SlideShare une entreprise Scribd logo

CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES

Iddi Yassin, Esq.
Iddi Yassin, Esq.
1  sur  74
Télécharger pour lire hors ligne
1 (MU) MZUMBE UNIVERSITY FACULTY OF LAW RESEARCH REPORT ON CYBERCRIMES IN TANZANIA; LEGAL AND INSTITUTIONAL CHALLENGES BY: IDDI YASSIN Registration No: 14816/T.11 SUPERVISOR: Mr. MARTIN MASSAWE A COMPULSORY RESEARCH REPORT SUBMITTED AS PARTIAL FULFILLMENT FOR THE REQUIREMENT OF THE AWARD OF BACHELOR OF LAWS DEGREE (LL.B) OF MZUMBE UNIVERSITY JUNE, 2014
i CERTIFICATION I, the undersigned, certify that I have read and hereby recommend for acceptance by the Mzumbe University, a report titled “CYBERCRIMES IN TANZANIA: LEGAL AND INSITITUTIONAL CHALLENGES”, in partial fulfillment of the requirements for an award of the degree of bachelor in laws of Mzumbe University. Signature ..................................................... Mr. Martin Massawe Supervisor
ii DECLARATION I, IDDI YASSIN do hereby declare that this is my own work and it has not been submitted for a similar or any other degree in any other university. CANDIDATE: …………………… IDDI YASSIN DATE: ……… ………………2014
iii COPYRIGHT This report is protected under the Berne Convention of 1886, the Copyright and Neighboring Rights Act, No. 7 of 1999 and other international and national enactments, in that behalf, on intellectual property. It may not be reproduced by any means in full or in part, except for short extracts in fair dealings, for research or private study, critical scholarly review or disclosure with an acknowledgement, without the written permission of Mzumbe University, on behalf of the author. © IDDI YASSIN MZUMBE UNIVERSITY JUNE, 2014
iv ACKNOWLEDGEMENT Completion of this work has been possible due to effort and assistance from a number of persons. Therefore I wish to acknowledge the assistance I got when undertaking this research, the assistance without which my work would have been impossible. I wish to thank my parents, Mr. Yassin Iddi and Mrs Rukia Yassin for their encouragement and blessings which they gave to me during each and every step of my life adventure. I am greatly indebted to my supervisor Mr Martin Massawe for his guidance in the research preparation and completion of this work. Many stimulating discussions, constructive criticism and comments from him have contributed to the final shape and content of this work. However, I am solely responsible for the contents or error in this work. Furthermore, my immense gratitude goes to Her Majesty‟s British Government to which under its wonderful administration, it laid down the foundation for everyone to understand that he possessed all the privileges as well as all the responsibilities of his existence, by indulging ideas of civilization to the indigenous people and those principles laid a solid foundation in the shaping up of our legal system. Also, I am indebted to many friends, colleagues, teachers, librarians and others for their help during my study. Finally I owe the greatest debt to thank God, for he gave me grace.
v DEDICATION To the fraternity which sought to help good men become better
vi LIST OF ABBREVIATIONS AISI - African Information Society Initiative ARAPKE - African Regional Action Plan for the Knowledge Economy C A - Court of Appeal CAP - Chapter CERT - Computer Emergency Response Team D.P.P - Director of Public Prosecutions EAC - East African Community ECOWAS - The Economic Community of West African States G8 - Group of Eight GCA - Global Cyber security Agenda HCD - High Court Digest IBID - Ibidem ICT - Information and Communication Technology Interpol - International Criminal Police Organization ISP - Internet Service Provider ITU - International Telecommunication Union LL.B - Lex Legum Baccalaureus LLC - Limited Liability Company N - Number OECD - Organisation for Economic Co-operation and Development Op cit - Opera Citate Pg - Page R.E - Revised Edition REC - Regional Economic Communities TCRA - Tanzania Communication Regulatory Authority TLR - Tanzania Law Report U.K - United Kingdom U.N - United Nations U.S - United States v. - Versus
vii ABSTRACT Cyber crime reflects a peculiar type of techno-sophisticated criminality having different features. This criminality is posing the challenges to existing national legal system and it appears to be difficult to control and combat these crimes within the existing framework of legal system. Specially, the problem of jurisdiction, identity crises and lack of legal recognition of most of acts make it difficult for legal systems to effective deal with the crime. The location and trans-national character of these crimes again added the flavor makes it too dangerous to imagine. Chapter one, in this chapter the main discussion bases on the introduction and historical background to the problem. It also covers the objectives of the study, the significance of the study and the research methodology which was applied during the research In chapter two, the focus laid down conceptual framework of cybercrimes and explanation of some concepts concerning with cyber developments. Chapter three, the discussion is based on the general concept of legal and institutional frameworks in International level, Regional level and National level. The importance gained under this chapter based on analysis of such legal and institutional frameworks so as to link them with the need of study. Chapter four contains the important selected data from the field which intend to prove truthfulness or otherwise of the hypothesis of the study that, the law in Tanzania does not provide protection against cybercrimes. There is little legal protection to the community after taking a venture into development of ICT due to the absence of provisions in the Penal Code and other laws in preventing cybercrimes, likewise there is no proper institutional framework to give protection against cybercrimes. Chapter five of this work mainly focused on laying down conclusive remarks and recommendations to be followed so as to succeed in fight against cybercrimes.
viii TABLE OF CONTENTS CERTIFICATION .................................................................................................... i DECLARATION..................................................................................................... ii COPYRIGHT ......................................................................................................... iii ACKNOWLEDGEMENT ...................................................................................... iv DEDICATION .........................................................................................................v LIST OF ABBREVIATIONS ................................................................................. vi ABSTRACT .......................................................................................................... vii TABLE OF CONTENTS...................................................................................... viii LIST OF STATUTES AND INTERNATIONAL INSTRUMENTS....................... xii LIST OF CASES .................................................................................................. xiii CHAPTER ONE.....................................................................................................1 1.1 Introduction.....................................................................................................1 1.2 Background to the problem..............................................................................3 1.3 Statement of the problem.................................................................................5 1.4 Objectives of the study ....................................................................................6 1.4.1 General objective ......................................................................................6 1.4.2 Specific objectives ....................................................................................6 1.5 Significance of the study..................................................................................7 1.6 Hypotheses......................................................................................................7 1.7 Research methodology.....................................................................................7 1.7.1 Sampling selection....................................................................................7 1.7.2 Unit of inquiry ..........................................................................................8 1.7.3 Research Design........................................................................................8 1.7.4 Scope and Justification of the study...........................................................8 1.7.5 Data sources and collection strategies........................................................9 1.7.5.1 Primary Data collection ......................................................................9 1.7.5.2 Secondary Data collection ..................................................................9 1.7.5.2.1 Interview......................................................................................9 1.7.5.2.2 Questionnaire...............................................................................9 1.7.6 Data Analysis..........................................................................................10
ix 1.8 Limitations of the study.................................................................................10 1.9 Literature review ...........................................................................................11 CHAPTER TWO..................................................................................................15 ANALYSIS ON CONCEPTUAL FRAMEWORK OF CYBERCRIMES .........15 2.1 Introduction...................................................................................................15 2.2 Offence of Fraud ...........................................................................................15 2.3 Hacking.........................................................................................................17 2.4 The challenges brought by Electronic evidence..............................................19 2.4.1 Authenticity ............................................................................................20 2.4.2 Integrity ..................................................................................................21 2.4.3 Confidentiality ........................................................................................22 2.5 Jurisdictional problems..................................................................................23 2.6 Computer forensic and e-evidence.................................................................24 2.7 Anonymity and identity .................................................................................25 2.8 Conclusion ....................................................................................................26 CHAPTER THREE..............................................................................................27 ANALYSIS OF THE LEGAL AND INSTITUTIONAL FRAMEWORKS COMBATING CYBERCRIMES IN TANZANIA..............................................27 3.1 Introduction...................................................................................................27 3.2 National Statutes for combating cybercrimes.................................................27 3.2.1 The Constitution of United Republic of Tanzania, 1977 ..........................27 3.2.2 The Penal Code [Cap 16 R.E 2002].........................................................28 3.2.3 The Evidence Act....................................................................................29 3.2.4 Electronic and Postal Communication Act, No.12 of 2010 ......................29 3.3 National Policy..............................................................................................30 3.3.1 Information and Communication Technology Policy of 2003..................30 3.4 Regional Legal framework for combating cybercrimes..................................31 3.4.1 Draft African Union convention on the establishment of a legal framework conducive to cyber security in Africa, 2012...........................................31 3.5 International Legal framework for combating cybercrimes ............................32
x 3.5.1 UN Convention on the Rights of the Child ..............................................32 3.5.2 Council of Europe‟s Convention on Cybercrime .....................................32 3.6 National Institutions combating cybercrimes in Tanzania ..............................33 3.6.1 The Police Force .....................................................................................33 3.6.2 The Judiciary ..........................................................................................33 3.6.3 The Director of Public Prosecutions (D.P.P) Office.................................33 3.6.4 Tanzania Communication Regulatory Authority (T.C.R.A).....................34 3.7 Regional institutional framework for combating cybercrimes ........................34 3.7.1 African Union (A.U) ...............................................................................34 3.7.2 The Economic Community of West African States (ECOWAS)..............35 3.7.3 East African Community.........................................................................36 3.8 International Institutional combating cybercrimes..........................................36 3.8.1 The G8....................................................................................................36 3.8.2 The United Nations .................................................................................38 3.8.3 The International Telecommunication Union (ITU).................................38 3.8.4 The Commonwealth of Nations...............................................................39 3.8.5 Organisation for Economic Co-operation and Development (OECD) ......40 3.8.6 International Criminal Police Organization (Interpol)..............................41 CHAPTER FOUR.................................................................................................42 RESEARCH FINDINGS AND DATA ANALYSIS ............................................42 4.1 Introduction...................................................................................................42 4.2.1 Analysis of data collected from magistrates.............................................42 4.2.2 Analysis of Data collected from Public Prosecutors and Police Officer ...43 4.2.3 An analysis of data collected from Public citizens and University students ...............................................................................................................44 4.2.4 An analysis of Data collected from Advocates of the high court of Tanzania and Lawyers ............................................................................45 4.2.5 An analysis of Data collected from IT experts .........................................45
xi CHAPTER FIVE ..................................................................................................46 CONCLUSION AND RECOMMENDATIONS..................................................46 5.1 Conclusion ....................................................................................................46 5.2 Testing Hypothesis ........................................................................................47 5.3 Testing Objective ..........................................................................................47 5.4 Recommendations .........................................................................................47 5.4.1 Need to enact robust cyber legislation .....................................................48 5.4.2 Providing training to the judicial officers and law enforcers on cybercrime ...............................................................................................................48 5.4.3 Providing education on cybercrime issues to the members of the public ..48 5.4.4 Establishment of specific institutions to combat cybercrimes...................49 5.4.5 Institutions should work together and coordinate their activities..............49 5.4.6 More stern measures should be taken against cyber criminals..................49 5.4.7 Increase of cyber security practices in both public and private sector organizations...........................................................................................49 5.4.8 Cybercrime prevention by Internet service and hosting providers............50 5.4.9 International coordination and cooperation..............................................50 BIBLIOGRAPHY.................................................................................................51 APPENDIX ...........................................................................................................54
xii LIST OF STATUTES AND INTERNATIONAL INSTRUMENTS DOMESTIC STATUTES Criminal Procedure Act [Cap 20 R.E 2002] Penal Code [Cap 16 R.E 2002] Post and Telecommunications Act,[ No.15 of 1977] Tanzania Communication Regulatory Authority Act [No.12 of 2003] The Broadcast Receiving Apparatus (Licensing) Act [No.6 of 1964] The Electronic and Postal Communications Act [No.3 of 2010] The Evidence Act [Cap 6R.E 2002] NATIONAL POLICIES Information and Communication Technology Policy of 2003 INTERNATIONAL INSTRUMENTS G8 Ten-Point Action Plan of 1997 Global Cyber security Agenda (GCA) The AU Draft Convention on Cyber security The Council of Europe‟s Convention on cybercrime, of 2001 UK Computer Misuse Act of 1990 UN Convention on the Rights of the Child of 1989
xiii LIST OF CASES DPP v Ray [1974] AC 370 Indigital Solutions, LLC v. Mohammed, 2012 WL 5825824 (S.D. Tex) R v. Lloyd [1985] 2All ER 661 Tanzania Cotton Marketing Board v. Cogecot Cotton Company SA [1997] TLR 165 Trust Bank Tanzania Ltd v. Le Marsh Enterprises Ltd, High Court of Tanzania (Commercial Division) at Dar es Salaam, Commercial case no.4 of 2004 United States v. Lloyd 269 F. 3d 228,231 (3rd Cir.2001)
1 CHAPTER ONE 1.1 Introduction Massive technological advancement in the world has brought about robust changes in socio-economical arena. During the end of 20th century, the world has been mostly marked with a tremendous development in Information and Communication Technology (ICT).1 This ICT advancement from the end of the 20th century has led to changes in areas such as knowledge management and human resources development. Remarkably, development in technology has brought about improvement of communication systems and business transactions methods, on the other hand such developments have facilitated about new types of crimes. These crimes which operate by using new technology are known as cyber crimes. Cyber crimes are defined as any violations of the criminal law that involves the knowledge of computer technology for their perpetration, investigation, or prosecution2 . Cyber crime is an overwhelming problem worldwide. It has brought an array of new crime activities and actors and, consequently, a series of new challenges in the fight against this new threat. Cyber crimes represent a real challenge to all criminal justice all over the world including Tanzania. Cyber criminals around the world lurk on the Net as omnipresent menace to the financial health of businesses, to the trust of their customers, and as an emerging threat to nations‟ security. Headlines of cyber attacks command our attention with increasing frequency. For example in the case of United States v. Lloyd3 , where the defendant worked as a computer systems administrator for a manufacturer of highly specialized and sophisticated industrial process measurement devices and control equipment. Before his anticipated termination he planted a “logic bomb” in the central file server of the company‟s computer network. It went off on a specified date after he left, permanently deleting the company‟s design and production 1 .Mambi, A.J (2010) ICT Law Book, A Sourcebook for Information and Communication Technologies and Cyber Law, Mkuki na Nyota Publishers, Dar-es-salaam, Tanzania, page 69. 2 Lloyd J.I., Information Technology Law, 3rd Edition, Lexis Nexis Butterworth UK, 2000, page 156. 3 269F.3d228, 231(3dCir.2001).
2 computer programs. It purged about 1,200 computer programs, crippling the company‟s manufacturing capabilities and resulting in the loss of millions of dollars in sales and contracts. It shows how cybercrimes can curtail organizations businesses. Cybercrimes which are harmful acts committed from or against a computer or network differs from most terrestrial crimes in four ways. They are easy to learn how to commit; they require few resources relative to the potential damage caused; they can be committed in jurisdiction without being physically present in it; and they are often not clearly illegal. Cybercrime is now serious, widespread, aggressive, growing and increasingly sophiscated and poses major implications for national and economic security. Many industries and institutions and public and private organizations are at significant risk. For example in Indigital Solutions, LLC v. Mohammed 4 Plaintiffs alleged that one or more unknown defendants used malware to gain access to plaintiffs‟ email account, web hosting account and domain registration account. From a message in plaintiffs‟ email account, the defendants acquired an image of one of the plaintiff‟s signature, which defendants used to forge a domain name transfer agreement. Plaintiffs sued under the Computer Fraud and Abuse Act and other theories. They sought leave to take expedited discovery to learn the identity of the unknown defendants. The court granted the motion. The court found that plaintiffs had made a prima facie showing of harm by setting forth a valid claim under the Computer Fraud and Abuse Act. The discovery request was specific, in that they sought third party subpoenas to specified recipients seeking particular information. All alternative means of discovering the defendants had been exhausted, and the case could not move forward without the information. And the court found no privacy interest on the part of the defendants to be at stake, especially given the evidence that the defendants were not U.S. citizens, thus not subject to any First Amendment interest in anonymity. This shows how serious other jurisdictions have in methods combating against cybercrimes. 4 2012 WL 5825824 (S.D.Tex).
3 Currently, Tanzania is embarking on deployment of e-government and more organizations are adopting the internet as medium of transmission for the core business functions. The organizations that heavily depend of the internet and computer network are at risk from cyber attack which could deliberately attempt to disrupt services. Finally, the growing danger from crimes committed against computers, or against information store on computers, is beginning to claim attention in larger capacity. The existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from cyber criminals. 1.2 Background to the problem Cybercrime in Tanzania is a conundrum and not something novel. This problem can be traced back from the advent of computer technology in 1965, where the first computer in Tanzania, an ICT 1500, was installed in the Ministry of Finance.5 At that point of time the life structure started to embrace new advancements hence technology started to forge its roots in different sectors. In that particular time government saw the danger posed by the introduction of technological advancements hence it enacted various legislations so as to regulate Information Communication Technology (ICT), examples of such legislations were Post and Telecommunications Act6 and the Broadcast Receiving Apparatus (Licensing) Act.7 The failure to computerize the government accounting system and the consequent heavy financial loss accumulated with the fear of side effects caused by the advancement of science and technology resulted to the government banning the importation of computers and related equipments into Tanzania.8 5 Ubena, J. (2009),“Why Tanzania needs Electronic communication legislation? Law keeping up with technology”, Law Reformer Journal, Vol. 2 No. 1 pp. 17- 26. 6 Act No.15 of 1977. 7 Act No.6 of 1964. 8 Ndamagi, C. "National Informatics Policies in Tanzania: A Practitioner's Point of View., Regional Seminar on National Information and Informatics Policies in Africa, UN Economic Commission, 28 November-December 1988.
4 The Judiciary of Tanzania tried to sophiscate the problem of technological advancement in the case of Tanzania Cotton Marketing Board v Cogecot Cotton Company SA,9 where it did the move by interpreting and applying the existing statutory and common law principles in ways and manners that incorporate the existing social realities. The Court of Appeal of Tanzania allowed arbitration awards to be sent to the High Court electronically, contrary to the rule 4 of the Arbitration Ordinance. All in all, Tanzania started to experience cybercrime incidents around various public, private organizations, and government institutions. From January to November 2012 crimes which include massive web attacks such as that happened on November 2012 where some of government websites and private companies‟ website were massively attacked. Such website include, Chemi & Cotex Industries Ltd, Tanzania Olympic website , Open University website , Tanzania commission for University few to mention, the web intruders did havoc in the above mentioned websites and changed the data therein.10 Moreover, report from Tanzania Police Force11 shows that there is an increase in reported cases of cybercrimes in the country. One of the examples is the increase of businessmen who forge receipts of imported goods so as evade taxation liability. Although cybercrime is a conundrum in worldwide arena, developed countries such as U.K, U.S and institutions in those countries have made a major step in employing in-house computer forensic experts who realize the risks of having an attack before it occurs or before the security breach and the government of those nations have enacted cyber laws which define clearly cybercrimes offences.12 As the industrial revolution rendered obsolete aspects of law based on notions of an agrarian society, so a legal system focusing on issue of ownership, control and use of 9 [1997]TLR.165. 10 Cybercrime in Tanzania http://www.ippmedia.com/frontend/?l=65994 , 24/12/2013. 11 Tanzania Police Force, Cyber Security in Tanzania-Country Report, 2012. 12 Gringras,C, (2003), The Laws of the Internet,2nd edition, Butterworth‟s, Lexis, ,page 15.
5 physical objects must reorientate itself to suit the requirement of an information society. That has never been done in Tanzania and it remains clear, however, that regulation of ICT in Tanzania is still at an initial stage, and much needs to be done in the ICT sector. 1.3 Statement of the problem Usage of cyber-related technology has been a cornerstone towards development in Tanzania. In the recent years there has been tremendous increase in the penetration and use of cyber-related technology in many aspects of life. New cellular technologies, web-based networks, community ICT access points in the remote parts of the world have ushered in an era when even the most remote parts of the world will be connected through internet connections. This rapid improvement in the usage of cyber-related technology has created major impacts in the society. Notably, developments in technology paved way for the commission of crimes electronically hence the emergence of computer crimes. Computer related crimes such as cyber attacks and virus dissemination are examples of the misuse of ICT development, whereby nowadays criminals use computers as an object. The problem of cybercrimes in Tanzania is, like in many other jurisdictions, increasingly fatal. As computers have developed in the country, so have also criminal offences associated with their use. But the laws in Tanzania have never changed to reflect these dangerous advancements .The existing traditional penal laws such as the Penal Code13 have nothing to do with the increasing cybercrimes yet. These traditional laws were not written with the on-line society with Cyberspace inmind causing the problem of their applicability on cybercrime. It is a common understanding that the information structure in Cyberspace represents values which should be protected, also by criminal law measures. But the provisions in existing traditional criminal laws are still meant to ignore the protection of these 13 [CAP 16 R.E 2002].
6 values and instead they only describe qualified unethical behaviours that the societies have decided to be criminal offences. There is, until now, no specific provision in the penal code which addresses cybercrime as an offence. This situation can be further illustrated by the case of R v. Lloyd,14 The case involved an alleged original copy of film from cinemas overnight so as to produce copies and return the original copy. The issue before the court was whether the elements of theft under the English law at the time which are synonymously with Tanzanian criminal legislation, could be fulfilled under the digital technology. The Court dismissed the charges. The legal environment in Tanzania is still inadequate for cyber security in the country. This is because the existing laws were developed before the development of computer technology. The laws were made to facilitate the traditional paper based business environment. The situation poses a serious challenge to Tanzania to accommodate modern cyber crimes.15 1.4 Objectives of the study 1.4.1 General objective The general objective of the study was to examine critically the legal framework and institutional framework in Tanzania in relation to the increasing rate of cybercrimes. 1.4.2 Specific objectives To examine the extent to which the current legal framework in Tanzania has achieved in fighting against cybercrimes. To examine the factors hindering the fight against cybercrimes in Tanzania To propose suitable legal framework that is responsive to technological changes with a view to reducing problems associated with cybercrimes in Tanzania. 14 [1985] 2 All ER 661. 15 Mambi , A. J. (2010) ICT Law Book, A Sourcebook for Information and Communication Technologies and Cyber Law, Mkuki na Nyota Publishers ,Dar-es-salaam, Tanzania, page 58.
7 1.5 Significance of the study The study helped in identifying challenges that Tanzania faces due to the lack of robust legal and institutional frameworks concerning with cyber developments .Furthermore, the study raised awareness to the mass with issues concerning with cybercrimes .Lastly, the study pointed the way forward for the future reforms of legal framework and institutional framework concerning with cyber developments. 1.6 Hypotheses This research proceeded in the assumption that i. The presence and continuity of cybercrimes is due to the weakness of the current legal framework in Tanzania. ii. The current legal framework in Tanzania has not sufficiently incorporated cyber developments. iii. Poor institutional framework in Tanzania also attributes to the existence of the problem of cybercrimes. iv. There is lack of knowledge among the public concerning the issue of cybercrimes. 1.7 Research methodology This is a systematic way of solving a research problem. It outlined the way in which this research was carried out.16 In view of the research, it needed both primary and secondary methods of data collection. 1.7.1 Sampling selection The structure of the study demanded a carefully targeted sample of judicial members, legal practitioners, governmental and non-governmental institutions, where the conundrum of cybercrime is highly staked to. Random sampling with the advantage of getting unbiased representative group 16 Kothari C.R. (2004), Research Methodology: Methods and Techniques, 2nd Revised Edition, New Age International Publishers, New Delhi, page 25.
