cybercrimes in tanzania legal and institutional challenges
TRANSCRIPT
1
(MU)
MZUMBE UNIVERSITY
FACULTY OF LAW
RESEARCH REPORT
ON
CYBERCRIMES IN TANZANIA; LEGAL AND INSTITUTIONAL
CHALLENGES
BY:
IDDI YASSIN
Registration No: 14816/T.11
SUPERVISOR: Mr. MARTIN MASSAWE
A COMPULSORY RESEARCH REPORT SUBMITTED AS PARTIAL
FULFILLMENT FOR THE REQUIREMENT OF THE AWARD OF
BACHELOR OF LAWS DEGREE (LL.B) OF MZUMBE UNIVERSITY
JUNE, 2014
i
CERTIFICATION
I, the undersigned, certify that I have read and hereby recommend for acceptance by
the Mzumbe University, a report titled “CYBERCRIMES IN TANZANIA:
LEGAL AND INSITITUTIONAL CHALLENGES”, in partial fulfillment of the
requirements for an award of the degree of bachelor in laws of Mzumbe University.
Signature
.....................................................
Mr. Martin Massawe
Supervisor
ii
DECLARATION
I, IDDI YASSIN do hereby declare that this is my own work and it has not been
submitted for a similar or any other degree in any other university.
CANDIDATE: ……………………
IDDI YASSIN
DATE: ……… ………………2014
iii
COPYRIGHT
This report is protected under the Berne Convention of 1886, the Copyright and
Neighboring Rights Act, No. 7 of 1999 and other international and national
enactments, in that behalf, on intellectual property. It may not be reproduced by any
means in full or in part, except for short extracts in fair dealings, for research or
private study, critical scholarly review or disclosure with an acknowledgement,
without the written permission of Mzumbe University, on behalf of the author.
© IDDI YASSIN
MZUMBE UNIVERSITY
JUNE, 2014
iv
ACKNOWLEDGEMENT
Completion of this work has been possible due to effort and assistance from a
number of persons. Therefore I wish to acknowledge the assistance I got when
undertaking this research, the assistance without which my work would have been
impossible.
I wish to thank my parents, Mr. Yassin Iddi and Mrs Rukia Yassin for their
encouragement and blessings which they gave to me during each and every step of
my life adventure.
I am greatly indebted to my supervisor Mr Martin Massawe for his guidance in the
research preparation and completion of this work. Many stimulating discussions,
constructive criticism and comments from him have contributed to the final shape
and content of this work. However, I am solely responsible for the contents or error
in this work.
Furthermore, my immense gratitude goes to Her Majesty‟s British Government to
which under its wonderful administration, it laid down the foundation for everyone to
understand that he possessed all the privileges as well as all the responsibilities of his
existence, by indulging ideas of civilization to the indigenous people and those
principles laid a solid foundation in the shaping up of our legal system.
Also, I am indebted to many friends, colleagues, teachers, librarians and others for
their help during my study.
Finally I owe the greatest debt to thank God, for he gave me grace.
v
DEDICATION
To the fraternity which sought to help good men become better
vi
LIST OF ABBREVIATIONS
AISI - African Information Society Initiative
ARAPKE - African Regional Action Plan for the Knowledge Economy
C A - Court of Appeal
CAP - Chapter
CERT - Computer Emergency Response Team
D.P.P - Director of Public Prosecutions
EAC - East African Community
ECOWAS - The Economic Community of West African States
G8 - Group of Eight
GCA - Global Cyber security Agenda
HCD - High Court Digest
IBID - Ibidem
ICT - Information and Communication Technology
Interpol - International Criminal Police Organization
ISP - Internet Service Provider
ITU - International Telecommunication Union
LL.B - Lex Legum Baccalaureus
LLC - Limited Liability Company
N - Number
OECD - Organisation for Economic Co-operation and Development
Op cit - Opera Citate
Pg - Page
R.E - Revised Edition
REC - Regional Economic Communities
TCRA - Tanzania Communication Regulatory Authority
TLR - Tanzania Law Report
U.K - United Kingdom
U.N - United Nations
U.S - United States
v. - Versus
vii
ABSTRACT
Cyber crime reflects a peculiar type of techno-sophisticated criminality having
different features. This criminality is posing the challenges to existing national legal
system and it appears to be difficult to control and combat these crimes within the
existing framework of legal system. Specially, the problem of jurisdiction, identity
crises and lack of legal recognition of most of acts make it difficult for legal systems
to effective deal with the crime. The location and trans-national character of these
crimes again added the flavor makes it too dangerous to imagine.
Chapter one, in this chapter the main discussion bases on the introduction and
historical background to the problem. It also covers the objectives of the study, the
significance of the study and the research methodology which was applied during the
research
In chapter two, the focus laid down conceptual framework of cybercrimes and
explanation of some concepts concerning with cyber developments.
Chapter three, the discussion is based on the general concept of legal and
institutional frameworks in International level, Regional level and National level.
The importance gained under this chapter based on analysis of such legal and
institutional frameworks so as to link them with the need of study.
Chapter four contains the important selected data from the field which intend to
prove truthfulness or otherwise of the hypothesis of the study that, the law in
Tanzania does not provide protection against cybercrimes. There is little legal
protection to the community after taking a venture into development of ICT due to
the absence of provisions in the Penal Code and other laws in preventing
cybercrimes, likewise there is no proper institutional framework to give protection
against cybercrimes.
Chapter five of this work mainly focused on laying down conclusive remarks and
recommendations to be followed so as to succeed in fight against cybercrimes.
viii
TABLE OF CONTENTS
CERTIFICATION .................................................................................................... i
DECLARATION ..................................................................................................... ii
COPYRIGHT ......................................................................................................... iii
ACKNOWLEDGEMENT ...................................................................................... iv
DEDICATION .........................................................................................................v
LIST OF ABBREVIATIONS ................................................................................. vi
ABSTRACT .......................................................................................................... vii
TABLE OF CONTENTS ...................................................................................... viii
LIST OF STATUTES AND INTERNATIONAL INSTRUMENTS ....................... xii
LIST OF CASES .................................................................................................. xiii
CHAPTER ONE .....................................................................................................1
1.1 Introduction .....................................................................................................1
1.2 Background to the problem ..............................................................................3
1.3 Statement of the problem .................................................................................5
1.4 Objectives of the study ....................................................................................6
1.4.1 General objective ......................................................................................6
1.4.2 Specific objectives ....................................................................................6
1.5 Significance of the study..................................................................................7
1.6 Hypotheses ......................................................................................................7
1.7 Research methodology.....................................................................................7
1.7.1 Sampling selection ....................................................................................7
1.7.2 Unit of inquiry ..........................................................................................8
1.7.3 Research Design........................................................................................8
1.7.4 Scope and Justification of the study ...........................................................8
1.7.5 Data sources and collection strategies ........................................................9
1.7.5.1 Primary Data collection ......................................................................9
1.7.5.2 Secondary Data collection ..................................................................9
1.7.5.2.1 Interview ......................................................................................9
1.7.5.2.2 Questionnaire ...............................................................................9
1.7.6 Data Analysis .......................................................................................... 10
ix
1.8 Limitations of the study ................................................................................. 10
1.9 Literature review ........................................................................................... 11
CHAPTER TWO .................................................................................................. 15
ANALYSIS ON CONCEPTUAL FRAMEWORK OF CYBERCRIMES ......... 15
2.1 Introduction ................................................................................................... 15
2.2 Offence of Fraud ........................................................................................... 15
2.3 Hacking ......................................................................................................... 17
2.4 The challenges brought by Electronic evidence .............................................. 19
2.4.1 Authenticity ............................................................................................ 20
2.4.2 Integrity .................................................................................................. 21
2.4.3 Confidentiality ........................................................................................ 22
2.5 Jurisdictional problems .................................................................................. 23
2.6 Computer forensic and e-evidence ................................................................. 24
2.7 Anonymity and identity ................................................................................. 25
2.8 Conclusion .................................................................................................... 26
CHAPTER THREE .............................................................................................. 27
ANALYSIS OF THE LEGAL AND INSTITUTIONAL FRAMEWORKS
COMBATING CYBERCRIMES IN TANZANIA .............................................. 27
3.1 Introduction ................................................................................................... 27
3.2 National Statutes for combating cybercrimes ................................................. 27
3.2.1 The Constitution of United Republic of Tanzania, 1977 .......................... 27
3.2.2 The Penal Code [Cap 16 R.E 2002] ......................................................... 28
3.2.3 The Evidence Act .................................................................................... 29
3.2.4 Electronic and Postal Communication Act, No.12 of 2010 ...................... 29
3.3 National Policy .............................................................................................. 30
3.3.1 Information and Communication Technology Policy of 2003 .................. 30
3.4 Regional Legal framework for combating cybercrimes .................................. 31
3.4.1 Draft African Union convention on the establishment of a legal framework
conducive to cyber security in Africa, 2012 ........................................... 31
3.5 International Legal framework for combating cybercrimes ............................ 32
x
3.5.1 UN Convention on the Rights of the Child .............................................. 32
3.5.2 Council of Europe‟s Convention on Cybercrime ..................................... 32
3.6 National Institutions combating cybercrimes in Tanzania .............................. 33
3.6.1 The Police Force ..................................................................................... 33
3.6.2 The Judiciary .......................................................................................... 33
3.6.3 The Director of Public Prosecutions (D.P.P) Office ................................. 33
3.6.4 Tanzania Communication Regulatory Authority (T.C.R.A) ..................... 34
3.7 Regional institutional framework for combating cybercrimes ........................ 34
3.7.1 African Union (A.U) ............................................................................... 34
3.7.2 The Economic Community of West African States (ECOWAS) .............. 35
3.7.3 East African Community ......................................................................... 36
3.8 International Institutional combating cybercrimes .......................................... 36
3.8.1 The G8 .................................................................................................... 36
3.8.2 The United Nations ................................................................................. 38
3.8.3 The International Telecommunication Union (ITU) ................................. 38
3.8.4 The Commonwealth of Nations ............................................................... 39
3.8.5 Organisation for Economic Co-operation and Development (OECD) ...... 40
3.8.6 International Criminal Police Organization (Interpol) .............................. 41
CHAPTER FOUR................................................................................................. 42
RESEARCH FINDINGS AND DATA ANALYSIS ............................................ 42
4.1 Introduction ................................................................................................... 42
4.2.1 Analysis of data collected from magistrates ............................................. 42
4.2.2 Analysis of Data collected from Public Prosecutors and Police Officer ... 43
4.2.3 An analysis of data collected from Public citizens and University students
............................................................................................................... 44
4.2.4 An analysis of Data collected from Advocates of the high court of
Tanzania and Lawyers ............................................................................ 45
4.2.5 An analysis of Data collected from IT experts ......................................... 45
xi
CHAPTER FIVE .................................................................................................. 46
CONCLUSION AND RECOMMENDATIONS .................................................. 46
5.1 Conclusion .................................................................................................... 46
5.2 Testing Hypothesis ........................................................................................ 47
5.3 Testing Objective .......................................................................................... 47
5.4 Recommendations ......................................................................................... 47
5.4.1 Need to enact robust cyber legislation ..................................................... 48
5.4.2 Providing training to the judicial officers and law enforcers on cybercrime
............................................................................................................... 48
5.4.3 Providing education on cybercrime issues to the members of the public .. 48
5.4.4 Establishment of specific institutions to combat cybercrimes................... 49
5.4.5 Institutions should work together and coordinate their activities .............. 49
5.4.6 More stern measures should be taken against cyber criminals .................. 49
5.4.7 Increase of cyber security practices in both public and private sector
organizations ........................................................................................... 49
5.4.8 Cybercrime prevention by Internet service and hosting providers ............ 50
5.4.9 International coordination and cooperation .............................................. 50
BIBLIOGRAPHY ................................................................................................. 51
APPENDIX ........................................................................................................... 54
xii
LIST OF STATUTES AND INTERNATIONAL INSTRUMENTS
DOMESTIC STATUTES
Criminal Procedure Act [Cap 20 R.E 2002]
Penal Code [Cap 16 R.E 2002]
Post and Telecommunications Act,[ No.15 of 1977]
Tanzania Communication Regulatory Authority Act [No.12 of 2003]
The Broadcast Receiving Apparatus (Licensing) Act [No.6 of 1964]
The Electronic and Postal Communications Act [No.3 of 2010]
The Evidence Act [Cap 6R.E 2002]
NATIONAL POLICIES
Information and Communication Technology Policy of 2003
INTERNATIONAL INSTRUMENTS
G8 Ten-Point Action Plan of 1997
Global Cyber security Agenda (GCA)
The AU Draft Convention on Cyber security
The Council of Europe‟s Convention on cybercrime, of 2001
UK Computer Misuse Act of 1990
UN Convention on the Rights of the Child of 1989
xiii
LIST OF CASES
DPP v Ray [1974] AC 370
Indigital Solutions, LLC v. Mohammed, 2012 WL 5825824 (S.D. Tex)
R v. Lloyd [1985] 2All ER 661
Tanzania Cotton Marketing Board v. Cogecot Cotton Company SA [1997] TLR 165
Trust Bank Tanzania Ltd v. Le Marsh Enterprises Ltd, High Court of Tanzania
(Commercial Division) at Dar es Salaam, Commercial case no.4 of 2004
United States v. Lloyd 269 F. 3d 228,231 (3rd
Cir.2001)
1
CHAPTER ONE
1.1 Introduction
Massive technological advancement in the world has brought about robust changes in
socio-economical arena. During the end of 20th
century, the world has been mostly
marked with a tremendous development in Information and Communication
Technology (ICT).1 This ICT advancement from the end of the 20
th century has led
to changes in areas such as knowledge management and human resources
development.
