Monday, 13 April 2015

Fighting cybercrime in Africa

The BBC reports on cybercrime in Africa.  There’s lots of it:

Security expert Kaspersky says more than 49 million cyber-attacks took place on the continent in the first quarter of last year, with most occurring in Algeria, ahead of Egypt, South Africa and Kenya.

But cybercrime is actually most pervasive in South Africa, with security firm Norton saying 70% of South Africans have fallen victim to cybercrime, compared with 50% globally.

McAfee, another cybersecurity firm, reported that cybercrime cost South African companies more than $500m (£340m) last year.

So there’s work to be done.  They’re working on it:

But in June 2014, the African Union (AU) approved a convention on cybersecurity and data protection that could see many countries enact personal protection laws for the first time.

Interesting.  Privacy doesn’t usually get a look-in because, most commonly, the thing we’re supposed to be scared of is nebulous threat of terrorism.  Perhaps the focus on cybercrime is responsible or perhaps this group (or Africans in general) are more concerned about their privacy or more distrustful of their governments.

15 of the 54 African Union member states need to ratify the proposal before it can be implemented and none have done that yet, but it’s early days.  I’m going to quote Drew Mitnick junior policy counsel at the human rights organisation Access, solely because the idea of caring about people’s privacy is so refreshing:

"It is critical for the countries to adopt cybersecurity policies that better protect users while respecting their privacy and other human rights."

Yes. Yes it is.  Access has been tracking cybercrime laws in Kenya, Madagascar, Mauritania, Morocco, Tanzania, Tunisia and Uganda and has criticised those laws on the grounds of being ineffective and/or allowing governments to violate privacy, freedom of expression and assembly.

The AU proposal has itself been criticised for getting the balance wrong.  The Centre for Intellectual Property and Information Technology Law at Strathmore University, Kenya, for example, thinks the proposal gives too much power to judges and law enforcement and fails to take into account different perspectives:

"It was written by lawyers," he says. "Cybersecurity and cybercrime need a multi-sectoral approach - cybersecurity educators, researchers, NGOs [non-governmental organisations], vendors, ethical hackers were supposed to be involved so they could present a multi-dimensional framework instead of legal paper."

Can’t argue with that, but if the balance is indeed wrong, the heart seems to be in the right place.  Let’s hope it homes in on a good balance between protection and privacy.

Note: Some disappointing sexism and ageism from the BBC right at the top of the article:

[The 419 scam] involves gangs extorting money from the likes of great aunt Mabel by promising her riches, if she'll just send some cash and/or her bank details to a nice man in Nigeria.

Thanks, Tom Jackson, but it’s not only women and the elderly who are fooled by 419 and related scams.  And for that matter, it’s not extortion.

No comments:

Post a Comment