Another human rights lawyer, Ady Macauley, wrote on his Twitter account “S 10–draft cyber-crime Act 2020 empowers the state to force mobile operators to record your voice calls and SMS in real-time and give to the state. This is not data protection, this is data harvesting. Just like the repealed Public Order Act, state authorities will use it to suppress dissent.’’
Further Section 5 of the Bill grants power to the police to search and seize stored computer data pursuant to a warrant issued by a judge. These powers are too broad, as it makes no provision that protects journalists and other professionals holding legal or ethical relationship of trust, such as lawyers and doctors, from being compelled to disclose confidential information stored in digital form.
Section 5(4) is another sticking point. It allows the police, having secured a warrant to seize some particular data, to extend the search to other systems if they believe that the data concerned is stored in those other systems. This gives the authorities a carte blanche to go on a witch-hunt on journalists, human defenders, civil society activists, political opponents etc.
“There is a real danger of the police using a decoy to secure a seizure warrant only to go after the real targets, given that a new warrant is not required to extend the search to other systems. Moreover, the device does not necessarily have to belong to the subject against whom the warrant was secured,’’ observed Vivian Affoah, Programme Manager for Digital Rights at MFWA.
Although Section 5.7 creates an offence for misuse of the search power, oversight over the use or misuse remains fluid.
Among other things, the Bill places enormous power in the hands of the Minister of Information who can determine punishments for alleged offenders of the Act. Throughout the Bill, almost all sanctions for offences are left to the discretion of the Minister. At Section 51 of the Bill, it is stated that “The Minister may by statutory instrument make regulations as it considers necessary or expedient for giving effect to this Act”.
This power could be abused. In line with international practice, the courts should be the ones to determine punishment for breach of law and not Ministers of state. Or punishment for offences under the Bill should be stated in the Bill and not left to the Minister.
Section 21 of the bill also raises data protection and privacy concerns as “a police officer or other authorised person may, without authorisation access publicly available (open source) stored computer data, regardless of where the data is located geographically”.
Also, Section 35 has been likened to Part V of the Public Order Act 1965 which was repealed in 2020. Under this section, a person can be accused of causing an offence if he “ought to have known that his conduct is likely to cause that person apprehension or fear of violence to him or damage or loss on his property; or detrimentally affects that person.” The expression “ought to have known” is problematic because an individual cannot tell how their messages will be received to know if it will cause the recipient any apprehension. An individual can be charged with this offence simply on the report of the recipient indicating that the message caused him apprehension.
Under subsection 2 of the same Section 35, sending or sharing materials offensive or menacing in character, annoying, insulting, hateful, expressing ill-will etc. is an offence. Although, subsection 3 excludes messages or other matters done in the interest of the public, determining what constitutes insult or public interest has always been fluid and too often subjective.
The reference to insult and ill-will is unnerving, as it revives memories of the ordeal of freelance journalist Mahmud Tim Kargbo who was arrested for sharing content on social media deemed “insulting” and “scurrilous” about Sierra Leone’s assistant inspector-general of police, Patrick A.T. Johnson. He was arraigned in court when, on December 4, 2020, he reported to the police in response to a November 30, 2019 summons. The journalist was charged with defamation under Section 3 of the Public Order Act and released on bail after spending a few hours in the Pademba Road maximum prison.
It is, therefore, feared that by the time the courts make a determination with anyone charged with this offence, the accused person may have spent many days or months and perhaps years in detention during the course of investigation and prosecution. It will, therefore, be important if what constitutes an insult, annoyance for example can be included in the definition on terms in the Bill.
The ubiquitous “national security” mantra is also sowing discord. Section 27 makes it an offence to intercept non-public transmissions of data from a computer system, the transmission of which threatens national security.
Besides the fact that the definition of national security has always been problematic and has been used to abuse human rights, there is the risk of investigative journalists in particular being deemed to have intercepted classified, security-sensitive information unless they can cite their sources. It is important to note that the Bill as it stands now criminalises the possession of such information and that one does not need to have published it to fall foul of the law.
In the Constitution of the National Cybersecurity Advisory Council, a member shall cease to be a member if “the President is satisfied that it is not in the public interest for the person to continue as a member of the Council”. This is not reasonable grounds for a member of the council to be removed especially when public interest is not defined under the Bill. The President can arbitrarily remove a member of the council with the excuse that their removal is in the public interest.
Meanwhile, we have noted that the proposed National Cybersecurity Advisory Council does not include any representative from the media or the Bar. We believe these two institutions are critical in ensuring that fundamental rights are protected, competing interests are accommodated while regulating behaviour and activities in the digital space.
While the media and human rights advocates express concern about the Bill, Sierra Leone’s Minister of Information and Communications, Mohamed Rahman Swarray, says he is “excited” about the storm the Bill has provoked.
“I am excited by the debate around the cybercrime Bill 2020. I wish to assure all Sierra Leoneans that this bill will not tamper with the freedoms and human rights that His Excellency President Bio is so passionate about. All this bill seeks to do is to protect our citizens in digital space and make good international commitments like the African Union‘s Malabo Accord to which Sierra Leone is a signatory, enforce the ECOWAS directive on cyber-crime and data protection and support our accession to the Budapest Convention like other countries in the region have done,” the Minister reacted on his Facebook account.
The MFWA wishes to draw the attention of the Minister of Information that the Malabo Convention does not prescribe a violation of citizens’ rights and make the use of the internet a potential crime.
The Malabo Convention enjoins states that “in adopting legal measures in the area of cybersecurity and establishing the framework for implementation thereof, each State Party shall ensure that the measures so adopted will not infringe on the rights of citizens guaranteed under the national constitution and internal laws, and protected by international conventions, particularly the African Charter on Human and Peoples’ Rights, and other basic rights such as freedom of expression, the rights to privacy and the right to a fair hearing among others.”
The Cybercrime Act fails woefully at this and does not protect citizens’ personal data. In fact, the Bill has the potential to cause breaches to data protection and privacy rights.
We will also urge the Sierra Leonean authorities to be guided by the provisions of the Malabo Convention to which they claim to be committed and take to note of Article 33 of the same Convention which notes that “Provisions of this Convention shall not be interpreted in a manner that is inconsistent with the relevant principles of international law, including international customary law.”
The MFWA shares the concerns raised by various actors in Sierra Leone about the cybercrime bill and joins the call from our partner organisation MRCG and other stakeholders for the Bill to be withdrawn from Parliament for stakeholders to make their inputs. The views expressed by civil society, human rights defenders, digital rights experts, academia, internet service providers etc, must be given serious consideration in the review of the Bill to make it human rights-respecting rather than restrictive