Remarkably, development in technology has brought about improvement of
communication systems and business transactions methods, on the other hand such
developments have facilitated about new types of crimes. These crimes which
operate by using new technology are known as cyber crimes. Cyber crimes are
defined as any violations of the criminal law that involves the knowledge of
computer technology for their perpetration, investigation, or prosecution2 . Cyber
crime is an overwhelming problem worldwide. It has brought an array of new crime
activities and actors and, consequently, a series of new challenges in the fight against
this new threat.
Cyber crimes represent a real challenge to all criminal justice all over the world
including Tanzania. Cyber criminals around the world lurk on the Net as omnipresent
menace to the financial health of businesses, to the trust of their customers, and as an
emerging threat to nations‟ security. Headlines of cyber attacks command our
attention with increasing frequency. For example in the case of United States v.
Lloyd3, where the defendant worked as a computer systems administrator for a
manufacturer of highly specialized and sophisticated industrial process measurement
devices and control equipment. Before his anticipated termination he planted a “logic
bomb” in the central file server of the company‟s computer network. It went off on a
specified date after he left, permanently deleting the company‟s design and production
1.Mambi, A.J (2010) ICT Law Book, A Sourcebook for Information and Communication Technologies
and Cyber Law, Mkuki na Nyota Publishers, Dar-es-salaam, Tanzania, page 69. 2Lloyd J.I., Information Technology Law, 3
rd Edition, Lexis Nexis Butterworth UK, 2000, page 156.
3269F.3d228, 231(3dCir.2001).
2
computer programs. It purged about 1,200 computer programs, crippling the
company‟s manufacturing capabilities and resulting in the loss of millions of dollars
in sales and contracts. It shows how cybercrimes can curtail organizations businesses.
Cybercrimes which are harmful acts committed from or against a computer or
network differs from most terrestrial crimes in four ways. They are easy to learn how
to commit; they require few resources relative to the potential damage caused; they
can be committed in jurisdiction without being physically present in it; and they are
often not clearly illegal.
Cybercrime is now serious, widespread, aggressive, growing and increasingly
sophiscated and poses major implications for national and economic security. Many
industries and institutions and public and private organizations are at significant risk.
For example in Indigital Solutions, LLC v. Mohammed 4 Plaintiffs alleged that one or
more unknown defendants used malware to gain access to plaintiffs‟ email account,
web hosting account and domain registration account. From a message in plaintiffs‟
email account, the defendants acquired an image of one of the plaintiff‟s signature,
which defendants used to forge a domain name transfer agreement. Plaintiffs sued
under the Computer Fraud and Abuse Act and other theories. They sought leave to
take expedited discovery to learn the identity of the unknown defendants. The court
granted the motion.
The court found that plaintiffs had made a prima facie showing of harm by setting
forth a valid claim under the Computer Fraud and Abuse Act. The discovery request
was specific, in that they sought third party subpoenas to specified recipients seeking
particular information. All alternative means of discovering the defendants had been
exhausted, and the case could not move forward without the information. And the
court found no privacy interest on the part of the defendants to be at stake, especially
given the evidence that the defendants were not U.S. citizens, thus not subject to any
First Amendment interest in anonymity. This shows how serious other jurisdictions
have in methods combating against cybercrimes.
42012 WL 5825824 (S.D.Tex).
3
Currently, Tanzania is embarking on deployment of e-government and more
organizations are adopting the internet as medium of transmission for the core
business functions. The organizations that heavily depend of the internet and
computer network are at risk from cyber attack which could deliberately attempt to
disrupt services.
Finally, the growing danger from crimes committed against computers, or against
information store on computers, is beginning to claim attention in larger capacity.
The existing laws are likely to be unenforceable against such crimes. This lack of
legal protection means that businesses and governments must rely solely on technical
measures to protect themselves from cyber criminals.
1.2 Background to the problem
Cybercrime in Tanzania is a conundrum and not something novel. This problem can
be traced back from the advent of computer technology in 1965, where the first
computer in Tanzania, an ICT 1500, was installed in the Ministry of Finance.5 At that
point of time the life structure started to embrace new advancements hence
technology started to forge its roots in different sectors. In that particular time
government saw the danger posed by the introduction of technological advancements
hence it enacted various legislations so as to regulate Information Communication
Technology (ICT), examples of such legislations were Post and Telecommunications
Act6and the Broadcast Receiving Apparatus (Licensing) Act.
7
The failure to computerize the government accounting system and the consequent
heavy financial loss accumulated with the fear of side effects caused by the
advancement of science and technology resulted to the government banning the
importation of computers and related equipments into Tanzania.8
5 Ubena, J. (2009),“Why Tanzania needs Electronic communication legislation? Law keeping up with
technology”, Law Reformer Journal, Vol. 2 No. 1 pp. 17- 26.
6Act No.15 of 1977.
7Act No.6 of 1964.
8Ndamagi, C. "National Informatics Policies in Tanzania: A Practitioner's Point of View., Regional
Seminar on National Information and Informatics Policies in Africa, UN Economic Commission, 28
November-December 1988.
4
The Judiciary of Tanzania tried to sophiscate the problem of technological
advancement in the case of Tanzania Cotton Marketing Board v Cogecot Cotton
Company SA,9 where it did the move by interpreting and applying the existing
statutory and common law principles in ways and manners that incorporate the
existing social realities. The Court of Appeal of Tanzania allowed arbitration awards
to be sent to the High Court electronically, contrary to the rule 4 of the Arbitration
Ordinance.
All in all, Tanzania started to experience cybercrime incidents around various public,
private organizations, and government institutions. From January to November 2012
crimes which include massive web attacks such as that happened on November 2012
where some of government websites and private companies‟ website were massively
attacked. Such website include, Chemi & Cotex Industries Ltd, Tanzania Olympic
website , Open University website , Tanzania commission for University few to
mention, the web intruders did havoc in the above mentioned websites and changed
the data therein.10
Moreover, report from Tanzania Police Force11
shows that there is an increase in
reported cases of cybercrimes in the country. One of the examples is the increase of
businessmen who forge receipts of imported goods so as evade taxation liability.
Although cybercrime is a conundrum in worldwide arena, developed countries such
as U.K, U.S and institutions in those countries have made a major step in employing
in-house computer forensic experts who realize the risks of having an attack before it
occurs or before the security breach and the government of those nations have
enacted cyber laws which define clearly cybercrimes offences.12
As the industrial revolution rendered obsolete aspects of law based on notions of an
agrarian society, so a legal system focusing on issue of ownership, control and use of
9[1997]TLR.165.
10 Cybercrime in Tanzania http://www.ippmedia.com/frontend/?l=65994 , 24/12/2013.
11Tanzania Police Force, Cyber Security in Tanzania-Country Report, 2012.
12Gringras,C, (2003), The Laws of the Internet,2nd edition, Butterworth‟s, Lexis, ,page 15.
5
physical objects must reorientate itself to suit the requirement of an information
society.
That has never been done in Tanzania and it remains clear, however, that regulation
of ICT in Tanzania is still at an initial stage, and much needs to be done in the ICT
sector.
1.3 Statement of the problem
Usage of cyber-related technology has been a cornerstone towards development in
Tanzania. In the recent years there has been tremendous increase in the penetration
and use of cyber-related technology in many aspects of life. New cellular
technologies, web-based networks, community ICT access points in the remote parts
of the world have ushered in an era when even the most remote parts of the world
will be connected through internet connections. This rapid improvement in the usage
of cyber-related technology has created major impacts in the society. Notably,
developments in technology paved way for the commission of crimes electronically
hence the emergence of computer crimes. Computer related crimes such as cyber
attacks and virus dissemination are examples of the misuse of ICT development,
whereby nowadays criminals use computers as an object.
The problem of cybercrimes in Tanzania is, like in many other jurisdictions,
increasingly fatal. As computers have developed in the country, so have also
criminal offences associated with their use. But the laws in Tanzania have never
changed to reflect these dangerous advancements .The existing traditional penal
laws such as the Penal Code13
have nothing to do with the increasing cybercrimes
yet. These traditional laws were not written with the on-line society with
Cyberspace in mind causing the problem of their applicability on cybercrime. It is a
common understanding that the information structure in Cyberspace represents
values which should be protected, also by criminal law measures. But the provisions
in existing traditional criminal laws are still meant to ignore the protection of these
13
[CAP 16 R.E 2002].
6
values and instead they only describe qualified unethical behaviours that the
societies have decided to be criminal offences. There is, until now, no specific
provision in the penal code which addresses cybercrime as an offence. This situation
can be further illustrated by the case of R v. Lloyd,14
The case involved an alleged
original copy of film from cinemas overnight so as to produce copies and return the
original copy. The issue before the court was whether the elements of theft under the
English law at the time which are synonymously with Tanzanian criminal
legislation, could be fulfilled under the digital technology. The Court dismissed the
charges.
The legal environment in Tanzania is still inadequate for cyber security in the
country. This is because the existing laws were developed before the development of
computer technology. The laws were made to facilitate the traditional paper based
business environment. The situation poses a serious challenge to Tanzania to
accommodate modern cyber crimes.15
1.4 Objectives of the study
1.4.1 General objective
The general objective of the study was to examine critically the legal framework and
institutional framework in Tanzania in relation to the increasing rate of cybercrimes.
1.4.2 Specific objectives
To examine the extent to which the current legal framework in Tanzania has
achieved in fighting against cybercrimes.
To examine the factors hindering the fight against cybercrimes in Tanzania
To propose suitable legal framework that is responsive to technological
changes with a view to reducing problems associated with cybercrimes in
Tanzania.
14
[1985] 2 All ER 661. 15
Mambi , A. J. (2010) ICT Law Book, A Sourcebook for Information and Communication
Technologies and Cyber Law, Mkuki na Nyota Publishers ,Dar-es-salaam, Tanzania, page 58.
7
1.5 Significance of the study
The study helped in identifying challenges that Tanzania faces due to the lack
of robust legal and institutional frameworks concerning with cyber
developments .Furthermore, the study raised awareness to the mass with issues
concerning with cybercrimes .Lastly, the study pointed the way forward for the
future reforms of legal framework and institutional framework concerning with
cyber developments.
1.6 Hypotheses
This research proceeded in the assumption that
i. The presence and continuity of cybercrimes is due to the weakness of the
current legal framework in Tanzania.
ii. The current legal framework in Tanzania has not sufficiently incorporated
cyber developments.
iii. Poor institutional framework in Tanzania also attributes to the existence of
the problem of cybercrimes.
iv. There is lack of knowledge among the public concerning the issue of
cybercrimes.
1.7 Research methodology
This is a systematic way of solving a research problem. It outlined the way in
which this research was carried out.16
In view of the research, it needed both
primary and secondary methods of data collection.