8 was impracticable in this study. Therefore, purposive sampling technique, otherwise referred to as a judgment samples, was employed in this study to get information. The purposive samples allow the selection of informants that fits the focus of the study. In this study the researcher selected the sampling unit that was the representative of the population. Since the chance that a particular sampling unit was selected depending on the subjective judgment of the researcher, it did not satisfy the probability chance of being selected. 1.7.2 Unit of inquiry The study conducted at Dar-es-salaam, whereby numbers of people were involved as the unity of inquiry which included 2 Resident Magistrates from Judiciary, 2 Public prosecutors at D.P.P Office, 1 Police Officer, 3 Advocates of the High Court and Courts Subordinate thereto (save primary courts), 2 Information Technology (I.T) Experts, 1 Legal officer from Tanzania Communication Regulatory Authority (TCRA), 1 Legal officer from Law Reform Commission, 2 university students and 2 public citizens. 1.7.3 Research Design This study has employed a case study design, since it was considered by researcher to be a great method for deep studying of the subject. In this regard, the Legal officer from TCRA was selected for interview; office of Law Reform Commission of Tanzania was visited for collecting information. Also a State Attorney from The D.P.P office and Advocates of The High Court of Tanzania were interviewed by the researcher. Furthermore, two IT experts, two students, two public citizens and two Resident magistrates were also interviewed. 1.7.4 Scope and Justification of the study As noted in the introduction part, the gist of this research was to analyse the challenges facing legal and institutional frameworks combating cybercrimes in Tanzania. Large part of this research was conducted in Dar es Salaam region .Dar es Salaam region was chosen because it provided the researcher with an ideal study area due to its duo capacity as one of the main industrial and residential area of Tanzania.
9 If the problem of cybercrime was not addressed, the country could likely be exposed in danger of exploited by cyber criminals. The problem of cybercrimes has worsened. This therefore created the need to carry out research and if no research was carried out, the future of Tanzania‟s development was to be uncertain. Cybercrimes rate could increase as people look for illegal ways of making a living. 1.7.5 Data sources and collection strategies Two types of data used in this work namely, primary and secondary data. 1.7.5.1 Primary Data collection In this part, all books, journals, papers and publications relevant to the study were reviewed from libraries of Mzumbe University and University of Dar-es-salaam. Moreover, the researcher explored various books, articles, journals, and papers with bearing on the research topic available freely over the worldwide web. 1.7.5.2 Secondary Data collection The researcher employed interview and questionnaire methods of data collection while in the field. Selection of the most appropriate method depended on surrounding circumstances of each respondent. 1.7.5.2.1 Interview Since the issue of cybercrime is very sensitive in the country it was vital to conduct interview on that matter, with individuals who have knowledge on legal framework and institutional framework concerning with cyber issues. The number of respondents included the Judiciary members, government officials, advocates and IT experts, students and ordinary citizens. 1.7.5.2.2 Questionnaire Questionnaires were employed in collecting data, in order to compliment the interview method and reach a greater number of respondents. The researcher drafted three different types of questionnaires each specifically designed for a particular
10 group of respondents. Some questionnaires were drafted for Judiciary members, others for various advocates and lawyers, and lastly distributed to ICT experts. 1.7.6 Data Analysis Data analysis is a process of inspecting, cleaning, transforming, and modeling data with the goal of providing useful information, suggesting conclusion and supporting decision making. During this stage all relevant materials including legislation and case law were clearly inspected to ensure that they fit the research criteria. Collected data were analysed qualitatively and the secondary analysis method was also employed for secondary data. The findings of the research were presented and analysed using simple content analysis tools. This kind of analysis took the form of qualitative data analysis methods when analysing data which were in form of words (non-empirical data). In data analysis the researcher did three things which were data reduction, data display and conclusion drawing. 1.8 Limitations of the study In the course of conducting this research, things did not always work ought the way expected. There were ups and downs. Some of the challenges encountered during field work were:- Some of the respondents did not supply the information needed, because they were too busy with their work. Furthermore, some of the judicial officers whom I sent my questionnaires did not reply it. On the aspect of respondents whom did not supply me with the information because they were busy (mostly of them were Honorable Judges of The High Court), information was acquired from other judicial officers (Resident Magistrates) who explained the position of judiciary regarding cybercrimes.
11 1.9 Literature review Adam Mambi (2010) 17 provides an insight of cybercrime in Tanzania, including the challenges that it faces in combating such crimes which includes cyber attacks and virus dissemination. The author observed that the revolution in information technology has changed society fundamentally, and he further ascertained that these technological developments has given rise to unprecedented economic and social changes, but also they have brought a dark side of it as now there are crimes which are committed through that new technology. However, the author failed to give possible measures that should be taken by relevant authorities in the quest to fight against cybercrime. Delloite (2010)18 in their paper had a view that cyber crime is now serious, widespread, aggressive, growing, and increasingly sophisticated, and poses major implications for national and economic security. Many industries and institutions and public- and Private-sector organizations (particularly those within the critical infrastructure) are at significant risk. Furthermore it was contented that relatively few organizations have recognized organized cyber criminal networks, rather than hackers, as their greatest potential cyber security threat; even fewer are prepared to address this threat. They further analyzed that organizations tend to employ security-based, “wall-and- fortress” approaches to address the threat of cybercrime, but this is not enough to mitigate the risk. Lastly, they outlined that organizations should understand how they are viewed by cyber criminals in terms of attack vectors, systems of interest, and process vulnerabilities, so they can better protect themselves from attack. However, the author did not provide a clear indication on which body of laws and institutions should be established so as to combat the problems concerning with cybercrimes. 17 Mambi , A.J. (2010) ICT Law Book, A Sourcebook for Information and Communication Technologies and Cyber Law, Mkuki na Nyota Publishers, Dar-es-salaam, Tanzania, page 117. 18 Delloite, Cybercrime: A clear and Present danger, Combating the fastest growing cyber security threat, CSO Cybersecurity, Watch Survey, 2010.
12 Evans (2008)19 in his paper, explains that ICT as an essential tool for sustainable development has proved to be worth in every sentiment. Because of this, internet usage in Nigeria has grown rapidly resulting in the explosion of Internet Service Providers (ISPs) and internet access points. This influenced socio-economic and educational development in the country. He further commented that ICT has led to tremendous changes in the economy and even the way people live. What is noticeable here is that all these studies were carried out in the Western Africa, whereas results from studies conducted in Nigeria produced a very different set of results from the other parts of the universe. Victor Platt (2012)20 provides that the unpredictability nature of cyber terrorism and espionage, real-time response proves problematic. “Cyber attacks therefore require swift responses…to detect and respond to an attack after it is underway. The literature cites threat management, not outright elimination, as the key to a successful cyber security strategy. “New cyber security approaches must continually be developed, tested and implemented to respond to new threat technologies and strategies.”A good example of threat management was employed during the US bureau of industry attack. However, the author did not elucidate in detail the challenges that country experience in fights against cybercrimes. McConnell (2000) 21 had a view that the growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes. The author further contented that the lack of legal protection against cybercrimes means that businesses and governments must rely solely on technical measures to 19 Evans, O. (2008). ICT and Nigerian Banks Reforms: Analysis of Anticipated Impacts in Selected Banks. Global Journal of Business Research, Vol. 2(2): page 67-76. 20 V.Platt, (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy, International Journal, University of Toronto, page 155. 21 McConnell International, (2000), Cyber Crime…and Punishment? Archaic Laws Threaten Global Information, report by McConnell.
13 protect themselves from those who would steal, deny access to, or destroy valuable information. The problem with this approach is that it tends to create a „self fulfilling prophesy‟ and material drawn from these studies must be treated with a degree of circumspection. David I. Bainbridge (2008) 22 his book shows how it is difficult to fight against cybercrimes if the country does not have a specific statute to deal with electronic transactions. He further gives comparative study of the United Kingdom(U.K), where it was after the enactment of the Computer Misuse Act of 1990 from which cybercrimes were effectively regulated. Prior to that enactment, cybercrimes had increasing effects in the United Kingdom society. In this particular literature, the author‟s assumption based most on developed countries and he did not take into consideration developing countries like Tanzania. Said M. Kalunda (2011) 23 in his article show cybercrime is uncovered in Tanzania. He explores that Tanzania lacks a robust legal regime on cybercrime that is why it is increasingly affected with the cybercriminals‟ activities. From the author arguments, it is clearly visible that the literature are connected with this study since it analyze the common main factor which influences the inflowing of cybercrimes in various parts of the universe. However the author failed to propose the strongest means by which institutions should take in combating cybercrimes. Eve Hawa Sinare (2007) 24 shows the efforts made by the Tanzania legal framework in fighting against cybercrimes. She gives examples of section 40, 76 and 78 of the Evidence Act, which were amended to recognize electronic evidence to be admissible in courts of law. However it is still in doubt as to whether the electronic 22 Bainbridge D, (2008), Introduction to Computer Law, Longman 5th Edition, page 92. 23 Saidi M. Kalunde, (2011), The Status of Cybercrimes in Tanzania, Strasbourg, France, page 5. 24 Eve Hawa Sinare, Electronic Evidence and its Admissibility in Tanzania Courts, World Series Group Publications: 2007, page 23.
14 equipments such as computer or server would be acceptable as evidence under section 40A of the amended Evidence Act, especially where it has been used to store information which is subject to legal proceedings.
15 CHAPTER TWO ANALYSIS ON CONCEPTUAL FRAMEWORK OF CYBERCRIMES 2.1 Introduction In this chapter the researcher shows the general concept of cybercrimes in particular. This chapter focuses on the two areas; it outlines the concept of cybercrimes and some of challenges brought by the development of technology in legal environment of Tanzania. 2.2 Offence of Fraud The Concise Oxford Dictionary25 defines fraud as Criminal deception, use of false representations to gain unjust advantage; dishonest artifice or trick; person or thing not fulfilling expectation or description; deceitfulness. Traditionally, fraud is defined as one person deceiving another person for the purposes of deriving a benefit or gain. In the electronic world, the deception may not involve two persons but rather one person and a computer, or two computers one of which controlled by a person. Regardless of the medium through which the fraudulent activity is perpetrated, for a fraud to occur there must be some form of deceptive or false representation, which results in an unjust gain for either the person perpetrating the fraudulent activity or for a third party. Such gain may not necessarily be a gain in monetary terms, but can include a benefit (e.g., delivery of a service) or the attainment of intellectual property (e.g., ownership of copyright). Unlike traditional fraud where the victim and witness are human beings, in the electronic world the computer systems and on-line transaction systems become the witness. Rather than examining paper-based evidence, in the electronic world the evidence is less tangible and transient in nature. Consequently the need to identify, capture, and preserve potential electronic evidence using computer forensics is of paramount importance. 25 Oxford Advanced Learners Dictionary of Current English, (2010), 7th Edition, Oxford University Press.
16 In terms of computer fraud, the difficulty with this offence is that it requires a deception and this implies that it is an actual person that being deceived, not a machine. In DPP v Ray,26 Lord Morris said, „For a deception to take place there must be some person or persons who will have been deceived‟. If a person gains access, whether with or without permission, to a bank‟s computer system and dishonestly instructs the computer system to transfer money from one account into another, then the person is „deceiving‟ the computer or computer the offence of obtaining property by deception not made out. It would be different if, before the transfer made, a message displayed at someone‟s terminal requesting confirmation of the transfer. In that case, the other person would be subject to the deception as well as the computer and there should then be no difficulty related to the applicability of the offence of obtaining property by deception or any other offence involving deception system: that is, he purports to have the authority to carry out such an act. Even if he has authority to transfer money from one account to another under normal circumstances as an employee would, that authority is nullified by his dishonesty. The main point is that it is the computer that being deceived. Under normal circumstances, no other human being is involved and, therefore, it would seem that the offence of obtaining property by deception not made out. It would be different if, before the transfer made, a message displayed at someone‟s terminal requesting confirmation of the transfer. In that case, the other person would be subject to the deception as well as the computer and there should then be no difficulty related to the applicability of the offence of obtaining property by deception or any other offence involving deception.27 The notion that a machine cannot be deceived is strengthened by the provision of Penal Code ,Cap 16 R.E. 2002, which defines the offences of obtaining services by deception as follows; Section 304 states: 26 [1974] AC 370. 27 Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of Tanzania, page 63.
17 Any person who by means of any fraudulent trick or device obtains from any other person anything capable of being stolen or any other person to or deliver to any person anything capable of being stolen or to pay or deliver to any person anything capable of being stolen or to pay or deliver to any person any money or goods or any greater sum of money or greater quantity of goods than he would have paid or delivered but for such trick or device, is guilty of an offence and is liable to imprisonment for three years. Section 302 of the same Act states: Any person who by any false pretence and with intent to defraud, obtains from any other person anything capable of being stolen or induces any other person to deliver to any person anything capable of being stolen, is guilty of an offence and is liable to imprisonment for seven years. All these definition justify that for offences of deception to occur, is necessary for a person to induce another person. 2.3 Hacking Computer hacking is the accessing of a computer system without the express or implied permission of the owner of that computer system. A person who engages in this activity is known as a computer hacker and may be motivated by the mere thrill of being able to outwit the security systems contained in a computer. A hacker may gain access remotely, using a computer in his own home or office connected to a telecommunications network. Although, the offence of unauthorised access or hacking can be compared to criminal trespassing or with breaking and entering, where no further offence is intended or then committed. However, if the traditional terminologies of those offences are defined, it is obvious that the point of departure will be obtained. For example, Section 299 of the Penal Code,28 defines criminal trespassing as follows; Any person who– (a) Unlawfully enters into or upon property in the possession of another with intent to commit an offence or to intimidate, insult or annoy any person in possession of the property; or 28 [CAP 16 R.E 2002]
18 (b) Having lawfully entered into or upon the property unlawfully remains there with intent thereby to intimidate, insult or annoys the person in possession of the property or with intent to commit an offence, is guilty of criminal trespass. Looking critically at the offence defined above, one would realize that, the offence has included property and instruments as the main ingredients of the offences. Since the signals or electrons have no physical existence, they cannot be interpreted ejusdem generis with terms mentioned in the statute. Ejusdem generis rule is invoked whenever the court wants to ascertain whether the word or phrase has a distinct genus or category with general phrase or words. The specific words or phrases must apply not to different objects of a widely differing character but to something, which can be called a class or kind of objects. This shows how penal provision remained rigid, while the cyber criminals continue to utilize that opportunity to commit offences and evade liabilities. Furthermore, Part VI of Electronic and Postal Communications Act29 , provides penalties for offenses relating to electronic communications. Under, sections 151 to 160 of Electronic and Postal Communications Act it is observed how the legislation has made a number of amendments to the TCRA Act30 and the Fair competition Act31 Some of commonly known cybercrime have been criminalized under the new law, example fraudulent use of electronic services and unauthorized access or use of computer systems. Though the Act has prescribed for such offences, still it did not provide for a clear framework of how such crimes should be combated in the sense of investigation and prosecution which still makes it harder to fight against cybercrimes. 29 [Act No. 3 of 2010]. 30 Act No. 12 of 2003. 31 Act No. 18 of 2009.
19 2.4 The challenges brought by Electronic evidence Tanzania inherited adversarial system of dispute settlement where the court stands as an uninterested party and neutral umpire and the parties prove their allegations by providing evidence to prove the truthfulness of their assertions. Evidence is the means by which facts relevant to the guilt or innocence of an individual at trial are established. Electronic evidence is all such material that exists in electronic, or digital, form. Electronic evidence is central not only to the investigation and prosecution of forms of cybercrime, but increasingly to crime in general. In the today‟s era of rapid growth, information technology is encompassing all occupations all over the world. These technological developments Yet another thing that makes cybercrime more difficult to investigate and prosecute in comparison to most "real world" crimes is the nature of the evidence. The problem with digital evidence is that, after all, it is actually just a collection of ones and zeros represented by magnetization, light pulses, radio signals or other means. This type of information is fragile and can be easily lost or changed.32 Protecting the integrity of evidence and maintaining a clear chain of custody is always important in a criminal case, but the nature of the evidence in a cybercrime case makes that job far more difficult. An investigator can contaminate the evidence simply by examining it, and sophisticated cybercriminals may set up their computers to automatically destroy the evidence when accessed by anyone other than themselves. In cases such as child pornography, it can be difficult to determine or prove that a person downloaded the illegal material knowingly, since someone else can hack into a system and store data on its drive without the user's knowledge or permission if the system isn't adequately secured. 32 Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of Tanzania, page 80.
20 In cases of intrusion or cyber vandalism, the bad guy often erases all logs that show what happened, so that there is no evidence to prove that a crime even occurred, much less where the attack came from. 2.4.1 Authenticity Authentication means satisfying the court that (a) the contents of the record have remained unchanged, (b) that the information in the record does infact originate from its purported source, whether human or machine, and (c) that extraneous information such as the apparent date of the record is accurate. As with paper records, the necessary degree of authentication may be proved through or and circumstantial evidence, if available, or via technological features in the system or the record. Authentication is actually a two-step process, with an initial examination of the evidence to determine that it iswhat its proponent claims and, later, a closer analysis to determine its probative value. In the initial stage, it may be sufficient for an individual who is familiar with the digital evidence to testify to its authenticity.33 For instance, the individual who collected the evidence can confirm that the evidence presented in court is the same as when it was collected. Alternatively, a system administrator can testify that log files presented in court originated from her or his system. In some cases, the defence will cast doubt on more malleable forms of digital evidence, such as logs of online chat sessions. Normally, when information is entered on a computer memory, or an e-mail is sent or an order is placed for goods or services through the internet, the sender is unable to authenticate the information he has sent by way of a signature. It is the same if he speaks with another person on the telephone, leaves a message on that other person‟s voicemail or sends a text message. Even if he uses a password or an 33 Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of Tanzania, page 80.
21 acronym they may not be peculiar to him the way a signature written by him would be. The password or acronym can also be endorsed or used by anybody else who knows them far more easily than a signature can be imitated. A voice on the phone canal so be imitated. In a workplace, any person can enter information into a computer memory, purporting it to be entered by another person. As a result, when customer‟s account records are called up in a bank‟s computer system there is hardly any way of knowing which person made which entry. This makes it difficult to ascertain whether that person was an appropriate officer to make the entry. Even if one of several appropriate officers makes a wrong entry, it may not be traceable to him since he has not signed it, because there is no way he would have done so. Once digital evidence is admitted, its reliability is examined to determine its probative value. For instance, if there is concern that the evidence was tampered with prior to collection, these doubts may reduce the weight assigned to the evidence. In several cases, attorneys have argued that digital evidence was untrustworthy simply because there was a theoretical possibility that it could have been altered or fabricated. However, as judges become more familiar with digital evidence, they are requiring evidence to support claims of untrustworthiness. Even when there is a reasonable doubt regarding the reliability of digital evidence, this does not necessarily make it inadmissible, but will reduce the amount of weight it is given by the court. 2.4.2 Integrity Integrity refers to maintaining accurate and complete data unaltered in an improper or subversive manner. Data integrity concerns data stored, processed or in transit. In the context of databases, data integrity also regards the metadata and the functions used.34 34 Ioana,V, The cybercrime challenge: does the Romanian legislation answer adequately?, Law Review vol. III, issue 2, July-December 2013, pages 42-51.
22 Integrity is another problem of authenticity. It can however be seen as more of an issue of whether or not the information has got distorted or tampered with even after it emanated from a correct source. An audio or visual tape can be edited or tampered with through the introduction or removal of some bits and superimposition of images. Through any such interference, the later form of the contents is fundamentally different from the first or original form. Through hacking of computers, crashing through passwords, and kindred wrongdoings, information stored in computer memories can be altered even without the knowledge of the maker, sender and, or receiver as he case may be. Telefaxes can be intercepted and possibly changed just as text messages can be intercepted, listened in to and even by an unscrupulous operator working for the network provider through which the message was sent. On the other hand, if a letter is sent through post office or through a courier service, it may be only remotely possible, if at all, for it to be tampered with. A hardcopy of a document is generally more difficult to tamper with than an electronic copy.35 2.4.3 Confidentiality Confidentiality is an attribute that concerns computer data that should not be obtained or read without right. Confidentiality is very important when disclosures would significantly harm the victim, for instance the case of trade secrets or personal information (such as medical records, financial records or attorney-client communications). Confidentiality can have several levels of restriction, from restrictions to reading, printing or transmitting data through a computer system, to restrictions regarding even the existence of certain data.36 Confidentiality ensures that only authorized parties‟ access computer related assets. That is, only those who should have access to something will actually get that access. By “access”, we mean not only reading but also viewing, printing, or simply knowing that a particular asset exists. Confidentiality is sometimes called secrecy or privacy. 35 Ibid. 36 Ioana,V, The cybercrime challenge: does the Romanian legislation answer adequately?, Law Review vol. III, issue 2, July-December 2013, pages 42-51.
23 Electronically generated materials hardly enjoy confidentiality since they are legitimately or illegitimately accessible to third parties or undesirable readers or users. Any information posted on the internet or used in what has come to be called e-filing of court processes and e-trial and related procedures, is accessible to many people than the immediate parties and court staff that directly deals with or treat the documents. Although, there is an assumption that the Amendment of Tanzanian‟s Evidence Act, 1967 has provided a room for other legislations to fit in. However, this assumption is not supported by the provision of criminal procedure Act, 1985.For example, section 132 of the criminal procedure Act, Cap 20 R.E.2002, directs offences to be specified in charge with necessary particulars. Section 129 of the same Act (supra) provides for Power of magistrate to reject complaint or formal charge. If one reads, the above provisions with the support of Article 13(6) (c) of the Constitution of the United Republic of Tanzania 37 would realise that our laws have created a serious lacunae, which needs a prompt solution. Article 13(6) (c) of the Constitution reads as follows; No person shall be punished for any act which at the time of its commission was not an offence under the law, and no penalty shall be imposed which is heavier than the penalty in force at the time the offence was committed. Since Constitution is the supreme law of the land any law, which contradicts it must be declared null and void. It is obvious that cyber criminals to evade liabilities can utilize the existing gap very effectively and this should be taken as a serious challenge in our legal system. 2.5 Jurisdictional problems The Black‟s Dictionary38 , gives a comprehensive definition to the term „Jurisdiction‟. It refers to a Government‟s general power to exercise authority over all person‟s and 37 [CAP 2 R.E 2002] 38 The Black‟s Dictionary (8th Ed), Thomson West, Page 867.
24 things within its territory. The term covers within its ambit the authority of a sovereign to act in legislative, executive and judicial character.39 In the legislative character, a state has the power exercisable as a constitutional discretion, to prescribe rules for regulating the conduct of persons. By enforcement jurisdiction is meant the power of a sovereign to effect implementation of its laws. Obviously, it is the power of the courts of a sovereign to hear and adjudicate upon certain matters in dispute is referred to as curial jurisdiction. Therefore, the question of Jurisdiction is significant on implementation of any piece of legislation it its full swing. In Tanzania, both in civil and criminal matters, Jurisdiction and powers of court are described separately in respective legislations. Mostly, it is on the basis of cause of action or offences, occupy on a set of physical or geographic location. But in cyber law, the concept of place of occurrence and cause of action is very broad. Cyberspace is an amorphous space that does not occupy a set physical or geographical location.40 Cyber crimes can take place across various jurisdictions and hence the legal issue of jurisdiction of International Courts and country specific Tanzanian Courts arises. In recent years, use of the Internet has grown at an explosive rate. However, there currently exists no single entity to control the enormous amount of information that is transmitted through it. 2.6 Computer forensic and e-evidence Only a skilled computer forensic investigator should undertake investigation. Otherwise collection of evidence will almost end up in a failure of an investigation and ultimately a failed prosecution. It is also very important for the investigator to understand the level of sophistication of the suspected criminals. They must be considered to be experts in any case and ancillary counter-measures must be adopted to guard against the destruction of any digital evidence. If this is neglected, it may 39 Amit M Sachdeva, International jurisdiction in cyberspace: a comparative perspective, CTLR 2007, 13(8), 245-258, page 246. 40 Ibid.
25 modify the data on the computer. Some computers have automatic wiping programmes in case a new person touches the wrong key on the keyboard. It then becomes time-consuming and expensive to recover such data, if at all possible. The ability of law enforcement to collect and analyse electronic evidence during investigations can be critical to the successful identification and prosecution of perpetrators. The goal of investigation is to uncover and present the truth. This goal is same for all forms of investigation. 2.7 Anonymity and identity Before jurisdiction even comes into play, it's necessary to discover where and who the criminal is before you can think about making an arrest. This is a problem with online crime because there are so many ways to hide one's identity. There are numerous services that will mask a user's IP address by routing traffic through various servers, usually for a fee. This makes it difficult to track down the criminal. In 2009, Eugene Kaspersky41 identified the relative anonymity of Internet users as a key issue that enables cybercrime and proposed Internet "passports" for individuals and problem. People are more likely to engage in offensive and/or illegal behavior online because of the perception of anonymity. However, attempts to better track online identity raise serious issues for privacy advocates and result in political backlash. And end to anonymity on the Internet could have serious consequences in countries where the government punishes dissenters, so even if the technological challenge of identifying every online user could be overcome, many lawmakers would be hesitant to mandate it. Cybercriminals exploit the rights and privileges of a free society, including anonymity, to benefit themselves. 41 Anonymity and identity, http://www.kaspersky.com/about/security_experts. on 24/1/2013
