Nairobi — As East African Community member states prepare to enjoy the benefits of increased bandwidth courtesy of fibre optic cable projects currently under way in the region, they are also grappling with the security threats this is likely to usher in.

Kenya, Uganda, Tanzania, Rwanda and Burundi are currently in different stages of formulating the relevant laws to ensure cyber security for their populations.

At the just concluded East African Internet Governance Forum in Nairobi, member countries came out to address the challenges posed by new information and communications technologies (ICT) in the region as well as how to reap the benefits in a secure and non-compromised environment.

ICT consulting firm Summit Strategies chief executive Muriuki Mureithi said secure communication has to be guaranteed through confidentiality and privacy laws.

Mr Mureithi said that enactment of the necessary legislation would ensure that "electronic transactions are not renounced and denied by either party once concluded."

He said Kenya has a policy framework to deal with cyber security through the Kenya Communications Amendment Act (KCA) Act but the country lacks data protection as well as freedom of information law to ensure security and privacy of individual data.

However, Parliamentary Committee on Energy, Communications and Information chairman James Rege insists that the KCA Act needs to be revised and split up into four independent legislations for electronic transactions, broadcasting, cyber security and data protection as well as freedom of information.

Mr Rege's proposal mirrors Uganda's cyber security legal framework which has come up with three sets of draft cyber laws -- the Electronic Transactions Bill 2003, Computer Misuse Bill 2003 and Electronic Signatures Bill 2003.

According to a member of Uganda's IT advocacy forum I-Network Douglas Onyango, Uganda has had three major cyber security attacks -- the Uganda registry attack, the military website breach as well as the Nodesix attack which led to interruptions and loss of revenue.

"The military website stayed down for a considerable period before the situation was rectified," said Mr Onyango.

Uganda's Electronic Transactions (eTransactions) Bill is meant to facilitate the development of electronic commerce (eCommerce) in the country by establishing laws that validate and recognise electronic contracts.

The electronic signatures (eSignatures) Bill is meant to ensure transactions are carried out in a secure environment while the Computer Misuse Bill spells out computer misuse offenses like unauthorized modification of computer material.

Mr Onyango said that the three draft Bills have "already been approved by Cabinet and are currently under consideration by parliament," adding that they could be approved by parliament by end of 2009.

However, even though Uganda has the three sets of cyber laws, the country's Internet scene is still governed by the Communications Act which provides for licensing and operation of telecoms and postal services.

Paul Asiimwe, a partner at SIPI Law Associates in Kampala said the Communications Act is "inadequate to resolve emerging opportunities and challenges posed by the Internet."

The situation, said Mr Asiimwe, has resulted in the formulation of the three cyber laws as well as a Bill proposing the establishment of Uganda's National IT Authority which was assented to by the president in July.

Mr Asiimwe however pointed out that the proposed Bills do not address data protection, which should have been included in Computer Misuse Bill.

According to Tanzania Law Reform Commission's Adam Mambi, ICT has "created new legal challenges to deal with."

Rwanda ICT Association's Edouard Mashyaringa said that the country has had to grapple with various cyber security issues and threats including hackers, and malicious codes (viruses, worms and trojans).

In response to the fact that the region currently lacks harmonised cyber laws to legislate and regulate issues related to Internet and cyber-related crime, Mr Onyango said that Uganda has embarked on process aimed harmonising cyber laws in the entire EAC.

The outcomes of the forum are to form part of the region's agenda at the African Information Society conference in Addis Ababa in January 2010 as well as set the stage for the 37th edition of the Internet Corporation for Assigned Names and Numbers meeting to be held in Nairobi in March 2010.

"Uganda has an ongoing process to harmonise cyber laws in the five East African countries under EAC," said he said, adding that the process is being undertaken by a taskforce consisting of four members from each of the five countries.

The process aims to harmonise the laws in two phases, with phase one handling Electronic Transactions, Electronic Signatures and Authentications, Data Protection and Privacy, Consumer Protection and Computer Crime. Phase two will handle Intellectual Property Rights, Domain Names, Taxation and Freedom of Information.

"Several regional meetings have already been held and we expect the legal framework to be adopted by relevant organs of EAC and Partner States leading to the enactment of the cyber laws by 2010," he said.

The EA IGF, organised by the Kenya ICT Action Network (KICTANet) and Kenya Network Information Centre (KENIC), also had delegates from the UK, Japan, US and Canada.

It aimed to develop a framework to usher the region into the digital economy, with recommendations being presented during the fourth United Nations Internet Governance Forum (UN IGF) to be held in Sharm El-Sheikh, Egypt, in November 2009.

The outcomes of the EA IGF are to form part of the region's agenda at the African Information Society conference in Addis Ababa in January 2010 as well as set the stage for the 37th edition of the Internet Corporation for Assigned Names and Numbers (ICANN) meeting to be held in Nairobi, Kenya, in March 2010.