1.7.1 Sampling selection
The structure of the study demanded a carefully targeted sample of judicial
members, legal practitioners, governmental and non-governmental institutions,
where the conundrum of cybercrime is highly staked to.
Random sampling with the advantage of getting unbiased representative group
16
Kothari C.R. (2004), Research Methodology: Methods and Techniques, 2nd
Revised Edition, New
Age International Publishers, New Delhi, page 25.
8
was impracticable in this study. Therefore, purposive sampling technique,
otherwise referred to as a judgment samples, was employed in this study to get
information. The purposive samples allow the selection of informants that fits
the focus of the study. In this study the researcher selected the sampling unit
that was the representative of the population. Since the chance that a particular
sampling unit was selected depending on the subjective judgment of the
researcher, it did not satisfy the probability chance of being selected.
1.7.2 Unit of inquiry
The study conducted at Dar-es-salaam, whereby numbers of people were
involved as the unity of inquiry which included 2 Resident Magistrates from
Judiciary, 2 Public prosecutors at D.P.P Office, 1 Police Officer, 3 Advocates
of the High Court and Courts Subordinate thereto (save primary courts), 2
Information Technology (I.T) Experts, 1 Legal officer from Tanzania
Communication Regulatory Authority (TCRA), 1 Legal officer from Law
Reform Commission, 2 university students and 2 public citizens.
1.7.3 Research Design
This study has employed a case study design, since it was considered by researcher
to be a great method for deep studying of the subject. In this regard, the Legal officer
from TCRA was selected for interview; office of Law Reform Commission of
Tanzania was visited for collecting information. Also a State Attorney from The
D.P.P office and Advocates of The High Court of Tanzania were interviewed by the
researcher. Furthermore, two IT experts, two students, two public citizens and two
Resident magistrates were also interviewed.
1.7.4 Scope and Justification of the study
As noted in the introduction part, the gist of this research was to analyse the
challenges facing legal and institutional frameworks combating cybercrimes in
Tanzania. Large part of this research was conducted in Dar es Salaam region .Dar es
Salaam region was chosen because it provided the researcher with an ideal study area
due to its duo capacity as one of the main industrial and residential area of Tanzania.
9
If the problem of cybercrime was not addressed, the country could likely be exposed
in danger of exploited by cyber criminals. The problem of cybercrimes has
worsened. This therefore created the need to carry out research and if no research
was carried out, the future of Tanzania‟s development was to be uncertain.
Cybercrimes rate could increase as people look for illegal ways of making a living.
1.7.5 Data sources and collection strategies
Two types of data used in this work namely, primary and secondary data.
1.7.5.1 Primary Data collection
In this part, all books, journals, papers and publications relevant to the study were
reviewed from libraries of Mzumbe University and University of Dar-es-salaam.
Moreover, the researcher explored various books, articles, journals, and papers with
bearing on the research topic available freely over the worldwide web.
1.7.5.2 Secondary Data collection
The researcher employed interview and questionnaire methods of data collection
while in the field. Selection of the most appropriate method depended on surrounding
circumstances of each respondent.
1.7.5.2.1 Interview
Since the issue of cybercrime is very sensitive in the country it was vital to conduct
interview on that matter, with individuals who have knowledge on legal framework
and institutional framework concerning with cyber issues. The number of
respondents included the Judiciary members, government officials, advocates and IT
experts, students and ordinary citizens.
1.7.5.2.2 Questionnaire
Questionnaires were employed in collecting data, in order to compliment the
interview method and reach a greater number of respondents. The researcher drafted
three different types of questionnaires each specifically designed for a particular
10
group of respondents. Some questionnaires were drafted for Judiciary members,
others for various advocates and lawyers, and lastly distributed to ICT experts.
1.7.6 Data Analysis
Data analysis is a process of inspecting, cleaning, transforming, and modeling data
with the goal of providing useful information, suggesting conclusion and supporting
decision making. During this stage all relevant materials including legislation and
case law were clearly inspected to ensure that they fit the research criteria. Collected
data were analysed qualitatively and the secondary analysis method was also
employed for secondary data. The findings of the research were presented and
analysed using simple content analysis tools. This kind of analysis took the form of
qualitative data analysis methods when analysing data which were in form of words
(non-empirical data). In data analysis the researcher did three things which were data
reduction, data display and conclusion drawing.
1.8 Limitations of the study
In the course of conducting this research, things did not always work ought the way
expected. There were ups and downs. Some of the challenges encountered during
field work were:-
Some of the respondents did not supply the information needed, because they were
too busy with their work. Furthermore, some of the judicial officers whom I sent my
questionnaires did not reply it.
On the aspect of respondents whom did not supply me with the information because
they were busy (mostly of them were Honorable Judges of The High Court),
information was acquired from other judicial officers (Resident Magistrates) who
explained the position of judiciary regarding cybercrimes.
11
1.9 Literature review
Adam Mambi (2010) 17
provides an insight of cybercrime in Tanzania,
including the challenges that it faces in combating such crimes which includes
cyber attacks and virus dissemination. The author observed that the revolution
in information technology has changed society fundamentally, and he further
ascertained that these technological developments has given rise to
unprecedented economic and social changes, but also they have brought a dark
side of it as now there are crimes which are committed through that new
technology. However, the author failed to give possible measures that should be
taken by relevant authorities in the quest to fight against cybercrime.
Delloite (2010)18
in their paper had a view that cyber crime is now serious,
widespread, aggressive, growing, and increasingly sophisticated, and poses major
implications for national and economic security. Many industries and institutions and
public- and Private-sector organizations (particularly those within the critical
infrastructure) are at significant risk. Furthermore it was contented that relatively few
organizations have recognized organized cyber criminal networks, rather than
hackers, as their greatest potential cyber security threat; even fewer are prepared to
address this threat.
They further analyzed that organizations tend to employ security-based, “wall-and-
fortress” approaches to address the threat of cybercrime, but this is not enough to
mitigate the risk.
Lastly, they outlined that organizations should understand how they are viewed by
cyber criminals in terms of attack vectors, systems of interest, and process
vulnerabilities, so they can better protect themselves from attack.
However, the author did not provide a clear indication on which body of laws and
institutions should be established so as to combat the problems concerning with
cybercrimes. 17
Mambi , A.J. (2010) ICT Law Book, A Sourcebook for Information and Communication
Technologies and Cyber Law, Mkuki na Nyota Publishers, Dar-es-salaam, Tanzania, page 117.
18Delloite, Cybercrime: A clear and Present danger, Combating the fastest growing cyber security
threat,
CSO Cybersecurity, Watch Survey, 2010.
12
Evans (2008)19
in his paper, explains that ICT as an essential tool for sustainable
development has proved to be worth in every sentiment. Because of this, internet
usage in Nigeria has grown rapidly resulting in the explosion of Internet Service
Providers (ISPs) and internet access points. This influenced socio-economic and
educational development in the country.
He further commented that ICT has led to tremendous changes in the economy and
even the way people live.
What is noticeable here is that all these studies were carried out in the Western
Africa, whereas results from studies conducted in Nigeria produced a very different
set of results from the other parts of the universe.
Victor Platt (2012)20
provides that the unpredictability nature of cyber terrorism and
espionage, real-time response proves problematic. “Cyber attacks therefore require
swift responses…to detect and respond to an attack after it is underway. The
literature cites threat management, not outright elimination, as the key to a successful
cyber security strategy. “New cyber security approaches must continually be
developed, tested and implemented to respond to new threat technologies and
strategies.”A good example of threat management was employed during the US
bureau of industry attack.
However, the author did not elucidate in detail the challenges that country experience
in fights against cybercrimes.
McConnell (2000) 21
had a view that the growing danger from crimes committed
against computers, or against information on computers, is beginning to claim
attention in national capitals. In most countries around the world, however, existing
laws are likely to be unenforceable against such crimes.
The author further contented that the lack of legal protection against cybercrimes
means that businesses and governments must rely solely on technical measures to
19
Evans, O. (2008). ICT and Nigerian Banks Reforms: Analysis of Anticipated Impacts in Selected
Banks. Global Journal of Business Research, Vol. 2(2): page 67-76. 20
V.Platt, (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy,
International Journal, University of Toronto, page 155. 21
McConnell International, (2000), Cyber Crime…and Punishment? Archaic Laws Threaten Global
Information, report by McConnell.
13
protect themselves from those who would steal, deny access to, or destroy valuable
information.
The problem with this approach is that it tends to create a „self fulfilling prophesy‟
and material drawn from these studies must be treated with a degree of
circumspection.
David I. Bainbridge (2008) 22
his book shows how it is difficult to fight against
cybercrimes if the country does not have a specific statute to deal with electronic
transactions. He further gives comparative study of the United Kingdom (U.K), where
it was after the enactment of the Computer Misuse Act of 1990 from which
cybercrimes were effectively regulated. Prior to that enactment, cybercrimes had
increasing effects in the United Kingdom society.
In this particular literature, the author‟s assumption based most on developed
countries and he did not take into consideration developing countries like Tanzania.
Said M. Kalunda (2011) 23
in his article show cybercrime is uncovered in
Tanzania. He explores that Tanzania lacks a robust legal regime on cybercrime that
is why it is increasingly affected with the cybercriminals‟ activities.
From the author arguments, it is clearly visible that the literature are connected with
this study since it analyze the common main factor which influences the inflowing of
cybercrimes in various parts of the universe. However the author failed to propose
the strongest means by which institutions should take in combating cybercrimes.
Eve Hawa Sinare (2007) 24
shows the efforts made by the Tanzania legal framework
in fighting against cybercrimes. She gives examples of section 40, 76 and 78 of the
Evidence Act, which were amended to recognize electronic evidence to be
admissible in courts of law. However it is still in doubt as to whether the electronic
22
Bainbridge D, (2008), Introduction to Computer Law, Longman 5th
Edition, page 92. 23
Saidi M. Kalunde, (2011), The Status of Cybercrimes in Tanzania, Strasbourg, France, page 5.
24
Eve Hawa Sinare, Electronic Evidence and its Admissibility in Tanzania Courts, World Series Group
Publications: 2007, page 23.
14
equipments such as computer or server would be acceptable as evidence under
section 40A of the amended Evidence Act, especially where it has been used to store
information which is subject to legal proceedings.
15
CHAPTER TWO
ANALYSIS ON CONCEPTUAL FRAMEWORK OF CYBERCRIMES
2.1 Introduction
In this chapter the researcher shows the general concept of cybercrimes in particular.
This chapter focuses on the two areas; it outlines the concept of cybercrimes and
some of challenges brought by the development of technology in legal environment
of Tanzania.
2.2 Offence of Fraud
The Concise Oxford Dictionary25
defines fraud as Criminal deception, use of false
representations to gain unjust advantage; dishonest artifice or trick; person or thing
not fulfilling expectation or description; deceitfulness.
Traditionally, fraud is defined as one person deceiving another person for the
purposes of deriving a benefit or gain. In the electronic world, the deception may not
involve two persons but rather one person and a computer, or two computers one of
which controlled by a person. Regardless of the medium through which the
fraudulent activity is perpetrated, for a fraud to occur there must be some form of
deceptive or false representation, which results in an unjust gain for either the person
perpetrating the fraudulent activity or for a third party. Such gain may not necessarily
be a gain in monetary terms, but can include a benefit (e.g., delivery of a service) or
the attainment of intellectual property (e.g., ownership of copyright).
Unlike traditional fraud where the victim and witness are human beings, in the
electronic world the computer systems and on-line transaction systems become the
witness. Rather than examining paper-based evidence, in the electronic world the
evidence is less tangible and transient in nature. Consequently the need to identify,
capture, and preserve potential electronic evidence using computer forensics is of
paramount importance.
25
Oxford Advanced Learners Dictionary of Current English, (2010), 7th Edition, Oxford University
Press.
16
In terms of computer fraud, the difficulty with this offence is that it requires a
deception and this implies that it is an actual person that being deceived, not a
machine. In DPP v Ray,26
Lord Morris said, „For a deception to take place there must
be some person or persons who will have been deceived‟.
