You are currently viewing AU sucked into fight over Lesotho’s proposed ‘draconian’ cyber law

AU sucked into fight over Lesotho’s proposed ‘draconian’ cyber law

…NGOs want continental bloc to stop govt from passing law which “threatens democracy”,

 …if approved the law “could shrink civic, media, political spaces,” the NGOs warn

Herbert Moyo

LESOTHO’S non-governmental organisations (NGOs) have joined forces to petition the African Commission on Human and Peoples’ Rights to “urge” Prime Minister Sam Matekane’s administration not to enact a proposed cyber law which “threatens human rights and democracy”.

Styled the Computer Crime and Cyber Security Bill, the proposed law prescribes massive fines and lengthy jail terms for various cyber and computer crimes.

Offenders could be fined as much as R15 million and jailed for up to 25 years for vaguely defined “offences against critical information infrastructure or protected computer systems”.

The Commission is currently sitting for its 75th ordinary session which began on 3 May 2023 and ends on the 23rd of this month.

Leading human rights NGO, Transformation Resource Centre (TRC), is spearheading the advocacy against the ‘draconian’ cybercrimes Bill.

Should all else fail, the TRC will file a legal challenge in Lesotho’s Constitutional Court, TRC executive director, Tsikoane Peshoane, said in an interview this week.

“We have taken the issue to the African Commission on Human and Peoples’ Rights. We have also engaged the government and we hope they will consider our appeals to amend certain provisions which threaten human rights and freedoms. But if all fails, we will wait for the Bill to be passed and then challenge the law in the Constitutional Court,” Mr Peshoane said.

Other NGOs who have joined the fight against the Bill include the Catholic Commission for Justice and Peace (CCJP), Technologies for Economic Development (TED), Lesotho Association of Non Formal Education (LANFE) and Survivors of Lesotho Dams (SOLD).

They want amendments to clauses of the Bill which they say could “shrink civic, media and political spaces” and weaken democracy in general.

Specifically, the NGOs want the African Commission to engage the Lesotho government to “ensure that sections meant to undermine the right to privacy, freedom from arbitrary search and seizure of property, freedom of expression and access to information, and right to a fair trial be deleted entirely as they have the potential to shrink the civic, media, and political spaces”.

Speaking in support of the Bill last year, then Communications Minister Samuel Rapapa said Lesotho was lagging behind other countries due to the lack of laws and strategies on cyber security.

This is a view shared by the World Bank which said in a 2020 report that, “Lesotho’s cyber security preparedness is relatively low”.

“There is a lack of strategies, institutions, and legal instruments to regulate and positively improve cybersecurity in Lesotho, and the private sector is concerned about the level of the country’s risk exposure.

“Lesotho has benefitted from international expertise in the drafting process, improving the quality of the draft bill. For example, the draft bill was reviewed by the Council of Europe in 2019,” the World Bank further stated in its February 2020 report titled “Lesotho Digital Economy Diagnostic”.

The supposed expertise has led to the crafting of Lesotho’s controversial cyber Bill which seeks to give the state powers to monitor cyberspace, define cybercrimes and prescribe what the NGOs and other stakeholders feel are excessive penalties.

Among other things, the Bill provides for the creation of the National Cybersecurity Advisory Council and the National Cyber Security Incident Response Team.

The National Cybersecurity Advisory Council shall be responsible for advising the government on cybersecurity policy development and national cybersecurity strategies.

On the other hand, the National Cyber Security Incident Response Team will be tasked with providing cybersecurity incident response capabilities to the country. It shall provide technical assistance to law enforcement agencies when so requested.

“It shall provide Lesotho with cybersecurity intelligence, alerts, warnings technical assistance, eradication of threats and recovery from cyber-attacks. It shall build awareness among the general population on how to be safe on cyber space and build capacity for the sustained ability of the country to manage cybersecurity risks.

“In this way, the Bill provides a live and functional body to protect its cyber space,” section 12 of the Bill states.

The proposed Advisory Council will include a director-general, a director, representatives of the Lesotho Communications Authority (LCA), Central Bank of Lesotho (CBL), the private sector and institutions of higher learning.

The proposed Council will also include representatives of the security agencies, namely, the Lesotho Mounted Police Service (LMPS), Lesotho Defence Force (LDF), National Security Service (NSS) and Lesotho Correctional Service (LCS).