26 2.8 Conclusion Generally, this chapter outlined the conceptual framework on cybercrimes. This chapter largely succeeded in explaining some of concepts connected with cyber offences in Tanzania. Furthermore, this chapter has laid a solid foundation for the next chapter.
27 CHAPTER THREE ANALYSIS OF THE LEGAL AND INSTITUTIONAL FRAMEWORKS COMBATING CYBERCRIMES IN TANZANIA 3.1 Introduction The legal and institutional framework for combating cybercrimes in Tanzania has a long and storied development. Tanzania after embarking onto technological advancement found in it necessary to transform her laws to reflect these changes. Accordingly, Evidence Act was amended and Electronic and Postal Communications Act and TCRA Act were enacted, in order to bring Tanzania‟s laws in line with new and fast growing technological advancements. This chapter examines the legal and institutional framework which aims on combating cybercrimes in Tanzania. 3.2 National Statutes for combating cybercrimes 3.2.1 The Constitution of United Republic of Tanzania, 1977 Cybercrime affects both a virtual and a real body, but the effects upon each are different. This phenomenon can be clearly manifested in the case of identity theft. The cyber criminals do mostly invade the right to privacy of individuals in their way to committing cybercrimes. For example in Identity theft crime, the criminals do steal credit card information which can be used to reconstruct an individual‟s identity. When criminals steal a firm‟s credit card records, they produce two distinct effects. First, they make off with digital information about individuals that is useful in many ways. For example, they might use the credit card information to run up huge bills, forcing the credit card firms to suffer large losses, or they might sell the information to others who can use it in a similar fashion. Second, they might use individual credit card names and numbers to create new identities for other criminals. The United Republic of Tanzania (URT) Constitution of 1977 as amended form time to times embraces the right to privacy, which is a lynchpin in war against cybercrimes as provided under Article 16 (1) as follows, „…Every person is entitled to respect and protection of his person, the privacy of his own person, his family and of his matrimonial life, and respect and protection of his residence and private communications…‟
28 Article 16(2) goes further stipulating that, „…For the purpose of preserving the person‟s right in accordance with this Article, the state authority shall lay down legal procedures regarding the circumstances, manner and extent to which the right to privacy, security of his person, his property and residence may be encroached upon without prejudice to the provisions of this Article…‟ Article 16(1) and (2) of United Republic of Tanzania Constitution of 1977 as amended form time to time provides for right to privacy. Therefore, thought tacitly provided under the Constitution, it can be traced that, cybercrime which tends to infringe individual‟s right to privacy have no place in Tanzania, though there is no clear legislation to prohibit for the same. 3.2.2 The Penal Code [Cap 16 R.E 2002] In Tanzania, the Penal Code is the important legislation which deals with the definitions of penal offenses and sanctions imposed to such offenses. Most part of this legislation reflects on the paper based transactions. Development in the field of Information and Communication Technology has gone beyond what this statute manifested during the time of its enactment. Since the advent of computers, it has also brought about new categories of crime. However, until to date, Penal Code has not conformed itself in recognizing criminal activities done on the internet. For the law to be in line with the technology advancement, it must be able to define the elements which constitute a particular action being considered an offense. For example, The Criminal Procedure Code, under section 132 provides that:- “Every charge or information shall contain, and shall be sufficient if it contains, a statement of the specific offence or offences with which the accused person is charged, together with such particulars as may be necessary for giving reasonable information as to the nature of offence charged” Therefore, the above provisions clearly stipulate that it is not easy for a prosecutor to prepare a charge sheet if the offenses are not defined and adequately addressed under the specific legislations. It is with regard to the stipulation of an offense in a specific
29 legislation which directs prosecutor on assessing any allegation of a crime before filling a case in a court of law. 3.2.3 The Evidence Act Traditional Criminal Procedure law typically contains provisions on the gathering and admissibility of evidence. When it comes to evidence in electronic form, computer data can be altered easily. Thus, the gathering and handling of electronic evidence must guarantee the integrity and authenticity of evidence during the entire period between its seizure and its use in trial. The recognition of electronic evidence in Tanzania can be traced back in the decision pronounced by Nsekela, J in the case of Trust Bank Tanzania Ltd v. Le Marsh Enterprises and Others,42 were he stated that due to the technological advancements, computer printouts should be regarded as original documents for the purpose of evidence. Therefore, in 2007, through the Written Laws (Miscellaneous Amendments) Act,43 and the Evidence Act44 , did have minor reforms which inter alia incorporated the admissibility of electronic evidence. However, such amendments of the law of evidence still have not eliminated issues of authenticity and integrity of new sources of evidence. Furthermore, the amendments did not incorporate the reforms on the Criminal Procedure Act45 to guide the handling of electronic evidence by the prosecutors. 3.2.4 Electronic and Postal Communication Act, No.12 of 2010 In 2010, there was enactment of The Electronic and Postal Communication Act (EPOCA),46 which inter alia had been enacted with a view to keep abreast with developments in electronic communications industry, to provide for a comprehensive regulatory regime for electronic communications and postal licensees and to regulate 42 High Court of Tanzania (Commercial Division) at Dar es Salaam, Commercial Case No. 4 0f 2004. 43 Act No. 15 of 2007. 44 [CAP 6 R.E 2002]. 45 [CAP 20 R.E 2002]. 46 Act, No.12 of 2010.
30 competitions and practices, to provide for offences relating to electronic communications and postal communications. As this paper is dealing with cybercrimes, this Act has not pointed however, that it was the right to privacy which was being protected but it can be seen that, said provisions are not protecting the privacy right or unwarranted disclosure but rather creating an autonomy to the relevant authority as the sole individuals who are capable of handling the information obtained by the way of interception. Section 120 (a-c)47 of the said Act provides for the penalty of offences relating to interception, which are intercepting, attempting to intercept or procures another person to intercept, it also speaks of an offence by authorized. Generally, EPOCA cannot be said to provide for a necessary safeguard for the public against cybercrimes, it merely gives unlimited authority to investigative authority to obtain sensitive information under a mere suspicion of crime and also it has prescribed some acts o be as crime. However, It is not imposing a mandatory requirement of a warranty, and the exhaustive list of the incidents in which requirement for disclosure ensure that cyber criminals are severely punished by the courts of justice. 3.3 National Policy 3.3.1 Information and Communication Technology Policy of 2003 Tanzania published its first ICT Policy in 2003 which is more than 10 years old. This policy is not updated to reflect new challenges brought by cyber security challenges. Tanzania government initiative which is yet to be implemented is to have the ICT policy updated to reflect current cyber security challenges.48 Therefore, currently there is no cyber security strategy for combating cybercrimes which makes our cyber space on more risk to be attacked. For example following incident on November 2012,49 there was no team which was prepared to fight against cyber threat such as 47 Act No.3 of 2010. 48 Cyber security challenges, http://allafrica.com/stories/201211260091.html, 13/01/2014. 49 Saidi M Kalunde, (2011) The Status of Cybercrimes in Tanzania, Strasbourg, France, page 5.
31 Computer Emergency Response Team (CERT) which is used by other countries to fight against such incidents. Though there have been some private and individual initiatives related to fight against cyber threat, but such initiatives are not adequate to fight against cyber security threats. 3.4 Regional Legal framework for combating cybercrimes 3.4.1 Draft African Union convention on the establishment of a legal framework conducive to cyber security in Africa, 2012 The Draft Convention gives effect to a Resolution of the last session of the Assembly of Heads of State and Government of the African Union, and seeks to harmonize African cyber legislations on electronic commerce organization, personal data protection, cyber security promotion and cyber crime control. In pursuance of the principles of the African Information Society Initiative (AISI) and the African Regional Action Plan for the Knowledge Economy (ARAPKE), the Draft Convention is intended not only to define the objectives and broad orientations for the Information Society in Africa, but also to strengthen existing legislations in Member States and the Regional Economic Communities (RECs) on the Information and Communication Technologies. It defines the security rules essential to establishing a credible digital space in response to the major security related obstacles to the development of digital transactions in Africa. It lays the foundation for an African Union-wide cyber ethics and enunciates fundamental principles in the key areas of cyber security. It also defines the basis for electronic commerce, puts in place a mechanism for combating intrusions into private life likely to be generated by the gathering, processing, transmission, storage and use of personal data and sets broad guidelines for incrimination and repression of cyber crime. Its adoption would capitalize African and international experiences in cyber legislations and speed up relevant reforms in African States and the RECs.
32 3.5 International Legal framework for combating cybercrimes 3.5.1 UN Convention on the Rights of the Child The United Nations Convention on the Rights of the Child, adopted in 1989 contains several instruments aiming to protect children. It does not define child pornography, nor does it contain provisions that harmonize the criminalization of the distribution of online child pornography. However, Article 34 calls upon Member States to prevent the exploitative use of children in pornographic performances. 3.5.2 Council of Europe’s Convention on Cybercrime Currently, the leading international convention on cybercrime is the Council of Europe‟s Convention on cybercrime, which was signed in Budapest in 2001 and entered into force in 2004. The Council of Europe, which is not an organ of the European Union, was founded in 1949 to promote human rights, democracy and the rule of law in Europe. As at December 2009, the Convention was drafted under the aegis of the Council of Europe, it is open to signature by non-members. Four non- members participated in the negotiations of the treaty and signed it (the United States, Canada, Japan and South Africa), and one non-member has ratified it (the United States) The Convention is not, therefore, strictly a regional agreement. Yet the fact that it has only been ratified by one non-European state suggests that it cannot at present be described as a global convention. The convention lists a number of crimes which signatories are required to implement in their domestic law, including hacking, child pornography offenses, and certain offenses related to intellectual property violations. It also sets out a number of procedural mechanisms which signatories must put in place, including granting the power to law enforcement authorities to compel Internet Service Providers to monitor a person‟s online activities. Chapter III of the Convention calls upon signatories to cooperate to the widest extent possible in the investigation and prosecution of cybercrimes offenses.
33 3.6 National Institutions combating cybercrimes in Tanzania 3.6.1 The Police Force The subject of criminal investigation is nothing but crime. In Tanzania, the police force derives their powers to investigate crimes from statute. The principal statute in this regard is the Police and Auxiliary Forces Act50 , which sets out police powers and functions in their generality but at times in considerable details. Police have such powers to require the attendance of witnesses before them, to interview, or to interrogate witnesses, to such premises and persons. Such and similar powers are in essence aimed at facilitating the process of investigation. In Tanzania, there is Police force-cybercrimes unity, which deals with investigation of cyber related crimes occurring all over the country. This unit tries to investigate the allegations before filing their reports to relevant prosecution agencies which in this context is the D.P.P department.51 3.6.2 The Judiciary The powers of the judiciary are conferred under the Constitution of United Republic of Tanzania and other statutory provisions. Under Article 108 and 117 of the Constitution of United Republic of Tanzania, the judiciary is specifically vested with judicial powers as the sole organ entrusted with the duty to interpreting statutory laws of the land and adjudicating over disputes that may arise. The decisions of the judiciary have sometimes lead to legal changes through amendments, repeal, and the enactment of new laws. By using these powers conferred to it by Constitution, the judiciary, through the commercial court, has played a pivotal role in the legal changes dealing with the admissibility of electronic evidence in Tanzania. 3.6.3 The Director of Public Prosecutions (D.P.P) Office The D.P.P department in Tanzania includes Fraud, Corruption and Cyber Crime Section. This section performs the following activities, Review and propose policies, laws, regulations, guidelines and standards on the management of fraud, corruption 50 [CAP 322 R.E 2002]. 51 Saidi M. Kalunde , (2011) The Status of Cybercrimes in Tanzania, Strasbourg, France, pages 3-4.
34 and cybercrime, Coordinate and provide guidance to all law enforcement agencies in fraud, corruption, cybercrime and other related offences, Prepare charges, miscellaneous applications and other related documents, Supervise corruption cases handled by other anti-corruption and fraud bodies, Cooperate and liaise with Government Good Governance entities and review relevant files from investigative organs, Review relevant files from investigative organs. From that analysis, it can be ascertained that, one of the functions vested to the D.P.P department can be seen that the prosecution and investigation of cybercrimes are also conferred among the tasks needed to be accomplished with the department. 3.6.4 Tanzania Communication Regulatory Authority (T.C.R.A) Tanzania Communication Regulatory Authority is a regulatory body established under the TCRA Act.52 The body has the responsibility of regulating the electronic communications, postal and broadcasting sectors in Tanzania. This authority merged the functions and powers of both Tanzania Communications Commission and the Tanzania Broadcasting Commission. It has the role of issuing regulations so as to administer the communication sector effectively, still yet it does not have a firm grip on matters relating to cyber offences which has been one of the challenges of the authority. 3.7 Regional institutional framework for combating cybercrimes 3.7.1 African Union (A.U) Cyber security has many dimensions and people ultimately expect cyberspace systems to function in a trustworthy environment despite many potential threats. Different ways of thinking about cyber security entails liability laws coupled with new directions in education, training and operational practice.53 52 Act No.12 of 2003. 53 Yael Onn., (2005) “Privacy in the Digital Environment”, Haifa Center of Law & Technology, pp. 1- 12.
35 Successfully combating cyber crime and protecting information infrastructures will also require international cooperation to promote the exchange of experience, identification and application of compatible norms and standards. As Member States of the African Union increase access to broadband Internet, cyber crimes are leaping to new heights making it only rational to act now rather than later. Being wired to the rest of the world means we are now within the perimeter of cyber crime, making the continent‟s information systems more vulnerable than ever before. 54 Providing penal protection to the system of values of the information society is a necessity essentially made manifest in the need for appropriate legislation to combat cyber crime. The Extra-Ordinary Conference of African Union Ministers in charge of Communication and Information Technologies meeting in Johannesburg, South Africa from 2-5 November, 2009 requested the African Union Commission to develop jointly with the United Nations Economic Commission for Africa, a convention on cyber legislation based on the Continent‟s needs and which adheres to the legal and regulatory requirements on electronic transactions, cyber security, and personal data protection.55 3.7.2 The Economic Community of West African States (ECOWAS) The Economic Community of West African States is a regional group of West African Countries founded in 1975 it has fifteen member states. In 2009, ECOWAS adopted the Directive on Fighting Cybercrime in ECOWAS that provides a legal framework for the member states, which includes substantive criminal law as well as procedural law. 54 Cybercrime in Africa http://pages.au.int/infosoc/pages/cyber-security On 2 January 2014 55 http://pages.au.int/infosoc/pages/cyber-security on 02/03/2014.
36 3.7.3 East African Community The member states of EAC are also coordinating efforts to harmonize and pass cybercrime laws that would be effective throughout Tanzania, Kenya, Uganda, Rwanda and Burundi. A common information security policy on cybercrime formulated by East African countries will serve as benchmark for new laws.56 A draft framework was submitted to EAC in December 2008 and all member states agreed to have cyber laws in place by 2010.In June 2009, a meeting was held by task force to review the progress made in developing national cyber laws, in line with the EAC cyber laws framework. East African governments are demonstrating increased awareness of cyber security issues, but existing capability to deter, monitor or pursue cyber security is relatively low. 3.8 International Institutional combating cybercrimes The last decade has seen significant development in the promulgation of international and regional instruments aimed at countering cybercrime. The genesis, legal status, geographic scope, substantive focus and mechanisms of such instruments vary significantly. 3.8.1 The G8 The Group of Eight (G8) countries consist of eight members, which are Canada, France, Germany, Italy, Japan United Kingdom, United States and the Russian Federation. These groups of countries represent more than sixty percent of the world economy. In 1997, during their meeting in United States, the G8 Justice and Home Affairs Ministers adopted ten principles and a Ten-Point Action Plan to fight high- tech crimes. The Heads of the G8 subsequently endorsed these principles, which include the followings:- There must be no safe havens for those who abuse information technologies 56 Yael Onn., (2005) “Privacy in the Digital Environment”, Haifa Center of Law & Technology, page 5
37 Investigation and prosecution of international high-tech crimes must be coordinated among all concerned states, regardless of where harm has occurred. Law – enforcement personnel must be trained and equipped to address high- tech crimes. In 1999, The G8 specified their plans regarding the fight against high-tech crimes at a Ministerial Conference on Combating Transnational Organized Crimes in Moscow, Russia Federation. They expressed their concern about crimes (such as child Pornography), as well traceability of transactions and transborder access to stored data. Their communiqué contains a number of principles, in the fight against cybercrime that are today found in number of international strategies.57 All in all, the G8 agreed to general principles such as the importance of security and protection from crimes that underpin a strong and flourishing internet.58 The G8 wants to see all member countries adopt similar laws on cyber-crime and to persuade other countries to adopt co-operative anti-cyber-crime laws. They also want to improve cross border communication and co-operation in order to speed up the extradition of suspected computer criminals and improve the gathering of forensic computer evidence.59 The policies adopted by The G8 are very crucial and they are vital to be adopted by any nation needs to fight against cybercrimes, however G8 much based on formulating such policies in relation to developed countries and leave developing countries such as Tanzania in limbo on how to combat cybercrimes. 57 UNODC (2013) Comprehensive Study on Cybercrimes, New York. 58 Ibid. 59 http://www.zdnet.com/g8-nations-team-up-to-fight-cyber-crime-3002079018, 05/03/2014.
38 3.8.2 The United Nations The advent of new internet technology has resulted in the corresponding advent of both new forms of crime, and new ways to commit old forms of crime. For instance phenomena such as phishing, farming and the diffusion of viruses and worms were completely non-existent before the arrival of the internet, while long existing crimes such as fraud, theft and even terrorism can now all be committed in new ways in cyber world.60 The United Nations has undertaken several important approaches to address the challenge of cybercrimes. While in the beginning its responses was limited to general guidelines, the organization has in recent times dealt more intensively with the challenges and legal response. The United Nations is working on the field of cybercrime to achieve a better understanding of the phenomenon, in order to formulate ad hoc prevention policies, develop security methodologies and techniques, and strengthen the capacities of the actors involved in investigating and prosecuting cybercrimes.61 The United Nations agrees that cyber security is a global issue that can only be solved through global partnership. And it is positioned to bring its strategic and analytic capabilities to address these issues. 3.8.3 The International Telecommunication Union (ITU) The International Telecommunication Union (ITU) as a specialized agency within the United Nations plays a leading role in the standardization and development of telecommunications and cyber security issues. A fundamental role of ITU, following the World Summit in Information Society (WSIS) and the 2010 ITU Plenipotentiary Conference, is to build confidence and security in the use of information and telecommunication technologies. At World 60 Platt,V (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy, International Journal, University of Toronto. 61 Cyber Threats worldwide, http://www.unicri.it/special_topics/cyber_threats/cyber_crime, 13/01/2014.
39 Summit in Information Society, Heads of states and World leaders entrusted ITU to take the lead in coordinating international efforts in the field of cyber security.62 As a result of the summit, the Global Cyber security Agenda (GCA), a framework for international cooperation, was launched for the sake of enhancing confidence and security in the information society. Hence the role of ITU is to seek consensus on a framework for international cooperation in cyber security, in order to reach for a common understanding of cyber security threats among countries at all stages of economic development, that includes developing and putting into action solutions aimed at addressing the global challenges to cyber security and cybercrimes. 3.8.4 The Commonwealth of Nations In 2002, the Commonwealth of Nations presented a model law on cybercrime that provides a legal framework to harmonise legislation within the Commonwealth and enable international cooperation. The model law was intentionally drafted in accordance with the Convention on Cybercrime. The Commonwealth of Nations took a direct and timely action in the harmonizing laws of its member states. In October 2002, the commonwealth secretariat prepared the “model law on computer and computer related crime”. Within the commonwealth‟s 53 member countries, the “model law” has had a wide influence on domestic legislation. Through this model law, the convention on cybercrime has become one of the legislative choices in substantive criminal law, covering the offences of illegal access, interfering with data, interfering with computer systems, and illegal interception of data, illegal data, and child pornography. Compared with the convention on cybercrime, the model law expanded criminal liability to include reckless liability- for the offences of interfering with data, interfering with computer systems, and using illegal devices. The model law also covered the problem of dual criminality by stating that the act applied to an act done or an omission made by a national of a state outside its territory, if the person‟s conduct would also constitute 62 Platt,V (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy, International Journal, University of Toronto.
40 an offence under a law of the country where the offence was committed. This may lead to prosecution or extradition based on dual criminality, but not extradition as it is provided in the convention on cybercrime. Some of the member countries of the Commonwealth have made efforts to draft domestic law according to the model law, such as Bahamas and St. Lucia. In Barbados, Belize, and Guyana, the model law is considered as a guide to the enactment of similar legislation. However, in many other countries of the Commonwealth, there is still no special legislation for cybercrime. Besides impelling legislation within the forum, another focus of the Commonwealth is on mutual assistance in law enforcement between Commonwealth member states and between Commonwealth member states and non-commonwealth States. In the 2005 meeting of Commonwealth law ministers and senior officials, the expert working group proposed 10 recommendations for member states to adopt suitable measures for improving domestic law enforcement and trans-national assistance. In addition, they encouraged member states to sign, ratify, accede to and implement the convention on cybercrime as a basis for mutual legal assistance between Commonwealth member states and non-commonwealth states. 3.8.5 Organisation for Economic Co-operation and Development (OECD) The Organisation for Economic Co-operation and Development is an international economic organisation of 34 countries founded in 1961 to stimulate economic progress and world trade. In 1990, the Information, Computer and Communications Policy (ICCP) Committee created an Expert Group to develop a set of guidelines for information security that was drafted until 1992 and then adopted by the OECD Council. In 2002, OECD announced the completion of "Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security".
41 3.8.6 International Criminal Police Organization (Interpol) Founded in 1923 and located in Lyon, France since 1989, Interpol is an important link among law enforcement organizations globally. Interpol has 178 member countries and maintains close working relationships. Interpol is committed to becoming a global coordination body on the detection and prevention of digital crimes through its Interpol Global Complex for Innovation (IGCI), currently being constructed in Singapore. A key component of this new cutting-edge research and development facility is the Interpol Digital Crime Centre. This new centre provides proactive research into new areas and latest training techniques, and coordinates operations in the field. It has succeeded in the initiatives concerning cybercrime by putting focus on Harmonization, Capacity building, Operational and forensic support.63 63 International Criminal Police Organization http://www.interpol.int/Crime- areas/Cybercrime/Cybercrime 21/1/2014.
42 CHAPTER FOUR RESEARCH FINDINGS AND DATA ANALYSIS 4.1 Introduction The term “effectiveness” is defined as the degree to which objectives achieved or the extent to which targeted problems are solved64 . In this chapter, all factors currently preventing effective legal and institutional frameworks to combat cybercrimes are substantiated. Therefore, findings of this research mostly focus on all factors currently hampering effective legal and institutional frameworks to combat cybercrimes in Tanzania. 4.2 Discussion of findings 4.2.1 Analysis of data collected from magistrates In this aspect, 2 magistrates were interviewed, the first question imposed to them was what that how computer related cases brought before the court are solved? On that aspect question directed to them. The first resident magistrate who is equal to 50% told the research that computer related cases (cybercrimes) are quite hard to be entertained by the court of law because of the nature of offences themselves. He continued to say that, one of the biggest problem is to ascertained the jurisdiction of that governs cybercrime, and the particular law which govern such type of offences as the status are clear on that aspect. Another resident magistrates Magistrate represents 50% of the respondent when answering that question, he said that the laws in existence currently are not adequate to apply in the matter concerning cybercrimes. He pointed out statutes like penal code and the evidence Act, to be more traditional to deal with offences hence they are not in conformity with crimes committed using new technology. The second question was on which statutes should be amended or enacted in order to combat cybercrime? 64 Oxford Advanced Learners Dictionary of Current English, (2010), 7th Edition, Oxford University Press.
43 When responding to this question, the first respondent magistrates said as follow and I quote “Sheria muhimu za kubadilishwa ni ile ya makosa ya jinai pamoja na sheria ya ushahidi” From the above extract, the respondent was of the view that Penal Code and Evidence Act should be amended so as to incorporate current changes in technology which will allow the prosecution of cybercrime. The second respondent when answering this question said that not only the amendment of Penal Code and The Evidence Act is needed. There is a huge ask for the government to enact a special legislation with main purpose to combat cybercrime only, for example Cybercrime Act of United Kingdom .From the above data analysis it is sufficient to say that legal framework is one of hindrances in the fight against cybercrime in Tanzania. 4.2.2 Analysis of Data collected from Public Prosecutors and Police Officer In this category, 2 State Attorneys (Public Prosecutors) from the office of Director of Public Prosecution (D.P.P) and 1 police officer were interviewed The first question imposed to this category of respondents was, what been the efforts taken by the Director of Public prosecution (D.P.P) office and Tanzania police force, toward the threats received from cybercrime The two state attorneys who represents 66.6% of the respondent said that, the office of DPP has cybercrime section which in one way or another provide guidance to all law enforcement agencies is cybercrimes and conducting prosecution and investigation on matter cybercrime. However they said that there is hardship in preparing charge sheets on those particular offences, since the law is silent on them. The police officer who is equal to 33.3% of the respondent respond to the above question by saying that the police force cybercrimes unity is there to deal with the
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES
CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES

