MALAWI: SILENCING DISSENT THROUGH THE ELECTRONIC TRANSACTIONS AND CYBER SECURITY ACT

BY CHISOMO NGULUBE

The Electronic Transactions and Cyber Security Act was enacted in Malawi in 2016 to regulate electronic transactions, protect against cybercrime, and ensure the security of digital communications. While the act aims to address various aspects of cybersecurity and electronic transactions, there are concerns about its potential for stifling dissent in Southern African countries, as Chisomo Ngulube writes.

Malawian journalist Gregory Gondwe recalls that his brush with the Electronic Transaction and Cyber Security Act of 2016 stemmed from an article his Platform for Investigative Journalism (PIJ) published on alleged state capture by Malawian-born British businessperson Zuneth Sattar.

On April 5, 2022, Gondwe was arrested on a charge of spamming.  Section 91 of the Electronic Transaction and Cyber Security Act of 2016 says any person who transmits any unsolicited electronic information to another person for the purposes of illegal trade or commerce or other illegal activity commits an offence and shall, upon conviction, be liable to a fine of K2,000,000 and to imprisonment for five years, for spamming.

The investigative journalist had stumbled upon communication from Malawi’s Attorney General (AG) Thabo Chakaka Nyirenda advising the Anti-Corruption Bureau (ACB) and Malawi Police to pay the estranged British-Malawian businessman, Sattar, MK1 billion for contracts that were previously cancelled due to alleged fraud.

Moments after the story had gone up, Gondwe says he got a phone call from the AG asking PIJ to disclose its source.

“The Attorney General said the communication was confidential and should not have been out in the public domain and that I should disclose my source. I told him that was not possible. The moment we start divulging who our sources are, that will definitely be the death of journalism,” he said.

Forcing a journalist to reveal sources of their information is against the protection of legally privileged information and whistle-blower protection provisions of the Access to Information (ATI) Act.

Before long, Police had called Gondwe’s sister, informing her that they were looking for her, having accessed his call logs, to help with locating her brother.

On April 5, police were outside Gondwe’s offices in Malawi’s Commercial City of Blantyre to arrest him for ‘spamming’.

“They said by publishing the article, we were spamming. They said the search warrant was ordered to confiscate smartphones and laptops. They also arrested me and took me to Chichiri Police.”

Immediately after he was bundled into the police vehicle, he informed his lawyers and media colleagues. When the news spread, pressure mounted on the government. Gondwe was released six hours later on ‘orders from above’. International organizations, including the Committee to Protect Journalists (CPJ[BT4] [CN5] ) and the Media Institute of Southern Africa (MISA), condemned the arrests.

But police still held on to his gadgets, his laptop and mobile phones.   

“Come the next morning, with the pressure that I should get back my gadgets, I found out they had been tampered with. When you look at the WhatsApp messages and the emails, you can see the emails have been opened. Our IT people told me not to use them because they could be bugs installed, so we had to dispose of the gadgets and get new ones to feel safe doing the work we do and that we are able to protect our source.”

Chakaka Nyirenda, according to Misa Malawi, issued an apology, arguing he had not expected such actions from the police.

Despite his release, Gondwe’s charges have not been dropped, “That has tied up my hands because we wanted to move the courts in terms of how everything went down, but since they told us the case is still ongoing, we have not done anything.”

Others targeted by the laws include activists like Joshua Chisa Mbele, a businessman and social media activist/influencer popularly known as Mneneri Yoswa [Prophet Joshua], who uses his Facebook page to dissect issues happening in Malawi. He was arrested for posting that Malawi Defence Force Commander, General Vincent Nundwe, was a beneficiary of deals with Zuneth Sattar worth MK4 billion  (about US$5 million in 2022).

Mbele recalls that at the time of his arrest, two truckloads of Police Officers drove some 98.4 km from Malawi’s capital, Lilongwe, to his base in the Lake Shore districts to Salima, where he is based.

He was charged with publication of offensive communication, which is contrary to section 87 of the Electronic and Cyber Security Act.

The section says any person who willfully and repeatedly uses electronic communication to disturb or attempts to disturb the peace, quietness or right of privacy of any person with no purpose of legitimate communication whether or not a conversation ensues, commits a misdemeanour and shall, upon conviction, be liable to a fine of K1,000,000 (about US500) and to imprisonment for 12 months.

