The tsunami of cyberattacks and spyware has taken African citizens by surprise, especially when everyone is busy fighting the Covid-19 pandemic. As Zimbabweans took to the internet to stay in touch with their family and friends, hackers and scammers exploited the opportunity to the hilt. Security software company Kaspersky has put the total number of malware attacks on African citizens at 3.8 million, which is an alarming figure by all standards. The company has also revealed that Potentially Unwanted Applications or PUAs (16.8 million PUAs were detected in 2020) caused the majority of the attacks.
It’s a Grim Scenario
Internet Society’s senior policy advisor for Africa, Verengai Mabika from Zimbabwe, supports the Cybersecurity and Data Protection Bill. He believes that the sudden increase in the number of online attacks has exposed Zimbabwe’s limited capacity and its lack of awareness about digital security. He also mentioned that in some African nations, the cyberattacks underwent a paradigm shift as they started impersonating the NGOs working in Covid-19 affected areas. The hackers used every weapon in the arsenal, ranging from phishing attacks to luring unsuspecting users with Covid-19-related scams.
Zimbabwean Government’s Response
The Cybersecurity and Data Protection Bill brought in by the Zimbabwean government is a concrete step towards enhanced data protection and cybersecurity. However, privacy activists, including Transparency International and Transparency International Zimbabwe (TI Z), and PEN International, have called for a review of this bill.
These organizations have pointed to numerous shortcomings in the bill that fails to comply with international legal frameworks ad regional standards. Organizations such as PEN International and TIZ work towards promoting and defending the freedom of information and expression, and they’re concerned about the efficacy of the bill. Even though the Zimbabwean government has taken a strong measure towards protecting the interests of the ICT sector, a single bill to tackle both cybersecurity and data security challenges might prove counterproductive. Striking a delicate balance between digital rights and security issues can pose to be a huge challenge.
Why the Need for Reform?
In its present form, the bill is fraught with numerous shortcomings that fail to comply with the international standards on the protection of personal data and privacy. It poses a greater risk of defeating the purpose as well as the scope of the proposed law.
Use of Excessively Intrusive Tools
One of the biggest issues is the lack of clarity on the circumstance as well as procedures for the use of tools such as keystroke logger. Permitting the use of such forensic tools can become an instrument to infringe upon the privacy rights of ICT. This investigative software or tool provides agencies remote access to data while helping them to monitor as well as record computer activities. Additionally, there’s no provision for accountability measures or judicial oversight for reviewing the potential abuses of intrusive technologies.
Experts believe that when lesser intrusive measures for gathering evidence exist, there’s no justification to include excessive investigative procedures.
Lack of Independent Data Protection Authority
The Postal and Telecommunications Regulatory Authority of Zimbabwe is supposed to play the regulatory role, and it directly reports to the Executive. Thus, the oversight mechanism does not have independence and no authority directly answerable to the parliament. The appointment process must be done publicly so that any incidences of executive abuse can be minimized.
No Protection for the Rights of Data Subjects
The right of data subjects isn’t clearly defined and reinforced because procedures for handling individual data aren’t standardized. In the event of security breaches, it’s not known what procedures would be followed. Processing personal data for upholding national security or public interest isn’t defined clearly under the law. It leaves ample room for people overseeing such tasks to abuse the law in the name of public interest or national security.
Taking Data Security and Privacy Personally
Well, governments take time introducing laws that prove effective. Sadly, some of them can undermine the individual right to freedom of information and expression. In such cases, it is important to improve your digital security on your own. A VPN is a tool for securing browsing, data exchanges and preventing secretive snooping. It creates a secure tunnel for data communication between the device and the internet.
Irrespective of whether you’re using your home Wi-Fi network or a public one, you can be sure that all your critical information is protected. The end-to-end data encryption gives you immunity to eavesdropping and tracking attempts. During these grim times of cyberattacks and violations of privacy, you need to know how to handle these hurdles effectively. A VPN and a reliable antivirus tool are essential, and should not be taken for granted.
Overall, the Cybersecurity and Data Protection Bill is supposed to strengthen cybersecurity and is treated as progressive. However, like many things in life, it could use some positive adjustments. Every country needs a transparent law that not only looks after national security but individual liberties as well.