Recommandé

Objectives of it act 2000
Objectives of it act 2000Objectives of it act 2000
Objectives of it act 2000Amlin David
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crimeIshitaSrivastava21
 
Jurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceJurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceatuljaybhaye
 
Internet Jurisdiction: Who controls the Internet?
Internet Jurisdiction: Who controls the Internet?Internet Jurisdiction: Who controls the Internet?
Internet Jurisdiction: Who controls the Internet?CubReporters.org
 
Money Recovery legal notice format.pdf
Money Recovery legal notice format.pdfMoney Recovery legal notice format.pdf
Money Recovery legal notice format.pdfyashikavarshney7
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
Interpretation of Penal Statutes
Interpretation of Penal StatutesInterpretation of Penal Statutes
Interpretation of Penal StatutesAMITY UNIVERSITY RAJASTHAN
 
Cyberspace jurisdiction meaning and concept
Cyberspace jurisdiction meaning and conceptCyberspace jurisdiction meaning and concept
Cyberspace jurisdiction meaning and conceptgagan deep
 

Recommandé

Objectives of it act 2000
Objectives of it act 2000Objectives of it act 2000
Objectives of it act 2000Amlin David
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crimeIshitaSrivastava21
 
Jurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceJurisdiction issues in cyberspace
Jurisdiction issues in cyberspaceatuljaybhaye
 
Internet Jurisdiction: Who controls the Internet?
Internet Jurisdiction: Who controls the Internet?Internet Jurisdiction: Who controls the Internet?
Internet Jurisdiction: Who controls the Internet?CubReporters.org
 
Money Recovery legal notice format.pdf
Money Recovery legal notice format.pdfMoney Recovery legal notice format.pdf
Money Recovery legal notice format.pdfyashikavarshney7
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
Interpretation of Penal Statutes
Interpretation of Penal StatutesInterpretation of Penal Statutes
Interpretation of Penal StatutesAMITY UNIVERSITY RAJASTHAN
 
Cyberspace jurisdiction meaning and concept
Cyberspace jurisdiction meaning and conceptCyberspace jurisdiction meaning and concept
Cyberspace jurisdiction meaning and conceptgagan deep
 
Investigation of a cyber crime
Investigation of a cyber crimeInvestigation of a cyber crime
Investigation of a cyber crimeatuljaybhaye
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAM
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAMCIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAM
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAMawasalam
 
Internship diary by ronak
Internship diary by ronakInternship diary by ronak
Internship diary by ronakRonak Karanpuria
 
Information technology act
Information technology actInformation technology act
Information technology actAKSHAY KHATRI
 
Penology
PenologyPenology
Penologyezzeldin bassyouni
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidenceTalwant Singh
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)Ms. Parasmani Jangid
 
INTERNATIONAL SECURITY MEASURES IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES IN CYBERSPACEINTERNATIONAL SECURITY MEASURES IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES IN CYBERSPACEDirectorate of Information Security | Ditjen Aptika
 
Jurisdiction in cyberspace
Jurisdiction in cyberspaceJurisdiction in cyberspace
Jurisdiction in cyberspaceDr. Arun Verma
 
Partition material final
Partition material final Partition material final
Partition material final awasalam
 
Presumption as to documents
Presumption as to documentsPresumption as to documents
Presumption as to documentsAdv Sanjeev Saurav
 
American Convention on Human Rights.pdf
American Convention on Human Rights.pdfAmerican Convention on Human Rights.pdf
American Convention on Human Rights.pdfASHUTOSHKUMARPANDEY40
 
It Amendments Act
It Amendments ActIt Amendments Act
It Amendments Actanthony4web
 
Confession an analysis
Confession an analysisConfession an analysis
Confession an analysisgururaj lulkarni
 
Cyber appellate tribunal
Cyber appellate tribunalCyber appellate tribunal
Cyber appellate tribunalAnkita Sharma
 
Electronic evidence digital evidence in india
Electronic evidence digital evidence in indiaElectronic evidence digital evidence in india
Electronic evidence digital evidence in indiaAdv Prashant Mali
 
Inchoate offense
Inchoate offenseInchoate offense
Inchoate offenseKathmandu University School of Law
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protectionatuljaybhaye
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 
Research report by Tunu
Research report by TunuResearch report by Tunu
Research report by TunuTunukiwa Kavana
 
THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...
THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...
THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...Christopher Masai
 

Contenu connexe

Tendances

Investigation of a cyber crime
Investigation of a cyber crimeInvestigation of a cyber crime
Investigation of a cyber crimeatuljaybhaye
 
Digital signatures
Digital signaturesDigital signatures
Digital signaturesatuljaybhaye
 
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAM
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAMCIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAM
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAMawasalam
 
Information technology act
Information technology actInformation technology act
Information technology actAKSHAY KHATRI
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)Ms. Parasmani Jangid
 
Jurisdiction in cyberspace
Jurisdiction in cyberspaceJurisdiction in cyberspace
Jurisdiction in cyberspaceDr. Arun Verma
 
Partition material final
Partition material final Partition material final
Partition material final awasalam
 
American Convention on Human Rights.pdf
American Convention on Human Rights.pdfAmerican Convention on Human Rights.pdf
American Convention on Human Rights.pdfASHUTOSHKUMARPANDEY40
 
It Amendments Act
It Amendments ActIt Amendments Act
It Amendments Actanthony4web
 
Cyber appellate tribunal
Cyber appellate tribunalCyber appellate tribunal
Cyber appellate tribunalAnkita Sharma
 
Electronic evidence digital evidence in india
Electronic evidence digital evidence in indiaElectronic evidence digital evidence in india
Electronic evidence digital evidence in indiaAdv Prashant Mali
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protectionatuljaybhaye
 
Electronic signature
Electronic signatureElectronic signature
Electronic signatureMelwin Mathew
 

Tendances (20)

Investigation of a cyber crime
Investigation of a cyber crimeInvestigation of a cyber crime
Investigation of a cyber crime
 
Digital signatures
Digital signaturesDigital signatures
Digital signatures
 
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAM
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAMCIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAM
CIVIL PROCEDURE - A POWER POINT PRESENTATION- BY A W A SALAM
 
Internship diary by ronak
Internship diary by ronakInternship diary by ronak
Internship diary by ronak
 
Information technology act
Information technology actInformation technology act
Information technology act
 
Penology
PenologyPenology
Penology
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidence
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)
 
INTERNATIONAL SECURITY MEASURES IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES IN CYBERSPACEINTERNATIONAL SECURITY MEASURES IN CYBERSPACE
INTERNATIONAL SECURITY MEASURES IN CYBERSPACE
 
Jurisdiction in cyberspace
Jurisdiction in cyberspaceJurisdiction in cyberspace
Jurisdiction in cyberspace
 
Partition material final
Partition material final Partition material final
Partition material final
 
Presumption as to documents
Presumption as to documentsPresumption as to documents
Presumption as to documents
 
American Convention on Human Rights.pdf
American Convention on Human Rights.pdfAmerican Convention on Human Rights.pdf
American Convention on Human Rights.pdf
 
It Amendments Act
It Amendments ActIt Amendments Act
It Amendments Act
 
Confession an analysis
Confession an analysisConfession an analysis
Confession an analysis
 
Cyber appellate tribunal
Cyber appellate tribunalCyber appellate tribunal
Cyber appellate tribunal
 
Electronic evidence digital evidence in india
Electronic evidence digital evidence in indiaElectronic evidence digital evidence in india
Electronic evidence digital evidence in india
 
Inchoate offense
Inchoate offenseInchoate offense
Inchoate offense
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protection
 
Electronic signature
Electronic signatureElectronic signature
Electronic signature
 

En vedette

THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...
THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...
THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...Christopher Masai
 
Cyber law In India: its need & importance
Cyber law In India: its need & importanceCyber law In India: its need & importance
Cyber law In India: its need & importanceAditya Shukla
 
Electronic Contracting in Tanzania (Presentation)
Electronic Contracting in Tanzania (Presentation)Electronic Contracting in Tanzania (Presentation)
Electronic Contracting in Tanzania (Presentation)Linda Kamuzora
 
Cybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsCybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsJacqueline Fick
 
Cyber Crime Multi-State Information Sharing and Analysis Center
Cyber Crime Multi-State Information Sharing and Analysis CenterCyber Crime Multi-State Information Sharing and Analysis Center
Cyber Crime Multi-State Information Sharing and Analysis Center- Mark - Fullbright
 
Crime Analysis based on Historical and Transportation Data
Crime Analysis based on Historical and Transportation DataCrime Analysis based on Historical and Transportation Data
Crime Analysis based on Historical and Transportation DataValerii Klymchuk
 
Conventions of gangster thriller genre
Conventions of gangster thriller genreConventions of gangster thriller genre
Conventions of gangster thriller genredavidsampson9
 
Dominguez n redaccion(1)
Dominguez n redaccion(1)Dominguez n redaccion(1)
Dominguez n redaccion(1)Nerea Dominguez
 
New Member Orientation call from MPI in Europe
New Member Orientation call from MPI in EuropeNew Member Orientation call from MPI in Europe
New Member Orientation call from MPI in EuropeFederico Toja
 
Manuale rwx62
Manuale rwx62Manuale rwx62
Manuale rwx62Rui Silva
 
Gorman Heritage Farm Winter 2012 Newsletter
Gorman Heritage Farm Winter 2012 NewsletterGorman Heritage Farm Winter 2012 Newsletter
Gorman Heritage Farm Winter 2012 NewsletterGorman Heritage Farm
 
PeerAir Pro Brochure 2016 Final email
PeerAir Pro Brochure 2016 Final emailPeerAir Pro Brochure 2016 Final email
PeerAir Pro Brochure 2016 Final emailEmily Fox
 
Sample from new_sp_1_tg (1)
Sample from new_sp_1_tg (1)Sample from new_sp_1_tg (1)
Sample from new_sp_1_tg (1)Blaine Ray
 
Master proteccion civil planes autoproteccion
Master proteccion civil planes autoproteccionMaster proteccion civil planes autoproteccion
Master proteccion civil planes autoproteccionEuroinnova Formación
 

En vedette (20)

Research report by Tunu
Research report by TunuResearch report by Tunu
Research report by Tunu
 
THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...
THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...
THE ELECTRONIC BANKING INDUSTRY IN TANZANIA_STRENGTHS AND WEAKNESSES OF THE L...
 
