https://zimbabwe.misa.org Cybersecurity and Cybercrime Laws in the SADC Region and cybersecurity; develop and promote an allinclusive secure cyber ecosystem; create a safer cyber space in Zambia; coordinate the protection of Zambia’s critical information infrastructure; establish cybersecurity codes of practice and standards of performance for implementation by owners of critical information infrastructure; promote, develop, maintain and improve competencies and expertise and professional standards in the cybersecurity community; and promote research and development the use of new and appropriate technologies and techniques in cyber security and cybercrimes and so forth. use electronic communications systems that are technically capable of supporting lawful interceptions; install hardware and software facilities and devices to enable the interception of communications when so required by a law enforcement officer or under a court order; provide services that are capable of rendering real-time and full-time monitoring facilities for the interception of communications; provide all call-related information in real-time or as soon as possible upon call termination. The Act stipulates that, “any service provider who fails to comply with the requirements of subsection (1) commits an offence and is liable upon conviction to a fine not exceeding five hundred thousand penalty units or to imprisonment for a period not exceeding five years or to both”. This provision violates the right to privacy as enshrined in the Zambian Constitution. However, the board of the agency consists of a representative each from the following security wings: (i) the Zambia Air force; (ii) the Zambia Army; (iii) the Zambia National Service; (iv) the Zambia Police; and (v) the Zambia Security Intelligence Services; (b) a representative from the Ministry responsible for communications; (c) a representative from Engineering Institute of Zambia; (d) a representative from the Law Association of Zambia; and (e) one other person appointed by the Minister with experience in cyber security. This raises issues about the independence of the oversight mechanism, which opens up the whole exercise to intrusive surveillance under the guise of promoting cybersecurity. With regards to power to inspect, search and seize, the Act grants a cyber inspector the power “to monitor and inspect any website or activity on an information system in the public domain and report any unlawful activity to the appropriate authority; in respect of a critical information infrastructure and perform an audit”. It prohibits the disclosure of intercepted communication. Section 46 of the Act calls upon internet service providers to ensure that they Besides the Cyber Security and Cyber Crimes Act, the Electronic Communications and Transaction Act of 2009 provides for the protection of personal information and details conditions for the lawful interception of communications, though several provisions give the government sweeping surveillance powers with little to no oversight. For instance, Article 79 requires service providers to enable interception and store callrelated information. Article 77 requires service providers to install both hardware and software that enable communications to be intercepted in “real-time” and “full-time” upon request by law enforcement agencies “or” under a court order. Internet intermediaries are also required to transmit all intercepted communications to a Central Monitoring and Coordination Centre managed by the communications ministry. Internet intermediaries that fail to comply with the requirements could be held liable to a fine, imprisonment of up to five years, or both. 31