My scholarly view on the Computer Misuse Bill

Christopher Muhawe

What you need to know:

  • Criminal legislation is not the best panacea for redressing data privacy violations

Kampala Central Member of Parliament Muhammad Nsereko recently tabled a private member’s Bill, the Computer Misuse (Amendment) Bill 2022.He proposes several computer misuse “crimes” to be punishable by a Shs15 million fine and a seven-year jail term, among others. He argues that his Bill strengthens the existing law but above all provides for children’s online privacy.

MP Nsereko’s proposed enforcement of online privacy through criminal legislation runs a risk of leaving victims of online privacy violations with no worthwhile remedy.

Enforcement of online privacy through legislation requires an understanding of the difference between cybersecurity and privacy. It appears that the MP is mixing two different but related concepts.

Cybersecurity and privacy are two related but different concepts. The former relates to protection of computer systems or networks from information disclosure, theft of data, and damage, among others. The latter relates to the state of being free from observation or disturbance from others be it online or otherwise. Understanding the two concepts will inform MP Nsereko that his approach to the problem is disastrous. Criminal legislation is not the best panacea for redressing data privacy violations.

Indeed, social network sites (SNS) like Facebook, YouTube, and Twitter, among others, have been used as platforms for “bad” speech-hate speech, disinformation, and bad propaganda campaigns coupled with incitement of violence on the internet. However, we cannot afford to fall into the perpetrators’ trap by enacting a superfluous law like the MP is suggesting. A common law approach other than criminal law provides a better solution to the problem.

Common law claims are by nature civil claims, and they require a less evidentiary standard used in the burden of proof analysis. On the other hand, criminal law remedies require a higher burden of proof standard. With common law enforcement, a victim of online privacy violations needs a preponderance of the evidence as opposed to the proof beyond reasonable doubt standard that is applied in criminal law.

Common law offers victims of tortious invasion of privacy a chance to plead several torts depending on their facts. A tort is a civil wrong for which courts impose liability. The law provides the following torts to victims of online privacy violations; (a)intrusion Upon Seclusion; (b) appropriation of name and likeness; (c)public disclosure of private facts and false publicity. In the alternative, victims may claim under the law of defamation.

In February this year, the Director of Public Prosecution (DPP) reported that only nine (9) cases have been successfully prosecuted under the Computer Misuse Act 2011.

The DPP’s office attributes this paltry number to the challenges involved in gathering and tendering evidence to prove online crimes. I have carefully studied the nine cases that the DPP reported as having successfully prosecuted under the Act.

A learned conclusion suggests that these cases are more of cybersecurity and data breach-criminal enforcement than privacy enforcement cases. To this extent, Nsereko needs to clearly define whether his interest is privacy protection or cybersecurity.

Could it be that MP Nsereko and the political class are attempting to shield themselves from online political commentary hence attempts to criminalise the same.

Admittedly, political commentary can sometimes be brutal and full of falsehoods. However, its brutality and false anecdotes do not render protected speech unprotected, and at that criminal. What is in question is the compromise between privacy rights, freedom of speech, and expression.

The desire to restrict freedom of speech and expression in Uganda is ever present especially when the rise of new and contrarian voices challenge power. The proposed amendment to the Computer Misuse Act aims at strengthening a law that has been abused by state security agents on many occasions.

There have been reports of incommunicado detentions, torture, and harassment of alleged offenders of this law that the MP intends to “strengthen.” This amendment runs a risk of arming an already charged political establishment that hates being called out when it goes wrong. MP Nsereko should advocate for common law enforcement of online privacy instead of criminal law enforcement.

Mr Christopher Muhawe is a final year Doctoral candidate of Cybersecurity and Privacy at the University of Illinois- USA.