The Wake of Information Security in Tanzania

ABSTRACT.

Information age has turned information to be a precious resource. And thus any organization which wishes to compete be it a private company or public corporation the question of Information security must be given priority. Such wake for information security has taken pace in Tanzania. This paper tries to highlight that wake in Tanzania.

The initiative for information security in Tanzania can historically be linked with the 1970s incidence, where in 1970s there was a plan to computerize the whole Tanzania- Government accounting system using the computer model ICL 1900 which was located at the Ministry of Finance headquarter in Dar es salaam. The project terribly failed and has scrapped after a heavy loss. For two consecutive years the government could not tell how much money it had spent or collected as revenue.[1]

As a response to that in 1974 the law was passed to ban importation of computers and related equipments after suffering heavy financial losses.

Though later in 1980s the computer importation was allowed in the country under the scrutiny of the Advisory Committee which had a duty to grant import licences.[2]

With the coming of mobile phones and internet, ICT application in Tanzania got many clients. And the concern of about information security was and yet is more alarming.

There are hackers, malicious programs like computer viruses, worms, just to mention a few.

Attackers are assumed to have various levels of expertise, resources, and motivation. Attackers can either be insiders or outsiders. Relevant expertise may be in general semiconductor technology, software engineering, hacker techniques, or the specific system. Resources may range from personal computers and inexpensive card reading/coding devices to very expensive and sophisticated engineering test, measurement devices, and replica of Company vending devices. They may also include software routines, some of which are readily available on the Internet. Motivation may include economic reward, resentment, or notoriety of defeating high-grade security. [3]Given sufficient time and expertise, any particular company vending application software can be compromised.

Threat to Security

The PP is required to counter threats that may be broadly categorized as:

- Threats addressed by the system:

- Threats associated with physical attack on the system

- Threats associated with logical attack on the system

- Threats associated with control of access

- Threats associated with unanticipated interactions

- Threats regarding the security module

- Threats that monitor informational[4]

Tanzania Electronic and Postal Communication Act 2009

Electronic and Postal Communication Act 2009 kwa lugha ya kigeni. Sheria hii imetungwa kwa lengo la kuhakiksisha sheria inatambua maendeleo mapya yaliyopo na yanayoendelea kujitokeza katika sekta ya mawasiliano ya kielektoniki.

Kwa kutambua hivyo sheria Ya Mawasiliano ya mwaka 1993 imefutwa na sheria hii mpya ya mwaka 2009.

Sheria mpya inatoa mamlaka kwa Mamlaka ya Mawasiliano Tanzania au kwa lugha ya kigeni Tanzania Communications Regulatory Authority (TCRA) kuhusu masuala mbalimbali ya mawasiliano ikiwa pamoja na kutoa leseni na kutunga sheria ndogo ndogo (regulations) mbali mbali katika sekta ya mawasiliano.

Ingawaje sheria hii mpya ainisha makosa mbali mbali ya kisheria katika sekta ya mawasiliano, lakini makosa hayajawekwa kwa mapana zaidi na hakuna muunganiko wa wazi kati ya sheria hii mpya na sheria ya Makosa ya Jinai (Penal Code Cap 16). Kwa mantiki hiyo basi makosa ya jinai yanayohusu mawasiliano ya kielektroniki (Cyber crimes) hayajapambanuliwa kwa uwazi na hayajaainishwa kwa mapana zaidi.

Sheria hii mpya imeainisha mambo kadhaa ya kisheria ambayo  katika hali ya kawaida raia wema wengi wa Tanzania wanaotumia simu za viganjani/mkononi  hatuyajui. Lakini ukweli wa mambo ndio huo.

Sheria mpya ya Mawasiliano ya kielektroniki  na Posta (Electronic and Postal Communications) ya Mwaka 2009.  Sheria Na. 4 ya mwaka 2009. Sheria hii ina mambo kadhaa yanayoweza kudhaniwa ni utani au dhihaka lakini ni mambo ya kuzangatia. Ni budi kuzingatiwa maana sheria hiyo tayari imeshaanza kufanya kazi.

Challenges of Regulating ICT

There a number of challenges that ICT regulators face.

1. Technology changes and converge faster than law. The law making process takes long time. It is possible that when the law is made the technology has changed. This makes the law redundant.

2. ICT is Global and borderless. ICT such as Internet is not bound by the territorial borders set by sovereign governments. For that matter challenges such as cybercrimes, e.g., identity theft, money laundering, frauds, online child pornography, cyber terrorism, etc., is hard to prosecute in a particular country unless there is a convention (e.g., extradition) or cooperation.

3. Conservative Lawyers and law makers are less informed about technology development. Legal profession is known for being technophobic. The legislator on the other hand is not conversant with technology. It is important to note that ICT regulation requires understanding how technology is designed, how is it developed and how is it used.

4. Law is often acting after the fact. Where there is no problem the law is not formulated. Bureaucratic decision making required evidence of the problem. ICT regulation requires proactive measures not reactive ones. The speculative law making can also backfire as it can get the whole trend wrong. Technology is very uncertain. Often what is designed might not be what is implemented. And the use of technology might be different from what was contemplated during design stage.

5. The dominance of Multinaitional companies and the rise of private law making regime. Often ICT is self regulated. The state law making framework regulates licensing not how technology is to be designed.  ICT depends a lot on standardisation process. This process is dominated by big fishes such as Microsoft and others. That does not mean that the government cannot control standardisation process. The government is interested in standardisation process for security, safety and health purposes. The government inteference in standardisation is often taken to be in conflict with Multinational companies business models.  Thus, the stronger the country’s economy, the  better for influencing ICT standardisation process.

Tanzania lag on privacy law

It is sad to concede that in Tanzania there is no comprehensive privacy legislation.  While ICT has stormed Tanzania and the citizens are deploying ICT in everyday life the framework for privacy protection in these emerging technologies is not known.

Of course this does not mean that right to privacy is not recognized in Tanzania. The United Republic of Tanzania (URT) Constitution of 1977 as amended form time to times defines privacy as follows:

‘…Every person is entitled to respect and protection of his person, the privacy of his own person, his family and of his matrimonial life, and respect and protection of his residence and private communications…’

Article 16(2) goes further stipulating   that:

‘…For the purpose of preserving the person’s right in accordance with this Article, the state authority shall lay down legal procedures regarding the circumstances, manner and extent to which the right to privacy, security of his person, his property and residence may be encroached upon without prejudice to the provisions of this Article…’

Article 16(1) and (2) of United Republic of Tanzania Constitution of 1977 as amended form time to time provides for right to privacy.  Article 16(2) of URT constitution provides for possibility of other laws to encroach the right to privacy. The said article stipulates clearly that the law maker will enact law to stipulate how privacy right may be protected, pursued or encroached by government agents.Unfortunately this requirement has not been put into implementation.