What is a Cybercrime?

Module 7: Cybercrimes

Definition

There is no precise, universal definition of the term ‘cybercrime’. In general terms, it refers to a crime that is committed using a computer network or the internet.(1) This can cover a wide range of activities, including terrorist activities and espionage conducted with the help of the internet and illegal hacking into computer systems, content-related offences, theft and manipulation of data, and cyberstalking.(2)

Cybercrimes and cybersecurity are two issues that cannot be separated in an interconnected digital environment. Cybersecurity, or the management of cybercrimes, refers to the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber-environment and organisational and user’s assets, such as computing devices, applications and telecommunication systems.(3)

Cybercrimes in International Law

The African Union (AU) has sought to encourage a continent-wide approach to tackling cybercrimes through the Convention on Cyber Security and Personal Data Protection (known as the Malabo Convention).(4) Because of the cross-border and international nature of cybercrimes, the AU argues that “national legislation cannot be drafted in isolation and national governments must seek to harmonize national legislation, regulations, standards and guidelines on Cybersecurity issues.”(5) However, even the AU itself was the target of a major cyberattack between 2013 and 2017,(6) and the Malabo Convention has been criticised for using vague language which may be open to abuse by states. An example is the provision that criminalises the use of insulting language.(7)

Article 25 of the Malabo Convention calls on states to adopt legislation and/or regulatory measures to prosecute cybercrimes. Nevertheless, the text is clear that such legislation should not infringe on fundamental rights and freedoms:

“In adopting legal measures in the area of cybersecurity and establishing the framework for implementation thereof, each State Party shall ensure that the measures so adopted will not infringe on the rights of citizens guaranteed under the national constitution and internal laws, and protected by international conventions, particularly the African Charter on Human and Peoples’ Rights, and other basic rights such as freedom of expression, the right to privacy and the right to a fair hearing, among others.”

The UN General Assembly Resolution on the Creation of a global culture of cyber security also states that:

“Security should be implemented in a manner consistent with the values recognised by democratic societies, including the freedom to exchange thoughts and ideas, the free flow of information, the confidentiality of information and communication, the appropriate protection of personal information, openness and transparency.”(8)

The Convention on Cybercrime of the Council of Europe (CETS No.185), known as the Budapest Convention, is the only binding international instrument on cybercrime and serves as a useful guideline for countries developing cybercrime legislation.(9)

Cybercrimes in Domestic Law

The UN Conference on Trade and Development (UNCTAD) reports that 39 out of the 54 countries in Africa analysed (72%) have cybercrime legislation in place.(10)

In order to ensure that cybercrimes laws do not unnecessarily infringe on the fundamental rights to freedom of expression, privacy and access to information, they should meet the following criteria:

Provide narrow, clear, and adequate definitions of cybercrimes.
Require proof about the likelihood of harm arising from a given criminal activity.
Require the nature of the threat to national security resulting from any criminal activity to be identified.
Provide for a public interest defence in relation to the obtaining and dissemination of information classified as secret.
As a general principle, not impose prison sentences for expression-related offences, except for those permitted by international legal standards and with adequate safeguards against abuse.(11)

Footnotes

Article 19, ‘Freedom of Expression and ICTs: overview of international standards’ at p 25 (2018) (accessible at: https://www.article19.org/wp-content/uploads/2018/02/FoE-and-ICTs.pdf).
Id.
ITU Definition of Cybersecurity, (accessible at: https://www.itu.int/en/ITU-T/studygroups/2013-2016/17/Pages/cybersecurity.aspx).
Institute for Security Studies, Karen Allen ‘Is Africa cybercrime savvy?’ (2019) (accessible at https://issafrica.org/iss-today/is-africa-cybercrime-savvy).
African Union, ‘A global approach on Cybersecurity and Cybercrime in Africa’ (accessible at https://au.int/sites/default/files/newsevents/workingdocuments/31357-wd-a_common_african_approach_on_cybersecurity_and_cybercrime_en_final_web_site_.pdf).
Le Monde, ‘A Addis-Abeba, le siège de l’Union africaine espionné par Pékin’ (2018) (accessible at https://www.lemonde.fr/afrique/article/2018/01/26/a-addis-abeba-le-siege-de-l-union-africaine-espionne-par-les-chinois_5247521_3212.html).
African Union ‘Convention on Cyber Security and Personal Data Protection’ (2014) Article 3(g) (accessible at https://au.int/en/treaties/african-union-convention-cyber-security-and-personal-data-protection).
UN General Assembly, Fifty-seventh session, ‘Resolution on the Creation of a global culture of cyber security, at p 3 (accessible at https://digitallibrary.un.org/record/482184?ln=en).
Council of Europe, ‘Budapest Convention and Related Standards’, (accessible at https://www.coe.int/en/web/cybercrime/the-budapest-convention).
UNCTAD, ‘Cybercrime Legislation Worldwide’ (accessible at https://unctad.org/page/cybercrime-legislation-worldwide).
Media Defence, ‘Training manual on digital rights and freedom of expression online, at p 62 (2020) (accessible at https://www.mediadefence.org/wp-content/uploads/2020/06/MLDI-Training-Manual-on-Digital-Rights-and-Freedom-of-Expression-Online.pdf).