Malawi is one country that has no comprehensive legal framework on cybercrime. Most of the country’s criminal laws were enacted long before the advent of mobile phones and the Internet. As a result, they were enacted with the physical world in mind. They do not cover the virtual world of ICTs. For instance, the Penal Code defines the offence of theft as involving stealing tangible objects only, and does not cover “stealing” of such intangibles as computer data. Similarly, the offence of criminal damage only covers physical damage to physical objects and does not include damage caused by technological conduct like sending a virus or denial of service attack.
Resultantly, hacking, sending computer viruses, denial of service attacks and other acts that compromise the confidentiality, integrity and availability of computer data, systems and networks are not criminal offences under Malawian laws. It is frightening to note that a person who can hack into a computer system of a financial institution in Malawi and deletes all data commits no offence; so too a person who can hack into a computer system of a critical government department and deletes all data. The need for a cybercrime law is so obvious to require further emphasis here.
There is a dangerously wrong perception that cybercrime is a problem of developed and technologically-dependent countries, and that it is of little significance to developing countries such as Malawi with their limited ICTs use and uptake. Resultantly, most developing countries have no or inadequate legal frameworks for cybercrimes and/or dedicate less or no resources to fight cybercrime.
Such a perception is utterly wrong and is borne out of ignorance of what cybercrime is and how cybercriminals actually work. The fact is that every country that is connected to the Internet is at risk of cybercrime. In fact, statistics indicate that cybercrime is growing faster in Africa than in other regions of the world despite the region’s limited ICTs use.
If African countries fail to put in place the necessary legal and institutional capabilities to fight the problem, the region risk becoming a safe haven for cybercriminals. This can also weaken global efforts to fight the problem. “A chain is only as strong as its weakest link,” so they say. Africa should not be the weakest link in the global fight against cybercrime.
There is, therefore, no excuse for Malawi to fail to enact the necessary cybercrime law. But the enactment of a law is not an end in itself: it is also important for the country to dedicate resources to the fight against cybercrime. But the enactment of a law plays a key role in the fight against cybercrime as it represents the minimum threshold that must be met before any action can be taken by the police or before courts can punish anyone. In a country like Malawi whose Constitution incorporates the principles of rule of law and fair trial, there cannot be a crime without a formal criminalisation.
Further, the laws also guide the police and courts on how to handle and use electronic information as evidence in criminal trials. They also specify the rights and duties of private actors, for instance, Internet service providers, in fighting cybercrime. Lastly, the laws regulate issues of international cooperation between Malawi and other countries in fighting cybercrime.
It should be mentioned that the country has initiated the process to enact a law that will regulate the ICT sector, including some aspects of cybercrime. This is, without doubt, a positive step in the right direction. The problem is that in Malawi, the enactment of laws sometimes takes many years to complete. Considering the exigency of the matter, it is important that the process of enacting the law must be hastened. The country just cannot afford the current legal vacuum. In addition, it is important that the law must meet international standards on the point.
Cybercriminals, like all other criminals, are known to migrate to countries without or with weak legal regimes and weaker law enforcement capabilities. n
The author is a law academic