Uganda cyber laws _ isaca workshop_kampala_by Ruyooka


Published on

A presentation on the Status of Uganda Cyber laws delivered at the ISACA Kampala Chapter Security Conference, August 2011, Ruyooka

Published in: Technology, Business
1 Like
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Uganda cyber laws _ isaca workshop_kampala_by Ruyooka

  1. 1. <ul><li>Cyber Laws: Uganda </li></ul><ul><li>UGANDA’S CYBER LAWS </li></ul><ul><li>Presentation </li></ul><ul><li>by </li></ul><ul><li>Ambrose Ruyooka, PMP® , CRISC </li></ul><ul><li>Ag Commissioner Information Technology </li></ul><ul><li>Ministry of ICT </li></ul><ul><li>ISACA KAMPALA CHAPTER ANNUAL INFORMATION SECURITY WORKSHOP </li></ul><ul><li>[email_address] </li></ul><ul><li>August 2011 </li></ul>
  2. 2. Background <ul><li>The “Uganda Cyber Laws” , a stack of three namely: </li></ul><ul><ul><li>Computer Misuse; </li></ul></ul><ul><ul><li>Electronic Transactions; </li></ul></ul><ul><ul><li>Electronic Signatures. </li></ul></ul><ul><li>H.E. The President assented to the three laws in February, 2011. </li></ul><ul><li>Commencement date: 15 April 2011 </li></ul>
  3. 3. Background <ul><li>The drafting was based on international benchmarks and best practices, such as; </li></ul><ul><ul><li>Draft East African Framework for Cyber Laws (2008), </li></ul></ul><ul><ul><li>  Council of Europe Convention of Cyber Crime (2001), </li></ul></ul><ul><ul><li>  United Nations Convention on the use of Electronic Communications in International Contracts (2005), </li></ul></ul><ul><ul><li>  UNCITRAL Model law on Electronic Commerce (1996), </li></ul></ul><ul><ul><li>  UNCITRAL Model law on Electronic Signatures (2001) </li></ul></ul><ul><ul><li>Council of Europe Convention of Cybercrime (2001), </li></ul></ul>
  5. 5. COMPUTER MISUSE <ul><li>“ Computer Misuse” refers to unauthorized access to private computers and network systems, deliberate corruption or destruction of other people’s data, disrupting the network or systems, introduction of viruses or disrupting the work of others; the creation and forwarding of defamatory material, infringement of copyright, as well as the transmission of unsolicited advertising or other material to outside organizations, </li></ul>
  6. 6. Computer Misuse <ul><li>The definition of “Computer Misuse” includes the ‘downloading, displaying, viewing and manipulation of offensive or obscene material’. This would include pornography or scenes of violence. In extreme cases this may include the criminal act of downloading or displaying indecent photographs of children. </li></ul>
  7. 7. Computer Misuse <ul><li>The Computer Misuse Act: </li></ul><ul><ul><li>Provides for the safety and security of electronic transactions and information systems; </li></ul></ul><ul><ul><li>prevents unlawful access, abuse or misuse of information systems, including computers </li></ul></ul><ul><ul><li>provides for securing the conduct of electronic transactions in a trustworthy electronic environment and; </li></ul></ul><ul><ul><li>provides for other related matters. </li></ul></ul>
  8. 8. Electronic Signature <ul><li>“ Electronic Signature” means data in electronic form in, affixed thereto or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and indicate the signatory’s approval of the information contained in the data message. </li></ul>
  9. 9. Electronic Signature <ul><li>“ Digital Signature” means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine: </li></ul><ul><ul><li>whether the transformation was created using the private key that corresponds to the signer’s public key; and </li></ul></ul><ul><ul><li>whether the message has been altered since the transformation was made. </li></ul></ul>
  10. 10. Electronic Signature <ul><li>The Electronic Signatures Act provides for </li></ul><ul><ul><li>use of electronic signatures, and regulation </li></ul></ul><ul><ul><li>criminalization of unauthorized access and modification of electronic signatures, </li></ul></ul><ul><ul><li>determination of minimum requirements for functional equivalence of electronic signatures, </li></ul></ul>
  11. 11. Electronic Signature <ul><ul><li>Object ctd… </li></ul></ul><ul><ul><li>modernization and harmonization of the laws relating to computer generated evidence, and </li></ul></ul><ul><ul><li>amendments of the current laws to provide for admissibility and evidential weight of electronic communications. </li></ul></ul>
  12. 12. Electronic Transactions <ul><li>“ Electronic Transaction” means a transaction of either commercial or non-commercial nature communicated electronically by means of data messages and includes the provision of information and e-government services. </li></ul>
  13. 13. Electronic Transactions <ul><li>The Electronic Transactions Act: </li></ul><ul><ul><li>makes provision for the use, security, facilitation and regulation of electronic communications and transactions; to encourage the use of e-Government service, and </li></ul></ul><ul><ul><li>to provide for related matters. </li></ul></ul>
  14. 14. Electronic Transactions <ul><li>The Electronic Transaction Act addresses the following issues, among others: </li></ul><ul><ul><li>Enforceability and form requirements for electronic contracts. </li></ul></ul><ul><ul><li>Regulation of domain names which are a new form of digital property. </li></ul></ul><ul><ul><li>Privacy protection for consumers and users of electronic media. </li></ul></ul>
  15. 15. Electronic Transactions <ul><ul><li>Establishment of a regulatory frame work that is complaint with the rapid technological charges. </li></ul></ul><ul><ul><li>Determining the levels of responsibility in tort and contract attached to enhanced abilities of machines. </li></ul></ul><ul><ul><li>Classification of trade in information products especially where the relationship between the producer and ultimate consumer is remote. </li></ul></ul>
  17. 17. CYBER LAWS TTT <ul><li>The Permanent Secretary, constituted a Think Tank Team for the operationalisation of the three Cyber laws. </li></ul><ul><li>The composition of the TTT was drawn from: MoICT, MoJCA, NITA-U, URA, ULRC, UPF & MoIA,MTTC. </li></ul><ul><li>(BoU and ISACA to be contacted for representation on task team) </li></ul>
  18. 18. Cyber Laws Implementation <ul><li>Scope of work for TTT: </li></ul><ul><li>Drafted the Ministerial Gazette for the commencement of the Cyber Laws; and </li></ul><ul><li>Overseeing and guiding the process of developing attendant Regulations for the Electronic Signatures Act and the Electronic Transactions Act; </li></ul><ul><ul><ul><ul><li>Process to be completed by end of August 2011 </li></ul></ul></ul></ul><ul><li>* The Computer Misuse Act is ‘self-prosecuting’ and does not require attendant regulations . </li></ul>
  19. 19. Cyber Laws Implementation ctd.. <ul><li>Conducting awareness among all stakeholders and the general public; </li></ul><ul><li>Localising international relevant legislation on cyber crime such as the EU convention on cyber crime. </li></ul><ul><li>Continued engagement to identify any upcoming issues and gaps in the Laws.( so far gaps Identified in the areas of Data Privacy, Intellectual Property) </li></ul>
  20. 20. Cyber Laws Implementation ctd <ul><li>A draft National information Security Strategy has been developed. This provides among others for: </li></ul><ul><ul><li>Establishment of high level Security Advisory Group </li></ul></ul><ul><ul><li>Establishment of the Computer Incident response teams (CIRT) </li></ul></ul><ul><ul><li>Creation of Directorate of IT security within NITA-U </li></ul></ul>
  21. 21. THANK YOU