National Police Spokesperson Peter Kalaya said at the time that Mbele had written “something” on Facebook which was deemed “defamatory”, he was given bail by the Magistrates Court in Lilongwe and told not to express himself in a manner that would be deemed to promote hate and has potential to damage the reputations of others.

His lawyer, Gilbert Khonyongwa, applied for a stay of proceedings to allow for a constitutional review on whether his case is indeed a constitutional matter. General Nundwe, through the State, then applied to have Mbele’s application thrown out but was rebuffed by Justice Ivy Kamanga, who stated in her ruling she found it “baseless, vexatious, frivolous, and abuse of court process.” Leaving Mbele with the last laugh.

Mbele says: “The matter is still in court. As such, I cannot comment in detail on what is transpiring except to say that the matter was referred to the constitutional court. We feel the government is hyperactive in using outdated legislation to muzzle dissenting voices.”

He stands resolute in what he said on the digital space saying: “The revelation from my own case is that the authorities are just being hypocritical when speaking against corruption. They are actually deeply involved in it. Hence, whenever information comes to light that reveals their involvement or complicity, they don’t hesitate to throw one behind bars.”

Centre for Human Rights and Rehabilitation, based in Malawi’s capital, Lilongwe, says it has, since 2019, documented over 20 cases where authorities have used retrogressive provisions of various laws to stifle freedom of expression of online users, journalists, bloggers and human rights defenders.

“Some of these cases include the arrest in the run-up to the May 2019 election of one, Tumpale Mwakibinga, a bank clerk, who was arrested and charged with “insulting the modesty of a woman, cyber violation and offensive communication” for a Facebook post in which he joked that the way of dressing of the then-first lady of Malawi, Gertrude Mutharika, made her look like the cartoon character “Rango,” says CHRR executive director Michael Kaiyatsa.

In the case of Chidawawa Mainje, he was arrested over a WhatsApp conversation in which he was accused of insulting the State President under section 86 of the Electronic Transactions and Cyber Security Act.

“WhatsApp has end-to-end encryption, which means this was a private discussion, yet the culprit was arrested over such a conversation. This shows the government’s willingness to eavesdrop on personal communication online, contrary to section 21 of the country’s constitution,” observes University of Malawi lecturer and digital rights activist Jimmy Kainja.

But police have always insisted the arrests are only reinforcing the law as it stands, regardless of one’s status in society.

“Of course, people may have different opinions, but we are bound to ensure that laws are being respected, laws are being enforced,” Kalaya said. “So, we are just doing our job.”

Impact of Arrests, Online Surveillance

Academician and digital rights activist Jimmy Kainja from the University of Malawi is of the view that:  “These arrests could have a chilling effect on citizens who become scared to participate in online conversations, especially when the law is weaponised to shield influential people from criticism. The environment is particularly problematic for a country with low internet usage, where authorities should encourage wider internet access and use instead.”

Online surveillance, for example, argues Kaiyatsa, undermines the privacy of communications and the right to anonymity and consequently leads to self-censorship and the withdrawal of some individuals and groups from the online public sphere. The impact is greater for vulnerable groups, such as women and groups, such as sexual and gender minorities, that are criminalised.

“Consequently, such groups find themselves unable to exercise their digital rights due to fear of exposure, harassment or arrest. Such infringements also result in widening the gender digital divide, as women and girls find themselves shunning away from the internet due to fear.

But for Mbele, despite the threats and gag order on him, he remains resolute.

 “I’m still speaking against corruption. Still going into the street to demonstrate against impunity.

“Malawi belongs to the ordinary Citizens. Those in power are holding STATE KEYS ON TRUST. We can’t, and we shouldn’t, cower down while fighting for what is right. Malawi has suffered terrible consequences from massive looting by those in power. The struggle continues till we clean the slate. It will not be easy,” he says.

The Act on Cyber Inspection

Another problematic part of the act is Section 70, which grants broad powers to cyber inspectors, including the ability to monitor websites, investigate encryption providers, and conduct searches without prior notice under a search warrant. While these powers are intended to combat cybercrime and protect the public, they can potentially be misused to suppress freedom of expression and limit dissenting views, observes Allan Chongwe, a Malawi University Of Science and Technology (MUST) lecturer of Computer Science and Cyber Security.

“The provision allows cyber inspectors to monitor any website with critical data or activity and report unlawful activities to the authorities. This power could be abused by targeting websites or individuals expressing dissenting views and reporting them as engaging in unlawful activities, thereby suppressing free expression”.