If a person gains access, whether with or without permission, to a bank‟s computer
system and dishonestly instructs the computer system to transfer money from one
account into another, then the person is „deceiving‟ the computer or computer the
offence of obtaining property by deception not made out. It would be different if,
before the transfer made, a message displayed at someone‟s terminal requesting
confirmation of the transfer. In that case, the other person would be subject to the
deception as well as the computer and there should then be no difficulty related to the
applicability of the offence of obtaining property by deception or any other offence
involving deception system: that is, he purports to have the authority to carry out
such an act. Even if he has authority to transfer money from one account to another
under normal circumstances as an employee would, that authority is nullified by his
dishonesty. The main point is that it is the computer that being deceived. Under
normal circumstances, no other human being is involved and, therefore, it would
seem that the offence of obtaining property by deception not made out. It would be
different if, before the transfer made, a message displayed at someone‟s terminal
requesting confirmation of the transfer. In that case, the other person would be
subject to the deception as well as the computer and there should then be no
difficulty related to the applicability of the offence of obtaining property by
deception or any other offence involving deception.27
The notion that a machine cannot be deceived is strengthened by the provision of
Penal Code ,Cap 16 R.E. 2002, which defines the offences of obtaining services by
deception as follows; Section 304 states:
26
[1974] AC 370. 27 Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of
Tanzania, page 63.
17
Any person who by means of any fraudulent trick or device obtains
from any other person anything capable of being stolen or any other
person to or deliver to any person anything capable of being stolen or
to pay or deliver to any person anything capable of being stolen or to
pay or deliver to any person any money or goods or any greater sum
of money or greater quantity of goods than he would have paid or
delivered but for such trick or device, is guilty of an offence and is
liable to imprisonment for three years.
Section 302 of the same Act states:
Any person who by any false pretence and with intent to defraud, obtains
from any other person anything capable of being stolen or induces any other
person to deliver to any person anything capable of being stolen, is guilty of
an offence and is liable to imprisonment for seven years.
All these definition justify that for offences of deception to occur, is necessary for a
person to induce another person.
2.3 Hacking
Computer hacking is the accessing of a computer system without the express or
implied permission of the owner of that computer system. A person who engages in
this activity is known as a computer hacker and may be motivated by the mere thrill
of being able to outwit the security systems contained in a computer. A hacker may
gain access remotely, using a computer in his own home or office connected to a
telecommunications network.
Although, the offence of unauthorised access or hacking can be compared to
criminal trespassing or with breaking and entering, where no further offence is
intended or then committed. However, if the traditional terminologies of those
offences are defined, it is obvious that the point of departure will be obtained. For
example, Section 299 of the Penal Code,28
defines criminal trespassing as follows;
Any person who–
(a) Unlawfully enters into or upon property in the possession of another
with intent to commit an offence or to intimidate, insult or annoy any
person in possession of the property; or
28
[CAP 16 R.E 2002]
18
(b) Having lawfully entered into or upon the property unlawfully
remains there with intent thereby to intimidate, insult or annoys the
person in possession of the property or with intent to commit an
offence, is guilty of criminal trespass.
Looking critically at the offence defined above, one would realize that, the offence
has included property and instruments as the main ingredients of the offences. Since
the signals or electrons have no physical existence, they cannot be interpreted
ejusdem generis with terms mentioned in the statute.
Ejusdem generis rule is invoked whenever the court wants to ascertain whether the
word or phrase has a distinct genus or category with general phrase or words. The
specific words or phrases must apply not to different objects of a widely differing
character but to something, which can be called a class or kind of objects.
This shows how penal provision remained rigid, while the cyber criminals continue
to utilize that opportunity to commit offences and evade liabilities.
Furthermore, Part VI of Electronic and Postal Communications Act29
, provides
penalties for offenses relating to electronic communications. Under, sections 151 to
160 of Electronic and Postal Communications Act it is observed how the legislation
has made a number of amendments to the TCRA Act30
and the Fair competition
Act31
Some of commonly known cybercrime have been criminalized under the new
law, example fraudulent use of electronic services and unauthorized access or use of
computer systems.
Though the Act has prescribed for such offences, still it did not provide for a clear
framework of how such crimes should be combated in the sense of investigation and
prosecution which still makes it harder to fight against cybercrimes.
29
[Act No. 3 of 2010]. 30
Act No. 12 of 2003. 31
Act No. 18 of 2009.
19
2.4 The challenges brought by Electronic evidence
Tanzania inherited adversarial system of dispute settlement where the court stands as
an uninterested party and neutral umpire and the parties prove their allegations by
providing evidence to prove the truthfulness of their assertions.
Evidence is the means by which facts relevant to the guilt or innocence of an
individual at trial are established. Electronic evidence is all such material that exists
in electronic, or digital, form. Electronic evidence is central not only to the
investigation and prosecution of forms of cybercrime, but increasingly to crime in
general.
In the today‟s era of rapid growth, information technology is encompassing all
occupations all over the world. These technological developments
Yet another thing that makes cybercrime more difficult to investigate and prosecute
in comparison to most "real world" crimes is the nature of the evidence. The problem
with digital evidence is that, after all, it is actually just a collection of ones and zeros
represented by magnetization, light pulses, radio signals or other means. This type of
information is fragile and can be easily lost or changed.32
Protecting the integrity of evidence and maintaining a clear chain of custody is
always important in a criminal case, but the nature of the evidence in a cybercrime
case makes that job far more difficult. An investigator can contaminate the evidence
simply by examining it, and sophisticated cybercriminals may set up their computers
to automatically destroy the evidence when accessed by anyone other than
themselves.
In cases such as child pornography, it can be difficult to determine or prove that a
person downloaded the illegal material knowingly, since someone else can hack into
a system and store data on its drive without the user's knowledge or permission if the
system isn't adequately secured.
32
Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of
Tanzania, page 80.
20
In cases of intrusion or cyber vandalism, the bad guy often erases all logs that show
what happened, so that there is no evidence to prove that a crime even occurred,
much less where the attack came from.
2.4.1 Authenticity
Authentication means satisfying the court that (a) the contents of the record have
remained unchanged, (b) that the information in the record does infact originate from
its purported source, whether human or machine, and (c) that extraneous information
such as the apparent date of the record is accurate. As with paper records, the
necessary degree of authentication may be proved through or and circumstantial
evidence, if available, or via technological features in the system or the record.
Authentication is actually a two-step process, with an initial examination of the
evidence to determine that it is what its proponent claims and, later, a closer analysis to
determine its probative value. In the initial stage, it may be sufficient for an
individual who is familiar with the digital evidence to testify to its authenticity.33
For instance, the individual who collected the evidence can confirm that the
evidence presented in court is the same as when it was collected. Alternatively, a
system administrator can testify that log files presented in court originated from her
or his system. In some cases, the defence will cast doubt on more malleable forms
of digital evidence, such as logs of online chat sessions.
Normally, when information is entered on a computer memory, or an e-mail is sent
or an order is placed for goods or services through the internet, the sender is unable
to authenticate the information he has sent by way of a signature. It is the same if he
speaks with another person on the telephone, leaves a message on that other
person‟s voicemail or sends a text message. Even if he uses a password or an
33
Abdallah,A (2011), The Impact of ICT Revolution in Tanzania‟s Legal System: A critical analysis of cybercrimes and computer forensic Evidence: A compulsory Research Paper submitted in partial fulfillment for the requirement of the award of Masters of Laws Degree (LL.M) of Open University of
Tanzania, page 80.
21
acronym they may not be peculiar to him the way a signature written by him would
be.
The password or acronym can also be endorsed or used by anybody else who knows
them far more easily than a signature can be imitated. A voice on the phone canal so
be imitated. In a workplace, any person can enter informat ion into a computer
memory, purporting it to be entered by another person.
As a result, when customer‟s account records are called up in a bank‟s computer
system there is hardly any way of knowing which person made which entry. This
makes it difficult to ascertain whether that person was an appropriate officer to make
the entry. Even if one of several appropriate officers makes a wrong entry, it may
not be traceable to him since he has not signed it, because there is no way he would
have done so.
Once digital evidence is admitted, its reliability is examined to determine its
probative value. For instance, if there is concern that the evidence was tampered
with prior to collection, these doubts may reduce the weight assigned to the evidence.
In several cases, attorneys have argued that digital evidence was untrustworthy
simply because there was a theoretical possibility that it could have been altered or
fabricated.
However, as judges become more familiar with digital evidence, they are requiring
evidence to support claims of untrustworthiness. Even when there is a reasonable
doubt regarding the reliability of digital evidence, this does not necessarily make it
inadmissible, but will reduce the amount of weight it is given by the court.
2.4.2 Integrity
Integrity refers to maintaining accurate and complete data unaltered in an improper
or subversive manner. Data integrity concerns data stored, processed or in transit. In
the context of databases, data integrity also regards the metadata and the functions
used.34
34
Ioana,V, The cybercrime challenge: does the Romanian legislation answer adequately?, Law
Review vol. III, issue 2, July-December 2013, pages 42-51.
22
Integrity is another problem of authenticity. It can however be seen as more of an
issue of whether or not the information has got distorted or tampered with even after
it emanated from a correct source. An audio or visual tape can be edited or tampered
with through the introduction or removal of some bits and superimposition of
images. Through any such interference, the later form of the contents is
fundamentally different from the first or original form.
Through hacking of computers, crashing through passwords, and kindred
wrongdoings, information stored in computer memories can be altered even without
the knowledge of the maker, sender and, or receiver as he case may be. Telefaxes can
be intercepted and possibly changed just as text messages can be intercepted, listened
in to and even by an unscrupulous operator working for the network provider through
which the message was sent. On the other hand, if a letter is sent through post office
or through a courier service, it may be only remotely possible, if at all, for it to be
tampered with. A hardcopy of a document is generally more difficult to tamper with
than an electronic copy.35
2.4.3 Confidentiality
Confidentiality is an attribute that concerns computer data that should not be
obtained or read without right. Confidentiality is very important when disclosures
would significantly harm the victim, for instance the case of trade secrets or personal
information (such as medical records, financial records or attorney-client
communications). Confidentiality can have several levels of restriction, from
restrictions to reading, printing or transmitting data through a computer system, to
restrictions regarding even the existence of certain data.36
Confidentiality ensures
that only authorized parties‟ access computer related assets. That is, only those who
should have access to something will actually get that access. By “access”, we mean
not only reading but also viewing, printing, or simply knowing that a particular asset
exists. Confidentiality is sometimes called secrecy or privacy.
35
Ibid. 36
Ioana,V, The cybercrime challenge: does the Romanian legislation answer adequately?, Law
Review vol. III, issue 2, July-December 2013, pages 42-51.
23
Electronically generated materials hardly enjoy confidentiality since they are
legitimately or illegitimately accessible to third parties or undesirable readers or
users. Any information posted on the internet or used in what has come to be called
e-filing of court processes and e-trial and related procedures, is accessible to many
people than the immediate parties and court staff that directly deals with or treat the
documents.
Although, there is an assumption that the Amendment of Tanzanian‟s Evidence Act,
1967 has provided a room for other legislations to fit in. However, this assumption is
not supported by the provision of criminal procedure Act, 1985.For example, section
132 of the criminal procedure Act, Cap 20 R.E.2002, directs offences to be specified
in charge with necessary particulars. Section 129 of the same Act (supra) provides
for Power of magistrate to reject complaint or formal charge.
If one reads, the above provisions with the support of Article 13(6) (c) of the
Constitution of the United Republic of Tanzania 37
would realise that our laws have
created a serious lacunae, which needs a prompt solution. Article 13(6) (c) of the
Constitution reads as follows;
No person shall be punished for any act which at the time of its
commission was not an offence under the law, and no penalty shall be
imposed which is heavier than the penalty in force at the time the offence
was committed.
Since Constitution is the supreme law of the land any law, which contradicts it must
be declared null and void. It is obvious that cyber criminals to evade liabilities can
utilize the existing gap very effectively and this should be taken as a serious
challenge in our legal system.
2.5 Jurisdictional problems
The Black‟s Dictionary38
, gives a comprehensive definition to the term „Jurisdiction‟.
It refers to a Government‟s general power to exercise authority over all person‟s and
37
[CAP 2 R.E 2002] 38
The Black‟s Dictionary (8th
Ed), Thomson West, Page 867.
