As Covid-19 (Coronavirus) pushes people to work from home or businesses to adopt work-from-home policies, it is equally opening home networks to cyber-attacks. Cybercriminals are targeting businesses and employees to capture personal and office documents as well as sensitive digital files. it is not uncommon for a person working remotely to receive an email or call from someone pretending to work with the bank, public health authority, employer’s IT unit or online sites, requesting for usernames/passwords or access to a computer or network. Since not all companies have put in place secure networks and related firewalls, individuals working from home may be susceptible to phishing e-mails, malicious domains, fake apps, ransomware, and attacks on routers, among others. This is possible because most people tend to use one device for both personal and office work.
The aim of this FB Attorneys Legal Update is not to look at how working from home is exposing us to cybercrimes but rather to briefly shed some light on anti-cybercrime legislation in Tanzania and how they can protect us from cyber-attacks.
Constitution of the United Republic of Tanzania
The Constitution protects individuals and groups’ privacy and personal communication or interference/interception of one’s communication. Affected individuals can seek relief from the relevant authorities against anyone who unlawfully gains access to, destroys, alters, conceals and uses personal information or information stored on another person’s device without her/his consent or the due process of the law. Specific reliefs may include an order for compensation, injunction, deletion/destruction or restoration of information.
If properly applied, the anti-cybercrime law protects individuals from a wide range of cybercrimes that may affect their endeavours to become more productive while working from home. Some of these serious offences include online impersonation, unsolicited or spam messages, illegal interception of communications, publication of false information, invasion of privacy, illegal access and remaining, illegal interception, data interference, violation of intellectual property rights, system interference, cyber bullying, misuse of devices, forgery, fraud, and identity theft. If a person is convicted under this Act, s/he may be sent to prison or ordered to pay a hefty fine or both.
Electronic and Postal Communications Act (EPOCA) and related TCRA regulations
Apart from the postal aspect, EPOCA and TCRA laws address important issues such as cybersecurity, interception, encryption, and data retention as far as electronic communications are concerned. In protecting consumers, these laws prohibit several conducts such as transmission of obscene content, hate speech, unauthorised access or use of computer system, deletion or alteration of information or diminishing its value or utility, interception of communication or network, fraudulent use of network and services, fraudulent traffic, and making or sharing false information. These laws also punish individuals who circulate content that may threaten public health or those that make information available with regards to the outbreak of a deadly or contagious disease who are not mandated to do so. These offences are punishable by imprisonment or fine or both.
Electronic Transactions Act and Law of Contract Act
The two laws supplement each other. Among other things, they recognise activities done online such as negotiations, agreements and e-payment/digital money. Most importantly, these laws recognise and provide for the requirements of digital signature and e-money. The use of e-signature and money is important for workers who need not be physically present in discharging their duties. The criteria set under these laws can, as well, be used to protect individuals from or support their claims for forgery, fraud, fraudulent misrepresentation or expression of consents.
Like the Electronic Transactions Act, this Act allows parties before a Court of law to submit electronic evidence to prove their cases. As such, individuals working remotely may exploit this law to support their claims for working hours, overtime pay, and workload as well as providing or disapproving a cybercrime.
Access to Information Act
This Act allows individuals working remotely to ask for and get access to information from the relevant authority pertinent to their work. A copy of such information could be delivered in electronic form. The Act goes further to prohibit the distortion of the information so received. As such, a person who divulges information or gains illegal access to another person’s device, which has information received under the Act, commits an office. It is also an offence to alter, deface, block, erase, destroy or conceal any information held by the information holder, with the intention to prevent the information holder to disclose them. The penalty upon conviction is a fine or imprisonment.
To some extent, the laws discussed above reproduce or refine some provisions of the penal law, which is the general code of criminal law. To put this into perspective, a person working online may rely on the penal provisions concerning intention and motive, theft, impersonation, false assumption of authority, abetment, concealment, conspiracy, counselling, intimidation, frauds, false information, false pretence and making a false document, among others, to protect herself/himself against cybercrime.
Therefore, depending on the circumstances of each case and applicable law, a person who suffers from a cyber-attack can open a criminal case or civil suit or both. In either case, s/he needs to get the police or TCRA or a lawyer or all of them involved.
As they say, prevention is better than cure. Make sure you protect your IT networks and systems.