Open space for technologists, investors, tech companies and hackers in Nairobi.

Source: AU

iHub Research By Angela Okune / November 4, 2013

New Draft AU Convention on Confidence and Security in Cyberspace that you should review


By: Faith Morara & Nanjira Sambuli (Umati)

A draft convention, dubbed the “African Union Convention on Confidence and Security in Cyberspace,” has been put forth by the AU. If ratified, the convention will affect a large part of the ICT sector across the continent. The growing developer communities, including those at the iHub and other ICT Hubs will be impacted. The convention was drafted by the African Union Commission (AUC) with little (if any) consultation from major stakeholders in Africa Union Member states, and is scheduled for passage at an AU meeting in January 2014, if none of its members oppose it. A majority of the public remains unaware of the existence of this draft.

Discussions with various stakeholders from industry, academia, and NGOs have highlighted numerous shortcomings. Should the draft be ratified in its current state, certain provisions will have substantial negative impact across the continent. Some of the contentious clauses and issues include:

  1. The AUCC draft attempts to address the ongoing issue of online hate speech but is flawed in that it fails to define the speech it is attempting to curtain and therefore leaves room for subjective interpretation. Specifically, Article III (34-37) is problematic in that it does not define the racist or xenophobic content it is attempting to curb. Furthermore, the clause makes the same mistake found in the NCIC 2008 Act, which fails to include hate speech against gender and sexual orientation, two additional groups that the Umati project has found to be targets of online hate speech. [See Article III (34-37)].

  2. Article  II (20) of the AUCC gives full authority to members of a data protection authority who are not held accountable to anyone else and can operate with free rein (“Members of the protection authority shall not receive instructions from any authority in the exercise of their functions”). The lack of checks to this power are problematic.

  3. Regarding mobile money and mobile banking transactions, Article I (4) compels that a person or corporation engaging in electronic financial transactions (e.g M-PESA) must provide full identity information as prescribed in the clause. Such a requirement is risky as it remains unclear how such data will be protected and how confidentiality will be maintained.

It is without a doubt, that Africa is faced with a security gap in a world characterized by the globalization of risks, crimes and threats to cyber security, and that African states are in need of innovative criminal policy strategies, as stated in the draft convention’s conceptual framework. Laudable articles in the convention include the prohibition of direct marketing through any form of indirect communication including messages forwarded with automatic message senders, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent [See Article I (9)]. (We all know how irking those ‘spam’ messages can be!)

Different stakeholders have come together to lobby against the ratification of the AUCC, in its current form. The public should also understand that once it is ratified, all countries within the AU (including Kenya) would be required to adopt it, contentious clauses and all.

Google, iHub, iLab Africa and Strathmore University’s Centre for Internet Protocol and IT Law (CIPIT) are among the stakeholders who have signed the petition pressing the AU to review the document before it is ratified. Given the anomalies provided, which will likely have adverse effects on businesses, individual rights, and freedoms, it is crucial to incorporate greater public participation in revising this legislation. The industry has already recently suffered legal setbacks with the passing of the Kenya 2013 VAT bill, which already has and will continue to dampen growth of the national ICT sector (for more information, see an earlier iHub blog post).

Other disconcerting trends include the recent passing of the Kenya Information and Communications (Amendment) Bill, that has worrying clauses that give the government immense control over the Communications and Multimedia sector. These clauses pull back the gains the country has made in ensuring Freedom of the Press, crucial for democracy, transparency and accountability. There are quite a number of challenges to beset the media industry if such a bill is passed and it also takes away society’s right to information and hits at the guarantee to freedom of speech that is enshrined in the Constitution. The Miscellaneous Amendment Act 2013 also purports to put a cap on foreign funding for Public Benefit Organizations in the country. These moves can be interpreted as dissent on freedoms that have been fought for and are currently enjoyed by Kenyans, as well as enshrined in our Constitution.

What can you do?

  1. Sign the public petition to the AU here.

  1. Write to your legislator. If you don’t know who your legislator is, Mzalendo is a great tool to help you find out! Then, pull out your pen and paper (or keyboard and printer)! Write a letter to your relevant legislator and attach a copy of the AUCC draft pointing out the contentious clauses in the draft.

  1. Share widely!

Time is of the essence as it is only two months before the AU meets to discuss on final passage of the AUCC. We will continue to share more information on next steps that we’ll be taking to ensure that the African Union lawmakers take heed to our worries and concerns with the proposed convention.

The Draft AUCC Bill is accessible here.

Other analyses into the draft convention can be found here, here and here.


Tags , ,

Author : Angela Okune

Angela is Research Lead at iHub. She is keen on growing knowledge on the uptake and utility of ICTs in East Africa. She is also co-lead of Waza Experience, an iHub community initiative aimed at prompting under-privileged children to explore innovation and entrepreneurship concepts grounded in real-world experience.

  • Adolphus lwova at 12:27:32PM Tuesday, November 5, 2013

    Do you have any details on how many sittings or how long it took to have this draft , participants and their backgrounds ? This draft should be reviewed , it is very broad .Sign the public petition to the AU +1

  • Mwas Gichuru at 12:35:53PM Tuesday, November 5, 2013

    Wonderful piece.I agree with you.We need to upgrade and enhance cybersecurity in our continent.
    Keep up.


  • Elisha Kamau at 12:47:34PM Tuesday, November 5, 2013

    Quite informative….

  • Nanjira Sambuli at 23:47:48PM Tuesday, November 5, 2013

    Hi Adolphus,

    As yet, we haven’t yet been able to access such information. Should we acquire it, we’ll be sure to follow up with an update.

    For now, do spread the word. Thanks.

  • Review of the African Union draft Cybersecurity Convention by iHub & Way Forwards | Draft African Union Convention on the Confidence and Security in Cyberspace at 17:59:37PM Thursday, December 19, 2013

    […] iHub Umati Project penned down this review of the AU draft cyber-security convention. In there, they have laid down what one can do, […]

  • iHub Research’s 2014 Tech Outlook: Predictions, Convictions…and Questions at 11:47:21AM Saturday, February 15, 2014

    […] laws are necessary, the proposed convention has some problematic clauses that have been highlighted at length, such as the lack of consultation with stakeholders in its drafting. While voting on the convention […]

  • Tirelo Ramasedi at 07:28:26AM Friday, July 4, 2014

    Great piece and more important insightful view!


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

{{ theme:js file="jquery.fittext.js" }}