LESOTHO is edging closer towards enacting a draconian cybercrimes law that prescribes hefty fines and lengthy jail terms for various cyber and computer crimes.
People could be fined as much as R15 million and jailed for up to 25 years for vaguely defined “offences against critical information infrastructure or protected computer systems”.
This follows last week’s approval of the Computer Crimes and Cyber Security Bill, 2022, by the National Assembly.
What is now left is for the Bill to be sent to the Senate for further deliberations and if approved, it would then be taken to His Majesty King Letsie III for royal assent before it is gazetted into law.
But the broadly worded law has drawn the ire of analysts who see it as an attempt to smuggle back Criminal Defamation laws which were outlawed by the Constitutional Court after a challenge by Lesotho Times publisher and CEO, Basildon Peta, in 2018.
The Bill seeks to stifle vigorous social media debate by jailing people accused of posting “falsehoods”, among other things. It also includes military officials in regulatory bodies to be established to oversee its implementation.
Communications, Science and Technology Minister, Samuel Rapapa, has been pushing for the adoption of the Bill which was first tabled in parliament by his predecessor, Keketso Sello, last year.
Addressing a cybersecurity workshop last week in Maseru, Mr Rapapa said Lesotho was lagging behind in cyber security issues due to the lack of policies and strategies, thereby exposing it to all sorts of cybercrimes.
This is a view shared by the World Bank which said in a 2020 report that, “Lesotho’s cyber security preparedness is relatively low”.
“There is a lack of strategies, institutions, and legal instruments to regulate and positively improve cybersecurity in Lesotho, and the private sector is concerned about the level of the country’s risk exposure.
“The Government of Lesotho has drafted the initial version of the Cybersecurity and Cybercrime Bill but efforts to finalise it have not yet led to new legislation being passed. Lesotho has benefitted from international expertise in the drafting process, improving the quality of the draft bill. For example, the draft bill was reviewed by the Council of Europe in 2019,” states the World Bank’s February 2020 report titled “Lesotho Digital Economy Diagnostic”.
If passed into law, the cyber act is expected to plug the gaps identified by the World Bank and reiterated by Minister Rapapa.
It will give the state powers to monitor cyberspace, define cybercrimes and prescribe penalties that include fines and lengthy prison sentences.
While there is a broad consensus about the need to regulate cyberspace, legal experts are however, critical of the Bill.
The analysts say that in its haste to regulate cyberspace and combat cybercrimes, Lesotho risks enacting a law that has not been well-thought out.
In its current state, the proposed act potentially has a chilling effect for rights to free speech, expression, privacy and other freedoms, the analysts warn.
Among other things, the Bill provides for the creation of the National Cybersecurity Advisory Council and the National Cyber Security Incident Response Team.
The National Cybersecurity Advisory Council shall be responsible for advising the government on cybersecurity policy development and national cybersecurity strategies.
On the other hand, the National Cyber Security Incident Response Team will be tasked with providing cybersecurity incident response capabilities to the country. It shall provide technical assistance to law enforcement agencies when so requested.
“It shall provide Lesotho with cybersecurity intelligence, alerts, warnings technical assistance, eradication of threats and recovery from cyber-attacks. It shall build awareness among the general population on how to be safe on cyber space and build capacity for the sustained ability of the country to manage cybersecurity risks.
“In this way, the Bill provides a live and functional body to protect its cyber space,” section 12 of the Bill states.
The proposed Advisory Council will include a director-general, a director, representatives of the Lesotho Communications Authority (LCA), Central Bank of Lesotho (CBL), the private sector and institutions of higher learning.
The proposed Council will also include representatives of the security agencies, namely, the Lesotho Mounted Police Service (LMPS), Lesotho Defence Force (LDF), National Security Service (NSS) and Lesotho Correctional Service (LCS).
Mokitimi Tšosane, a legal and human rights officer with the Transformation Resource Centre (TRC), is apprehensive of the Bill in general and in particular the role of members of the security agencies in monitoring cyberspace.
“The inclusion of members of the security agencies in the proposed council amounts to a militarisation of digital surveillance,” Adv Tšosane said in an interview this week.
He said the security agencies had over the years been accused of partisanship and doing the bidding of politicians. They had committed grave human rights violations in the process, hence why the security agencies had to be reformed in line with the recommendations of SADC.
“It was bad enough to have military people regulating civilian behaviour but to have an unreformed security sector performing this task as envisaged by the Bill is worse and spells doom for the observance of human rights and freedoms,” Adv Tšosane said.
In its adverse critique of the Bill which Adv Tšosane helped craft, the TRC notes that, “the Bill suffers from lack of consultations in its drafting hence the inelegance”.
“The Bill suffers from conceptual and definitional deficits. The Bill is constitutionally flawed as it does not consider the basic constitutional rights and freedoms to privacy, fair trial, and expression.