24
things within its territory. The term covers within its ambit the authority of a
sovereign to act in legislative, executive and judicial character.39
In the legislative
character, a state has the power exercisable as a constitutional discretion, to prescribe
rules for regulating the conduct of persons. By enforcement jurisdiction is meant the
power of a sovereign to effect implementation of its laws. Obviously, it is the power
of the courts of a sovereign to hear and adjudicate upon certain matters in dispute is
referred to as curial jurisdiction.
Therefore, the question of Jurisdiction is significant on implementation of any piece
of legislation it its full swing. In Tanzania, both in civil and criminal matters,
Jurisdiction and powers of court are described separately in respective legislations.
Mostly, it is on the basis of cause of action or offences, occupy on a set of physical
or geographic location. But in cyber law, the concept of place of occurrence and
cause of action is very broad. Cyberspace is an amorphous space that does not
occupy a set physical or geographical location.40
Cyber crimes can take place across various jurisdictions and hence the legal issue of
jurisdiction of International Courts and country specific Tanzanian Courts arises. In
recent years, use of the Internet has grown at an explosive rate. However, there
currently exists no single entity to control the enormous amount of information that
is transmitted through it.
2.6 Computer forensic and e-evidence
Only a skilled computer forensic investigator should undertake investigation.
Otherwise collection of evidence will almost end up in a failure of an investigation
and ultimately a failed prosecution. It is also very important for the investigator to
understand the level of sophistication of the suspected criminals. They must be
considered to be experts in any case and ancillary counter-measures must be adopted
to guard against the destruction of any digital evidence. If this is neglected, it may
39
Amit M Sachdeva, International jurisdiction in cyberspace: a comparative perspective, CTLR 2007,
13(8), 245-258, page 246. 40
Ibid.
25
modify the data on the computer. Some computers have automatic wiping
programmes in case a new person touches the wrong key on the keyboard. It then
becomes time-consuming and expensive to recover such data, if at all possible.
The ability of law enforcement to collect and analyse electronic evidence during
investigations can be critical to the successful identification and prosecution of
perpetrators. The goal of investigation is to uncover and present the truth. This goal
is same for all forms of investigation.
2.7 Anonymity and identity
Before jurisdiction even comes into play, it's necessary to discover where and who
the criminal is before you can think about making an arrest. This is a problem with
online crime because there are so many ways to hide one's identity. There are
numerous services that will mask a user's IP address by routing traffic through
various servers, usually for a fee. This makes it difficult to track down the criminal.
In 2009, Eugene Kaspersky41
identified the relative anonymity of Internet users as a
key issue that enables cybercrime and proposed Internet "passports" for individuals
and problem. People are more likely to engage in offensive and/or illegal behavior
online because of the perception of anonymity.
However, attempts to better track online identity raise serious issues for privacy
advocates and result in political backlash. And end to anonymity on the Internet
could have serious consequences in countries where the government punishes
dissenters, so even if the technological challenge of identifying every online user
could be overcome, many lawmakers would be hesitant to mandate it.
Cybercriminals exploit the rights and privileges of a free society, including
anonymity, to benefit themselves.
41
Anonymity and identity, http://www.kaspersky.com/about/security_experts. on 24/1/2013
26
2.8 Conclusion
Generally, this chapter outlined the conceptual framework on cybercrimes. This
chapter largely succeeded in explaining some of concepts connected with cyber
offences in Tanzania. Furthermore, this chapter has laid a solid foundation for the
next chapter.
27
CHAPTER THREE
ANALYSIS OF THE LEGAL AND INSTITUTIONAL FRAMEWORKS
COMBATING CYBERCRIMES IN TANZANIA
3.1 Introduction
The legal and institutional framework for combating cybercrimes in Tanzania has a
long and storied development. Tanzania after embarking onto technological
advancement found in it necessary to transform her laws to reflect these changes.
Accordingly, Evidence Act was amended and Electronic and Postal Communications
Act and TCRA Act were enacted, in order to bring Tanzania‟s laws in line with new
and fast growing technological advancements. This chapter examines the legal and
institutional framework which aims on combating cybercrimes in Tanzania.
3.2 National Statutes for combating cybercrimes
3.2.1 The Constitution of United Republic of Tanzania, 1977
Cybercrime affects both a virtual and a real body, but the effects upon each are
different. This phenomenon can be clearly manifested in the case of identity theft.
The cyber criminals do mostly invade the right to privacy of individuals in their way
to committing cybercrimes. For example in Identity theft crime, the criminals do
steal credit card information which can be used to reconstruct an individual‟s
identity. When criminals steal a firm‟s credit card records, they produce two distinct
effects. First, they make off with digital information about individuals that is useful
in many ways. For example, they might use the credit card information to run up
huge bills, forcing the credit card firms to suffer large losses, or they might sell the
information to others who can use it in a similar fashion. Second, they might use
individual credit card names and numbers to create new identities for other criminals.
The United Republic of Tanzania (URT) Constitution of 1977 as amended form time
to times embraces the right to privacy, which is a lynchpin in war against
cybercrimes as provided under Article 16 (1) as follows,
„…Every person is entitled to respect and protection of his person, the
privacy of his own person, his family and of his matrimonial life, and
respect and protection of his residence and private communications…‟
28
Article 16(2) goes further stipulating that,
„…For the purpose of preserving the person‟s right in accordance with
this Article, the state authority shall lay down legal procedures
regarding the circumstances, manner and extent to which the right to
privacy, security of his person, his property and residence may be
encroached upon without prejudice to the provisions of this Article…‟
Article 16(1) and (2) of United Republic of Tanzania Constitution of 1977 as
amended form time to time provides for right to privacy. Therefore, thought tacitly
provided under the Constitution, it can be traced that, cybercrime which tends to
infringe individual‟s right to privacy have no place in Tanzania, though there is no
clear legislation to prohibit for the same.
3.2.2 The Penal Code [Cap 16 R.E 2002]
In Tanzania, the Penal Code is the important legislation which deals with the
definitions of penal offenses and sanctions imposed to such offenses. Most part of
this legislation reflects on the paper based transactions. Development in the field of
Information and Communication Technology has gone beyond what this statute
manifested during the time of its enactment. Since the advent of computers, it has
also brought about new categories of crime. However, until to date, Penal Code has
not conformed itself in recognizing criminal activities done on the internet.
For the law to be in line with the technology advancement, it must be able to define
the elements which constitute a particular action being considered an offense.
For example, The Criminal Procedure Code, under section 132 provides that:-
“Every charge or information shall contain, and shall be sufficient if it
contains, a statement of the specific offence or offences with which the
accused person is charged, together with such particulars as may be
necessary for giving reasonable information as to the nature of offence
charged”
Therefore, the above provisions clearly stipulate that it is not easy for a prosecutor to
prepare a charge sheet if the offenses are not defined and adequately addressed under
the specific legislations. It is with regard to the stipulation of an offense in a specific
29
legislation which directs prosecutor on assessing any allegation of a crime before
filling a case in a court of law.
3.2.3 The Evidence Act
Traditional Criminal Procedure law typically contains provisions on the gathering
and admissibility of evidence. When it comes to evidence in electronic form,
computer data can be altered easily. Thus, the gathering and handling of electronic
evidence must guarantee the integrity and authenticity of evidence during the entire
period between its seizure and its use in trial.
The recognition of electronic evidence in Tanzania can be traced back in the decision
pronounced by Nsekela, J in the case of Trust Bank Tanzania Ltd v. Le Marsh
Enterprises and Others,42
were he stated that due to the technological advancements,
computer printouts should be regarded as original documents for the purpose of
evidence.
Therefore, in 2007, through the Written Laws (Miscellaneous Amendments) Act,43
and the Evidence Act44
, did have minor reforms which inter alia incorporated the
admissibility of electronic evidence.
However, such amendments of the law of evidence still have not eliminated issues of
authenticity and integrity of new sources of evidence. Furthermore, the amendments
did not incorporate the reforms on the Criminal Procedure Act45
to guide the
handling of electronic evidence by the prosecutors.
3.2.4 Electronic and Postal Communication Act, No.12 of 2010
In 2010, there was enactment of The Electronic and Postal Communication Act
(EPOCA),46
which inter alia had been enacted with a view to keep abreast with
developments in electronic communications industry, to provide for a comprehensive
regulatory regime for electronic communications and postal licensees and to regulate
42
High Court of Tanzania (Commercial Division) at Dar es Salaam, Commercial Case No. 4 0f 2004. 43
Act No. 15 of 2007. 44
[CAP 6 R.E 2002]. 45
[CAP 20 R.E 2002]. 46
Act, No.12 of 2010.
30
competitions and practices, to provide for offences relating to electronic
communications and postal communications.
As this paper is dealing with cybercrimes, this Act has not pointed however, that it
was the right to privacy which was being protected but it can be seen that, said
provisions are not protecting the privacy right or unwarranted disclosure but rather
creating an autonomy to the relevant authority as the sole individuals who are
capable of handling the information obtained by the way of interception. Section 120
(a-c)47
of the said Act provides for the penalty of offences relating to interception,
which are intercepting, attempting to intercept or procures another person to
intercept, it also speaks of an offence by authorized.
Generally, EPOCA cannot be said to provide for a necessary safeguard for the public
against cybercrimes, it merely gives unlimited authority to investigative authority to
obtain sensitive information under a mere suspicion of crime and also it has
prescribed some acts o be as crime. However, It is not imposing a mandatory
requirement of a warranty, and the exhaustive list of the incidents in which
requirement for disclosure ensure that cyber criminals are severely punished by the
courts of justice.
3.3 National Policy
3.3.1 Information and Communication Technology Policy of 2003
Tanzania published its first ICT Policy in 2003 which is more than 10 years old. This
policy is not updated to reflect new challenges brought by cyber security challenges.
Tanzania government initiative which is yet to be implemented is to have the ICT
policy updated to reflect current cyber security challenges.48
Therefore, currently
there is no cyber security strategy for combating cybercrimes which makes our cyber
space on more risk to be attacked. For example following incident on November
2012,49
there was no team which was prepared to fight against cyber threat such as
47
Act No.3 of 2010. 48
Cyber security challenges, http://allafrica.com/stories/201211260091.html, 13/01/2014. 49
Saidi M Kalunde, (2011) The Status of Cybercrimes in Tanzania, Strasbourg, France, page 5.
31
Computer Emergency Response Team (CERT) which is used by other countries to
fight against such incidents. Though there have been some private and individual
initiatives related to fight against cyber threat, but such initiatives are not adequate to
fight against cyber security threats.
3.4 Regional Legal framework for combating cybercrimes
3.4.1 Draft African Union convention on the establishment of a legal framework
conducive to cyber security in Africa, 2012
The Draft Convention gives effect to a Resolution of the last session of the Assembly
of Heads of State and Government of the African Union, and seeks to harmonize
African cyber legislations on electronic commerce organization, personal data
protection, cyber security promotion and cyber crime control.
In pursuance of the principles of the African Information Society Initiative (AISI)
and the African Regional Action Plan for the Knowledge Economy (ARAPKE), the
Draft Convention is intended not only to define the objectives and broad orientations
for the Information Society in Africa, but also to strengthen existing legislations in
Member States and the Regional Economic Communities (RECs) on the Information
and Communication Technologies.
It defines the security rules essential to establishing a credible digital space in
response to the major security related obstacles to the development of digital
transactions in Africa.
It lays the foundation for an African Union-wide cyber ethics and enunciates
fundamental principles in the key areas of cyber security. It also defines the basis for
electronic commerce, puts in place a mechanism for combating intrusions into
private life likely to be generated by the gathering, processing, transmission, storage
and use of personal data and sets broad guidelines for incrimination and repression of
cyber crime. Its adoption would capitalize African and international experiences in
cyber legislations and speed up relevant reforms in African States and the RECs.
32
3.5 International Legal framework for combating cybercrimes
3.5.1 UN Convention on the Rights of the Child
The United Nations Convention on the Rights of the Child, adopted in 1989 contains
several instruments aiming to protect children. It does not define child pornography,
nor does it contain provisions that harmonize the criminalization of the distribution
of online child pornography. However, Article 34 calls upon Member States to
prevent the exploitative use of children in pornographic performances.
