Cybersecurity and Cybercrime Laws in the SADC Region https://zimbabwe.misa.org Communication and Technology to withdraw the Bill from the public consultation processes. Media reports suggest that the revised Cybersecurity and Cybercrimes Bill will be presented to parliament towards the end of 2020. These reports suggest that unlike the two-in-one Bill presented in 2017, various separate laws dealing with a number of interconnected issues such as data protection, electronic transactions, cybersecurity and cybercrimes will be tabled before the House of Assembly. At the time of its presentation in 2017, the Electronic Transactions and Cybercrime Bill was criticized for failing to define key terms such as cybercrime, cybersecurity, functionary, forensic tools, access, data, privacy, seize and so forth. Concepts such as ‘computer system’ were under-defined despite the specialized and technical nature of their usage in the field of cybersecurity and data protection. The Bill also received criticism for failing to deal in a structured and substantially consequential way with the necessary aspects of combatting cybercriminal activities (IPPR and Action Namibia, 2017). Generally, it lacked coherence. and all of section 72, allow for a system of secret warrants while vaguely defining the conditions under which such secret warrants can be sought. These provisions open the door to pervasive communications surveillance and interception without appropriate oversight mechanisms to monitor the conduct of those carrying out such surveillance or interception activities (IPPR and Action Namibia, 2017). It was drafted in such a way that unauthorised access by state agents and interception of communications was under regulated. Building on part 6 of the Communications Act of 2009, the proposed Bill sought to enable warrantless search and seizure operations, while other sections seem to allow for a system of secret warrants and unauthorised access by state agents. For instance, chapter 5, in sections 43 (2) and (3), seems to enable unauthorised access and access without notification by the Communications Regulatory Authority of Namibia (CRAN) and others to computer systems, which in actual fact amounted to government hacking of private computer systems. Another questionable provision is chapter 7, in section 61 (6), (7) and (8), which grants a ‘Computer Security Inspector’ the power to access computer systems without giving notification or seeking legal authorisation. This raises the question of legality. Sections of chapter 8, in sections 70 (2) 26 The proposed Bill made no provision for a ‘designated judge’ to hear interception applications. This kind of an oversight mechanism has the potential to foster transparency and accountability in the state security value chain. Thus, a system of secret warrants and warrantless accessing of private data and communications and computer systems, which the Bill wanted to smuggle into the public domain violates the necessary and proportionate principles. In order to curb the excesses of part 6 of the Communication Act of 2019, the proposed Bill must endeavor to establish an independent oversight mechanism to ensure transparency and accountability of communications surveillance. Concerns are rife amongst human rights defenders that Namibia engages in illegal communications surveillance even though part 6 of the Communication Act has not yet been operationalised. Another borne of contention was the lack of data and privacy protections. The proposed law did not adequately provide for personal data protection or proscribe the rights of data subjects, in line with necessary and proportionate principles. The Bill was also silent on procedures to be followed by state officials when examining, copying, sharing, sorting through, using, destroying and/or storing the data obtained from the interceptions. Given that the right to privacy is explicitly enshrined in the Namibian