Cyber law In India: its need & importance
Cyber law In India: its need & importanceCyber law In India: its need & importance
Cyber law In India: its need & importance
 
Electronic Contracting in Tanzania (Presentation)
Electronic Contracting in Tanzania (Presentation)Electronic Contracting in Tanzania (Presentation)
Electronic Contracting in Tanzania (Presentation)
 
Cybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnershipsCybercrime In South Africa and the benefits of public private partnerships
Cybercrime In South Africa and the benefits of public private partnerships
 
Cyber Crime Multi-State Information Sharing and Analysis Center
Cyber Crime Multi-State Information Sharing and Analysis CenterCyber Crime Multi-State Information Sharing and Analysis Center
Cyber Crime Multi-State Information Sharing and Analysis Center
 
Crime Analysis based on Historical and Transportation Data
Crime Analysis based on Historical and Transportation DataCrime Analysis based on Historical and Transportation Data
Crime Analysis based on Historical and Transportation Data
 
Conventions of gangster thriller genre
Conventions of gangster thriller genreConventions of gangster thriller genre
Conventions of gangster thriller genre
 
Afm 2005
Afm 2005Afm 2005
Afm 2005
 
Dominguez n redaccion(1)
Dominguez n redaccion(1)Dominguez n redaccion(1)
Dominguez n redaccion(1)
 
Hispanidad
HispanidadHispanidad
Hispanidad
 
In Balance ADR Group slide deck update biz trax
In Balance ADR Group slide deck update biz traxIn Balance ADR Group slide deck update biz trax
In Balance ADR Group slide deck update biz trax
 
New Member Orientation call from MPI in Europe
New Member Orientation call from MPI in EuropeNew Member Orientation call from MPI in Europe
New Member Orientation call from MPI in Europe
 
Manuale rwx62
Manuale rwx62Manuale rwx62
Manuale rwx62
 
Gorman Heritage Farm Winter 2012 Newsletter
Gorman Heritage Farm Winter 2012 NewsletterGorman Heritage Farm Winter 2012 Newsletter
Gorman Heritage Farm Winter 2012 Newsletter
 
Quino feliz año nuevo
Quino feliz año nuevoQuino feliz año nuevo
Quino feliz año nuevo
 
PeerAir Pro Brochure 2016 Final email
PeerAir Pro Brochure 2016 Final emailPeerAir Pro Brochure 2016 Final email
PeerAir Pro Brochure 2016 Final email
 
Sample from new_sp_1_tg (1)
Sample from new_sp_1_tg (1)Sample from new_sp_1_tg (1)
Sample from new_sp_1_tg (1)
 
SBO Vietnam
SBO VietnamSBO Vietnam
SBO Vietnam
 
Master proteccion civil planes autoproteccion
Master proteccion civil planes autoproteccionMaster proteccion civil planes autoproteccion
Master proteccion civil planes autoproteccion
 

Similaire à CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES

CTO Cyber Security Conference Key Note Address by UK Security Minister
CTO Cyber Security Conference Key Note Address by UK Security MinisterCTO Cyber Security Conference Key Note Address by UK Security Minister
CTO Cyber Security Conference Key Note Address by UK Security Ministersegughana
 
Computer Forensics: The Emerging Significance to Law Enforcement
Computer Forensics: The Emerging Significance to Law Enforcement Computer Forensics: The Emerging Significance to Law Enforcement
Computer Forensics: The Emerging Significance to Law Enforcement Lillian Ekwosi-Egbulem
 
Internet, diversity and cyber peace in indonesia contemporary diplomacy (diss...
Internet, diversity and cyber peace in indonesia contemporary diplomacy (diss...Internet, diversity and cyber peace in indonesia contemporary diplomacy (diss...
Internet, diversity and cyber peace in indonesia contemporary diplomacy (diss...pelangiperempuan1
 
DEFAMATION IN SOCIAL MEDIA (CYBER DEFAMATION) LEGAL PERSPECTIVE IN TANZANIA
DEFAMATION IN SOCIAL MEDIA (CYBER DEFAMATION) LEGAL PERSPECTIVE IN TANZANIADEFAMATION IN SOCIAL MEDIA (CYBER DEFAMATION) LEGAL PERSPECTIVE IN TANZANIA
DEFAMATION IN SOCIAL MEDIA (CYBER DEFAMATION) LEGAL PERSPECTIVE IN TANZANIABenedict Ishabakaki
 
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...Vishni Ganepola
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCDavid Sweigert
 
Cyber Security Challenges in Developing Countries with Reference to Legislat...
Cyber Security Challenges in Developing Countries with Reference to Legislat... Cyber Security Challenges in Developing Countries with Reference to Legislat...
Cyber Security Challenges in Developing Countries with Reference to Legislat...ICT Frame Magazine Pvt. Ltd.
 
A Legal Analysis of the Role of Bar Associations towards Access to Justice fo...
A Legal Analysis of the Role of Bar Associations towards Access to Justice fo...A Legal Analysis of the Role of Bar Associations towards Access to Justice fo...
A Legal Analysis of the Role of Bar Associations towards Access to Justice fo...ijtsrd
 
Workshop 3 strengthening crime prevention and criminal justice responses to e...
Workshop 3 strengthening crime prevention and criminal justice responses to e...Workshop 3 strengthening crime prevention and criminal justice responses to e...
Workshop 3 strengthening crime prevention and criminal justice responses to e...Dr Lendy Spires
 
Pay For Essay And Get The Best Paper You Need - Funny College Essay ...
Pay For Essay And Get The Best Paper You Need - Funny College Essay ...Pay For Essay And Get The Best Paper You Need - Funny College Essay ...
Pay For Essay And Get The Best Paper You Need - Funny College Essay ...Jennifer Lopez
 
National Security Review
National Security ReviewNational Security Review
National Security ReviewSimoun Ung
 
Network Neutrality Policy Summary
Network Neutrality Policy SummaryNetwork Neutrality Policy Summary
Network Neutrality Policy SummaryKim Moore
 
feb 2018 - Sub22 - The impact of new and emerging information and communicati...
feb 2018 - Sub22 - The impact of new and emerging information and communicati...feb 2018 - Sub22 - The impact of new and emerging information and communicati...
feb 2018 - Sub22 - The impact of new and emerging information and communicati...Timothy Holborn
 
2018 ic3 report
2018 ic3 report2018 ic3 report
2018 ic3 reportmalvvv
 
CybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINTCybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINTAimee Shuck
 

Similaire à CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES (20)

CTO Cyber Security Conference Key Note Address by UK Security Minister
CTO Cyber Security Conference Key Note Address by UK Security MinisterCTO Cyber Security Conference Key Note Address by UK Security Minister
CTO Cyber Security Conference Key Note Address by UK Security Minister
 
Internet Safety
Internet SafetyInternet Safety
Internet Safety
 
Computer Forensics: The Emerging Significance to Law Enforcement
Computer Forensics: The Emerging Significance to Law Enforcement Computer Forensics: The Emerging Significance to Law Enforcement
Computer Forensics: The Emerging Significance to Law Enforcement
 
Internet, diversity and cyber peace in indonesia contemporary diplomacy (diss...
Internet, diversity and cyber peace in indonesia contemporary diplomacy (diss...Internet, diversity and cyber peace in indonesia contemporary diplomacy (diss...
Internet, diversity and cyber peace in indonesia contemporary diplomacy (diss...
 
DEFAMATION IN SOCIAL MEDIA (CYBER DEFAMATION) LEGAL PERSPECTIVE IN TANZANIA
DEFAMATION IN SOCIAL MEDIA (CYBER DEFAMATION) LEGAL PERSPECTIVE IN TANZANIADEFAMATION IN SOCIAL MEDIA (CYBER DEFAMATION) LEGAL PERSPECTIVE IN TANZANIA
DEFAMATION IN SOCIAL MEDIA (CYBER DEFAMATION) LEGAL PERSPECTIVE IN TANZANIA
 
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
RECOMMENDATIONS AND LESSONS FROM OTHER JURISDICTIONS TO ENHANCE THE EFFECTIV...
 
Project Undergrad
Project UndergradProject Undergrad
Project Undergrad
 
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASCCyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
Cyber-enabled Information Operations -- Inglis 04 27-17 -- SASC
 
Cyber Security Challenges in Developing Countries with Reference to Legislat...
Cyber Security Challenges in Developing Countries with Reference to Legislat... Cyber Security Challenges in Developing Countries with Reference to Legislat...
Cyber Security Challenges in Developing Countries with Reference to Legislat...
 
A Legal Analysis of the Role of Bar Associations towards Access to Justice fo...
A Legal Analysis of the Role of Bar Associations towards Access to Justice fo...A Legal Analysis of the Role of Bar Associations towards Access to Justice fo...
A Legal Analysis of the Role of Bar Associations towards Access to Justice fo...
 
Workshop 3 strengthening crime prevention and criminal justice responses to e...
Workshop 3 strengthening crime prevention and criminal justice responses to e...Workshop 3 strengthening crime prevention and criminal justice responses to e...
Workshop 3 strengthening crime prevention and criminal justice responses to e...
 
Pay For Essay And Get The Best Paper You Need - Funny College Essay ...
Pay For Essay And Get The Best Paper You Need - Funny College Essay ...Pay For Essay And Get The Best Paper You Need - Funny College Essay ...
Pay For Essay And Get The Best Paper You Need - Funny College Essay ...
 
National Security Review
National Security ReviewNational Security Review
National Security Review
 
CTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste YankeyCTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste Yankey
 
Network Neutrality Policy Summary
Network Neutrality Policy SummaryNetwork Neutrality Policy Summary
Network Neutrality Policy Summary
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
feb 2018 - Sub22 - The impact of new and emerging information and communicati...
feb 2018 - Sub22 - The impact of new and emerging information and communicati...feb 2018 - Sub22 - The impact of new and emerging information and communicati...
feb 2018 - Sub22 - The impact of new and emerging information and communicati...
 
2018 ic3 report
2018 ic3 report2018 ic3 report
2018 ic3 report
 
2018 IC3 Report
2018 IC3 Report2018 IC3 Report
2018 IC3 Report
 
CybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINTCybersecurityTFReport2016 PRINT
CybersecurityTFReport2016 PRINT
 

