TOPIC: Evaluation of the effectiveness of the Legal and Policy Framework on Cyber law in combating

Cyber crime in Uganda

A Research Proposal submitted in partial fulfilment of the requirements for the Undergraduate Degree in
Law

Submitted by:

STUDENT’S NAME: BILAK ANTHONY SETH (2016/AUG/B220472/DAY)

SUPERVISOR: MS. NABALENDE WITNESS

SCHOOL: Nkumba University School of Law

Year 4, Semester 2, 2019/2020

Table of Contents
1.1 Background to Study.............................................................................................................. 3
1.2 Problem Statement................................................................................................................. 5
1.3.1 General Objectives................................................................................................................. 6
1.4 Scope of the study........................................................................................................................ 6
1.4.1 Subject Objectives...................................................................................................................... 6
1.4.2 Geographical Scope................................................................................................................... 6
1.4.3 Time Scope............................................................................................................................. 7
1.5 Significance of the study........................................................................................................... 7
1.6 Literature Review....................................................................................................................... 7
 1.0 INTRODUCTION
The focus of this study is the critical evaluation and analysis of the Cyber crime policies in Uganda
in light of the increasing reliance on technology for a wide range of purposes. This increased
reliance has fuelled a growing cyber crime practice whose tools of trade heavily rely on various
computerised methods of deception and fraud thereby limiting the advantages and opportunities the
rest of the country has in the use of the internet and information communication technologies to
further develop.
Various studies carried out by reputable cyber security firms have emphasising the growing
sophistication of the methods being used by perpetrators of cyber attacks. 1 These various methods
have led to a wider variety of victims of cybercrime who are targeted through their mobile phones,
email addresses and online social media accounts.
The development of Mobile money solutions especially, which is a service sector heavily
developed in the region has led to increased instances of fraudulent acquisition of money as the
majority of Ugandans have money not in the banks but in their mobile money accounts.
The policies drawn up are therefore to be analysed to see their effectiveness in combating
cybercrimes within the jurisdiction of the Uganda.

1.1 Background to the Study

The internet as it is now was developed from military projects primarily in the United States during
the cold war to allow various defence departments to remain operational in the event of a USSR
major confrontation. This was because a nuclear detonation within the ionosphere would easily
cripple FM signals the military at that time relied on to relay messages, thus creating a
communication blind spot[ CITATION Rya10 \l 2057 ].2
These fears eventually led to the communication developments that led to the creation of
ARPANET in the 1960s which later evolved into the internet. It had the primary purpose of
ensuring that communication (both military and secondarily civilian) could be decentralised and
essentially nuclear proof in case the Soviet Union carried out a first attack nuclear strike that would
otherwise cripple the whole communication set up. The creation of the network entailed the
development not only of the appropriate computer hardware, but also of ‘protocols’, the codes and
rules that would allow different computers to ‘understand’ each other. This development got under

1
Uganda Cyber Security Report 2018, at pg. 11
2
[ CITATION Rya10 \p 14 \l 2057 ]
way in the late 1960s, and by 1969 the ARPANET was up and running, initially linking together a
handful of university research communities with government agencies[ CITATION Mar15 \l 2057 ].3
ARPANET thus connected to various research communities in select universities within the
country, linking them to the appropriate government agencies, laying the groundwork for a
computer network that would later expand to form the internet.
The internet’s adoption in the developed world was further facilitated by the increasing availability
of low cost and exponentially more powerful smaller computers. The network further developed
different communication protocols and computer languages which allowed many personal
computers to join and inter-communicate, thereby expanding the effectiveness and amount of
information on the network. This network gradually evolved throughout the globe slowly becoming
an international network of computers.
The term internet was therefore developed because the network became an international network of
various computers that could join and share information.
According to a UN study, a high percentage of new internet traffic is coming from developing
countries. The study therein stated that,
“...in 2011, at least 2.3 billion people, the equivalent of more than one third of the world’s total
population, had access to the internet. Over 60 per cent of all internet users are in developing
countries, with 45 per cent of all internet users below the age of 25 years.”4
As a developing country, the development of Uganda’s computer use has led to the increased use of
the available technological tools to augment the capabilities of particular crimes including fraud,
harassment among a host of others. The crimes are seen to include both those enhanced by the use
of computers and those that have cropped up owing to the growing information technology
infrastructure in the country, including Denial of Service Attacks (DoS) on websites. As shown in a
police report on the state of cyber crime in the country, the policies are affected by situations such
as online Child exploitation by the use of Internet through gaming, social networking, research
tools among others owing to the increasing time children spend on the internet. This has made it
easier for them to meet strangers and it is thus through the internet that child sex abuse within
families is recorded and shared through images.5
Basing on the prevailing drift towards technology, it has been pertinent that the state find a way to
address this shift in information technology, and the resultant ways it is being misused for