3.5.2 Council of Europe’s Convention on Cybercrime
Currently, the leading international convention on cybercrime is the Council of
Europe‟s Convention on cybercrime, which was signed in Budapest in 2001 and
entered into force in 2004. The Council of Europe, which is not an organ of the
European Union, was founded in 1949 to promote human rights, democracy and the
rule of law in Europe. As at December 2009, the Convention was drafted under the
aegis of the Council of Europe, it is open to signature by non-members. Four non-
members participated in the negotiations of the treaty and signed it (the United
States, Canada, Japan and South Africa), and one non-member has ratified it (the
United States)
The Convention is not, therefore, strictly a regional agreement. Yet the fact that it has
only been ratified by one non-European state suggests that it cannot at present be
described as a global convention.
The convention lists a number of crimes which signatories are required to implement
in their domestic law, including hacking, child pornography offenses, and certain
offenses related to intellectual property violations. It also sets out a number of
procedural mechanisms which signatories must put in place, including granting the
power to law enforcement authorities to compel Internet Service Providers to
monitor a person‟s online activities.
Chapter III of the Convention calls upon signatories to cooperate to the widest extent
possible in the investigation and prosecution of cybercrimes offenses.
33
3.6 National Institutions combating cybercrimes in Tanzania
3.6.1 The Police Force
The subject of criminal investigation is nothing but crime. In Tanzania, the police
force derives their powers to investigate crimes from statute. The principal statute in
this regard is the Police and Auxiliary Forces Act50
, which sets out police powers and
functions in their generality but at times in considerable details.
Police have such powers to require the attendance of witnesses before them, to
interview, or to interrogate witnesses, to such premises and persons. Such and similar
powers are in essence aimed at facilitating the process of investigation. In Tanzania,
there is Police force-cybercrimes unity, which deals with investigation of cyber
related crimes occurring all over the country. This unit tries to investigate the
allegations before filing their reports to relevant prosecution agencies which in this
context is the D.P.P department.51
3.6.2 The Judiciary
The powers of the judiciary are conferred under the Constitution of United Republic
of Tanzania and other statutory provisions. Under Article 108 and 117 of the
Constitution of United Republic of Tanzania, the judiciary is specifically vested with
judicial powers as the sole organ entrusted with the duty to interpreting statutory
laws of the land and adjudicating over disputes that may arise. The decisions of the
judiciary have sometimes lead to legal changes through amendments, repeal, and the
enactment of new laws. By using these powers conferred to it by Constitution, the
judiciary, through the commercial court, has played a pivotal role in the legal
changes dealing with the admissibility of electronic evidence in Tanzania.
3.6.3 The Director of Public Prosecutions (D.P.P) Office
The D.P.P department in Tanzania includes Fraud, Corruption and Cyber Crime
Section. This section performs the following activities, Review and propose policies,
laws, regulations, guidelines and standards on the management of fraud, corruption
50
[CAP 322 R.E 2002]. 51
Saidi M. Kalunde , (2011) The Status of Cybercrimes in Tanzania, Strasbourg, France, pages 3-4.
34
and cybercrime, Coordinate and provide guidance to all law enforcement agencies in
fraud, corruption, cybercrime and other related offences, Prepare charges,
miscellaneous applications and other related documents, Supervise corruption cases
handled by other anti-corruption and fraud bodies, Cooperate and liaise with
Government Good Governance entities and review relevant files from investigative
organs, Review relevant files from investigative organs.
From that analysis, it can be ascertained that, one of the functions vested to the D.P.P
department can be seen that the prosecution and investigation of cybercrimes are also
conferred among the tasks needed to be accomplished with the department.
3.6.4 Tanzania Communication Regulatory Authority (T.C.R.A)
Tanzania Communication Regulatory Authority is a regulatory body established
under the TCRA Act.52
The body has the responsibility of regulating the electronic
communications, postal and broadcasting sectors in Tanzania. This authority merged
the functions and powers of both Tanzania Communications Commission and the
Tanzania Broadcasting Commission. It has the role of issuing regulations so as to
administer the communication sector effectively, still yet it does not have a firm grip
on matters relating to cyber offences which has been one of the challenges of the
authority.
3.7 Regional institutional framework for combating cybercrimes
3.7.1 African Union (A.U)
Cyber security has many dimensions and people ultimately expect cyberspace
systems to function in a trustworthy environment despite many potential threats.
Different ways of thinking about cyber security entails liability laws coupled with
new directions in education, training and operational practice.53
52
Act No.12 of 2003. 53
Yael Onn., (2005) “Privacy in the Digital Environment”, Haifa Center of Law & Technology, pp. 1-
12.
35
Successfully combating cyber crime and protecting information infrastructures will
also require international cooperation to promote the exchange of experience,
identification and application of compatible norms and standards.
As Member States of the African Union increase access to broadband Internet, cyber
crimes are leaping to new heights making it only rational to act now rather than
later. Being wired to the rest of the world means we are now within the perimeter of
cyber crime, making the continent‟s information systems more vulnerable than ever
before. 54
Providing penal protection to the system of values of the information society is a
necessity essentially made manifest in the need for appropriate legislation to combat
cyber crime.
The Extra-Ordinary Conference of African Union Ministers in charge of
Communication and Information Technologies meeting in Johannesburg, South
Africa from 2-5 November, 2009 requested the African Union Commission to
develop jointly with the United Nations Economic Commission for Africa, a
convention on cyber legislation based on the Continent‟s needs and which adheres to
the legal and regulatory requirements on electronic transactions, cyber security, and
personal data protection.55
3.7.2 The Economic Community of West African States (ECOWAS)
The Economic Community of West African States is a regional group of West
African Countries founded in 1975 it has fifteen member states. In 2009, ECOWAS
adopted the Directive on Fighting Cybercrime in ECOWAS that provides a legal
framework for the member states, which includes substantive criminal law as well as
procedural law.
54
Cybercrime in Africa http://pages.au.int/infosoc/pages/cyber-security On 2 January 2014 55
http://pages.au.int/infosoc/pages/cyber-security on 02/03/2014.
36
3.7.3 East African Community
The member states of EAC are also coordinating efforts to harmonize and pass
cybercrime laws that would be effective throughout Tanzania, Kenya, Uganda,
Rwanda and Burundi. A common information security policy on cybercrime
formulated by East African countries will serve as benchmark for new laws.56
A draft framework was submitted to EAC in December 2008 and all member states
agreed to have cyber laws in place by 2010.In June 2009, a meeting was held by task
force to review the progress made in developing national cyber laws, in line with the
EAC cyber laws framework. East African governments are demonstrating increased
awareness of cyber security issues, but existing capability to deter, monitor or pursue
cyber security is relatively low.
3.8 International Institutional combating cybercrimes
The last decade has seen significant development in the promulgation of international
and regional instruments aimed at countering cybercrime. The genesis, legal status,
geographic scope, substantive focus and mechanisms of such instruments vary
significantly.
3.8.1 The G8
The Group of Eight (G8) countries consist of eight members, which are Canada,
France, Germany, Italy, Japan United Kingdom, United States and the Russian
Federation. These groups of countries represent more than sixty percent of the world
economy. In 1997, during their meeting in United States, the G8 Justice and Home
Affairs Ministers adopted ten principles and a Ten-Point Action Plan to fight high-
tech crimes. The Heads of the G8 subsequently endorsed these principles, which
include the followings:-
There must be no safe havens for those who abuse information technologies
56
Yael Onn., (2005) “Privacy in the Digital Environment”, Haifa Center of Law & Technology, page
5
37
Investigation and prosecution of international high-tech crimes must be
coordinated among all concerned states, regardless of where harm has
occurred.
Law – enforcement personnel must be trained and equipped to address high-
tech crimes.
In 1999, The G8 specified their plans regarding the fight against high-tech crimes at
a Ministerial Conference on Combating Transnational Organized Crimes in Moscow,
Russia Federation. They expressed their concern about crimes (such as child
Pornography), as well traceability of transactions and transborder access to stored
data. Their communiqué contains a number of principles, in the fight against
cybercrime that are today found in number of international strategies.57
All in all, the
G8 agreed to general principles such as the importance of security and protection
from crimes that underpin a strong and flourishing internet.58
The G8 wants to see all member countries adopt similar laws on cyber-crime and to
persuade other countries to adopt co-operative anti-cyber-crime laws. They also want
to improve cross border communication and co-operation in order to speed up the
extradition of suspected computer criminals and improve the gathering of forensic
computer evidence.59
The policies adopted by The G8 are very crucial and they are vital to be adopted by
any nation needs to fight against cybercrimes, however G8 much based on
formulating such policies in relation to developed countries and leave developing
countries such as Tanzania in limbo on how to combat cybercrimes.
57
UNODC (2013) Comprehensive Study on Cybercrimes, New York. 58
Ibid. 59
http://www.zdnet.com/g8-nations-team-up-to-fight-cyber-crime-3002079018, 05/03/2014.
38
3.8.2 The United Nations
The advent of new internet technology has resulted in the corresponding advent of
both new forms of crime, and new ways to commit old forms of crime. For instance
phenomena such as phishing, farming and the diffusion of viruses and worms were
completely non-existent before the arrival of the internet, while long existing crimes
such as fraud, theft and even terrorism can now all be committed in new ways in
cyber world.60
The United Nations has undertaken several important approaches to address the
challenge of cybercrimes. While in the beginning its responses was limited to general
guidelines, the organization has in recent times dealt more intensively with the
challenges and legal response.
The United Nations is working on the field of cybercrime to achieve a better
understanding of the phenomenon, in order to formulate ad hoc prevention policies,
develop security methodologies and techniques, and strengthen the capacities of the
actors involved in investigating and prosecuting cybercrimes.61
The United Nations
agrees that cyber security is a global issue that can only be solved through global
partnership. And it is positioned to bring its strategic and analytic capabilities to
address these issues.
3.8.3 The International Telecommunication Union (ITU)
The International Telecommunication Union (ITU) as a specialized agency within
the United Nations plays a leading role in the standardization and development of
telecommunications and cyber security issues.
A fundamental role of ITU, following the World Summit in Information Society
(WSIS) and the 2010 ITU Plenipotentiary Conference, is to build confidence and
security in the use of information and telecommunication technologies. At World
60
Platt,V (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy,
International Journal, University of Toronto. 61
Cyber Threats worldwide, http://www.unicri.it/special_topics/cyber_threats/cyber_crime,
13/01/2014.
39
Summit in Information Society, Heads of states and World leaders entrusted ITU to
take the lead in coordinating international efforts in the field of cyber security.62
As a result of the summit, the Global Cyber security Agenda (GCA), a framework
for international cooperation, was launched for the sake of enhancing confidence and
security in the information society. Hence the role of ITU is to seek consensus on a
framework for international cooperation in cyber security, in order to reach for a
common understanding of cyber security threats among countries at all stages of
economic development, that includes developing and putting into action solutions
aimed at addressing the global challenges to cyber security and cybercrimes.
3.8.4 The Commonwealth of Nations
In 2002, the Commonwealth of Nations presented a model law on cybercrime that
provides a legal framework to harmonise legislation within the Commonwealth and
enable international cooperation. The model law was intentionally drafted in
accordance with the Convention on Cybercrime.
The Commonwealth of Nations took a direct and timely action in the harmonizing
laws of its member states. In October 2002, the commonwealth secretariat prepared
the “model law on computer and computer related crime”. Within the
commonwealth‟s 53 member countries, the “model law” has had a wide influence on
domestic legislation. Through this model law, the convention on cybercrime has
become one of the legislative choices in substantive criminal law, covering the
offences of illegal access, interfering with data, interfering with computer systems,
and illegal interception of data, illegal data, and child pornography. Compared with
the convention on cybercrime, the model law expanded criminal liability to include
reckless liability- for the offences of interfering with data, interfering with computer
systems, and using illegal devices. The model law also covered the problem of dual
criminality by stating that the act applied to an act done or an omission made by a
national of a state outside its territory, if the person‟s conduct would also constitute
62
Platt,V (2011) Still the fire-proof house? An analysis of Canada‟s cyber security strategy,
International Journal, University of Toronto.
40
an offence under a law of the country where the offence was committed. This may
lead to prosecution or extradition based on dual criminality, but not extradition as it
is provided in the convention on cybercrime.