The Bill was first tabled in parliament in 2021 by former Communications Minister, Keketso Sello, who served under the previous Moeketsi Majoro-led government.

Mr Sello was succeeded by Mr Rapapa who steered the Bill through the lower house of parliament, known as the National Assembly.

By the time the former government’s tenure ended in October 2022, the Bill was awaiting Senate approval before it could be sent to King Letsie III for his assent and subsequent gazettement.

Seven months into its tenure, the current Samuel Matekane-led regime has signaled its intention to revive the Bill at the stage where it was before the dissolution of the previous parliament and push for its enactment.

In its 8 May 2023 notice, Lesotho’s parliament said, the “Honourable House resolves to reinstate the Computer Crime and Cyber Security Bill at the stage it had reached before the dissolution of the 10th (previous) Parliament (ahead of the October 2022 elections which brought Matekane to power)”.

Parliament subsequently issued a “Statement of Objects and Reasons” for the Bill it says was approved by current Communications Minister Nthati Moorosi.

 Part of the statement reads, “Government has a responsibility to ensure that its citizens are protected against cyber-attacks and the enactment of the Computer Crime and Cybersecurity Bill is an effort by Lesotho to combat computer crime, by putting in place the appropriate punishment for it and thereby ensuring cybersecurity.

“There are several legislations which provide for criminalisation of different offences such as fraud, extortion, forgery, bribery, genocide, crimes against humanity, war crimes, terrorism and other offences.

“However, there is no statute which provides for criminalisation of illegal activities committed through the use of electronic devices except for the Penal Code Act, 2012 and the Communications Act, 2012 which criminalise unlawful access to computer or electronic storage devices owned by another person, while the Communications Act criminalises intentional damage of communications facilities belonging to another. There is a need for a comprehensive legislation which adequately prevents computer and internet related crimes,” the statement further reads.


The revival of the Bill, which has been rechristened the Computer Crime and Cyber Security Bill (2023), has galvanised local NGOs into action.

They have since petitioned the African Commission to stop the government from proceeding with the enactment of the Bill.

The Commission has also been asked by the NGOs to engage the Lesotho government on other issues including successive governments’ failure to deal with the thorny issue of torture and other human rights abuses by Lesotho’s security agencies.

The NGOs’ petition was authored by Advocate Mokitimi Tšosane, a Public Interest Litigation and Human Rights Officer at the TRC.

“This statement covers human rights issues around Computer Crimes and Cybersecurity Bill, Constitutional Reforms, Torture and ill-treatment, Right to Development, Establishment of the Disability Advisory Council and funding of the judiciary,” Adv Tšosane states in the petition.

“As we celebrate 30 years of the democratic constitution, it is with great concern that there is lurking in our midst, the Computer Crimes and Cybersecurity Bill, which has elements that justify overreach of enforcement powers suffocating the very essence of a responsive democracy – freedom of expression and speech and the right to be free from intrusions and interference by the state and others deriving from the right to privacy. (Sic).

“In the Bill, the government risks excluding the general public from the greater information society in this information era. The Bill encompasses sections meant to undermine and erode the right to privacy, freedom from arbitrary search and seizure of property, freedom of expression and access to information, and right to a fair trial. These provisions have the potential to shrink the civic, media, and political spaces,” the NGOs’ petition states.


Adv Tšosane has been a consistent in his criticism of the Bill.

In a previous interview, he said he was particularly alarmed by the starring role given to members of the security agencies in monitoring cyberspace.

“The inclusion of members of the security agencies in the proposed Advisory Council amounts to a militarisation of digital surveillance,” Adv Tšosane said.

He noted that the security agencies had over the years been accused of doing the bidding of politicians and committing grave human rights violations in the process, hence why the security agencies had to be reformed in line with the recommendations of the Southern African Development Community (SADC).

“It was bad enough to have military people regulating civilian behaviour but to have an unreformed security sector performing this task as envisaged by the Bill is worse and spells doom for the observance of human rights and freedoms,” Adv Tšosane said.

In its adverse opinion on the Bill which Adv Tšosane helped craft last year, the TRC notes that, “the Bill suffers from lack of consultations in its drafting hence the inelegance”.

“The Bill suffers from conceptual and definitional deficits. The Bill is constitutionally flawed as it does not consider the basic constitutional rights and freedoms to privacy, fair trial, and expression.

