https://zimbabwe.misa.org Cybersecurity and Cybercrime Laws in the SADC Region after 2013 have been criticised for copying and pasting vague and broad definitions on cybercrimes from the model law. There is also concern that the “cut and paste approach” adopted by most SADC countries have reproduced problematic provisions that are specified in the model law. definition is wide, and covers basic unauthorised entry into a computer system (as envisaged by the Budapest Convention), as well as other activities such as instructing a computer system, communicating with a computer system, storing and retrieving data from a computer system, as well as using the resources of the computer system. Botswana According to section 9 of the Act, it is an offence for any person to intercept (a) any non-public transmission to, from or within a computer or computer system; or (b) electromagnetic emissions that are carrying data, from a computer or computer system. The person must act “intentionally”, “by technical means” and “without lawful excuse or justification”. Although this definition incorporates all the key definitional elements of the offence of data interception as prescribed by the Budapest Convention, it has not be localized to speak to the context of Botswana. Overall, it chimes with the requirements under the Budapest Convention, which are that there must be an interception, through technical means, of a nonpublic transmission of computer data to, from or within a computer or computer system. Under section 7, the Act provides for data interference, which seeks to punish any person who either destroys, deletes, suppresses, alters or modifies data or renders data meaningless, useless or ineffective. In order to be charged under this offense, the person must act “intentionally” and “without lawful excuse or justification.” This is in line with the Budapest Convention. Section 8 of the Act punishes any person who either hinders or interferes with the functioning of a computer or computer system or hinders or interferes with In Botswana, the Cyber Crime and Computer Related Crimes Act was passed in 2018. In section 4 of the Act, it criminalises “unauthorised access 4 to a computer or computer system”. The first type of conduct covers a typical illegal access to a computer system, whilst the second part expands the ambit of the criminalisation to include causing a computer system to perform any function after gaining unauthorised access. The term “access” is defined to mean, “instruct, communicate with, store data in, retrieve data from, or otherwise make use of any of the resources of the computer or computer system” (section 2). That definition is wide, and covers the initial entering of a computer system as well as subsequent acts, for instance, storing and retrieving data, or using the resources of a computer. It follows that a person who has the authorisation to enter a computer system, but has no authorization to store or retrieve data from the computer system, would commit the offence if he or she stores data in, or retrieves data from, the computer system. It also means that merely instructing or communicating with a computer system, without actual entry into the system, amounts to an offence under the section. That 4A person commits the offence if he or she either accesses the whole or any part of a computer or computer system, knowing that such access is unauthorised or causes a computer or computer system to perform any function as a result of unauthorised access to such system. 21