CYBERCRIMES IN TANZANIA LEGAL AND INSTITUTIONAL CHALLENGES

  • 1. 1 (MU) MZUMBE UNIVERSITY FACULTY OF LAW RESEARCH REPORT ON CYBERCRIMES IN TANZANIA; LEGAL AND INSTITUTIONAL CHALLENGES BY: IDDI YASSIN Registration No: 14816/T.11 SUPERVISOR: Mr. MARTIN MASSAWE A COMPULSORY RESEARCH REPORT SUBMITTED AS PARTIAL FULFILLMENT FOR THE REQUIREMENT OF THE AWARD OF BACHELOR OF LAWS DEGREE (LL.B) OF MZUMBE UNIVERSITY JUNE, 2014
  • 2. i CERTIFICATION I, the undersigned, certify that I have read and hereby recommend for acceptance by the Mzumbe University, a report titled “CYBERCRIMES IN TANZANIA: LEGAL AND INSITITUTIONAL CHALLENGES”, in partial fulfillment of the requirements for an award of the degree of bachelor in laws of Mzumbe University. Signature ..................................................... Mr. Martin Massawe Supervisor
  • 3. ii DECLARATION I, IDDI YASSIN do hereby declare that this is my own work and it has not been submitted for a similar or any other degree in any other university. CANDIDATE: …………………… IDDI YASSIN DATE: ……… ………………2014
  • 4. iii COPYRIGHT This report is protected under the Berne Convention of 1886, the Copyright and Neighboring Rights Act, No. 7 of 1999 and other international and national enactments, in that behalf, on intellectual property. It may not be reproduced by any means in full or in part, except for short extracts in fair dealings, for research or private study, critical scholarly review or disclosure with an acknowledgement, without the written permission of Mzumbe University, on behalf of the author. © IDDI YASSIN MZUMBE UNIVERSITY JUNE, 2014
  • 5. iv ACKNOWLEDGEMENT Completion of this work has been possible due to effort and assistance from a number of persons. Therefore I wish to acknowledge the assistance I got when undertaking this research, the assistance without which my work would have been impossible. I wish to thank my parents, Mr. Yassin Iddi and Mrs Rukia Yassin for their encouragement and blessings which they gave to me during each and every step of my life adventure. I am greatly indebted to my supervisor Mr Martin Massawe for his guidance in the research preparation and completion of this work. Many stimulating discussions, constructive criticism and comments from him have contributed to the final shape and content of this work. However, I am solely responsible for the contents or error in this work. Furthermore, my immense gratitude goes to Her Majesty‟s British Government to which under its wonderful administration, it laid down the foundation for everyone to understand that he possessed all the privileges as well as all the responsibilities of his existence, by indulging ideas of civilization to the indigenous people and those principles laid a solid foundation in the shaping up of our legal system. Also, I am indebted to many friends, colleagues, teachers, librarians and others for their help during my study. Finally I owe the greatest debt to thank God, for he gave me grace.
  • 6. v DEDICATION To the fraternity which sought to help good men become better
  • 7. vi LIST OF ABBREVIATIONS AISI - African Information Society Initiative ARAPKE - African Regional Action Plan for the Knowledge Economy C A - Court of Appeal CAP - Chapter CERT - Computer Emergency Response Team D.P.P - Director of Public Prosecutions EAC - East African Community ECOWAS - The Economic Community of West African States G8 - Group of Eight GCA - Global Cyber security Agenda HCD - High Court Digest IBID - Ibidem ICT - Information and Communication Technology Interpol - International Criminal Police Organization ISP - Internet Service Provider ITU - International Telecommunication Union LL.B - Lex Legum Baccalaureus LLC - Limited Liability Company N - Number OECD - Organisation for Economic Co-operation and Development Op cit - Opera Citate Pg - Page R.E - Revised Edition REC - Regional Economic Communities TCRA - Tanzania Communication Regulatory Authority TLR - Tanzania Law Report U.K - United Kingdom U.N - United Nations U.S - United States v. - Versus
  • 8. vii ABSTRACT Cyber crime reflects a peculiar type of techno-sophisticated criminality having different features. This criminality is posing the challenges to existing national legal system and it appears to be difficult to control and combat these crimes within the existing framework of legal system. Specially, the problem of jurisdiction, identity crises and lack of legal recognition of most of acts make it difficult for legal systems to effective deal with the crime. The location and trans-national character of these crimes again added the flavor makes it too dangerous to imagine. Chapter one, in this chapter the main discussion bases on the introduction and historical background to the problem. It also covers the objectives of the study, the significance of the study and the research methodology which was applied during the research In chapter two, the focus laid down conceptual framework of cybercrimes and explanation of some concepts concerning with cyber developments. Chapter three, the discussion is based on the general concept of legal and institutional frameworks in International level, Regional level and National level. The importance gained under this chapter based on analysis of such legal and institutional frameworks so as to link them with the need of study. Chapter four contains the important selected data from the field which intend to prove truthfulness or otherwise of the hypothesis of the study that, the law in Tanzania does not provide protection against cybercrimes. There is little legal protection to the community after taking a venture into development of ICT due to the absence of provisions in the Penal Code and other laws in preventing cybercrimes, likewise there is no proper institutional framework to give protection against cybercrimes. Chapter five of this work mainly focused on laying down conclusive remarks and recommendations to be followed so as to succeed in fight against cybercrimes.
  • 9. viii TABLE OF CONTENTS CERTIFICATION .................................................................................................... i DECLARATION..................................................................................................... ii COPYRIGHT ......................................................................................................... iii ACKNOWLEDGEMENT ...................................................................................... iv DEDICATION .........................................................................................................v LIST OF ABBREVIATIONS ................................................................................. vi ABSTRACT .......................................................................................................... vii TABLE OF CONTENTS...................................................................................... viii LIST OF STATUTES AND INTERNATIONAL INSTRUMENTS....................... xii LIST OF CASES .................................................................................................. xiii CHAPTER ONE.....................................................................................................1 1.1 Introduction.....................................................................................................1 1.2 Background to the problem..............................................................................3 1.3 Statement of the problem.................................................................................5 1.4 Objectives of the study ....................................................................................6 1.4.1 General objective ......................................................................................6 1.4.2 Specific objectives ....................................................................................6 1.5 Significance of the study..................................................................................7 1.6 Hypotheses......................................................................................................7 1.7 Research methodology.....................................................................................7 1.7.1 Sampling selection....................................................................................7 1.7.2 Unit of inquiry ..........................................................................................8 1.7.3 Research Design........................................................................................8 1.7.4 Scope and Justification of the study...........................................................8 1.7.5 Data sources and collection strategies........................................................9 1.7.5.1 Primary Data collection ......................................................................9 1.7.5.2 Secondary Data collection ..................................................................9 1.7.5.2.1 Interview......................................................................................9 1.7.5.2.2 Questionnaire...............................................................................9 1.7.6 Data Analysis..........................................................................................10
  • 10. ix 1.8 Limitations of the study.................................................................................10 1.9 Literature review ...........................................................................................11 CHAPTER TWO..................................................................................................15 ANALYSIS ON CONCEPTUAL FRAMEWORK OF CYBERCRIMES .........15 2.1 Introduction...................................................................................................15 2.2 Offence of Fraud ...........................................................................................15 2.3 Hacking.........................................................................................................17 2.4 The challenges brought by Electronic evidence..............................................19 2.4.1 Authenticity ............................................................................................20 2.4.2 Integrity ..................................................................................................21 2.4.3 Confidentiality ........................................................................................22 2.5 Jurisdictional problems..................................................................................23 2.6 Computer forensic and e-evidence.................................................................24 2.7 Anonymity and identity .................................................................................25 2.8 Conclusion ....................................................................................................26 CHAPTER THREE..............................................................................................27 ANALYSIS OF THE LEGAL AND INSTITUTIONAL FRAMEWORKS COMBATING CYBERCRIMES IN TANZANIA..............................................27 3.1 Introduction...................................................................................................27 3.2 National Statutes for combating cybercrimes.................................................27 3.2.1 The Constitution of United Republic of Tanzania, 1977 ..........................27 3.2.2 The Penal Code [Cap 16 R.E 2002].........................................................28 3.2.3 The Evidence Act....................................................................................29 3.2.4 Electronic and Postal Communication Act, No.12 of 2010 ......................29 3.3 National Policy..............................................................................................30 3.3.1 Information and Communication Technology Policy of 2003..................30 3.4 Regional Legal framework for combating cybercrimes..................................31 3.4.1 Draft African Union convention on the establishment of a legal framework conducive to cyber security in Africa, 2012...........................................31 3.5 International Legal framework for combating cybercrimes ............................32
  • 11. x 3.5.1 UN Convention on the Rights of the Child ..............................................32 3.5.2 Council of Europe‟s Convention on Cybercrime .....................................32 3.6 National Institutions combating cybercrimes in Tanzania ..............................33 3.6.1 The Police Force .....................................................................................33 3.6.2 The Judiciary ..........................................................................................33 3.6.3 The Director of Public Prosecutions (D.P.P) Office.................................33 3.6.4 Tanzania Communication Regulatory Authority (T.C.R.A).....................34 3.7 Regional institutional framework for combating cybercrimes ........................34 3.7.1 African Union (A.U) ...............................................................................34 3.7.2 The Economic Community of West African States (ECOWAS)..............35 3.7.3 East African Community.........................................................................36 3.8 International Institutional combating cybercrimes..........................................36 3.8.1 The G8....................................................................................................36 3.8.2 The United Nations .................................................................................38 3.8.3 The International Telecommunication Union (ITU).................................38 3.8.4 The Commonwealth of Nations...............................................................39 3.8.5 Organisation for Economic Co-operation and Development (OECD) ......40 3.8.6 International Criminal Police Organization (Interpol)..............................41 CHAPTER FOUR.................................................................................................42 RESEARCH FINDINGS AND DATA ANALYSIS ............................................42 4.1 Introduction...................................................................................................42 4.2.1 Analysis of data collected from magistrates.............................................42 4.2.2 Analysis of Data collected from Public Prosecutors and Police Officer ...43 4.2.3 An analysis of data collected from Public citizens and University students ...............................................................................................................44 4.2.4 An analysis of Data collected from Advocates of the high court of Tanzania and Lawyers ............................................................................45 4.2.5 An analysis of Data collected from IT experts .........................................45
  • 12. xi CHAPTER FIVE ..................................................................................................46 CONCLUSION AND RECOMMENDATIONS..................................................46 5.1 Conclusion ....................................................................................................46 5.2 Testing Hypothesis ........................................................................................47 5.3 Testing Objective ..........................................................................................47 5.4 Recommendations .........................................................................................47 5.4.1 Need to enact robust cyber legislation .....................................................48 5.4.2 Providing training to the judicial officers and law enforcers on cybercrime ...............................................................................................................48 5.4.3 Providing education on cybercrime issues to the members of the public ..48 5.4.4 Establishment of specific institutions to combat cybercrimes...................49 5.4.5 Institutions should work together and coordinate their activities..............49 5.4.6 More stern measures should be taken against cyber criminals..................49 5.4.7 Increase of cyber security practices in both public and private sector organizations...........................................................................................49 5.4.8 Cybercrime prevention by Internet service and hosting providers............50 5.4.9 International coordination and cooperation..............................................50 BIBLIOGRAPHY.................................................................................................51 APPENDIX ...........................................................................................................54
  • 13. xii LIST OF STATUTES AND INTERNATIONAL INSTRUMENTS DOMESTIC STATUTES Criminal Procedure Act [Cap 20 R.E 2002] Penal Code [Cap 16 R.E 2002] Post and Telecommunications Act,[ No.15 of 1977] Tanzania Communication Regulatory Authority Act [No.12 of 2003] The Broadcast Receiving Apparatus (Licensing) Act [No.6 of 1964] The Electronic and Postal Communications Act [No.3 of 2010] The Evidence Act [Cap 6R.E 2002] NATIONAL POLICIES Information and Communication Technology Policy of 2003 INTERNATIONAL INSTRUMENTS G8 Ten-Point Action Plan of 1997 Global Cyber security Agenda (GCA) The AU Draft Convention on Cyber security The Council of Europe‟s Convention on cybercrime, of 2001 UK Computer Misuse Act of 1990 UN Convention on the Rights of the Child of 1989
  • 14. xiii LIST OF CASES DPP v Ray [1974] AC 370 Indigital Solutions, LLC v. Mohammed, 2012 WL 5825824 (S.D. Tex) R v. Lloyd [1985] 2All ER 661 Tanzania Cotton Marketing Board v. Cogecot Cotton Company SA [1997] TLR 165 Trust Bank Tanzania Ltd v. Le Marsh Enterprises Ltd, High Court of Tanzania (Commercial Division) at Dar es Salaam, Commercial case no.4 of 2004 United States v. Lloyd 269 F. 3d 228,231 (3rd Cir.2001)
  • 15. 1 CHAPTER ONE 1.1 Introduction Massive technological advancement in the world has brought about robust changes in socio-economical arena. During the end of 20th century, the world has been mostly marked with a tremendous development in Information and Communication Technology (ICT).1 This ICT advancement from the end of the 20th century has led to changes in areas such as knowledge management and human resources development. Remarkably, development in technology has brought about improvement of communication systems and business transactions methods, on the other hand such developments have facilitated about new types of crimes. These crimes which operate by using new technology are known as cyber crimes. Cyber crimes are defined as any violations of the criminal law that involves the knowledge of computer technology for their perpetration, investigation, or prosecution2 . Cyber crime is an overwhelming problem worldwide. It has brought an array of new crime activities and actors and, consequently, a series of new challenges in the fight against this new threat. Cyber crimes represent a real challenge to all criminal justice all over the world including Tanzania. Cyber criminals around the world lurk on the Net as omnipresent menace to the financial health of businesses, to the trust of their customers, and as an emerging threat to nations‟ security. Headlines of cyber attacks command our attention with increasing frequency. For example in the case of United States v. Lloyd3 , where the defendant worked as a computer systems administrator for a manufacturer of highly specialized and sophisticated industrial process measurement devices and control equipment. Before his anticipated termination he planted a “logic bomb” in the central file server of the company‟s computer network. It went off on a specified date after he left, permanently deleting the company‟s design and production 1 .Mambi, A.J (2010) ICT Law Book, A Sourcebook for Information and Communication Technologies and Cyber Law, Mkuki na Nyota Publishers, Dar-es-salaam, Tanzania, page 69. 2 Lloyd J.I., Information Technology Law, 3rd Edition, Lexis Nexis Butterworth UK, 2000, page 156. 3 269F.3d228, 231(3dCir.2001).
  • 16. 2 computer programs. It purged about 1,200 computer programs, crippling the company‟s manufacturing capabilities and resulting in the loss of millions of dollars in sales and contracts. It shows how cybercrimes can curtail organizations businesses. Cybercrimes which are harmful acts committed from or against a computer or network differs from most terrestrial crimes in four ways. They are easy to learn how to commit; they require few resources relative to the potential damage caused; they can be committed in jurisdiction without being physically present in it; and they are often not clearly illegal. Cybercrime is now serious, widespread, aggressive, growing and increasingly sophiscated and poses major implications for national and economic security. Many industries and institutions and public and private organizations are at significant risk. For example in Indigital Solutions, LLC v. Mohammed 4 Plaintiffs alleged that one or more unknown defendants used malware to gain access to plaintiffs‟ email account, web hosting account and domain registration account. From a message in plaintiffs‟ email account, the defendants acquired an image of one of the plaintiff‟s signature, which defendants used to forge a domain name transfer agreement. Plaintiffs sued under the Computer Fraud and Abuse Act and other theories. They sought leave to take expedited discovery to learn the identity of the unknown defendants. The court granted the motion. The court found that plaintiffs had made a prima facie showing of harm by setting forth a valid claim under the Computer Fraud and Abuse Act. The discovery request was specific, in that they sought third party subpoenas to specified recipients seeking particular information. All alternative means of discovering the defendants had been exhausted, and the case could not move forward without the information. And the court found no privacy interest on the part of the defendants to be at stake, especially given the evidence that the defendants were not U.S. citizens, thus not subject to any First Amendment interest in anonymity. This shows how serious other jurisdictions have in methods combating against cybercrimes. 4 2012 WL 5825824 (S.D.Tex).
  • 17. 3 Currently, Tanzania is embarking on deployment of e-government and more organizations are adopting the internet as medium of transmission for the core business functions. The organizations that heavily depend of the internet and computer network are at risk from cyber attack which could deliberately attempt to disrupt services. Finally, the growing danger from crimes committed against computers, or against information store on computers, is beginning to claim attention in larger capacity. The existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from cyber criminals. 1.2 Background to the problem Cybercrime in Tanzania is a conundrum and not something novel. This problem can be traced back from the advent of computer technology in 1965, where the first computer in Tanzania, an ICT 1500, was installed in the Ministry of Finance.5 At that point of time the life structure started to embrace new advancements hence technology started to forge its roots in different sectors. In that particular time government saw the danger posed by the introduction of technological advancements hence it enacted various legislations so as to regulate Information Communication Technology (ICT), examples of such legislations were Post and Telecommunications Act6 and the Broadcast Receiving Apparatus (Licensing) Act.7 The failure to computerize the government accounting system and the consequent heavy financial loss accumulated with the fear of side effects caused by the advancement of science and technology resulted to the government banning the importation of computers and related equipments into Tanzania.8 5 Ubena, J. (2009),“Why Tanzania needs Electronic communication legislation? Law keeping up with technology”, Law Reformer Journal, Vol. 2 No. 1 pp. 17- 26. 6 Act No.15 of 1977. 7 Act No.6 of 1964. 8 Ndamagi, C. "National Informatics Policies in Tanzania: A Practitioner's Point of View., Regional Seminar on National Information and Informatics Policies in Africa, UN Economic Commission, 28 November-December 1988.
  • 18. 4 The Judiciary of Tanzania tried to sophiscate the problem of technological advancement in the case of Tanzania Cotton Marketing Board v Cogecot Cotton Company SA,9 where it did the move by interpreting and applying the existing statutory and common law principles in ways and manners that incorporate the existing social realities. The Court of Appeal of Tanzania allowed arbitration awards to be sent to the High Court electronically, contrary to the rule 4 of the Arbitration Ordinance. All in all, Tanzania started to experience cybercrime incidents around various public, private organizations, and government institutions. From January to November 2012 crimes which include massive web attacks such as that happened on November 2012 where some of government websites and private companies‟ website were massively attacked. Such website include, Chemi & Cotex Industries Ltd, Tanzania Olympic website , Open University website , Tanzania commission for University few to mention, the web intruders did havoc in the above mentioned websites and changed the data therein.10 Moreover, report from Tanzania Police Force11 shows that there is an increase in reported cases of cybercrimes in the country. One of the examples is the increase of businessmen who forge receipts of imported goods so as evade taxation liability. Although cybercrime is a conundrum in worldwide arena, developed countries such as U.K, U.S and institutions in those countries have made a major step in employing in-house computer forensic experts who realize the risks of having an attack before it occurs or before the security breach and the government of those nations have enacted cyber laws which define clearly cybercrimes offences.12 As the industrial revolution rendered obsolete aspects of law based on notions of an agrarian society, so a legal system focusing on issue of ownership, control and use of 9 [1997]TLR.165. 10 Cybercrime in Tanzania http://www.ippmedia.com/frontend/?l=65994 , 24/12/2013. 11 Tanzania Police Force, Cyber Security in Tanzania-Country Report, 2012. 12 Gringras,C, (2003), The Laws of the Internet,2nd edition, Butterworth‟s, Lexis, ,page 15.
  • 19. 5 physical objects must reorientate itself to suit the requirement of an information society. That has never been done in Tanzania and it remains clear, however, that regulation of ICT in Tanzania is still at an initial stage, and much needs to be done in the ICT sector. 1.3 Statement of the problem Usage of cyber-related technology has been a cornerstone towards development in Tanzania. In the recent years there has been tremendous increase in the penetration and use of cyber-related technology in many aspects of life. New cellular technologies, web-based networks, community ICT access points in the remote parts of the world have ushered in an era when even the most remote parts of the world will be connected through internet connections. This rapid improvement in the usage of cyber-related technology has created major impacts in the society. Notably, developments in technology paved way for the commission of crimes electronically hence the emergence of computer crimes. Computer related crimes such as cyber attacks and virus dissemination are examples of the misuse of ICT development, whereby nowadays criminals use computers as an object. The problem of cybercrimes in Tanzania is, like in many other jurisdictions, increasingly fatal. As computers have developed in the country, so have also criminal offences associated with their use. But the laws in Tanzania have never changed to reflect these dangerous advancements .The existing traditional penal laws such as the Penal Code13 have nothing to do with the increasing cybercrimes yet. These traditional laws were not written with the on-line society with Cyberspace inmind causing the problem of their applicability on cybercrime. It is a common understanding that the information structure in Cyberspace represents values which should be protected, also by criminal law measures. But the provisions in existing traditional criminal laws are still meant to ignore the protection of these 13 [CAP 16 R.E 2002].
  • 20. 6 values and instead they only describe qualified unethical behaviours that the societies have decided to be criminal offences. There is, until now, no specific provision in the penal code which addresses cybercrime as an offence. This situation can be further illustrated by the case of R v. Lloyd,14 The case involved an alleged original copy of film from cinemas overnight so as to produce copies and return the original copy. The issue before the court was whether the elements of theft under the English law at the time which are synonymously with Tanzanian criminal legislation, could be fulfilled under the digital technology. The Court dismissed the charges. The legal environment in Tanzania is still inadequate for cyber security in the country. This is because the existing laws were developed before the development of computer technology. The laws were made to facilitate the traditional paper based business environment. The situation poses a serious challenge to Tanzania to accommodate modern cyber crimes.15 1.4 Objectives of the study 1.4.1 General objective The general objective of the study was to examine critically the legal framework and institutional framework in Tanzania in relation to the increasing rate of cybercrimes. 1.4.2 Specific objectives To examine the extent to which the current legal framework in Tanzania has achieved in fighting against cybercrimes. To examine the factors hindering the fight against cybercrimes in Tanzania To propose suitable legal framework that is responsive to technological changes with a view to reducing problems associated with cybercrimes in Tanzania. 14 [1985] 2 All ER 661. 15 Mambi , A. J. (2010) ICT Law Book, A Sourcebook for Information and Communication Technologies and Cyber Law, Mkuki na Nyota Publishers ,Dar-es-salaam, Tanzania, page 58.
  • 21. 7 1.5 Significance of the study The study helped in identifying challenges that Tanzania faces due to the lack of robust legal and institutional frameworks concerning with cyber developments .Furthermore, the study raised awareness to the mass with issues concerning with cybercrimes .Lastly, the study pointed the way forward for the future reforms of legal framework and institutional framework concerning with cyber developments. 1.6 Hypotheses This research proceeded in the assumption that i. The presence and continuity of cybercrimes is due to the weakness of the current legal framework in Tanzania. ii. The current legal framework in Tanzania has not sufficiently incorporated cyber developments. iii. Poor institutional framework in Tanzania also attributes to the existence of the problem of cybercrimes. iv. There is lack of knowledge among the public concerning the issue of cybercrimes. 1.7 Research methodology This is a systematic way of solving a research problem. It outlined the way in which this research was carried out.16 In view of the research, it needed both primary and secondary methods of data collection. 1.7.1 Sampling selection The structure of the study demanded a carefully targeted sample of judicial members, legal practitioners, governmental and non-governmental institutions, where the conundrum of cybercrime is highly staked to. Random sampling with the advantage of getting unbiased representative group 16 Kothari C.R. (2004), Research Methodology: Methods and Techniques, 2nd Revised Edition, New Age International Publishers, New Delhi, page 25.
