Octopus Cybercrime Community

The Computer Misuse and Crimes Act 2004 covers offences relating to: unauthorised access to, receiving access to, giving access to or modification of computer programmes or data, unauthorised use or interception of computer service, unauthorised obstruction of use of computer, unauthorised disclosure of access codes, causing a computer to cease to function, omission to introduce, record or store data, and offences by corporate bodies. S.16 also provides provisions for search and seizure of electronic devices and evidence.

The Electronic Communications and Transactions Act 2009 contains provisions for data protection, interception of communications, and offences relating to unauthorised access to, interception of or interference with data (S.99), computer related extortion, fraud and forgery (S.100), attempt, aiding and abetting (S.101), pornography (S.102), hacking, cracking and viruses (S.103), denial of service attacks (S.104), spamming (S.105), illegal trade and commerce (S.106), and  offences committed by corporate bodies (S.108).

The current criminal procedure legislation of Zambia does not contain reference to electronic evidence and corresponding procedural powers, except for specific regulations for search and seizure in The Computer Misuse and Crimes Act 2004, while interception powers are provided by The Electronic Communications and Transactions Act 2009.

Under the Cybersecurity and Cybercrimes Draft Bill (2017), law enforcement authorities are given extensive powers of inspection, search and seizure of electronic evidence.

• explicit recognition that otherwise activity can be conducted lawfully or legitimately under certain circumstances - art. 65, 66, 74 of Part X (Cybercrime) define offences such as hacking into computer systems, exceeding authorised access or making available, where this is done intentionally and knowingly, without lawful excuse or authority. In particular, the draft bill contains a clause stipulating that certain actions should not be interpreted as imposing criminal liability where this isn’t done for the purpose of committing an offence, such as for authorised testing or the protection of a computer
• concept of licensing cybersecurity investigative activities - Part VII (Cybersecurity service providers) underlines that undertaking cybersecurity investigative activities is not permitted unless a prior licence has been granted to persons who are assessed to be fit and proper
• concept of cyber inspectors and cybersecurity technical experts - art. 14, 21 of Part III (Preventing cyber incidents) allow for the appointment of any person as cyber inspector to monitor and inspect the operation of any offence, or of any individual with suitable qualifications or experience as a cybersecurity technical expert to assist cyber inspectors
• concept of harm prevention - art. 13 of Part III allows the National Cybersecurity Agency to direct any person to carry out remedial measures including installation of equipment for investigative purposes, or taking copies from electronic records, where a cybersecurity threat of incident severely risks harming critical information infrastructure, disrupting essential services or threatening national security.