Uganda cyber laws _ isaca workshop_kampala_by Ruyooka
Click here to load reader
-
Upload
ruyooka -
Category
Technology
-
view
1.977 -
download
3
description
Transcript of Uganda cyber laws _ isaca workshop_kampala_by Ruyooka
1
Cyber Laws: Uganda
UGANDA’S CYBER LAWSUGANDA’S CYBER LAWS
PresentationPresentation byby
Ambrose Ruyooka, PMP® , CRISCAmbrose Ruyooka, PMP® , CRISC
Ag Commissioner Information TechnologyAg Commissioner Information TechnologyMinistry of ICT Ministry of ICT
ISACA KAMPALA CHAPTER ANNUAL INFORMATION SECURITY WORKSHOP
August 2011
2
BackgroundBackground
The “Uganda Cyber Laws” , a stack of three namely:Computer Misuse;Electronic Transactions;Electronic Signatures.
H.E. The President assented to the three laws in February, 2011.Commencement date: 15 April 2011
3
BackgroundBackgroundThe drafting was based on international
benchmarks and best practices, such as;• Draft East African Framework for Cyber Laws (2008),• Council of Europe Convention of Cyber Crime
(2001),• United Nations Convention on the use of Electronic
Communications in International Contracts (2005),• UNCITRAL Model law on Electronic Commerce
(1996),• UNCITRAL Model law on Electronic Signatures
(2001)• Council of Europe Convention of Cybercrime (2001),
OBJECTS OF THE OBJECTS OF THE LAWSLAWS
5
COMPUTER MISUSECOMPUTER MISUSE
“Computer Misuse” refers to unauthorized access to private computers and network systems, deliberate corruption or destruction of other people’s data, disrupting the network or systems, introduction of viruses or disrupting the work of others; the creation and forwarding of defamatory material, infringement of copyright, as well as the transmission of unsolicited advertising or other material to outside organizations,
6
Computer Misuse Computer Misuse
The definition of “Computer Misuse” includes the ‘downloading, displaying, viewing and manipulation of offensive or obscene material’. This would include pornography or scenes of violence. In extreme cases this may include the criminal act of downloading or displaying indecent photographs of children.
7
Computer MisuseComputer MisuseThe Computer Misuse Act:• Provides for the safety and security of
electronic transactions and information systems;• prevents unlawful access, abuse or
misuse of information systems, including computers • provides for securing the conduct of
electronic transactions in a trustworthy electronic environment and;• provides for other related matters.
8
Electronic SignatureElectronic Signature
“Electronic Signature” means data in electronic form in, affixed thereto or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and indicate the signatory’s approval of the information contained in the data message.
9
Electronic SignatureElectronic Signature“Digital Signature” means a
transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine:
i. whether the transformation was created using the private key that corresponds to the signer’s public key; and
ii. whether the message has been altered since the transformation was made.
10
Electronic SignatureElectronic SignatureThe Electronic Signatures Act
provides for• use of electronic signatures, and
regulation • criminalization of unauthorized
access and modification of electronic signatures,• determination of minimum
requirements for functional equivalence of electronic signatures,
11
Electronic SignatureElectronic SignatureObject ctd…• modernization and harmonization of
the laws relating to computer generated evidence, and• amendments of the current laws to
provide for admissibility and evidential weight of electronic communications.
12
Electronic TransactionsElectronic Transactions
“Electronic Transaction” means a transaction of either commercial or non-commercial nature communicated electronically by means of data messages and includes the provision of information and e-government services.
13
Electronic TransactionsElectronic Transactions
The Electronic Transactions Act:• makes provision for the use,
security, facilitation and regulation of electronic communications and transactions; to encourage the use of e-Government service, and• to provide for related matters.
14
Electronic TransactionsElectronic TransactionsThe Electronic Transaction Act
addresses the following issues, among others: • Enforceability and form requirements
for electronic contracts.• Regulation of domain names which
are a new form of digital property.• Privacy protection for consumers and
users of electronic media.
15
Electronic TransactionsElectronic Transactions• Establishment of a regulatory frame
work that is complaint with the rapid technological charges.• Determining the levels of
responsibility in tort and contract attached to enhanced abilities of machines.• Classification of trade in information
products especially where the relationship between the producer and ultimate consumer is remote.
IMPLEMENTATIONIMPLEMENTATION
17
CYBER LAWS TTTCYBER LAWS TTTThe Permanent Secretary,
constituted a Think Tank Team for the operationalisation of the three Cyber laws.
The composition of the TTT was drawn from: MoICT, MoJCA, NITA-U, URA, ULRC, UPF & MoIA,MTTC. (BoU and ISACA to be contacted for representation on task team)
18
Cyber Laws Cyber Laws ImplementationImplementationScope of work for TTT:Drafted the Ministerial Gazette for the
commencement of the Cyber Laws; andOverseeing and guiding the process of
developing attendant Regulations for the Electronic Signatures Act and the Electronic Transactions Act;
Process to be completed by end of August 2011
*The Computer Misuse Act is ‘self-prosecuting’ and does not require attendant regulations.
19
Cyber Laws Implementation Cyber Laws Implementation ctd..ctd..
Conducting awareness among all stakeholders and the general public;
Localising international relevant legislation on cyber crime such as the
EU convention on cyber crime. Continued engagement to identify any
upcoming issues and gaps in the Laws.(so far gaps Identified in the areas of Data Privacy, Intellectual Property)
20
Cyber Laws Cyber Laws Implementation ctdImplementation ctd
A draft National information Security Strategy has been developed. This provides among others for:
◦ Establishment of high level Security Advisory Group
◦ Establishment of the Computer Incident response teams (CIRT)
◦ Creation of Directorate of IT security within NITA-U
THANK YOUTHANK YOU
www.ict.go.ugwww.ict.go.ug