In January 2017, a 14-year-old student had an encounter with a t-shirt vendor that would bring her close to committing suicide.
The junior high school student met Elvin Boakye Agyemang, 23, when he visited her school to sell t-shirts and the two struck acquittance and began to chat on Telegram, a social media platform.
Elvin demanded nude photographs; the teenager sent them.
He later connived with his friend, Desmond Appleton, who blackmailed the teenager, threatening to leak the pictures. The girl was forced to send 10 more naked pictures of herself but deleted the app when Appleton again asked for more.
This angered Appleton who leaked the teenager’s naked images, but the two were later arrested and jailed after the traumatized girl narrated her ordeal to her mother, the Ghanaian Times reported.
This was before Ghana passed its cybersecurity Act 2020 (Act 1038).
Away from Ghana, a bank robbery in Bangladesh in February 2016 sent shockwaves across the banking community in the world.
The robbers carried no gun. In fact, they didn’t enter the bank physically. But $81 million was burgled in what has become known as one of the most sophisticated bank robberies in the world.
Using SWIFT, the messaging network for cross-border payments, cyber fraudsters transferred funds from the Bangladesh Bank’s account with the New York Federal Reserve to private accounts in Sri Lanka and the Philippines.
According to The Economist, much of the stolen fund is yet to be retrieved; the masterminds are yet to be identified, but probes into the robbery by the Bangladesh authorities and the Federal Bureau of Investigations (BNI) revealed a striking sophistication and international nature of the crime.
The two crimes mentioned above happened in different locations – Ghana and Bangladesh – but they have one thing in common—they are cybercrimes.
Those two crimes are part of many others Ghana’s Cybersecurity law tackles together with a retinue of frameworks and structures to secure Ghana’s cyberspace.
Ghana’s cybersecurity law
Ghana passed the Cybersecurity Act, 2020 (Act 1038) to help in cybersecurity development and in response to cybersecurity challenges.
As a buildup to the implementation of the law, the Cyber Security Authority (CSA) was set up to implement the law and regulate the cybersecurity ecosystem in the country.
However, there is little to show for awareness among the citizenry. The vexed issues of cybersecurity, human rights, and child online protection were therefore on the table when the Media Foundation for West Africa (MFWA) organised a forum on the role of civil society organisations in the implementation of the law.
The forum, a gathering of key stakeholders in the cybersecurity space, was to deliberate on how civil society could contribute to the effective implementation of the country’s Cybersecurity law as one that respects rights and offers safety and security in the cyberspace.
It was organised with the support of the UK-based Global Partners Digital Limited.
When he took his turn, the Lead for capacity building and awareness creation at the CSA, Alex Oppong, walked the participants through the Cybersecurity law, emphasizing the authority’s broad mandate, including protection of critical information infrastructure, capacity building and awareness creation, child online protection, cyber security licensing, standards and enforcements.
Child protection
With issues about the safety of children online becoming a growing concern, he said the law had made adequate provisions to protect children.
“Our children use technology for a number of things, entertainment, communication or studying. We want to ensure that the same way you protect your child from not being knocked down by a car when they rush across the road, it is the same way we protect them online.
“The risk is that we don’t know what they are doing and who they are interacting with,” he explained.
Section 63 to Section 67 of the law make provisions against the sexual exploitation of children.
But civil society activists at the event expressed worry that no single person has been prosecuted for child pornography offences ever since President Nana Akufo-Addo assented to the Act in December 2020.
Although social media influencer, Rosemond Brown, aka Akuapem Polo, was jailed in April 2021 for posting a nude photo of herself and her seven-year-old son, her prosecution started before the law was passed. Her prosecution started in June 2020.
Results from a global poll conducted by UNICEF in 2016 in 25 countries including Ghana indicated that 82% of children and adolescents are in danger of being sexually abused or taken advantage of online. Another 63% of the children in Ghana have been engaged in risky behaviours online—confirmation that most young people have experienced some form of online abuse by adults and/or by their peers.