3
[ CITATION Mar15 \p 7 \l 2057 ]
4
Comprehensive Study On Cybercrime 2013, United Nations: United Nations Office on Drugs and Crime at
pg. 19
5
Cybercrime Barometer, A Uganda Police Centenary plus
Awareness campaign paper, at pg. 3
malevolent purposes. This has led to the enactment of a host of cyber related laws, primary of
which is the Computer Misuse Act of 2011.6
As the principle legislation in regards to cyber crimes, the 2011 Computer Misuse Act provides for
definitions of cybercrimes, related penalties and some procedural measures that law enforcement
authorities can use in their fight against cybercrimes. As seen from its long title, it is an act in place
to prevent unlawful access, abuse or misuse of computers.
As explained in an online article7 analysing the cybercrime field in Uganda, in all cases, what a
computer is, is defined broadly, which may therefore include individual computers or devices (e.g.
mobile phones) or entire computer networks.
The 2011 Computer Misuse Act defines a number of cybercrimes, which could be grouped into
different categories. They are divided into crimes that target computer systems, Electronic fraud 8,
child pornography production and distribution9, cyber harassment10, cyber stalking11 and offensive
communication12.
The enactment of the new Data Protection and Privacy Act 2019 also shows the need for an
active and dynamic policy in regards to the cyber legal field, wherein the abuse of personal data in
a growing Big Data trend has called for a need to protect the data of individuals from abuse as seen
in the infamous Cambridge Analytica situation.

1.2 Problem Statement

In light of the rapid developments observable from the inception of the internet to date in regards to
cyber space, various nations including Uganda have seen it necessary to put in place particular
internet laws. These are specific laws that can ensure adequate regulation of the effects of this cyber
growth on their citizens and control of the equally developing opportunities for both computer
aided and computer created crime therein. Ideally, the laws and policies developed are designed to
achieve that aim through the anticipation of the computerised means available and controlling both
the access and the consequences of the means, which is done through criminalisation of said
consequences. This ensures that the cyber space to a large extent is appropriately used. It is
however seen that in reality, the laws are much harder to enforce and the technology and criminal
social intelligence is moving at a pace much faster than the government can comfortably anticipate.
6
Computer Misuse Act 2011 (Act 2 of 2011), Laws of Uganda
7
Fighting Cybercrime in Uganda, https://barefootlaw.org/fighting-cybercrime-in-uganda/, published
22/Nov/2018. Accessed 26th/Feb/2020
8
Supra 4, Section 19
9
Ibid, section 23
10
Section 24
11
Ibid section 26
12
Ibid section 25
Some other laws are ineffective ab initio owing to their inapplicability in the country due to various
reasons. This has led to huge losses both to the individual citizens under the jurisdiction of Uganda,
and the government both in regards to revenue as taxes and even costs.

1.3 Objectives of the Study

1.3.1 General Objectives

The general objective of the study is to analyse the cybercrime polices in Uganda and critically
evaluate their effectiveness in combating the evolving cyber threats observed in the country.

1.3.2 Specific Objectives

1. To analyse the cybercrime policies through the enacted laws and available policy
documentation.
2. To evaluate to what extent the observed national policies have been influenced by earlier
policies in other jurisdictions and regions.
3. To evaluate the effectiveness of the observed policies in relation to the growing cybercrime
tactics as found in other national and regional studies.
4. To recommend possible solutions to the policy framework regarding cybercrime.