Chongwe adds that cyber inspectors also have the authority to investigate encryption providers and issue orders for compliance with the Act. This power could be misused to target encryption services that are crucial for protecting privacy and secure communication, thereby undermining the ability of individuals to express dissenting views anonymously and securely.

“Cyber inspectors can enter premises, access information systems, search premises individuals, and seize documents or records related to investigations. This power could be exploited to intimidate individuals expressing dissenting views, invade privacy, and gather evidence to suppress freedom of expression.

“Cyber inspectors can also demand technical assistance and make inquiries to ascertain compliance with the Act. This power could be abused to coerce individuals or organisations into providing information or access to systems, leading to potential violations of privacy and stifling dissenting voices,” adds Chongwe.

How are People Targeted and Spied On Online, But They Are Oblivious To It?

In Malawi and some other parts of the world, individuals can become targets of online surveillance or can be spied on without their knowledge in several ways, says Chongwe.

“Individuals may unknowingly download or install malicious software (malware), including spyware on their devices, e.g., smartphones and computers, through malicious email attachments, infected websites, or deceptive software downloads. Once installed, these programs can monitor their online activities, capture sensitive information, and track their communications.

“Cyber attackers may also employ social engineering techniques to manipulate individuals into revealing personal information or granting access to their devices. This can involve tactics like phishing emails, fake social media profiles, or phone calls and SMSes impersonating legitimate organizations, leading individuals to unknowingly share their private data.”

Chongwe also says authorities may engage in online surveillance as part of their intelligence or law enforcement activities. This can involve monitoring individuals’ internet traffic, communications, or social media activities, often without their knowledge or consent.

“Public Wi-Fi networks can be vulnerable to eavesdropping and snooping by cybercriminals. By connecting to unsecured or compromised networks, individuals risk having their online activities monitored, leading to potential privacy breaches,” he cautions.

Online service providers, such as internet service providers (ISPs), social media platforms, mobile network operators, or banks, can also collect user data as part of their services, e.g. KYC. This data may be used for targeted advertising, profiling, or even shared with third parties without the users’ explicit awareness.

Way Forward

Malawi’s Minister of Justice Titus Mvalo has said Malawi has shown commitment to upholding freedom of expression by recently repealing sedition law and amending Section 4 of the Protected Flags and Emblems Act of 1967. The section read: “Any person who does any act or utters any words or publishes or utters any writing calculated to or liable to insult, ridicule or to show disrespect to or with reference to 𝘁𝗵𝗲 𝗣𝗿𝗲𝘀𝗶𝗱𝗲𝗻𝘁, the National Flag, the Armorial Ensigns, the Public Seal, or any protected emblem or protected likeness, shall be liable to a fine of 1000 pounds and to imprisonment for two (2) years”.

In November 2022, Parliament amended the section by removing the ‘President’ from the Act. This means Flag, Emblems and some names remain protected from the so-called ‘insults’.

“The name President protected; the Act was criminalizing free speech, which is inconsistent with democracy,” said Mvalo.

But Kaiyatsa is of the view that cybercrime legislation should be reviewed and clarified in some sections, as politicians use the measure to silence dissenting views.

“As activists, we have engaged various authorities, including Members of Parliament, to remove the problematic provisions in the Cybersecurity Act. We are also considering moving the Courts to review the constitutionality of some of the provisions in the Act, particularly to determine whether the restrictions on online communication are in line with the right to freedom of expression, freedom of the press and the right to access of information enshrined in the Constitution,” says Kaiyatsa.

For Mbele, the Electronic and Cyber Security Act, as it stands, is for the protection of perpetrators. “That’s why we feel the Constitutional Court is the right place to review and repeal this abusive law.”

Though enacted in 2016, it appears that there is a general lack of awareness around the law.

 “Many individuals in the country are uninformed of cybercrime. We are promoting awareness meetings to educate the public about the crimes,” says Gladwel Kubwalo, Malawi Police Services’ Head of Digital Forensic and Cybersecurity.

Chongwe is of the view that individuals must take an active role in protecting themselves online.

“It is important for individuals to stay vigilant, use security measures like strong passwords and encryption, regularly update their software, and be cautious about sharing personal information online.”

 This work was produced as a result of a grant provided by the Africa-China Reporting Project at the Wits Centre for Journalism at the University of the Witwatersrand, Johannesburg. The opinions held are of the author(s).

Additional reporting by Pemphero Musowa

---