Across the world, countries have specific sectors they consider critical infrastructures that are prioritized for emergency response.
Section 35-40 of the Cybersecurity Act focuses on Critical Information Infrastructure. Alex Oppong indicated that Ghana has identified 13 different sectors as critical infrastructures. Computer Emergency Response Team (CERT) has been designated to each of the identified sectors. The sectors include transport, health, emergency services, food and agriculture, manufacturing, mining, energy, banking and finance, and water.
Priority sectors
According to Alex Oppong, the Cybersecurity Act prioritised those sectors because when those sectors are compromised, it could spell doom for the country.
The fact that no specific CERT has been dedicated to the civil society community did not go down well with the CSOs at the forum. They urged the Ministry of Communication and Digitization to reconsider designating a CERT for CSOs.
To ensure offenders of the law were dealt with, he said there had been extensive cybersecurity training for the Ghanaian Judiciary and law enforcement agencies
He said the Cybersecurity Authority was opened to closer collaborations with civil society to create awareness about the law and cybersecurity.
He commended the MFWA for organizing the forum which he said provided the platform for people to “know more about what the Act is about.”
The MFWA’s Programme Manager for Digital Rights, Vivian Affoah, noted that the Global cyber norms, which focus on cybersecurity in the context of international peace and security are anchored on 11 pillars.
These pillars are interstate cooperation on security, consider all relevant information, prevent misuse of information communication technologies (ICTs), cooperate to stop crime and terrorism, respect human rights and privacy, no damage to infrastructure, protect critical infrastructure, response to request for assistance, ensure supply chain security, Report ICT vulnerabilities and Do no harm to emergency response teams.
She said Ghana’s Cybersecurity law strongly conformed to Norm 5 of the Global cyber norms which deals with the protection of human rights and privacy.
She rallied the Cybersecurity Authority and the civil society community with recommendations, including capacity building for the security services, legislature, and judiciary on the Cybersecurity Act, global cyber norms and their role in protecting human rights on the internet.
The recommendations proffered by the MFWA also include the intensification of cybercrime and cybersecurity awareness measures, digital literacy training interventions on using digital payment platforms, instituting a human rights regime before the importation and use of surveillance technology. The MFWA also suggested that there should be continuous engagement in UN cybersecurity processes and meaningful stakeholder engagement: timely information sharing, transparency, accountability, and engagement of stakeholders.
In a welcome address, the MFWA’s Programme Manager for Freedom of Expression, Muheeb Saeed, said the forum had become “extremely necessary because reports show that cyberattacks are taking a devastating toll on critical national infrastructures, including those of tech and telecom companies and financial institutions which make life convenient for all of us.”
Counting the cost of cybercrime
According to statistics from Cybersecurity Ventures, cybercrime damage totalled US$6 trillion globally in 2021. The amount is twice the GDP of all African countries combined.
Muheeb Saeed also touched on issues of freedom of expression being curtailed with the passage of such laws in other jurisdictions.
“Under the guise of fighting cybercrime, some autocratic jurisdictions have adopted repressive laws. In some cases, governments employ internet shutdowns, content blocking, filtering of certain URLs and in some extreme cases, blocking of IP addresses under the pretext of protecting cybersecurity.”
The other component of the cybersecurity conversation is the need to have all stakeholders on board the processes to ensure that they contribute their quota to effective implementation while ensuring that human rights are not compromised.
During a panel discussion, Awo Amenya, the Executive Director of Child Online Africa, called for better collaboration between CSOs to shape the implementation of the law to ultimately reach a much wider audience.
Ghana’s Parliament ratified has the African Union Convention on Cyber Security and Personal Data Protection (Malabo Convention) and the Convention on Cybercrime (Budapest Convention) by Parliament in 2018 and 2019 respectively. These laws require the country to establish appropriate mechanisms for cybersecurity governance, combat cybercrime, promote cybersecurity and facilitate both domestic and international cooperation in the fight against cybercrime.