Some of the member countries of the Commonwealth have made efforts to draft
domestic law according to the model law, such as Bahamas and St. Lucia. In
Barbados, Belize, and Guyana, the model law is considered as a guide to the
enactment of similar legislation. However, in many other countries of the
Commonwealth, there is still no special legislation for cybercrime. Besides impelling
legislation within the forum, another focus of the Commonwealth is on mutual
assistance in law enforcement between Commonwealth member states and between
Commonwealth member states and non-commonwealth States. In the 2005 meeting
of Commonwealth law ministers and senior officials, the expert working group
proposed 10 recommendations for member states to adopt suitable measures for
improving domestic law enforcement and trans-national assistance. In addition, they
encouraged member states to sign, ratify, accede to and implement the convention on
cybercrime as a basis for mutual legal assistance between Commonwealth member
states and non-commonwealth states.
3.8.5 Organisation for Economic Co-operation and Development (OECD)
The Organisation for Economic Co-operation and Development is an international
economic organisation of 34 countries founded in 1961 to stimulate economic
progress and world trade.
In 1990, the Information, Computer and Communications Policy (ICCP) Committee
created an Expert Group to develop a set of guidelines for information security that
was drafted until 1992 and then adopted by the OECD Council. In 2002, OECD
announced the completion of "Guidelines for the Security of Information Systems
and Networks: Towards a Culture of Security".
41
3.8.6 International Criminal Police Organization (Interpol)
Founded in 1923 and located in Lyon, France since 1989, Interpol is an important
link among law enforcement organizations globally. Interpol has 178 member
countries and maintains close working relationships. Interpol is committed to
becoming a global coordination body on the detection and prevention of digital
crimes through its Interpol Global Complex for Innovation (IGCI), currently being
constructed in Singapore.
A key component of this new cutting-edge research and development facility is the
Interpol Digital Crime Centre. This new centre provides proactive research into new
areas and latest training techniques, and coordinates operations in the field. It has
succeeded in the initiatives concerning cybercrime by putting focus on
Harmonization, Capacity building, Operational and forensic support.63
63
International Criminal Police Organization http://www.interpol.int/Crime-
areas/Cybercrime/Cybercrime 21/1/2014.
42
CHAPTER FOUR
RESEARCH FINDINGS AND DATA ANALYSIS
4.1 Introduction
The term “effectiveness” is defined as the degree to which objectives achieved or the
extent to which targeted problems are solved64
. In this chapter, all factors currently
preventing effective legal and institutional frameworks to combat cybercrimes are
substantiated. Therefore, findings of this research mostly focus on all factors
currently hampering effective legal and institutional frameworks to combat
cybercrimes in Tanzania.
4.2 Discussion of findings
4.2.1 Analysis of data collected from magistrates
In this aspect, 2 magistrates were interviewed, the first question imposed to them was
what that how computer related cases brought before the court are solved? On that
aspect question directed to them. The first resident magistrate who is equal to 50%
told the research that computer related cases (cybercrimes) are quite hard to be
entertained by the court of law because of the nature of offences themselves. He
continued to say that, one of the biggest problem is to ascertained the jurisdiction of
that governs cybercrime, and the particular law which govern such type of offences
as the status are clear on that aspect.
Another resident magistrates Magistrate represents 50% of the respondent when
answering that question, he said that the laws in existence currently are not adequate
to apply in the matter concerning cybercrimes. He pointed out statutes like penal
code and the evidence Act, to be more traditional to deal with offences hence they
are not in conformity with crimes committed using new technology.
The second question was on which statutes should be amended or enacted in order to
combat cybercrime?
64
Oxford Advanced Learners Dictionary of Current English, (2010), 7th Edition, Oxford University
Press.
43
When responding to this question, the first respondent magistrates said as follow and
I quote
“Sheria muhimu za kubadilishwa ni ile ya makosa ya jinai pamoja na
sheria ya ushahidi”
From the above extract, the respondent was of the view that Penal Code and
Evidence Act should be amended so as to incorporate current changes in technology
which will allow the prosecution of cybercrime.
The second respondent when answering this question said that not only the
amendment of Penal Code and The Evidence Act is needed. There is a huge ask for
the government to enact a special legislation with main purpose to combat
cybercrime only, for example Cybercrime Act of United Kingdom .From the above
data analysis it is sufficient to say that legal framework is one of hindrances in the
fight against cybercrime in Tanzania.
4.2.2 Analysis of Data collected from Public Prosecutors and Police Officer
In this category, 2 State Attorneys (Public Prosecutors) from the office of Director of
Public Prosecution (D.P.P) and 1 police officer were interviewed
The first question imposed to this category of respondents was, what been the efforts
taken by the Director of Public prosecution (D.P.P) office and Tanzania police force,
toward the threats received from cybercrime The two state attorneys who represents
66.6% of the respondent said that, the office of DPP has cybercrime section which in
one way or another provide guidance to all law enforcement agencies is cybercrimes
and conducting prosecution and investigation on matter cybercrime. However they
said that there is hardship in preparing charge sheets on those particular offences,
since the law is silent on them.
The police officer who is equal to 33.3% of the respondent respond to the above
question by saying that the police force cybercrimes unity is there to deal with the
44
investigation of cybercrimes tend to be like cloak, hence identify of a criminal is not
exposed. I quote his words in extracts below
“Tatizo kubwa la haya makosa ni shida kupata muhusika mkuu.Polisi
tunapata shida katika hilo”65
The extract above clearly shows, how difficult the Police Force Cybercrimes Unit
gets when dealing with investigation of cybercrimes.
4.2.3 An analysis of data collected from Public citizens and University students
In this aspect 2 public citizens and 2 University students were interviewed and
responded on questionnaire prepared by the researched. The first question imposed to
them was if they have any knowledge concerning computer related offences?
Responding to that question, the first interviewee, a citizen residing at Kimara in Dar
es Salaam, said that citizen residing at Kimara in Dar es Salaam said that she is not
fully aware of what cybercrime offices really are. To her she does not get the full
concept of cybercrime. The second interviewee works a works at Selcom Company
limited, was of the view that it is an ordinary thing to come across individual who do
not have any ideas of what cybercrime is. Party of the respondent testimony is herein
below, reproduced in his own word as much as possible.
“Watanzania wengi hawana elimu ya kutosha juu ya kielektroniki‟‟66
He tried to show at what extent Tanzanians do not have enough knowledge
concerning offences. Also questionnaires were supplied to 2 University student and
they were posed with the same question. They responded by saying that they know
something about cybercrime from knowledge on that particular aspect.
The second questionnaire imposed to the 4 respondent was what needs to be done in
order to combat cybercrime in Tanzania? Responding to the 4 respondents was what
needs to be done in order to combat cybercrimes in Tanzania? Responding to the
above question, respondent unanimously answered by suggesting the amendment of
current legislation governing criminal offences furthermore they suggested on
65
Interview took place on 13th
December, 2013 at Oysterbay Police Office in Dar es salaam 66
The discussion (anonymous) was held on 10th October 2013 at Tegeta Masaiti, Dar es salaam.
45
fighting against computer offenses .And lastly they proposed on educating members
of the public large on concept concerning cybercrime.
4.2.4 An analysis of Data collected from Advocates of the high court of Tanzania
and Lawyers
In this category, 3 advocates of the High Court of Tanzania, 1 Legal Officer from
TCRA, 1 Legal Officer from Law Reform Commission of Tanzania (LRCT).
The first question asked to the respondent was, which status makes guidelines and
prescribed cyber offences? The respondent respond by saying that there is no clear
legislation which is in place to ensure criminalization, investigation and prosecution
of cybercrimes. They only cited Part VI of Electronic and Postal Communication
Act, under which it‟s provide penalties for offences relating to electronic
communications. Under section 151 to 160 of the Act it is observed how the
legislation criminalize some commonly known cybercrime, example fraudulent use
of electronic services and unauthorized access or use of computer system.
However then said that, though Electronic and Postal Communication Act prescribed
for some cyber offences, still it did not provide for a clear framework of how such
crimes should be combated in sense of investigation and prosecution which still
makes it harder to fight against cybercrime.
4.2.5 An analysis of Data collected from IT experts
In this particular category, 2 IT experts were consulted to bring their contributions in
this study. The question imposed to them was what should be the measures in
combating cybercrimes in Tanzania?
On responding to such question the respondents said that cyber criminals should be
punished with long terms behind the doors so as everyone can take a lesson from
them hence the wave of increasing of cybercrime can somehow decreased in a
certain amount.
46
CHAPTER FIVE
CONCLUSION AND RECOMMENDATIONS
5.1 Conclusion
Cybercrimes encompass a broad range of acts or conducts and can result in
significant adverse effects. Consequently, the prevention and combating of
cybercrimes must be paramount to stakeholders. Adequate legislation is fundamental
in the overall effort to answering the cybercrime challenge.
This work analyzed challenges that Tanzania currently faces in the course of
combating cybercrimes. The aim of this work was to substantiate what challenges or
difficulties are making combating of cybercrimes in Tanzania that much difficulty.
This work largely succeeded in identifying key challenges that are hampering
effective combating of cybercrimes in Tanzania and consequently, recommendations
for measures to be taken in order to address the challenges have been provided.
The growing danger from cybercrimes is beginning to claim attention in our country.
In Tanzania, however, existing laws are likely to be unenforceable against such
crimes. This lack of legal protection means that business firms and government must
rely solely on technical measures to protect themselves from those who would steal,
deny access to, or destroy valuable information.
Self protection, though is essential, but is not sufficient to make cyberspace a safe
place to conduct business. The rule of law must also be enforced. If legal protection
is inadequate it will become increasingly less able to compete in the new economy.
Tanzania should examine its current statutes to determine whether they are sufficient
to combat cybercrimes. Where gaps exist, government should draw on best practices
from other countries and work closely with industry to enact enforceable legal
protections against these new crimes.
47
5.2 Testing Hypothesis
i) That the current legal framework in Tanzania is not effective regarding the
issue of cybercrimes; According to the research it has been affirmatively
proved that the laws in Tanzania are not effective regarding cybercrimes
criminalization.
ii) That the current legal framework in Tanzania has not sufficiently
incorporated cybercrimes. According to the research, it has been proved that
the current legal framework has not incorporated the offences of cybercrimes.
iii) That poor institutional framework in Tanzania also attributes to the existence
of cybercrimes. From the research it has been proved that poor institutional
framework has been a catalyst in increasing of cybercrimes.
iv) That there is lack of knowledge among the public concerning the issue of
cybercrimes. Also the study has proved that there is lack of general
knowledge among the public concerning cybercrimes.
5.3 Testing Objective
This research has succeeded in exploring different legislations and institutions in
matters governing cybercrimes issues since it has been shown that the legal and
institutional frameworks of Tanzania are ineffective in matters related to
cybercrimes. Also, the research has succeeded in creating public awareness and
influence law reforms to combat cybercrimes. Therefore, it can be concluded that
the research has succeeded in meeting the objectives of the study.
5.4 Recommendations
Working with computers, making use of mobile devices to connect to the internet
and exchange data, is now daily occurrences. Such usage of cyberspace has made it
vulnerable. In light of the above findings, the researcher makes the following
recommendations:-
48
5.4.1 Need to enact robust cyber legislation
It is a general that national governments remain the dominant authority for regulating
criminal behaviour in most places in the world. Many nations, for example United
Kingdom, had struggled from, and ultimately improved, its legal authority after a
confrontation with the unique challenges presented by cybercrime. It is crucial that,
Tanzanian government profit from this lesson, and examine their current laws to
discern whether they are in conformity with technological advancements which will
criminalize cybercrimes.
5.4.2 Providing training to the judicial officers and law enforcers on cybercrime
There is no doubt that, most of the lawyers, magistrates, judges and law enforcers
got their education and training while cybercrime was not an issue. To ensure that
justice is not only done but seen to be done, training of these people is very
important to equip them with basic knowledge of cyber law.
5.4.3 Providing education on cybercrime issues to the members of the public
There is a need of educating the whole community on the harms of cybercrimes and
the techniques applied by the cybercriminals. For example, as most of the
organisations and financial institutions are operating with the assistance of
computer, people should be educated on how they can handle their computers and
passwords for the sake of securing their information.
Tanzanians are characterized by generosity that affects not only material exchange,
but also information exchange. Because of this generosity, one may ask to know
about one thing and end up with a lot of more information being provided. One with
malicious may be tempted to misuse the information. Furthermore, in connection
with culture, there was observed lack of discipline concerning password that appears
to be a very significant problem .It is very common to have passwords shared among
employees.