“While the country needs progressive cyber legislations, the current legislation is an oppressive tool by a government bent on excluding the general public from the greater information society in this information era. Therefore, it is vital that the Bill be revised and reworked with regard to all comments received from all stakeholders including the public and private sector, as well as the legal profession and information security practitioners.
“The most prominent characteristic of the Bill is that it does not strike a balance between civil liberties and the government’s interest in ‘national security’ and law enforcement. For example, the Bill brings into the picture digital forensics which in practice deals with identification, collection, preservation, examination, and analysis of information stored or transmitted in binary form in a manner acceptable for application in legal matters. However, closely linked to digital evidence seizure is the right to privacy. While the Bill introduces the use of forensic tools, it leaves behind procedures that comply with the constitution and international human rights instruments to protect the right to privacy,” the TRC argues.
The renowned human rights body also raises the alarm over the manner in which government through the communications minister, Advisory Council and Response Team, “assumes extreme and extensive powers in policing cyberspace”.
“The government powers in terms of the Bill are arbitrary and limitations on the rights and freedoms not demonstrably justifiable. Essentially, the Bill disregards right to privacy, right to fair trial, freedom of expression and freedom from arbitrary seizure of property. The Bill comes as a trap targeting cyber users especially dissidents and will shrink the media, civic and political space. In its current form, substantial provisions of the Bill will surely not pass the constitutional muster/constitutional scrutiny if it is enacted into law,” the TRC says in its report on the Bill.
Elaborating on this, Adv Tšosane said some of the provisions criminalising the publication of falsehoods were subjective and were likely to be abused by politicians and pliant police officers to victimise the media and others considered dissidents by the political establishment.
He was referring to Section 43 of the Bill which states that, “a person who publishes information or data presented in a picture, text, symbol or any other form in a computer system knowing that such information or data is false, deceptive, misleading, or inaccurate, and with intent to threaten, abuse, insult, mislead or deceive the public, or conceals commission of such an offence, commits an offence and is liable, on conviction, to a fine not exceeding R500 000 or imprisonment for a term not exceeding five years or both”.
Adv Tšosane said such provisions “smacks of an attempt by politicians to smuggle back the notorious criminal defamation offence which was outlawed by the Constitutional Court in 2018 after a challenge by (Lesotho Times publisher and CEO) Basildon Peta”.
“With such provisions, satire by the media could be criminalised as publication of falsehoods. Cartoonists like (South African) Zapiro would not be able to publish online,” Adv Tšosane said.
In its report, the TRC proposes that this entire section be repealed “because it is likely to be abused and threaten freedom of expression”.
“This section flies in the face of a multiplicity of ordinarily allowed, tolerated, and countenanced ways of society poking fun at itself for comic effect, social commentary and political satire or caricature; and it is likely to be abused by powerful groups against socially constructive exertions of the categories like conventional and social media including citizen journalism, artists and cartoonists, and even mainstream scholars,” TRC states.
Lengthy prison sentences of up to 25 years and R15 million have been proposed as punishment for vaguely defined “offences against critical information infrastructure or protected computer systems”.
These prison sentences and fines are draconian and unreasonable more so in a country where many people get by on a less than a dollar per day, another prominent lawyer, Letuka Molati said.
“This is a bad law. The stricter the law, the worse the law. It does not make sense to legislate for payment of fines that are beyond the financial capabilities of the majority of the population. That bill, if enacted into law as it is, shall be a law that serves only the rich not ordinary members of the public.
“The other problem is that the Bill appears not to give the courts a wide latitude to determine what an appropriate sentence should be. It raises a possibility of a Constitutional compliance challenge. Don’t overrule litigation being filed to attack the constitutionality of the act after it is enacted,” Adv Molati said.
Another lawyer, Fusi Sehapi, concurred.
“The sentences prescribed in the Bill are ridiculous and excessive for a country like ours where an ordinary person would struggle to pay a R2000 fine,” Adv Sehapi said.
Fellow prominent lawyer, Napo Mafaesa said, “Although we will only know for certain which rights will be greatly affected by the Bill when there has been a complaint, it is likely that the right to privacy and freedom of speech and expression will be first casualties of the Bill should it become law.
“As to the fines proposed, some are excessively high. It will be a mockery of justice if the suggested fines become law. Given our economic climate, the suggested penalties will be impossible to meet and the result will be prison sentences at a time when government is already failing to cope with overcrowding in the jails.
“We have some unscrupulous institutions and these could abuse the Bill if it is passed into law in its current form,” Adv Mafaesa said.
Herbert Moyo is a journalist researching digital surveillance with support from the Media Policy & Democracy Project (MPDP), run by the University of Johannesburg, Department of Communication and Media.