The Committee recommends rescission of the controversial Cybersecurity Bill, SIM & Mobile Device Regulations
MISA Lesotho has learned with contentment about recommendations of a parliament’s portfolio committee to dismiss the Computer Crime and Cybersecurity Bill of 2021, as well as the Communications (Subscriber Identity Module and Mobile Device Registration) Regulations of 2021 from the National Assembly, to allow for the Minister of Communications, Science and Technology to go back and revisit these controversial drafts of legislation.
MISA Lesotho applauds the Portfolio Committee on the Prime Minister’s Ministries and Departments, Governance, Foreign Relations and Information Cluster for a commendable decision to withdraw the two documents that had sparked outrage among the Basotho populace, especially stakeholders who had not been consulted when they were promulgated by the ministry.
These are the same pieces of draft legislation that MISA Lesotho went all way out to show that they were flawed in many ways, including that some provisions of the documents violated the Constitution of this country. But what was most disturbing with both the documents was that there were no consultations conducted with stakeholders, MISA Lesotho included, when they were being established by the ministry. It is a constitutional requirement for the government to conduct public consultations when promulgating pieces of legislation.
In a media statement that MISA Lesotho published on March 31st 2021, we expressed deep concern over no consultations made by the ministry with stakeholders before the Computer Crime and Cybersecurity Bill of 2021 was tabled in parliament by then Communications Minister Keketso Sello on March 23rd.
On June 7th 2021, MISA Lesotho was presented with an opportunity to present our submission on the Bill before the said parliamentary portfolio committee. Following are the findings presented by MISA Lesotho before the committee:
- The Bill combines two sets of crimes, which may lead to a law that is vague and difficult to implement as one of the sets may not receive clear description or there may be conflation;
- Unclear description of illegal access may give law enforcement agencies during implementation, unwarranted powers to an extent that they infringe on freedom of expression of opinion enjoyed by members of society as access to information ordinarily may be deemed as illegal;
- Lack of clarity on what illegal access means and its provision may affect media freedom as their access to information that may ordinarily be in the public domain or has to be accessed by the media may be deemed illegal;
- The Bill is shallow on explaining cyber extortion and this may make it difficult for law enforcement agencies when implementing the law;
- The Bill is silent on the ill-intended usage of mobile phone applications to create nude scenes or access the internet for purposes of exposing sexually explicit material and distributed over social media platforms;
- The Bill does not define a child so that the boundaries to access to the internet and dirty material in terms of age are well-known;
- The Bill only limits the channels through which the intimate messages are conveyed to computers or other computer software. Due to advances in the communication sphere, social media platforms such as Facebook and Twitter are largely being used to communicate these intimate messages and they go viral once sent;
- Penalties for wrongdoing, which the Bill metes out are not proportionate to the crimes committed. There are no clear criteria on how those penalties were determined.
In the report presented before the National Assembly yesterday (September 14, 2021), the parliament portfolio committee, chaired by Honourable Lehloka Hlalele (MP), observed that the security agencies, namely Lesotho Defence Force, Lesotho Mounted Police Service, National Security Services and Lesotho Correctional Services “were excluded in the formulation of the Computer Crime and Cybersecurity Bill, 2021”.
The Committee further made the following observations, that:
- The inclusion of media houses and telecommunications agencies is very crucial in the compilation of the Bill;
- All Security Agencies should be an integral part of the cybersecurity management and should be represented in the National Cybersecurity Advisory Council;
- The Bill deals with two major sets of crimes, computer Crimes and crimes of cyber security. The two sets of crimes are comprehensive enough to constitute two legal frameworks, and a combination of two sets of crimes may lead to a law that is vague and difficult to implement.
Based on the findings, the Committee has since recommended for the National Assembly that “the Minister responsible for Communications (Currently Honourable Tšoinyana Samuel Rapapa MP) be afforded an opportunity to withdraw the said Computer Crime and Cybersecurity Bill, 2021 for the Minister to revisit the Bill”.
The Committee has further resolved to “disallow the Communications (Subscriber Identity Module and Mobile Device Registration) Regulations, 2021 for the Minister to reassess the regulations”.
The Regulations were gazetted by the Minister of Communications, Science and Technology, Honourable Rapapa, in June this year, making it a requirement for all citizens and non-citizens using mobile phones in Lesotho to have their personal information banked with the Lesotho Communications Authority (LCA) and accessed by security agencies with ease without their consent, in direct violation of their privacy and freedom of expression rights, among others.
On June 15th, MISA Lesotho published a media statement to express our disappointment as the process of establishing the regulations was not consultative with stakeholders. Further, we noted that the regulations were tantamount to the worst form of violation of freedoms of privacy, expression, association, dignity and media, among others.
Our argument was premised on the following direct violations of law and of fundamental human rights:
- The regulations contravene Section 14 of the Constitution of Lesotho (1993), which states that; every person shall be entitled to, and, except with his own consent, shall not be hindered in his enjoyment of freedom of expression, including the freedom to hold opinions without interference, freedom to communicate ideas and information without interference, whether the communication is to the generality or to any person or class of persons, and freedom from interference with his correspondence.
- The regulations contravene Section 11 of the Constitution of Lesotho (1993), which states: Every person shall be entitled to respect for his private and family life and his home.
- Lesotho has acceded to The Declaration of Principles of Freedom of Expression and Access to Information in Africa adopted by the African Commission on Human and People’s Rights on November 10, 2019. Principle 40 of the Declaration refers to Privacy and the Protection of Personal Information. It states; 1. Everyone has the right to privacy, including the confidentiality of their communications and protection of their personal information;
In its report before the National Assembly yesterday, the portfolio committee presented the following observations, that:
- Stakeholders and the public consultations are needed to ensure that all stakeholders inputs are included in the Subordinate Law;
- The systems testing and readiness ensuring that the central database is envisaged has not been thoroughly considered;
- Consideration of vulnerable populations, informal traders and people with disabilities have not been carefully primed; and
- Timeframe for registration of SIM and other processes should be reviewed
The Committee has therefore recommended that the regulations be dismissed from the National Assembly for the minister to go back and reassess them.