  • 22. 8 was impracticable in this study. Therefore, purposive sampling technique, otherwise referred to as a judgment samples, was employed in this study to get information. The purposive samples allow the selection of informants that fits the focus of the study. In this study the researcher selected the sampling unit that was the representative of the population. Since the chance that a particular sampling unit was selected depending on the subjective judgment of the researcher, it did not satisfy the probability chance of being selected. 1.7.2 Unit of inquiry The study conducted at Dar-es-salaam, whereby numbers of people were involved as the unity of inquiry which included 2 Resident Magistrates from Judiciary, 2 Public prosecutors at D.P.P Office, 1 Police Officer, 3 Advocates of the High Court and Courts Subordinate thereto (save primary courts), 2 Information Technology (I.T) Experts, 1 Legal officer from Tanzania Communication Regulatory Authority (TCRA), 1 Legal officer from Law Reform Commission, 2 university students and 2 public citizens. 1.7.3 Research Design This study has employed a case study design, since it was considered by researcher to be a great method for deep studying of the subject. In this regard, the Legal officer from TCRA was selected for interview; office of Law Reform Commission of Tanzania was visited for collecting information. Also a State Attorney from The D.P.P office and Advocates of The High Court of Tanzania were interviewed by the researcher. Furthermore, two IT experts, two students, two public citizens and two Resident magistrates were also interviewed. 1.7.4 Scope and Justification of the study As noted in the introduction part, the gist of this research was to analyse the challenges facing legal and institutional frameworks combating cybercrimes in Tanzania. Large part of this research was conducted in Dar es Salaam region .Dar es Salaam region was chosen because it provided the researcher with an ideal study area due to its duo capacity as one of the main industrial and residential area of Tanzania.
  • 23. 9 If the problem of cybercrime was not addressed, the country could likely be exposed in danger of exploited by cyber criminals. The problem of cybercrimes has worsened. This therefore created the need to carry out research and if no research was carried out, the future of Tanzania‟s development was to be uncertain. Cybercrimes rate could increase as people look for illegal ways of making a living. 1.7.5 Data sources and collection strategies Two types of data used in this work namely, primary and secondary data. 1.7.5.1 Primary Data collection In this part, all books, journals, papers and publications relevant to the study were reviewed from libraries of Mzumbe University and University of Dar-es-salaam. Moreover, the researcher explored various books, articles, journals, and papers with bearing on the research topic available freely over the worldwide web. 1.7.5.2 Secondary Data collection The researcher employed interview and questionnaire methods of data collection while in the field. Selection of the most appropriate method depended on surrounding circumstances of each respondent. 1.7.5.2.1 Interview Since the issue of cybercrime is very sensitive in the country it was vital to conduct interview on that matter, with individuals who have knowledge on legal framework and institutional framework concerning with cyber issues. The number of respondents included the Judiciary members, government officials, advocates and IT experts, students and ordinary citizens. 1.7.5.2.2 Questionnaire Questionnaires were employed in collecting data, in order to compliment the interview method and reach a greater number of respondents. The researcher drafted three different types of questionnaires each specifically designed for a particular
  • 24. 10 group of respondents. Some questionnaires were drafted for Judiciary members, others for various advocates and lawyers, and lastly distributed to ICT experts. 1.7.6 Data Analysis Data analysis is a process of inspecting, cleaning, transforming, and modeling data with the goal of providing useful information, suggesting conclusion and supporting decision making. During this stage all relevant materials including legislation and case law were clearly inspected to ensure that they fit the research criteria. Collected data were analysed qualitatively and the secondary analysis method was also employed for secondary data. The findings of the research were presented and analysed using simple content analysis tools. This kind of analysis took the form of qualitative data analysis methods when analysing data which were in form of words (non-empirical data). In data analysis the researcher did three things which were data reduction, data display and conclusion drawing. 1.8 Limitations of the study In the course of conducting this research, things did not always work ought the way expected. There were ups and downs. Some of the challenges encountered during field work were:- Some of the respondents did not supply the information needed, because they were too busy with their work. Furthermore, some of the judicial officers whom I sent my questionnaires did not reply it. On the aspect of respondents whom did not supply me with the information because they were busy (mostly of them were Honorable Judges of The High Court), information was acquired from other judicial officers (Resident Magistrates) who explained the position of judiciary regarding cybercrimes.
  • 25. 11 1.9 Literature review Adam Mambi (2010) 17 provides an insight of cybercrime in Tanzania, including the challenges that it faces in combating such crimes which includes cyber attacks and virus dissemination. The author observed that the revolution in information technology has changed society fundamentally, and he further ascertained that these technological developments has given rise to unprecedented economic and social changes, but also they have brought a dark side of it as now there are crimes which are committed through that new technology. However, the author failed to give possible measures that should be taken by relevant authorities in the quest to fight against cybercrime. Delloite (2010)18 in their paper had a view that cyber crime is now serious, widespread, aggressive, growing, and increasingly sophisticated, and poses major implications for national and economic security. Many industries and institutions and public- and Private-sector organizations (particularly those within the critical infrastructure) are at significant risk. Furthermore it was contented that relatively few organizations have recognized organized cyber criminal networks, rather than hackers, as their greatest potential cyber security threat; even fewer are prepared to address this threat. They further analyzed that organizations tend to employ security-based, “wall-and- fortress” approaches to address the threat of cybercrime, but this is not enough to mitigate the risk. Lastly, they outlined that organizations should understand how they are viewed by cyber criminals in terms of attack vectors, systems of interest, and process vulnerabilities, so they can better protect themselves from attack. However, the author did not provide a clear indication on which body of laws and institutions should be established so as to combat the problems concerning with cybercrimes. 17 Mambi , A.J. (2010) ICT Law Book, A Sourcebook for Information and Communication Technologies and Cyber Law, Mkuki na Nyota Publishers, Dar-es-salaam, Tanzania, page 117. 18 Delloite, Cybercrime: A clear and Present danger, Combating the fastest growing cyber security threat, CSO Cybersecurity, Watch Survey, 2010.
  • 26. 12 Evans (2008)19 in his paper, explains that ICT as an essential tool for sustainable development has proved to be worth in every sentiment. Because of this, internet usage in Nigeria has grown rapidly resulting in the explosion of Internet Service Providers (ISPs) and internet access points. This influenced socio-economic and educational development in the country. He further commented that ICT has led to tremendous changes in the economy and even the way people live. What is noticeable here is that all these studies were carried out in the Western Africa, whereas results from studies conducted in Nigeria produced a very different set of results from the other parts of the universe. Victor Platt (2012)20 provides that the unpredictability nature of cyber terrorism and espionage, real-time response proves problematic. “Cyber attacks therefore require swift responses…to detect and respond to an attack after it is underway. The literature cites threat management, not outright elimination, as the key to a successful cyber security strategy. “New cyber security approaches must continually be developed, tested and implemented to respond to new threat technologies and strategies.”A good example of threat management was employed during the US bureau of industry attack. However, the author did not elucidate in detail the challenges that country experience in fights against cybercrimes. McConnell (2000) 21 had a view that the growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes. The author further contented that the lack of legal protection against cybercrimes means that businesses and governments must rely solely on technical measures to 19 Evans, O. (2008). ICT and Nigerian Banks Reforms: Analysis of Anticipated Impacts in Selected Banks. Global Journal of Business Research, Vol. 2(2): page 67-76. 20 V.Platt, (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy, International Journal, University of Toronto, page 155. 21 McConnell International, (2000), Cyber Crime…and Punishment? Archaic Laws Threaten Global Information, report by McConnell.
  • 27. 13 protect themselves from those who would steal, deny access to, or destroy valuable information. The problem with this approach is that it tends to create a „self fulfilling prophesy‟ and material drawn from these studies must be treated with a degree of circumspection. David I. Bainbridge (2008) 22 his book shows how it is difficult to fight against cybercrimes if the country does not have a specific statute to deal with electronic transactions. He further gives comparative study of the United Kingdom(U.K), where it was after the enactment of the Computer Misuse Act of 1990 from which cybercrimes were effectively regulated. Prior to that enactment, cybercrimes had increasing effects in the United Kingdom society. In this particular literature, the author‟s assumption based most on developed countries and he did not take into consideration developing countries like Tanzania. Said M. Kalunda (2011) 23 in his article show cybercrime is uncovered in Tanzania. He explores that Tanzania lacks a robust legal regime on cybercrime that is why it is increasingly affected with the cybercriminals‟ activities. From the author arguments, it is clearly visible that the literature are connected with this study since it analyze the common main factor which influences the inflowing of cybercrimes in various parts of the universe. However the author failed to propose the strongest means by which institutions should take in combating cybercrimes. Eve Hawa Sinare (2007) 24 shows the efforts made by the Tanzania legal framework in fighting against cybercrimes. She gives examples of section 40, 76 and 78 of the Evidence Act, which were amended to recognize electronic evidence to be admissible in courts of law. However it is still in doubt as to whether the electronic 22 Bainbridge D, (2008), Introduction to Computer Law, Longman 5th Edition, page 92. 23 Saidi M. Kalunde, (2011), The Status of Cybercrimes in Tanzania, Strasbourg, France, page 5. 24 Eve Hawa Sinare, Electronic Evidence and its Admissibility in Tanzania Courts, World Series Group Publications: 2007, page 23.
  • 28. 14 equipments such as computer or server would be acceptable as evidence under section 40A of the amended Evidence Act, especially where it has been used to store information which is subject to legal proceedings.
  • 29. 15 CHAPTER TWO ANALYSIS ON CONCEPTUAL FRAMEWORK OF CYBERCRIMES 2.1 Introduction In this chapter the researcher shows the general concept of cybercrimes in particular. This chapter focuses on the two areas; it outlines the concept of cybercrimes and some of challenges brought by the development of technology in legal environment of Tanzania. 2.2 Offence of Fraud The Concise Oxford Dictionary25 defines fraud as Criminal deception, use of false representations to gain unjust advantage; dishonest artifice or trick; person or thing not fulfilling expectation or description; deceitfulness. Traditionally, fraud is defined as one person deceiving another person for the purposes of deriving a benefit or gain. In the electronic world, the deception may not involve two persons but rather one person and a computer, or two computers one of which controlled by a person. Regardless of the medium through which the fraudulent activity is perpetrated, for a fraud to occur there must be some form of deceptive or false representation, which results in an unjust gain for either the person perpetrating the fraudulent activity or for a third party. Such gain may not necessarily be a gain in monetary terms, but can include a benefit (e.g., delivery of a service) or the attainment of intellectual property (e.g., ownership of copyright). Unlike traditional fraud where the victim and witness are human beings, in the electronic world the computer systems and on-line transaction systems become the witness. Rather than examining paper-based evidence, in the electronic world the evidence is less tangible and transient in nature. Consequently the need to identify, capture, and preserve potential electronic evidence using computer forensics is of paramount importance. 25 Oxford Advanced Learners Dictionary of Current English, (2010), 7th Edition, Oxford University Press.
  • 30. 16 In terms of computer fraud, the difficulty with this offence is that it requires a deception and this implies that it is an actual person that being deceived, not a machine. In DPP v Ray,26 Lord Morris said, „For a deception to take place there must be some person or persons who will have been deceived‟. If a person gains access, whether with or without permission, to a bank‟s computer system and dishonestly instructs the computer system to transfer money from one account into another, then the person is „deceiving‟ the computer or computer the offence of obtaining property by deception not made out. It would be different if, before the transfer made, a message displayed at someone‟s terminal requesting confirmation of the transfer. In that case, the other person would be subject to the deception as well as the computer and there should then be no difficulty related to the applicability of the offence of obtaining property by deception or any other offence involving deception system: that is, he purports to have the authority to carry out such an act. Even if he has authority to transfer money from one account to another under normal circumstances as an employee would, that authority is nullified by his dishonesty. The main point is that it is the computer that being deceived. Under normal circumstances, no other human being is involved and, therefore, it would seem that the offence of obtaining property by deception not made out. It would be different if, before the transfer made, a message displayed at someone‟s terminal requesting confirmation of the transfer. In that case, the other person would be subject to the deception as well as the computer and there should then be no difficulty related to the applicability of the offence of obtaining property by deception or any other offence involving deception.27 The notion that a machine cannot be deceived is strengthened by the provision of Penal Code ,Cap 16 R.E. 2002, which defines the offences of obtaining services by deception as follows; Section 304 states: 26 [1974] AC 370. 27 Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of Tanzania, page 63.
  • 31. 17 Any person who by means of any fraudulent trick or device obtains from any other person anything capable of being stolen or any other person to or deliver to any person anything capable of being stolen or to pay or deliver to any person anything capable of being stolen or to pay or deliver to any person any money or goods or any greater sum of money or greater quantity of goods than he would have paid or delivered but for such trick or device, is guilty of an offence and is liable to imprisonment for three years. Section 302 of the same Act states: Any person who by any false pretence and with intent to defraud, obtains from any other person anything capable of being stolen or induces any other person to deliver to any person anything capable of being stolen, is guilty of an offence and is liable to imprisonment for seven years. All these definition justify that for offences of deception to occur, is necessary for a person to induce another person. 2.3 Hacking Computer hacking is the accessing of a computer system without the express or implied permission of the owner of that computer system. A person who engages in this activity is known as a computer hacker and may be motivated by the mere thrill of being able to outwit the security systems contained in a computer. A hacker may gain access remotely, using a computer in his own home or office connected to a telecommunications network. Although, the offence of unauthorised access or hacking can be compared to criminal trespassing or with breaking and entering, where no further offence is intended or then committed. However, if the traditional terminologies of those offences are defined, it is obvious that the point of departure will be obtained. For example, Section 299 of the Penal Code,28 defines criminal trespassing as follows; Any person who– (a) Unlawfully enters into or upon property in the possession of another with intent to commit an offence or to intimidate, insult or annoy any person in possession of the property; or 28 [CAP 16 R.E 2002]
  • 32. 18 (b) Having lawfully entered into or upon the property unlawfully remains there with intent thereby to intimidate, insult or annoys the person in possession of the property or with intent to commit an offence, is guilty of criminal trespass. Looking critically at the offence defined above, one would realize that, the offence has included property and instruments as the main ingredients of the offences. Since the signals or electrons have no physical existence, they cannot be interpreted ejusdem generis with terms mentioned in the statute. Ejusdem generis rule is invoked whenever the court wants to ascertain whether the word or phrase has a distinct genus or category with general phrase or words. The specific words or phrases must apply not to different objects of a widely differing character but to something, which can be called a class or kind of objects. This shows how penal provision remained rigid, while the cyber criminals continue to utilize that opportunity to commit offences and evade liabilities. Furthermore, Part VI of Electronic and Postal Communications Act29 , provides penalties for offenses relating to electronic communications. Under, sections 151 to 160 of Electronic and Postal Communications Act it is observed how the legislation has made a number of amendments to the TCRA Act30 and the Fair competition Act31 Some of commonly known cybercrime have been criminalized under the new law, example fraudulent use of electronic services and unauthorized access or use of computer systems. Though the Act has prescribed for such offences, still it did not provide for a clear framework of how such crimes should be combated in the sense of investigation and prosecution which still makes it harder to fight against cybercrimes. 29 [Act No. 3 of 2010]. 30 Act No. 12 of 2003. 31 Act No. 18 of 2009.
  • 33. 19 2.4 The challenges brought by Electronic evidence Tanzania inherited adversarial system of dispute settlement where the court stands as an uninterested party and neutral umpire and the parties prove their allegations by providing evidence to prove the truthfulness of their assertions. Evidence is the means by which facts relevant to the guilt or innocence of an individual at trial are established. Electronic evidence is all such material that exists in electronic, or digital, form. Electronic evidence is central not only to the investigation and prosecution of forms of cybercrime, but increasingly to crime in general. In the today‟s era of rapid growth, information technology is encompassing all occupations all over the world. These technological developments Yet another thing that makes cybercrime more difficult to investigate and prosecute in comparison to most "real world" crimes is the nature of the evidence. The problem with digital evidence is that, after all, it is actually just a collection of ones and zeros represented by magnetization, light pulses, radio signals or other means. This type of information is fragile and can be easily lost or changed.32 Protecting the integrity of evidence and maintaining a clear chain of custody is always important in a criminal case, but the nature of the evidence in a cybercrime case makes that job far more difficult. An investigator can contaminate the evidence simply by examining it, and sophisticated cybercriminals may set up their computers to automatically destroy the evidence when accessed by anyone other than themselves. In cases such as child pornography, it can be difficult to determine or prove that a person downloaded the illegal material knowingly, since someone else can hack into a system and store data on its drive without the user's knowledge or permission if the system isn't adequately secured. 32 Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of Tanzania, page 80.
  • 34. 20 In cases of intrusion or cyber vandalism, the bad guy often erases all logs that show what happened, so that there is no evidence to prove that a crime even occurred, much less where the attack came from. 2.4.1 Authenticity Authentication means satisfying the court that (a) the contents of the record have remained unchanged, (b) that the information in the record does infact originate from its purported source, whether human or machine, and (c) that extraneous information such as the apparent date of the record is accurate. As with paper records, the necessary degree of authentication may be proved through or and circumstantial evidence, if available, or via technological features in the system or the record. Authentication is actually a two-step process, with an initial examination of the evidence to determine that it iswhat its proponent claims and, later, a closer analysis to determine its probative value. In the initial stage, it may be sufficient for an individual who is familiar with the digital evidence to testify to its authenticity.33 For instance, the individual who collected the evidence can confirm that the evidence presented in court is the same as when it was collected. Alternatively, a system administrator can testify that log files presented in court originated from her or his system. In some cases, the defence will cast doubt on more malleable forms of digital evidence, such as logs of online chat sessions. Normally, when information is entered on a computer memory, or an e-mail is sent or an order is placed for goods or services through the internet, the sender is unable to authenticate the information he has sent by way of a signature. It is the same if he speaks with another person on the telephone, leaves a message on that other person‟s voicemail or sends a text message. Even if he uses a password or an 33 Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of Tanzania, page 80.
  • 35. 21 acronym they may not be peculiar to him the way a signature written by him would be. The password or acronym can also be endorsed or used by anybody else who knows them far more easily than a signature can be imitated. A voice on the phone canal so be imitated. In a workplace, any person can enter information into a computer memory, purporting it to be entered by another person. As a result, when customer‟s account records are called up in a bank‟s computer system there is hardly any way of knowing which person made which entry. This makes it difficult to ascertain whether that person was an appropriate officer to make the entry. Even if one of several appropriate officers makes a wrong entry, it may not be traceable to him since he has not signed it, because there is no way he would have done so. Once digital evidence is admitted, its reliability is examined to determine its probative value. For instance, if there is concern that the evidence was tampered with prior to collection, these doubts may reduce the weight assigned to the evidence. In several cases, attorneys have argued that digital evidence was untrustworthy simply because there was a theoretical possibility that it could have been altered or fabricated. However, as judges become more familiar with digital evidence, they are requiring evidence to support claims of untrustworthiness. Even when there is a reasonable doubt regarding the reliability of digital evidence, this does not necessarily make it inadmissible, but will reduce the amount of weight it is given by the court. 2.4.2 Integrity Integrity refers to maintaining accurate and complete data unaltered in an improper or subversive manner. Data integrity concerns data stored, processed or in transit. In the context of databases, data integrity also regards the metadata and the functions used.34 34 Ioana,V, The cybercrime challenge: does the Romanian legislation answer adequately?, Law Review vol. III, issue 2, July-December 2013, pages 42-51.
  • 36. 22 Integrity is another problem of authenticity. It can however be seen as more of an issue of whether or not the information has got distorted or tampered with even after it emanated from a correct source. An audio or visual tape can be edited or tampered with through the introduction or removal of some bits and superimposition of images. Through any such interference, the later form of the contents is fundamentally different from the first or original form. Through hacking of computers, crashing through passwords, and kindred wrongdoings, information stored in computer memories can be altered even without the knowledge of the maker, sender and, or receiver as he case may be. Telefaxes can be intercepted and possibly changed just as text messages can be intercepted, listened in to and even by an unscrupulous operator working for the network provider through which the message was sent. On the other hand, if a letter is sent through post office or through a courier service, it may be only remotely possible, if at all, for it to be tampered with. A hardcopy of a document is generally more difficult to tamper with than an electronic copy.35 2.4.3 Confidentiality Confidentiality is an attribute that concerns computer data that should not be obtained or read without right. Confidentiality is very important when disclosures would significantly harm the victim, for instance the case of trade secrets or personal information (such as medical records, financial records or attorney-client communications). Confidentiality can have several levels of restriction, from restrictions to reading, printing or transmitting data through a computer system, to restrictions regarding even the existence of certain data.36 Confidentiality ensures that only authorized parties‟ access computer related assets. That is, only those who should have access to something will actually get that access. By “access”, we mean not only reading but also viewing, printing, or simply knowing that a particular asset exists. Confidentiality is sometimes called secrecy or privacy. 35 Ibid. 36 Ioana,V, The cybercrime challenge: does the Romanian legislation answer adequately?, Law Review vol. III, issue 2, July-December 2013, pages 42-51.
  • 37. 23 Electronically generated materials hardly enjoy confidentiality since they are legitimately or illegitimately accessible to third parties or undesirable readers or users. Any information posted on the internet or used in what has come to be called e-filing of court processes and e-trial and related procedures, is accessible to many people than the immediate parties and court staff that directly deals with or treat the documents. Although, there is an assumption that the Amendment of Tanzanian‟s Evidence Act, 1967 has provided a room for other legislations to fit in. However, this assumption is not supported by the provision of criminal procedure Act, 1985.For example, section 132 of the criminal procedure Act, Cap 20 R.E.2002, directs offences to be specified in charge with necessary particulars. Section 129 of the same Act (supra) provides for Power of magistrate to reject complaint or formal charge. If one reads, the above provisions with the support of Article 13(6) (c) of the Constitution of the United Republic of Tanzania 37 would realise that our laws have created a serious lacunae, which needs a prompt solution. Article 13(6) (c) of the Constitution reads as follows; No person shall be punished for any act which at the time of its commission was not an offence under the law, and no penalty shall be imposed which is heavier than the penalty in force at the time the offence was committed. Since Constitution is the supreme law of the land any law, which contradicts it must be declared null and void. It is obvious that cyber criminals to evade liabilities can utilize the existing gap very effectively and this should be taken as a serious challenge in our legal system. 2.5 Jurisdictional problems The Black‟s Dictionary38 , gives a comprehensive definition to the term „Jurisdiction‟. It refers to a Government‟s general power to exercise authority over all person‟s and 37 [CAP 2 R.E 2002] 38 The Black‟s Dictionary (8th Ed), Thomson West, Page 867.
  • 38. 24 things within its territory. The term covers within its ambit the authority of a sovereign to act in legislative, executive and judicial character.39 In the legislative character, a state has the power exercisable as a constitutional discretion, to prescribe rules for regulating the conduct of persons. By enforcement jurisdiction is meant the power of a sovereign to effect implementation of its laws. Obviously, it is the power of the courts of a sovereign to hear and adjudicate upon certain matters in dispute is referred to as curial jurisdiction. Therefore, the question of Jurisdiction is significant on implementation of any piece of legislation it its full swing. In Tanzania, both in civil and criminal matters, Jurisdiction and powers of court are described separately in respective legislations. Mostly, it is on the basis of cause of action or offences, occupy on a set of physical or geographic location. But in cyber law, the concept of place of occurrence and cause of action is very broad. Cyberspace is an amorphous space that does not occupy a set physical or geographical location.40 Cyber crimes can take place across various jurisdictions and hence the legal issue of jurisdiction of International Courts and country specific Tanzanian Courts arises. In recent years, use of the Internet has grown at an explosive rate. However, there currently exists no single entity to control the enormous amount of information that is transmitted through it. 2.6 Computer forensic and e-evidence Only a skilled computer forensic investigator should undertake investigation. Otherwise collection of evidence will almost end up in a failure of an investigation and ultimately a failed prosecution. It is also very important for the investigator to understand the level of sophistication of the suspected criminals. They must be considered to be experts in any case and ancillary counter-measures must be adopted to guard against the destruction of any digital evidence. If this is neglected, it may 39 Amit M Sachdeva, International jurisdiction in cyberspace: a comparative perspective, CTLR 2007, 13(8), 245-258, page 246. 40 Ibid.
  • 39. 25 modify the data on the computer. Some computers have automatic wiping programmes in case a new person touches the wrong key on the keyboard. It then becomes time-consuming and expensive to recover such data, if at all possible. The ability of law enforcement to collect and analyse electronic evidence during investigations can be critical to the successful identification and prosecution of perpetrators. The goal of investigation is to uncover and present the truth. This goal is same for all forms of investigation. 2.7 Anonymity and identity Before jurisdiction even comes into play, it's necessary to discover where and who the criminal is before you can think about making an arrest. This is a problem with online crime because there are so many ways to hide one's identity. There are numerous services that will mask a user's IP address by routing traffic through various servers, usually for a fee. This makes it difficult to track down the criminal. In 2009, Eugene Kaspersky41 identified the relative anonymity of Internet users as a key issue that enables cybercrime and proposed Internet "passports" for individuals and problem. People are more likely to engage in offensive and/or illegal behavior online because of the perception of anonymity. However, attempts to better track online identity raise serious issues for privacy advocates and result in political backlash. And end to anonymity on the Internet could have serious consequences in countries where the government punishes dissenters, so even if the technological challenge of identifying every online user could be overcome, many lawmakers would be hesitant to mandate it. Cybercriminals exploit the rights and privileges of a free society, including anonymity, to benefit themselves. 41 Anonymity and identity, http://www.kaspersky.com/about/security_experts. on 24/1/2013
