On the afternoon of Wednesday 6th September, the RAN team attended a brief training to be sensitized on the Ugandan Cyber Laws. The training was facilitated by the National Information and Technology Authority- Uganda (NITA-U)- an active partner of the Makerere School of Public Health- ResilientAfrica Network (RAN) and was held in the EA RILab Board room.
Mr. Baker Birikujja who works with the Directorate of Regulation and Legal Services, NITA-U delivered the session. He begun by recognizing RAN’s work in supporting innovations for resilience and shared that it was because of the networks’ projects and work in the IT and Technology space that the Authority felt it ‘important to sensitize the RAN team on the Cyber Laws in Uganda.’ Mr Birikujja went on to introduce the RAN team to NITA-U and its mandate in coordinating and regulating Information Technology services in Uganda.
Following his brief overview and introduction to NITA-U, its objectives and functions, Mr. Birikujja shared that ‘in 2011 three Cyber Laws were passed, namely: The Electronic Transactions Act 2011, The Electronic Signatures Act, 2011 and the Computer Misuse Act 2011.’ He went on to offer more detail on each of these acts. With regards to the Electronic Transactions Act, Mr. Birikujja shared that although transactions online may differ in nature from physical transactions, ‘the Electronic Transaction Act does not waive the fundamental requirements set forth in the substantive law governing transactions.’ Online users therefore have a right to the following information, among others;
- Description of goods and services to be offered
- Manner of payment and full price inclusive of taxes
- Physical address and telephone contact of trader
- Participants must satisfy the rights of a contract
The Act however still does not apply to;
- The Drafting of a will
- Powers of attorney
- Documents that create or transfer an interest in property
- Negotiable instruments e.g. cheques
Under the ‘Electronic Signatures Act’, the RAN team was told about the different types of electronic signatures including a Printed Name, Email Addresses, Scanned Signatures, Digital signatures, which Mr. Birikujja likened to the pin numbers used for ATM. The third and final act under the 2011 Cyber Laws was the ‘Computer Misuse Act’. Under this, Mr. Birikujja informed the team that ‘Computers include all devices that can process, store and communicate data’. He therefore shared that this act also covered the use of telephones. The act offers protection against the two forms of cyber-crime: cyber-dependent and cyber-enabled crimes. These include crimes like: electronic fraud, piracy and theft of software, malicious and offensive communications related and cyber-enabled crimes like: child sexual offenses, cyber stalking and harassment and disclosing private images without consent.
At the end of his presentation, Mr. Birikujja opened the discussion out to the RAN team who posed several questions.
Brian Ndyaguma (RAN’s Business Development Specialist) asked whether NITA-U has a ‘manual for IT Certifications’.
Nathan Tumuhamye (RAN EA RILab Director) asked where security officials in the country get authority to track phone calls, especially when one reports a lost phone, if there is an act that prohibits phone interception. To this, Mr. Birikujja highlighted the difference between phone tracking and phone interception.
RAN’s Director of Monitoring, Evaluation and Learning, Dr. Harriet Namata asked whether NITA-U collaborates with the Bank of Uganda (BoU) to screen online payments, as these usually only require entering of your card details into the system. ‘If your card is stolen, then the thief can have a field day and spend all your money on online transactions because they do not require a pin.’ Mr. Barikujja agreed that the Authority would ask BoU to look into this matter further.
Dr. Roy William Mayega (the Deputy Chief of Party at RAN) shared his concerns that ‘a lot of the laws under the Computer Misuse Act were not ‘enforceable. ‘“Rumour mongering” or gossip is accepted as the norm in everyday social life. How do you differentiate between this and “fake news” for example?’ To this Mr. Birikujja mentioned that he had not shared the details of the different offenses under the Computer Misuse Act, which clearly highlight when one of these actions is considered to be criminal. ‘Harassment for example, under the law is defined as when ‘any person who wilfully and repeatedly uses an electronic platform to disturb the peace of someone with no legitimate purpose.’
All in all, the session was very informative and the RAN team learnt a lot of new facts. Thank you, NITA-U, for your active and highly beneficial collaboration with RAN. We are eager to share these learnings with our innovators and also partners.