Central MP, Muhammad Nsereko. The Bill imposes tough penalties for cybercrimes.
The Computer Misuse (Amendment) Bill, 2022 sought to amend the Computer Misuse Act, 2011 to enhance the provisions on unauthorised access to information or data; prohibit the sharing of any information relating to a child without authorisation from a parent or guardian; to prohibit the sending or sharing of information that promotes hate speech.
Following the deletion of clauses that sought to bar convicts under the law from holding public office or running for elections in 10 years, the rest of the clauses unanimously sailed through uncontested, except for MP Gorreth Namugga (from the National Unity Platform-NUP) represents Mawogola County South) who dissented.
A new clause in the Bill, proposed by the ICT committee chairperson, Moses Magogo, defined social media and created penalties for computer users who take refuge in pseudo accounts.
The clause reads: “A person who uses social media to publish, distribute or share information, prohibited under the laws of Uganda or using a disguised or false identity, commits an offence”.
A person who manages an account of an organization where this happens will be held liable for the commission of the offence, the Bill provides.
This is likely to negatively affect businesses since many people in the online media space, especially bloggers, use pseudo (fake) names to be able to publish under a different identity.
The clause gives a diverse definition of social media to mean, “a set of technologies, sites and practices which are used to share opinions, experiences and perspectives, which includes YouTube, WhatsApp, Facebook, Instagram, Twitter, WeChat, TikTok, Sina Weibo, QQ, Telegram, Snapchat, Kuaishou, Qzone, Reddit, Quora, Skype, Microsoft Team and LinkedIn”.
A person who commits the offence under the clause in issue shall, on conviction, suffer either a fine of sh16m, five years in jail or both fine and imprisonment.
Social media accounts that are verified will be presumed to be owned by the persons whose names the accounts are run unless the contrary is proved.
Also, a person whose telephone numbers and or email addresses have been used in creating social media will be personally liable for prosecution for offences committed under the act as amended.
Magogo justified the clause as being intended to “provide for the regulation of social media”.
The Bill also criminalised and defined unsolicited information, but excused commercial adverts from the categorisation, granting advertisers the liberty to share information with target audiences.
“For this section, “unsolicited information” means information transmitted to a person using the internet without the person’s consent but does not include an unsolicited commercial communication,” partly reads clause 5.
Proposed cyber law to protect people from privacy violations
More and more Ugandans are connecting to the internet, most frequently from mobile devices like phones and tablets.
There are, of course, big benefits to increased connectivity. These include easy access to information and quick communication. But there are downsides, too.
Kampala Central Member of Parliament, Hon Muhammad Nsereko was this year (2022) granted leave by Parliament to introduce a law on cyber-harassment which prescribes hefty fines, lengthy jail terms, a ban from holding public office, and loss of office for convicted offenders.
Clause 2 of the Bill seeks to punish individuals, who, “without authorization, access and intercepts another person’s data or information, voice or records another person” with a fine of Shs15 million or up to 10 years in jail or both imprisonment and fine.
Sending and sharing data about children without the authorization of their parents or guardians on a computer and by extension social media, will become an offence punishable by seven years jail term, Shs15 million in fines, or both, should Clause 3 of the Bill be enacted into law.
Sending unsolicited messages to computer users will be criminalised under Clause 4 of the Bill, an offence that Nsereko proposes should be punished by a seven-year jail term, a fine of Shs15 million, or both imprisonment and fine.
“A person shall not send to or share with another person unsolicited information through a computer,” reads Clause 5(1).
Sharing of “misleading or malicious information about or relating to any person through a computer” is to be criminalised under Clause 5 of the Bill, with an Shs15 million fine or a seven-year jail term or both such imprisonment and fine.
The Bill also seeks to bar individuals who have been convicted of the offences relating to this Bill from holding public offices or losing it for those already in office.
“A person who is convicted under this Act shall not be eligible to hold a public office for a period of 10 years. Where a person convicted under this Act is a leader or public officer, he or she shall, in addition to the prescribed punishment, be dismissed from or vacate office,” reads Clause 6 of the Bill.
Nsereko said the Bill is necessitated by increasing cyber-harassment and abuses that he said go unpunished.
“Without strengthening the existing legislation with stringent measures to address the gaps, the technological abuse with its grave impact on health, human relations, and society at large, will continue to escalate the violation of the right to privacy,” he said.
Nsereko says that in an attempt to earn likes and views on social media sites, unscrupulous individuals blackmail innocent people, sometimes for money, a vice he said must be nipped in the bud.
How computer misuse is likely to affect businesses
Cyber laws, as experienced all over the world, relate to illegal access to files and data stored on computer systems. Such laws are introduced to cope with the increase in hacking and to counter the spread of malware or computer viruses.
According to Prezi, there are three main parts to this, which include;
1) Unauthorised access to computer material.
This means that any access to material that you do not have permission to view is against the law, as is using a computer to access data or programmes stored on another computer. This is often what people refer to as “hacking”.
2) Unauthorised access with intent to commit or facilitate the commission of further offences.
This means that accessing computer material and then intending to use the information to commit further offences is against the law. If you access information (even if you have permission to do so) to use it to commit fraud or blackmail, for example, you are breaking the law.
3) Unauthorised acts with intent to impair or with recklessness to impair a computer’s operation.
This means that any unauthorised altercations made to computer materials are against the law. So, if files or data are changed when you do not have permission, then this is breaking the law.
For example, if you access someone else’s computer files and change the contents, then you are breaking the law.
Computer legislation and its impact on businesses
With the world slowly becoming a global village, this brings to the fore the fact that many of the computers used in business are connected to the internet, many businesses, therefore, worry that other malicious people will misuse their computers by, for example, stealing business data to commit fraud.
As time goes by, several similar laws have been passed worldwide to curb the misuse of computers from harming others, stealing their intellectual property (ideas) or their data, or revealing information about others, which is illegal.
Such cyber laws do not stop people from misusing computers but can act as a deterrent to try and prevent computer misuse.
There are four main areas of laws that relate to the use of computers in Uganda and elsewhere globally, especially in developed countries, but due to global interconnectivity, the same is beginning to take place here in Africa.