49
5.4.4 Establishment of specific institutions to combat cybercrimes
Changes in computer technology and the ways criminals use computers to commit
crimes occur almost daily. Therefore government must now look forward on
establishing specific institutions for the purpose of combating cybercrimes, and
having personnel investigating and prosecuting cybercrimes with expertise training
in such task.
5.4.5 Institutions should work together and coordinate their activities
Institutions charged with oversight of cyber laws and regulations should discharge
their functions in coordinated manner. The Judiciary, Police Force, and other
institutions should join their strengths so as to provide for a greater platform in the
war against cybercriminals, who from day to day their skills are updated.
5.4.6 More stern measures should be taken against cyber criminals
The weak penalties in most updated criminal statutes provide limited deterrence for
crimes that can have large-scale economic and social effects. For this reason it
proves how cyber criminals use such loopholes in laws in providing minimal or no
punishment at all in combating cybercrimes. Therefore, more stern measures should
be taken against cybercriminals to ensure message is sent to all who participate in
such acts. Harsher laws are required at this alarming situation to deal with criminals
posing threat to security of funds, information, and destruction of computer systems.
5.4.7 Increase of cyber security practices in both public and private sector
organizations
Laws to enforce property rights work only when property owners take reasonable
steps to protect their property in the first place. As one observer has noted, if
homeowners failed to buy locks for their front doors, should towns solve the problem
by passing more laws or hiring more police? Even where laws are adequate, firms
dependent on the network must make their own information and systems secure.
Both public and private sector organizations should ensure safer cyber security
50
practices. And where enforceable laws are months or years away, as in most
countries, this responsibility is even more significant.
5.4.8 Cybercrime prevention by Internet service and hosting providers
It has been seen that most cyber criminals have a loose network wherein they
collaborate and cooperate with one another. Unlike the real world, these criminals do
not fight one another for supremacy or control. Instead they work together to
improve their skills and even help out each other with new opportunities. Hence, the
usual methods of fighting crime cannot be used against cyber criminals. While law
enforcement agencies are trying to keep pace with cyber criminals, it is proving to be
a Herculean task. This is primarily because the methods used by cyber criminals and
technology keeps changing too quickly for law enforcement agencies to be effective.
Therefore, it will be vital for both internet service and hosting providers to join their
efforts in the fight against cybercrimes.
5.4.9 International coordination and cooperation
Cyber studies, cyber specialty and cyber legal system capabilities are very weak in
Tanzania, therefore legislations and experiences of other nations for investigating
and prosecuting cyber crimes have to be consulted for the purpose of enactment of
sufficient and effective legal framework.
51
BIBLIOGRAPHY
BOOKS
Bainbridge D., (2008) Introduction to Computer Law, Longman 5th
Edition, United
Kingdom
Gringras, C, (2003) The LawsoftheInternet,2nd
edition,Butterworth‟s,Lexis, United
Kingdom
Kothari, C.R (2004), Research Methodology: Methods and Techniques, 2nd
Revised
Edition, New Age International Publishers, New Delhi
Lloyd J.I, (2000) Information Technology Law, 3rd
Edition, LexisNexis Butterworth
UK.
Mambi,A.J,(2010) ICT Law Book, A Sourcebook for Information and
Communication Technologies and Cyber Law, Mkuki naNyota
Publishers ,Dar-es-salaam, Tanzania
Yael Onn., (2005) “Privacy in the Digital Environment”, Haifa Center of Law &
Technology.
ARTICLES
Sachdeva, Amit M (2007) International jurisdiction in cyberspace: a comparative
perspective, CTLR 13(8), 245-258.
Chaikin, David. (2006). Network investigations of cyber attacks: The limits of digital
evidence. Crime, Law and Social Change, 46, no. 4-5: 239-56.
Evans, O. (2008). ICT and Nigerian Banks Reforms: Analysis of Anticipated Impacts
in Selected Banks. Global Journal of Business Research, Vol. 2(2):
67-76.
52
John Ubena on Why Tanzania Needs Electronic Communications Legislation?, Law
Keeping up with Technology found at http://www.Irct.go.tz/documents
/journal.pdf
Ndamagi, C. "National Informatics Policies in Tanzania: A Practitioner's Point of
View”, Regional Seminar on National Information and Informatics
Policies in Africa, UN Economic Commission, 28 November-
December 1988.
Platt,V (2011) Still the fire-proof house? An analysis of Canada‟s cyber security
strategy, International Journal, University of Toronto,
Sinare E H, (2007) Electronic Evidence and its Admissibility in Tanzania Courts,
World Series Group Publications:
REPORTS
McConnell International,(2000), Cyber Crime and Punishment? Archaic Laws
Threaten Global Information, report by McConnell
Delloite, Cybercrime: A clear and present danger, combating the fastest growing
cyber security threat
Tanzania Police Force, Cyber Security in Tanzania-Country Report, 2012.
UNODC (2013) Comprehensive Study on Cybercrimes, New York
DISSERTATIONS
Abdallah, A, (2011), The Impact of ICT Revolution in Tanzania‟s Legal system: A
critical analysis of cybercrimes and Computer forensic evidence: A
compulsory Research paper submitted in partial fulfillment for the
53
requirement of the award of Masters of Law (LL.M) of Open
University of Tanzania.
Rajabu, S. (2013), Legal Framework For Combating cybercrimes in Tanzania: A
compulsory Research report submitted in partial fulfillment of
requirements of the award of Bachelor of Laws Degree (LL.B) of
Mzumbe University.
WEBSITES
John Ubena on Why Tanzania Needs Electronic Communications Legislation? Law
Keeping up with Technology available at http://www.Irct.go.tz/documents/journal.pdf
Cybercrime in Tanzania http://www.ippmedia.com/frontend/?l=65994 ,24/12/2013
Cybercrime in Africa http://pages.au.int/infosoc/pages/cyber-security 2 January 2014
http://www.zdnet.com/g8-nations-team-up-to-fight-cyber-crime-3002079018, 05/03/2014
54
APPENDIX
QUESTIONNAIRE ONCYBERCRIMES IN TANZANIA; LEGAL AND
INSTITUTIONAL CHALLENGES
QUESTIONNAIRE FOR JUDICIAL OFFICERS (MAGISTRATES)
Introduction
My name is Iddi Yassin; I am a third year law student at Mzumbe University. In a
third study at Mzumbe University, I required to conduct a research.
The purpose of this questionnaire is to collect data on a research titled
“Cybercrimes in Tanzania; Legal and Institutional challenges”. This questionnaire is
purely for academic purpose, but it will provide a corpus of knowledge, which will
contribute toward solving the long recognized problem; poor effectiveness of legal
and institutional framework against cybercrimes in Tanzania. This questionnaire is
aimed at judicial officers.
Please kindly fill in the questionnaire. Feel free to omit any question that you may
feel unwanted or obscene. Please feel free also to make additional comments that
may assist me in my research.
Let me take this opportunity to thank you in advance for your cooperation, God bless
you.
---------------------------------------------------
1. What is the name of your organization?
----------------------------------------------------------------------------------------
2. What is your title in this office?
-----------------------------------------------------------------------------------------
3. Recent changes in technological advancements had a significant impact on
various aspects of
life, there are advents of new types of crimes committed via advancing technological
means.
With all these, yet there are no much legal efforts made on combating such
threats.
55
What is the opinion of courts towards these challenges? And how computer
related cases
brought before the courts are solved?
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
4. What are the suggestions and recommendations of the courts/lawyers towards the
adoption of
cyber laws ? We need to amend or to enact new laws?
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
5. Which statutes should be amended or enacted? Why? Give your suggestion.
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
56
QUESTIONNAIRE ONCYBERCRIMES IN TANZANIA; LEGAL AND
INSTITUTIONAL CHALLENGES
QUESTIONNAIRE FOR POLICE OFFICERS AND DIRECTOR OF PUBLIC
PROSECUTIONS (DPP) DEPARTMENT
Introduction
My name is Iddi Yassin; I am a third year law student at Mzumbe University. In a
third study at Mzumbe University, I required to conduct a research.
The purpose of this questionnaire is to collect data on a research titled
“Cybercrimes in Tanzania; Legal and Institutional challenges”. This questionnaire is
purely for academic purpose, but it will provide a corpus of knowledge, which will
contribute toward solving the long recognized problem; poor effectiveness of legal
and institutional framework against cybercrimes in Tanzania. This questionnaire is
aimed at Police officers and Director of Public Prosecutions (DPP) Department.
Please kindly fill in the questionnaire. Feel free to omit any question that you may
feel unwanted or obscene. Please feel free also to make additional comments that
may assist me in my research.
Let me take this opportunity to thank you in advance for your cooperation, God bless
you.
---------------------------------------------------
1. What is the name of your organization?
----------------------------------------------------------------------------------------
2. What is your title in this office?
-----------------------------------------------------------------------------------------
3. Recent changes in technological advancements had a significant impact on
various aspects of life, there are advents of new types of crimes committed via
advancing technological means.
57
With all these, yet there are no much legal efforts made on combating such threats.
With this situation, what have been the efforts of police force/DPP office towards
those threats?
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
4. Has the police force been able to apprehend cyber criminals? Which methods do
they employ?
……………………………………………………………………………………
…………...………………………………………………………………………
……………………………………………………………………………………
……………………………………….…………………………………………
5. Which institutions have been reported to be attacked by computer criminals?
……………………………………………………………………………………
……………..……………………………………………………………………
………………………………………………………………………………….
6. For a behavior to be prescribed as a crime, it must be defined so in a statute.
Similarly the prosecutor must analyze the alleged crime against an appropriate
statute. No matter how reprehensible, behavior that is not defined as a crime
may not be subject of a criminal prosecution.
As far as cybercrimes are concerned in Tanzania
i. Does the police force/DPP office recognize these crimes?
…………………………………………………………………………………
…………………………………………………………………………………
………………………………………………………………………………….
ii Which statutes guide the police force/prosecutors in defining and investigating
these crimes?
…………………………………………………………………………………
……….…………………………………………………………………………
………………………………………………………………………………….
58
iii If these offences are brought before the police, is it easy to prepare the charge?
…………………………………………………………………………………
…………………………………………………………………………………
…………………….……………………………………………………………
…………………………………………………………………..……………..
7. What need to be done in order to combat cybercrimes in Tanzania?
………………………………………………………………………………
………………………………………………………………………………
……………………………...…………………………………………………
………………………………………………………………………………
………………………………………………………………………………
59
QUESTIONNAIRE ON CYBERCRIMES IN TANZANIA; LEGAL AND
INSTITUTIONAL CHALLENGES
QUESTIONNAIRE FOR ADVOCATES OF THE HIGH COURT OF
TANZANIA AND LAWYERS
Introduction
My name is Iddi Yassin; I am a third year law student at Mzumbe
University. In a third study at Mzumbe University, I required to conduct a research.
The purpose of this questionnaire is to collect data on a research titled
“Cybercrimes in Tanzania; Legal and Institutional challenges”. This questionnaire is
purely for academic purpose, but it will provide a corpus of knowledge, which will
contribute toward solving the long recognized problem; poor effectiveness of legal
and institutional framework against cybercrimes in Tanzania. This questionnaire is
aimed at Advocates of The High Court of Tanzania and lawyers.
Please kindly fill in the questionnaire. Feel free to omit any question that you may
feel unwanted or obscene. Please feel free also to make additional comments that
may assist me in my research.
Let me take this opportunity to thank you in advance for your cooperation, God bless
you.
---------------------------------------------------
1. What is the name of your organization?
----------------------------------------------------------------------------------------
2. What is your title in this office?
-----------------------------------------------------------------------------------------
3. Recent changes in technological advancements had a significant impact on various
aspects of life, there are advents of new types of crimes committed via advancing
technological means.
With all these, yet there are no much legal efforts made on combating such
threats.
60
What is the opinion of courts towards these challenges? And how computer
related case brought before the courts are solved?
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
4. What are the suggestions and recommendations of advocates towards the adoption
of cyber laws ? We need to amend or to enact new laws?
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------
5. Which statutes should be amended or enacted? Why? Give your suggestion.
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
--------------