1

Cyber Laws: Uganda

UGANDA’S CYBER LAWSUGANDA’S CYBER LAWS

PresentationPresentation byby

Ambrose Ruyooka, PMP® Ambrose Ruyooka, PMP®

Ag Commissioner Information TechnologyAg Commissioner Information TechnologyMinistry of ICT Ministry of ICT

ISACA KAMPALA CHAPTER ANNUAL INFORMATION SECURITY WORKSHOP

info@ict.go.ug

11th August 2011

2

BackgroundBackgroundThe “Uganda Cyber Laws” , a stack of three namely:Computer Misuse;Electronic Transactions;Electronic Signatures.

H.E. The President assented to the three laws in February, 2011.Commencement date: 15 April 2011

3

BackgroundBackgroundThe drafting was based on international

benchmarks and best practices, such as;• Draft East African Framework for Cyber Laws (2008),•  Council of Europe Convention of Cyber Crime (2001),•  United Nations Convention on the use of Electronic

Communications in International Contracts (2005),•  UNCITRAL Model law on Electronic Commerce

(1996),•  UNCITRAL Model law on Electronic Signatures (2001)• Council of Europe Convention of Cybercrime (2001),

OBJECTS OF THE OBJECTS OF THE LAWSLAWS

5

COMPUTER MISUSECOMPUTER MISUSE“Computer Misuse” refers to unauthorized access to private computers and network systems, deliberate corruption or destruction of other people’s data, disrupting the network or systems, introduction of viruses or disrupting the work of others; the creation and forwarding of defamatory material, infringement of copyright, as well as the transmission of unsolicited advertising or other material to outside organizations,

6

Computer Misuse Computer Misuse The definition of “Computer Misuse” includes the ‘downloading, displaying, viewing and manipulation of offensive or obscene material’. This would include pornography or scenes of violence. In extreme cases this may include the criminal act of downloading or displaying indecent photographs of children.

7

Computer MisuseComputer MisuseThe Computer Misuse Act:• Provides for the safety and security of

electronic transactions and information systems;• prevents unlawful access, abuse or

misuse of information systems, including computers • provides for securing the conduct of

electronic transactions in a trustworthy electronic environment and;• provides for other related matters.

8

Electronic SignatureElectronic Signature“Electronic Signature” means data in electronic form in, affixed thereto or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and indicate the signatory’s approval of the information contained in the data message.

9

Electronic SignatureElectronic Signature“Digital Signature” means a

transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine:

i. whether the transformation was created using the private key that corresponds to the signer’s public key; and

ii. whether the message has been altered since the transformation was made.

10

Electronic SignatureElectronic SignatureThe Electronic Signatures Act

provides for• use of electronic signatures, and

regulation • criminalization of unauthorized

access and modification of electronic signatures,• determination of minimum

requirements for functional equivalence of electronic signatures,

11

Electronic SignatureElectronic SignatureObject ctd…• modernization and harmonization of

the laws relating to computer generated evidence, and• amendments of the current laws to

provide for admissibility and evidential weight of electronic communications.

12

Electronic TransactionsElectronic Transactions“Electronic Transaction” means a transaction of either commercial or non-commercial nature communicated electronically by means of data messages and includes the provision of information and e-government services.

13

Electronic TransactionsElectronic TransactionsThe Electronic Transactions Act:• makes provision for the use,

security, facilitation and regulation of electronic communications and transactions; to encourage the use of e-Government service, and• to provide for related matters.

14

Electronic TransactionsElectronic TransactionsThe Electronic Transaction Act

addresses the following issues, among others: • Enforceability and form requirements

for electronic contracts.• Regulation of domain names which

are a new form of digital property.• Privacy protection for consumers and

users of electronic media.

15

Electronic TransactionsElectronic Transactions• Establishment of a regulatory frame

work that is complaint with the rapid technological charges.• Determining the levels of

responsibility in tort and contract attached to enhanced abilities of machines.• Classification of trade in information

products especially where the relationship between the producer and ultimate consumer is remote.

IMPLEMENTATIONIMPLEMENTATION

17

CYBER LAWS TTTCYBER LAWS TTTThe Permanent Secretary,

constituted a Think Tank Team for the operationalisation of the three Cyber laws.

The composition of the TTT was drawn from: MoICT, MoJCA, NITA-U, URA, ULRC, UPF & MoIA,MTTC. (BoU and ISACA to be contacted for representation on task team)

18

Cyber Laws Cyber Laws ImplementationImplementationScope of work for TTT:Drafted the Ministerial Gazette for the

commencement of the Cyber Laws; andOverseeing and guiding the process of

developing attendant Regulations for the Electronic Signatures Act and the Electronic Transactions Act;

Process to be completed by end of August 2011*The Computer Misuse Act is ‘self-

prosecuting’ and does not require attendant regulations.

19

Cyber Laws Implementation Cyber Laws Implementation ctd..ctd..

Conducting awareness among all stakeholders and the general public;

Localising international relevant legislation on cyber crime such as the

EU convention on cyber crime. Continued engagement to identify any

upcoming issues and gaps in the Laws.(so far gaps Identified in the areas of Data Privacy, Intellectual Property)

20

Cyber Laws Cyber Laws Implementation ctdImplementation ctd

A draft National information Security Strategy has been developed. This provides among others for:

◦ Establishment of high level Security Advisory Group

◦ Establishment of the Computer Incident response teams (CIRT)

◦ Creation of Directorate of IT security within NITA-U

THANK YOUTHANK YOU

www.ict.go.ugwww.ict.go.ug