  • 40. 26 2.8 Conclusion Generally, this chapter outlined the conceptual framework on cybercrimes. This chapter largely succeeded in explaining some of concepts connected with cyber offences in Tanzania. Furthermore, this chapter has laid a solid foundation for the next chapter.
  • 41. 27 CHAPTER THREE ANALYSIS OF THE LEGAL AND INSTITUTIONAL FRAMEWORKS COMBATING CYBERCRIMES IN TANZANIA 3.1 Introduction The legal and institutional framework for combating cybercrimes in Tanzania has a long and storied development. Tanzania after embarking onto technological advancement found in it necessary to transform her laws to reflect these changes. Accordingly, Evidence Act was amended and Electronic and Postal Communications Act and TCRA Act were enacted, in order to bring Tanzania‟s laws in line with new and fast growing technological advancements. This chapter examines the legal and institutional framework which aims on combating cybercrimes in Tanzania. 3.2 National Statutes for combating cybercrimes 3.2.1 The Constitution of United Republic of Tanzania, 1977 Cybercrime affects both a virtual and a real body, but the effects upon each are different. This phenomenon can be clearly manifested in the case of identity theft. The cyber criminals do mostly invade the right to privacy of individuals in their way to committing cybercrimes. For example in Identity theft crime, the criminals do steal credit card information which can be used to reconstruct an individual‟s identity. When criminals steal a firm‟s credit card records, they produce two distinct effects. First, they make off with digital information about individuals that is useful in many ways. For example, they might use the credit card information to run up huge bills, forcing the credit card firms to suffer large losses, or they might sell the information to others who can use it in a similar fashion. Second, they might use individual credit card names and numbers to create new identities for other criminals. The United Republic of Tanzania (URT) Constitution of 1977 as amended form time to times embraces the right to privacy, which is a lynchpin in war against cybercrimes as provided under Article 16 (1) as follows, „…Every person is entitled to respect and protection of his person, the privacy of his own person, his family and of his matrimonial life, and respect and protection of his residence and private communications…‟
  • 42. 28 Article 16(2) goes further stipulating that, „…For the purpose of preserving the person‟s right in accordance with this Article, the state authority shall lay down legal procedures regarding the circumstances, manner and extent to which the right to privacy, security of his person, his property and residence may be encroached upon without prejudice to the provisions of this Article…‟ Article 16(1) and (2) of United Republic of Tanzania Constitution of 1977 as amended form time to time provides for right to privacy. Therefore, thought tacitly provided under the Constitution, it can be traced that, cybercrime which tends to infringe individual‟s right to privacy have no place in Tanzania, though there is no clear legislation to prohibit for the same. 3.2.2 The Penal Code [Cap 16 R.E 2002] In Tanzania, the Penal Code is the important legislation which deals with the definitions of penal offenses and sanctions imposed to such offenses. Most part of this legislation reflects on the paper based transactions. Development in the field of Information and Communication Technology has gone beyond what this statute manifested during the time of its enactment. Since the advent of computers, it has also brought about new categories of crime. However, until to date, Penal Code has not conformed itself in recognizing criminal activities done on the internet. For the law to be in line with the technology advancement, it must be able to define the elements which constitute a particular action being considered an offense. For example, The Criminal Procedure Code, under section 132 provides that:- “Every charge or information shall contain, and shall be sufficient if it contains, a statement of the specific offence or offences with which the accused person is charged, together with such particulars as may be necessary for giving reasonable information as to the nature of offence charged” Therefore, the above provisions clearly stipulate that it is not easy for a prosecutor to prepare a charge sheet if the offenses are not defined and adequately addressed under the specific legislations. It is with regard to the stipulation of an offense in a specific
  • 43. 29 legislation which directs prosecutor on assessing any allegation of a crime before filling a case in a court of law. 3.2.3 The Evidence Act Traditional Criminal Procedure law typically contains provisions on the gathering and admissibility of evidence. When it comes to evidence in electronic form, computer data can be altered easily. Thus, the gathering and handling of electronic evidence must guarantee the integrity and authenticity of evidence during the entire period between its seizure and its use in trial. The recognition of electronic evidence in Tanzania can be traced back in the decision pronounced by Nsekela, J in the case of Trust Bank Tanzania Ltd v. Le Marsh Enterprises and Others,42 were he stated that due to the technological advancements, computer printouts should be regarded as original documents for the purpose of evidence. Therefore, in 2007, through the Written Laws (Miscellaneous Amendments) Act,43 and the Evidence Act44 , did have minor reforms which inter alia incorporated the admissibility of electronic evidence. However, such amendments of the law of evidence still have not eliminated issues of authenticity and integrity of new sources of evidence. Furthermore, the amendments did not incorporate the reforms on the Criminal Procedure Act45 to guide the handling of electronic evidence by the prosecutors. 3.2.4 Electronic and Postal Communication Act, No.12 of 2010 In 2010, there was enactment of The Electronic and Postal Communication Act (EPOCA),46 which inter alia had been enacted with a view to keep abreast with developments in electronic communications industry, to provide for a comprehensive regulatory regime for electronic communications and postal licensees and to regulate 42 High Court of Tanzania (Commercial Division) at Dar es Salaam, Commercial Case No. 4 0f 2004. 43 Act No. 15 of 2007. 44 [CAP 6 R.E 2002]. 45 [CAP 20 R.E 2002]. 46 Act, No.12 of 2010.
  • 44. 30 competitions and practices, to provide for offences relating to electronic communications and postal communications. As this paper is dealing with cybercrimes, this Act has not pointed however, that it was the right to privacy which was being protected but it can be seen that, said provisions are not protecting the privacy right or unwarranted disclosure but rather creating an autonomy to the relevant authority as the sole individuals who are capable of handling the information obtained by the way of interception. Section 120 (a-c)47 of the said Act provides for the penalty of offences relating to interception, which are intercepting, attempting to intercept or procures another person to intercept, it also speaks of an offence by authorized. Generally, EPOCA cannot be said to provide for a necessary safeguard for the public against cybercrimes, it merely gives unlimited authority to investigative authority to obtain sensitive information under a mere suspicion of crime and also it has prescribed some acts o be as crime. However, It is not imposing a mandatory requirement of a warranty, and the exhaustive list of the incidents in which requirement for disclosure ensure that cyber criminals are severely punished by the courts of justice. 3.3 National Policy 3.3.1 Information and Communication Technology Policy of 2003 Tanzania published its first ICT Policy in 2003 which is more than 10 years old. This policy is not updated to reflect new challenges brought by cyber security challenges. Tanzania government initiative which is yet to be implemented is to have the ICT policy updated to reflect current cyber security challenges.48 Therefore, currently there is no cyber security strategy for combating cybercrimes which makes our cyber space on more risk to be attacked. For example following incident on November 2012,49 there was no team which was prepared to fight against cyber threat such as 47 Act No.3 of 2010. 48 Cyber security challenges, http://allafrica.com/stories/201211260091.html, 13/01/2014. 49 Saidi M Kalunde, (2011) The Status of Cybercrimes in Tanzania, Strasbourg, France, page 5.
  • 45. 31 Computer Emergency Response Team (CERT) which is used by other countries to fight against such incidents. Though there have been some private and individual initiatives related to fight against cyber threat, but such initiatives are not adequate to fight against cyber security threats. 3.4 Regional Legal framework for combating cybercrimes 3.4.1 Draft African Union convention on the establishment of a legal framework conducive to cyber security in Africa, 2012 The Draft Convention gives effect to a Resolution of the last session of the Assembly of Heads of State and Government of the African Union, and seeks to harmonize African cyber legislations on electronic commerce organization, personal data protection, cyber security promotion and cyber crime control. In pursuance of the principles of the African Information Society Initiative (AISI) and the African Regional Action Plan for the Knowledge Economy (ARAPKE), the Draft Convention is intended not only to define the objectives and broad orientations for the Information Society in Africa, but also to strengthen existing legislations in Member States and the Regional Economic Communities (RECs) on the Information and Communication Technologies. It defines the security rules essential to establishing a credible digital space in response to the major security related obstacles to the development of digital transactions in Africa. It lays the foundation for an African Union-wide cyber ethics and enunciates fundamental principles in the key areas of cyber security. It also defines the basis for electronic commerce, puts in place a mechanism for combating intrusions into private life likely to be generated by the gathering, processing, transmission, storage and use of personal data and sets broad guidelines for incrimination and repression of cyber crime. Its adoption would capitalize African and international experiences in cyber legislations and speed up relevant reforms in African States and the RECs.
  • 46. 32 3.5 International Legal framework for combating cybercrimes 3.5.1 UN Convention on the Rights of the Child The United Nations Convention on the Rights of the Child, adopted in 1989 contains several instruments aiming to protect children. It does not define child pornography, nor does it contain provisions that harmonize the criminalization of the distribution of online child pornography. However, Article 34 calls upon Member States to prevent the exploitative use of children in pornographic performances. 3.5.2 Council of Europe’s Convention on Cybercrime Currently, the leading international convention on cybercrime is the Council of Europe‟s Convention on cybercrime, which was signed in Budapest in 2001 and entered into force in 2004. The Council of Europe, which is not an organ of the European Union, was founded in 1949 to promote human rights, democracy and the rule of law in Europe. As at December 2009, the Convention was drafted under the aegis of the Council of Europe, it is open to signature by non-members. Four non- members participated in the negotiations of the treaty and signed it (the United States, Canada, Japan and South Africa), and one non-member has ratified it (the United States) The Convention is not, therefore, strictly a regional agreement. Yet the fact that it has only been ratified by one non-European state suggests that it cannot at present be described as a global convention. The convention lists a number of crimes which signatories are required to implement in their domestic law, including hacking, child pornography offenses, and certain offenses related to intellectual property violations. It also sets out a number of procedural mechanisms which signatories must put in place, including granting the power to law enforcement authorities to compel Internet Service Providers to monitor a person‟s online activities. Chapter III of the Convention calls upon signatories to cooperate to the widest extent possible in the investigation and prosecution of cybercrimes offenses.
  • 47. 33 3.6 National Institutions combating cybercrimes in Tanzania 3.6.1 The Police Force The subject of criminal investigation is nothing but crime. In Tanzania, the police force derives their powers to investigate crimes from statute. The principal statute in this regard is the Police and Auxiliary Forces Act50 , which sets out police powers and functions in their generality but at times in considerable details. Police have such powers to require the attendance of witnesses before them, to interview, or to interrogate witnesses, to such premises and persons. Such and similar powers are in essence aimed at facilitating the process of investigation. In Tanzania, there is Police force-cybercrimes unity, which deals with investigation of cyber related crimes occurring all over the country. This unit tries to investigate the allegations before filing their reports to relevant prosecution agencies which in this context is the D.P.P department.51 3.6.2 The Judiciary The powers of the judiciary are conferred under the Constitution of United Republic of Tanzania and other statutory provisions. Under Article 108 and 117 of the Constitution of United Republic of Tanzania, the judiciary is specifically vested with judicial powers as the sole organ entrusted with the duty to interpreting statutory laws of the land and adjudicating over disputes that may arise. The decisions of the judiciary have sometimes lead to legal changes through amendments, repeal, and the enactment of new laws. By using these powers conferred to it by Constitution, the judiciary, through the commercial court, has played a pivotal role in the legal changes dealing with the admissibility of electronic evidence in Tanzania. 3.6.3 The Director of Public Prosecutions (D.P.P) Office The D.P.P department in Tanzania includes Fraud, Corruption and Cyber Crime Section. This section performs the following activities, Review and propose policies, laws, regulations, guidelines and standards on the management of fraud, corruption 50 [CAP 322 R.E 2002]. 51 Saidi M. Kalunde , (2011) The Status of Cybercrimes in Tanzania, Strasbourg, France, pages 3-4.
  • 48. 34 and cybercrime, Coordinate and provide guidance to all law enforcement agencies in fraud, corruption, cybercrime and other related offences, Prepare charges, miscellaneous applications and other related documents, Supervise corruption cases handled by other anti-corruption and fraud bodies, Cooperate and liaise with Government Good Governance entities and review relevant files from investigative organs, Review relevant files from investigative organs. From that analysis, it can be ascertained that, one of the functions vested to the D.P.P department can be seen that the prosecution and investigation of cybercrimes are also conferred among the tasks needed to be accomplished with the department. 3.6.4 Tanzania Communication Regulatory Authority (T.C.R.A) Tanzania Communication Regulatory Authority is a regulatory body established under the TCRA Act.52 The body has the responsibility of regulating the electronic communications, postal and broadcasting sectors in Tanzania. This authority merged the functions and powers of both Tanzania Communications Commission and the Tanzania Broadcasting Commission. It has the role of issuing regulations so as to administer the communication sector effectively, still yet it does not have a firm grip on matters relating to cyber offences which has been one of the challenges of the authority. 3.7 Regional institutional framework for combating cybercrimes 3.7.1 African Union (A.U) Cyber security has many dimensions and people ultimately expect cyberspace systems to function in a trustworthy environment despite many potential threats. Different ways of thinking about cyber security entails liability laws coupled with new directions in education, training and operational practice.53 52 Act No.12 of 2003. 53 Yael Onn., (2005) “Privacy in the Digital Environment”, Haifa Center of Law & Technology, pp. 1- 12.
  • 49. 35 Successfully combating cyber crime and protecting information infrastructures will also require international cooperation to promote the exchange of experience, identification and application of compatible norms and standards. As Member States of the African Union increase access to broadband Internet, cyber crimes are leaping to new heights making it only rational to act now rather than later. Being wired to the rest of the world means we are now within the perimeter of cyber crime, making the continent‟s information systems more vulnerable than ever before. 54 Providing penal protection to the system of values of the information society is a necessity essentially made manifest in the need for appropriate legislation to combat cyber crime. The Extra-Ordinary Conference of African Union Ministers in charge of Communication and Information Technologies meeting in Johannesburg, South Africa from 2-5 November, 2009 requested the African Union Commission to develop jointly with the United Nations Economic Commission for Africa, a convention on cyber legislation based on the Continent‟s needs and which adheres to the legal and regulatory requirements on electronic transactions, cyber security, and personal data protection.55 3.7.2 The Economic Community of West African States (ECOWAS) The Economic Community of West African States is a regional group of West African Countries founded in 1975 it has fifteen member states. In 2009, ECOWAS adopted the Directive on Fighting Cybercrime in ECOWAS that provides a legal framework for the member states, which includes substantive criminal law as well as procedural law. 54 Cybercrime in Africa http://pages.au.int/infosoc/pages/cyber-security On 2 January 2014 55 http://pages.au.int/infosoc/pages/cyber-security on 02/03/2014.
  • 50. 36 3.7.3 East African Community The member states of EAC are also coordinating efforts to harmonize and pass cybercrime laws that would be effective throughout Tanzania, Kenya, Uganda, Rwanda and Burundi. A common information security policy on cybercrime formulated by East African countries will serve as benchmark for new laws.56 A draft framework was submitted to EAC in December 2008 and all member states agreed to have cyber laws in place by 2010.In June 2009, a meeting was held by task force to review the progress made in developing national cyber laws, in line with the EAC cyber laws framework. East African governments are demonstrating increased awareness of cyber security issues, but existing capability to deter, monitor or pursue cyber security is relatively low. 3.8 International Institutional combating cybercrimes The last decade has seen significant development in the promulgation of international and regional instruments aimed at countering cybercrime. The genesis, legal status, geographic scope, substantive focus and mechanisms of such instruments vary significantly. 3.8.1 The G8 The Group of Eight (G8) countries consist of eight members, which are Canada, France, Germany, Italy, Japan United Kingdom, United States and the Russian Federation. These groups of countries represent more than sixty percent of the world economy. In 1997, during their meeting in United States, the G8 Justice and Home Affairs Ministers adopted ten principles and a Ten-Point Action Plan to fight high- tech crimes. The Heads of the G8 subsequently endorsed these principles, which include the followings:- There must be no safe havens for those who abuse information technologies 56 Yael Onn., (2005) “Privacy in the Digital Environment”, Haifa Center of Law & Technology, page 5
  • 51. 37 Investigation and prosecution of international high-tech crimes must be coordinated among all concerned states, regardless of where harm has occurred. Law – enforcement personnel must be trained and equipped to address high- tech crimes. In 1999, The G8 specified their plans regarding the fight against high-tech crimes at a Ministerial Conference on Combating Transnational Organized Crimes in Moscow, Russia Federation. They expressed their concern about crimes (such as child Pornography), as well traceability of transactions and transborder access to stored data. Their communiqué contains a number of principles, in the fight against cybercrime that are today found in number of international strategies.57 All in all, the G8 agreed to general principles such as the importance of security and protection from crimes that underpin a strong and flourishing internet.58 The G8 wants to see all member countries adopt similar laws on cyber-crime and to persuade other countries to adopt co-operative anti-cyber-crime laws. They also want to improve cross border communication and co-operation in order to speed up the extradition of suspected computer criminals and improve the gathering of forensic computer evidence.59 The policies adopted by The G8 are very crucial and they are vital to be adopted by any nation needs to fight against cybercrimes, however G8 much based on formulating such policies in relation to developed countries and leave developing countries such as Tanzania in limbo on how to combat cybercrimes. 57 UNODC (2013) Comprehensive Study on Cybercrimes, New York. 58 Ibid. 59 http://www.zdnet.com/g8-nations-team-up-to-fight-cyber-crime-3002079018, 05/03/2014.
  • 52. 38 3.8.2 The United Nations The advent of new internet technology has resulted in the corresponding advent of both new forms of crime, and new ways to commit old forms of crime. For instance phenomena such as phishing, farming and the diffusion of viruses and worms were completely non-existent before the arrival of the internet, while long existing crimes such as fraud, theft and even terrorism can now all be committed in new ways in cyber world.60 The United Nations has undertaken several important approaches to address the challenge of cybercrimes. While in the beginning its responses was limited to general guidelines, the organization has in recent times dealt more intensively with the challenges and legal response. The United Nations is working on the field of cybercrime to achieve a better understanding of the phenomenon, in order to formulate ad hoc prevention policies, develop security methodologies and techniques, and strengthen the capacities of the actors involved in investigating and prosecuting cybercrimes.61 The United Nations agrees that cyber security is a global issue that can only be solved through global partnership. And it is positioned to bring its strategic and analytic capabilities to address these issues. 3.8.3 The International Telecommunication Union (ITU) The International Telecommunication Union (ITU) as a specialized agency within the United Nations plays a leading role in the standardization and development of telecommunications and cyber security issues. A fundamental role of ITU, following the World Summit in Information Society (WSIS) and the 2010 ITU Plenipotentiary Conference, is to build confidence and security in the use of information and telecommunication technologies. At World 60 Platt,V (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy, International Journal, University of Toronto. 61 Cyber Threats worldwide, http://www.unicri.it/special_topics/cyber_threats/cyber_crime, 13/01/2014.
  • 53. 39 Summit in Information Society, Heads of states and World leaders entrusted ITU to take the lead in coordinating international efforts in the field of cyber security.62 As a result of the summit, the Global Cyber security Agenda (GCA), a framework for international cooperation, was launched for the sake of enhancing confidence and security in the information society. Hence the role of ITU is to seek consensus on a framework for international cooperation in cyber security, in order to reach for a common understanding of cyber security threats among countries at all stages of economic development, that includes developing and putting into action solutions aimed at addressing the global challenges to cyber security and cybercrimes. 3.8.4 The Commonwealth of Nations In 2002, the Commonwealth of Nations presented a model law on cybercrime that provides a legal framework to harmonise legislation within the Commonwealth and enable international cooperation. The model law was intentionally drafted in accordance with the Convention on Cybercrime. The Commonwealth of Nations took a direct and timely action in the harmonizing laws of its member states. In October 2002, the commonwealth secretariat prepared the “model law on computer and computer related crime”. Within the commonwealth‟s 53 member countries, the “model law” has had a wide influence on domestic legislation. Through this model law, the convention on cybercrime has become one of the legislative choices in substantive criminal law, covering the offences of illegal access, interfering with data, interfering with computer systems, and illegal interception of data, illegal data, and child pornography. Compared with the convention on cybercrime, the model law expanded criminal liability to include reckless liability- for the offences of interfering with data, interfering with computer systems, and using illegal devices. The model law also covered the problem of dual criminality by stating that the act applied to an act done or an omission made by a national of a state outside its territory, if the person‟s conduct would also constitute 62 Platt,V (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy, International Journal, University of Toronto.
  • 54. 40 an offence under a law of the country where the offence was committed. This may lead to prosecution or extradition based on dual criminality, but not extradition as it is provided in the convention on cybercrime. Some of the member countries of the Commonwealth have made efforts to draft domestic law according to the model law, such as Bahamas and St. Lucia. In Barbados, Belize, and Guyana, the model law is considered as a guide to the enactment of similar legislation. However, in many other countries of the Commonwealth, there is still no special legislation for cybercrime. Besides impelling legislation within the forum, another focus of the Commonwealth is on mutual assistance in law enforcement between Commonwealth member states and between Commonwealth member states and non-commonwealth States. In the 2005 meeting of Commonwealth law ministers and senior officials, the expert working group proposed 10 recommendations for member states to adopt suitable measures for improving domestic law enforcement and trans-national assistance. In addition, they encouraged member states to sign, ratify, accede to and implement the convention on cybercrime as a basis for mutual legal assistance between Commonwealth member states and non-commonwealth states. 3.8.5 Organisation for Economic Co-operation and Development (OECD) The Organisation for Economic Co-operation and Development is an international economic organisation of 34 countries founded in 1961 to stimulate economic progress and world trade. In 1990, the Information, Computer and Communications Policy (ICCP) Committee created an Expert Group to develop a set of guidelines for information security that was drafted until 1992 and then adopted by the OECD Council. In 2002, OECD announced the completion of "Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security".
  • 55. 41 3.8.6 International Criminal Police Organization (Interpol) Founded in 1923 and located in Lyon, France since 1989, Interpol is an important link among law enforcement organizations globally. Interpol has 178 member countries and maintains close working relationships. Interpol is committed to becoming a global coordination body on the detection and prevention of digital crimes through its Interpol Global Complex for Innovation (IGCI), currently being constructed in Singapore. A key component of this new cutting-edge research and development facility is the Interpol Digital Crime Centre. This new centre provides proactive research into new areas and latest training techniques, and coordinates operations in the field. It has succeeded in the initiatives concerning cybercrime by putting focus on Harmonization, Capacity building, Operational and forensic support.63 63 International Criminal Police Organization http://www.interpol.int/Crime- areas/Cybercrime/Cybercrime 21/1/2014.
  • 56. 42 CHAPTER FOUR RESEARCH FINDINGS AND DATA ANALYSIS 4.1 Introduction The term “effectiveness” is defined as the degree to which objectives achieved or the extent to which targeted problems are solved64 . In this chapter, all factors currently preventing effective legal and institutional frameworks to combat cybercrimes are substantiated. Therefore, findings of this research mostly focus on all factors currently hampering effective legal and institutional frameworks to combat cybercrimes in Tanzania. 4.2 Discussion of findings 4.2.1 Analysis of data collected from magistrates In this aspect, 2 magistrates were interviewed, the first question imposed to them was what that how computer related cases brought before the court are solved? On that aspect question directed to them. The first resident magistrate who is equal to 50% told the research that computer related cases (cybercrimes) are quite hard to be entertained by the court of law because of the nature of offences themselves. He continued to say that, one of the biggest problem is to ascertained the jurisdiction of that governs cybercrime, and the particular law which govern such type of offences as the status are clear on that aspect. Another resident magistrates Magistrate represents 50% of the respondent when answering that question, he said that the laws in existence currently are not adequate to apply in the matter concerning cybercrimes. He pointed out statutes like penal code and the evidence Act, to be more traditional to deal with offences hence they are not in conformity with crimes committed using new technology. The second question was on which statutes should be amended or enacted in order to combat cybercrime? 64 Oxford Advanced Learners Dictionary of Current English, (2010), 7th Edition, Oxford University Press.
  • 57. 43 When responding to this question, the first respondent magistrates said as follow and I quote “Sheria muhimu za kubadilishwa ni ile ya makosa ya jinai pamoja na sheria ya ushahidi” From the above extract, the respondent was of the view that Penal Code and Evidence Act should be amended so as to incorporate current changes in technology which will allow the prosecution of cybercrime. The second respondent when answering this question said that not only the amendment of Penal Code and The Evidence Act is needed. There is a huge ask for the government to enact a special legislation with main purpose to combat cybercrime only, for example Cybercrime Act of United Kingdom .From the above data analysis it is sufficient to say that legal framework is one of hindrances in the fight against cybercrime in Tanzania. 4.2.2 Analysis of Data collected from Public Prosecutors and Police Officer In this category, 2 State Attorneys (Public Prosecutors) from the office of Director of Public Prosecution (D.P.P) and 1 police officer were interviewed The first question imposed to this category of respondents was, what been the efforts taken by the Director of Public prosecution (D.P.P) office and Tanzania police force, toward the threats received from cybercrime The two state attorneys who represents 66.6% of the respondent said that, the office of DPP has cybercrime section which in one way or another provide guidance to all law enforcement agencies is cybercrimes and conducting prosecution and investigation on matter cybercrime. However they said that there is hardship in preparing charge sheets on those particular offences, since the law is silent on them. The police officer who is equal to 33.3% of the respondent respond to the above question by saying that the police force cybercrimes unity is there to deal with the