Cyber Laws: Uganda
UGANDA’S CYBER LAWS
Presentation
by
Ambrose Ruyooka, PMP®
Ag Commissioner Information Technology
Ministry of ICT
ISACA KAMPALA CHAPTER ANNUAL INFORMATION SECURITY
WORKSHOP
info@ict.go.ug
11th August
2011
1
Background
The “Uganda Cyber Laws” , a stack of
three namely:
Computer Misuse;
Electronic Transactions;
Electronic Signatures.
H.E. The President assented to the three
laws in February, 2011.
Commencement date: 15 April 2011
2
Background

The drafting was based on international
benchmarks and best practices, such as;
• Draft East African Framework for Cyber Laws (2008),
• Council of Europe Convention of Cyber Crime (2001),
• United Nations Convention on the use of Electronic
Communications in International Contracts (2005),
• UNCITRAL Model law on Electronic Commerce
(1996),
• UNCITRAL Model law on Electronic Signatures (2001)
• Council of Europe Convention of Cybercrime (2001),
3
OBJECTS OF THE LAWS
COMPUTER MISUSE
“Computer Misuse” refers to unauthorized
access to private computers and network
systems, deliberate corruption or destruction of
other people’s data, disrupting the network or
systems, introduction of viruses or disrupting
the work of others; the creation and forwarding
of defamatory material, infringement of
copyright, as well as the transmission of
unsolicited advertising or other material to
outside organizations,
5
Computer Misuse
The definition of “Computer Misuse”
includes the ‘downloading, displaying,
viewing and manipulation of offensive or
obscene material’. This would include
pornography or scenes of violence. In
extreme cases this may include the
criminal act of downloading or displaying
indecent photographs of children.
6
Computer Misuse
The Computer Misuse Act:
• Provides for the safety and security of
electronic transactions and information
systems;
• prevents unlawful access, abuse or misuse of
information systems, including computers
• provides for securing the conduct of electronic
transactions in a trustworthy electronic
environment and;
• provides for other related matters.
7
Electronic Signature
“Electronic Signature” means data in
electronic form in, affixed thereto or
logically associated with, a data message,
which may be used to identify the
signatory in relation to the data message
and indicate the signatory’s approval of
the information contained in the data
message.
8
Electronic Signature

“Digital Signature” means a transformation
of a message using an asymmetric cryptosystem
such that a person having the initial message
and the signer’s public key can accurately
determine:
i.
ii.
whether the transformation was created using
the private key that corresponds to the signer’s
public key; and
whether the message has been altered since the
transformation was made.
9
Electronic Signature

The Electronic Signatures Act provides for
• use of electronic signatures, and regulation
• criminalization of unauthorized access and
modification of electronic signatures,
• determination of minimum requirements for
functional equivalence of electronic
signatures,
10
Electronic Signature
Object ctd…
• modernization and harmonization of the laws
relating to computer generated evidence, and
• amendments of the current laws to provide
for admissibility and evidential weight of
electronic communications.
11
Electronic Transactions
“Electronic Transaction” means a
transaction of either commercial or noncommercial nature communicated
electronically by means of data messages
and includes the provision of information
and e-government services.
12
Electronic Transactions
The Electronic Transactions Act:
• makes provision for the use, security,
facilitation and regulation of electronic
communications and transactions; to
encourage the use of e-Government service,
and
• to provide for related matters.
13
Electronic Transactions

The Electronic Transaction Act addresses
the following issues, among others:
• Enforceability and form requirements for
electronic contracts.
• Regulation of domain names which are a new
form of digital property.
• Privacy protection for consumers and users
of electronic media.
14
Electronic Transactions
• Establishment of a regulatory frame work that
is complaint with the rapid technological
charges.
• Determining the levels of responsibility in tort
and contract attached to enhanced abilities of
machines.
• Classification of trade in information products
especially where the relationship between the
producer and ultimate consumer is remote.
15
IMPLEMENTATION
CYBER LAWS TTT
The Permanent Secretary, constituted a
Think Tank Team for the
operationalisation of the three Cyber
laws.
 The composition of the TTT was drawn
from: MoICT, MoJCA, NITA-U, URA,
ULRC, UPF & MoIA,MTTC.
(BoU and ISACA to be contacted for
representation on task team)

17
Cyber Laws Implementation
Scope of work for TTT:


Drafted the Ministerial Gazette for
the
commencement of the Cyber Laws; and
Overseeing and guiding the process of
developing attendant Regulations for the
Electronic Signatures Act and the Electronic
Transactions Act;

Process to be completed by end of August 2011
*The Computer Misuse Act is ‘self-prosecuting’ and
does not require attendant regulations.
18
Cyber Laws Implementation ctd..



Conducting awareness among all stakeholders
and the general public;
Localising international relevant legislation on
cyber crime such as the
EU convention on
cyber crime.
Continued
engagement to identify any
upcoming issues and gaps in the Laws.(so far
gaps Identified in the areas of Data Privacy,
Intellectual Property)
19
Cyber Laws Implementation ctd
A draft National information Security Strategy
has been developed. This provides among others
for:

◦
◦
◦
Establishment of high level Security Advisory Group
Establishment of the Computer Incident response
teams (CIRT)
Creation of Directorate of IT security within NITA-U
20
THANK YOU
www.ict.go.ug