The African Union Convention on the Confidence and Security in Cyberspace uses some terms that are really technical. In fact part 1 of the convention deals with definition of terms used in the convention. However, to fully grasp the intended objectives of this convention one needs to delve into the vices it seeks to wipe out of the African continent.
First things first the definition of Cybersecurity;
This refers to the technologies and processes designed to protect computers, networks and data from unauthorized access, vulnerabilities and attacks delivered via the Internet by cyber criminals.
Cybersecurity is what this convention intends to achieve however, in the process of doing so it has interfered with some fundamental rights and freedoms hence the reason we are having this petition.
Cyber crime and its different manifestations
Cyber crime – This encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet. For example; hate crimes, telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the Internet.
1. Computer Network Attacks: Sending a command to a computer and intentionally causing damage without authorization. This should include activities such as denial of service or distributed denial of service attacks; exploiting either server or client-side vulnerabilities like SQL injection; buffer overflow/memory corruption; cross-script scripting; or installing malware on a computer without authorization. Enacted laws may also require dishonest intent or that the computer in question be a networked as opposed to free standing computer.
2. Unlawful Access to Computers/Data: Hacking into a computer without authorization. This should include computer intrusions and hacking offenses, including use of a password without permission; not intended to cover access that is a breach of contract or Terms of Service.
3. Trafficking in passwords: The unauthorized collection and sale of passwords.
4. Anti-spam: Sending commercial email (spam) with the intent to deceive/mislead.
5. Anti-phishing: Phishing for credentials, which should include sending emails or creating a website to trick users into providing their identifying information.
Wire fraud: Schemes to defraud that involve the transmission of wire communications for the purpose of executing the scheme, which can be used for prosecuting common email scams and frauds.
6. Illegal interception of the content of communications: The intentional interception and the intentional disclosure of illegally intercepted communications.
7. Illegal interception of transaction information related to communications: The intentional interception and intentional disclosure of illegally intercepted registration or subscriber information related to communications.
8. Unlawful access to stored communications: Unauthorized intrusion into communications stored at an ECS facility (i.e. service that provides the ability to send/receive wire or electronic communications).
Visit ISACA for a deep dive into Cybersecurity and Cyber risks.