1.4 Scope of the study

1.4.1 Subject Objectives

The study aims at making a critical analysis on the overall effectiveness of the policies and laws on
cybercrime in combating the growing development of cyber crime in the country. This research also
therefore generally covers the development of the said policies in the world in order to understand the effect
of growing global interconnectivity on cyber crime within Uganda. This will allow a better understanding of
the effect of the examined policies on the wider understanding of the developing field of Cyber law
jurisprudence in light of its development within the unique demographics of Uganda.

1.4.2 Geographical Scope

The research is focusing on the policies and subsequent cyber laws developed in Uganda. The influence of
any other international jurisdictions and their applicability in the Ugandan legal system is to be examined.
This is to be done in order that the effectiveness in the implementation of the policies and the laws in place
to combat cybercrime in Uganda be accurately determined and appropriate recommendations be made. This
can ensure that the future developments within the country more accurately reflect the increasingly unique
domestic situation in regards to cyber crime.

1.4.3 Time Scope

Analysis into the policies in the country will generally cover the period from 2009 to date. This
appropriately covers the enactment of Uganda’s primary cyber laws. The study research on the international
field will cover a wider time scope between 1986 when the first American anti-hacking law was passed, to
date, primarily focusing on the various developments of the internet and growing opportunities for the
growth of cyber crime.

1.5 Significance of the study

1. The study will ensure an increase in the subject matter within the analysis of cybercrime and
the policies governing its control especially in Uganda.
2. The proposed recommendations therein will, if taken, serve to offer a glimpse into the
practicality of policies undertaken within the constantly changing and ever dynamic cyber
scene. This dynamic is certainly adapted and adhered to by cyber criminals and it is
necessary that policymakers realise that the best way of protecting is through constantly
revising the policies to ensure they reflect the changes and developments in the cyber world.
3. The research will also be relevant to other researchers aiming to break through into the
Ugandan/East African cyber market. As a rapidly growing region, there is going to be an
increased use of technology and it is pertinent that the policies and laws that aim at
protecting users from cybercrime be understood. It will thus be of use to both foreigners and
regional persons alike.

1.6 Literature Review

Studies into the effectiveness of cyber laws in combating cybercrime have been done in
various jurisdictions through security reports, textbooks among other research works.
A study done in Rwanda, Assessing Cybersecurity Policy Effectiveness in Africa via a
Cybersecurity Liability Index [ CITATION Ado16 \l 2057 ] focused on the strength of cyber security
and prevalence of cybercrime in 4 jurisdictions including Uganda. The study analysed their
different laws deterring cybercrime and whether or not the laws were effective in their objective.
The preliminary findings of the study were that the majority states in Africa do not have any cyber
protection laws (11 out of the 54 in 2016) and that despite the existence of cyber laws in the subject
countries, their effectiveness is still too low owing to a number of factors [ CITATION Ado16 \l 2057
].13 The work effectively analyses the various issues on a regional basis focusing on East and West
Africa and the findings point towards the lack of implementation both by organisations working in
the various states and the governments. 14 This implementation ought to include the reporting of
cybercrimes and the successful prosecution of the criminals however the research found the
numbers to be too low to be effective deterrents. In Uganda specifically, the research findings
include the fact that less than 10 percent of cybercrime is reported and that the number of
Cybersecurity experts is also low (300 as of 2016).15
Another journal article titled Challenges to Enforcement of Cyber-Crimes Laws and Policy 16
discusses the same problem, focusing on the more general world view. Therein it makes an
important apparent distinction between computer enabled crimes and cybercrimes.17 It addresses
the various costs the world suffers due to cybercrime. It also looks at the primary global
enforcement challenges of jurisdiction, enforcement and reporting of cases.
All these works however do not prioritise taking into consideration to what extent the various
policies within the country have both either succeeded or failed to control the prevalence of
cybercrime. Their primary findings instead point towards the fact that with the increasing internet
penetration in the selected geographical study areas, the prevalence of cybercrime is proportionally
increasing.

13
[ CITATION Ado16 \p 1 \l 2057 ]
14
[ CITATION Ado16 \p 6 \l 2057 ]
15
[ CITATION Ado16 \p 10 \l 2057 ]
16
[ CITATION Aja16 \l 2057 ]
17
[ CITATION Aja16 \p 1 \l 2057 ]