Cybersecurity and Cybercrime Laws in the SADC Region https://zimbabwe.misa.org that is reasonably required for the purposes of a criminal investigation is particularly vulnerable to loss or modification, the [law enforcement] [police] officer may, by written notice given to a person in control of the computer data, require the person to ensure that the data specified in the notice be preserved for a period of up to seven (7) days as specified in the notice. The period may be extended beyond seven (7) days if, on an application a [judge] [magistrate] authorises an extension for a further specified period of time. data. It can easily be used to justify intrusive communications surveillance. Section 32 of the Model Law condones the use of keystroke logging software and hardware. In Section 32, keystroke loggers3 are erroneously categorized as “forensic tools” when in actual fact keystroke loggers are privacy breaching or hacking tools. This therefore makes it possible to gain illegal access to passwords and usernames used on the electronic device which has a key stroke logger installed on it. There is need for better procedural safeguards, and more judicial oversight when using such potentially harmful technology against citizens. Despite its noble intentions, legal analysis has shown that certain provisions in the SADC Model Law on Computer Crime and Cybercrime negatively affect the fundamental right to privacy (Hove, 2017). Because of the anti-privacy provisions inserted in some SADC member States’ national Computer and Cybercrime laws, there has been a regional attack on the right to privacy (Hove, 2017). It is important to highlight that the SADC Model Law on Cybercrime has a number of provisions that actively infringe on the fundamental right to privacy. These include section 25 which address issues related to search and seizure of electronic equipment suspected to have been used to commit an offence or suspected to contain information proving the commission of an offence. The main problem with this section is that warrants issued for the search of computers are open to a wide application that one warrant can be used to search all the devices connected to a network of devices (Hove, 2017). Another problematic part of the model law is section 30, which deals with the collection of network traffic data. Equally concerning is section 31 of the model law, which speaks to the issue of interception of (device) content SADC country-specific laws In Southern Africa, countries such as Botswana (Cybercrime and Computer Related Crimes Act), Tanzania (Cybercrimes Act), Mozambique (Electronic Transactions Act) and Malawi (Electronic Transactions and Cyber Security Act) have come up with legislation to address the thorny issues of cybersecurity and cybercrimes. Other SADC member States such as Mauritius, Botswana, and Zambia already had national cybercrime laws in place before the adoption of the SADC Model Law. These cybercrime laws which were passed on or before 2013 are generally less likely to infringe on the right to privacy when compared to national cybercrime laws passed after adoption of the SADC Model Law. As a result, Botswana, and Zambia modeled their respective cybercrime laws after international cybercrime instruments and laws, as opposed to the contentious SADC Model Law. Countries, which passed their national laws on cybercrimes 3A keystroke logger can either be hardware or software installed on a computer or other electronic device for the purpose of recording information as it is entered into that electronic device. 20