“While the country needs progressive cyber legislations, the proposed legislation is an oppressive tool by a government bent on excluding the general public from the greater information society in this information era. Therefore, it is vital that the Bill be revised and reworked with regard to all comments received from all stakeholders including the public and private sector, as well as the legal profession and information security practitioners.

“…it (the Bill) does not strike a balance between civil liberties and the government’s interest in ‘national security’ and law enforcement. For example, the Bill brings into the picture digital forensics which in practice deals with identification, collection, preservation, examination, and analysis of information stored or transmitted in binary form in a manner acceptable for application in legal matters. However, closely linked to digital evidence seizure is the right to privacy. While the Bill introduces the use of forensic tools, it leaves behind procedures that comply with the constitution and international human rights instruments to protect the right to privacy,” the TRC argues.

The respected human rights body also raises the alarm over the manner in which government through the communications minister, Advisory Council and Response Team, “assumes extreme and extensive powers in policing cyberspace”.

“The government powers in terms of the Bill are arbitrary and limitations on the rights and freedoms not demonstrably justifiable. Essentially, the Bill disregards the right to privacy, right to fair trial, freedom of expression and freedom from arbitrary seizure of property. The Bill comes as a trap targeting cyber users especially dissidents and will shrink the media, civic and political space. In its current form, substantial provisions of the Bill will surely not pass the constitutional muster/constitutional scrutiny if it is enacted into law,” the TRC further argues.

Asked to elaborate on the TRC’s concerns, Adv Tšosane said some of the provisions of the Bill criminalising the publication of falsehoods were subjective.

This left room for them to be abused by politicians and their lackeys in the security agencies to victimise media practitioners, political opponents and other dissenting voices, he said.

This was in reference to Section 43 of the Bill which states that, “a person who publishes information or data presented in a picture, text, symbol or any other form in a computer system knowing that  such information or data is false, deceptive, misleading, or inaccurate, and with intent to threaten, abuse, insult, mislead or deceive the public, or conceals commission of such an offence, commits an offence and is liable, on conviction, to a fine not exceeding R500 000 or imprisonment for a term not exceeding five years or both”.

“With such provisions, satire by the media could be criminalised as publication of falsehoods. Cartoonists would not be able to publish online.

“The provisions fly in the face of a multiplicity of ordinarily allowed, tolerated, and countenanced ways of society poking fun at itself for comic effect, social commentary and political satire or caricature; and it is likely to be abused by powerful groups against socially constructive exertions of the categories like conventional and social media including citizen journalism, artists and cartoonists, and even mainstream scholars

“The provisions smack of an attempt by politicians to smuggle back the notorious criminal defamation offence which was outlawed by the Constitutional Court in 2018,” Adv Tšosane said.

Mockery of justice

Should the Bill be approved, those found to be on the wrong side of the law face lengthy prison sentences of up to 25 years and R15 million for vaguely defined “offences against critical information infrastructure or protected computer systems”.

“It will be a mockery of justice if the suggested fines become law,” prominent lawyer, Napo Mafaesa said of the Bill in a previous interview.

“Given our economic climate, the suggested penalties will be impossible to meet and the result will be prison sentences at a time when government is already failing to cope with overcrowding in the jails,” Adv Mafaesa added.

He also expressed fears that some state agencies could be abused by politicians to punish their opponents.

“We have some unscrupulous institutions and these could abuse the Bill if it is passed into law in its current form,” Adv Mafaesa said.

Although Adv Mafaesa did not mention names, this was most likely a reference to the country’s security agencies which have over the years been accused of torture and other human rights violations.

His misgivings about the police and other security agencies stems from his alleged torture by the former last year. He has since instituted a lawsuit for R5 million damages from the police for the alleged torture.

Unsurprisingly, Adv Mafaesa and the NGOs do not want the security agencies involved in the monitoring of cyberspace moreso as they have not been reformed in line with the 2016 SADC recommendations for security sector, constitutional, media and judicial reforms in Lesotho.

It remains to be seen how the African Commission will respond to the NGOs’ petition over the Bill and human rights violations by the security agencies.

Back in 2018, the Commission produced a damning report expressing concern over the “persistent allegations of police brutality in Lesotho and reports which purport to demonstrate that torture is being utilised by security forces in the country”.

Its plea to the government to capacitate the relevant institutions to enable them to investigate allegations of human rights violations has so far fallen on deaf ears.

“The government should incorporate the promotion and protection of human and peoples’ rights in all its actions as well as in the legal, policy and institutional reforms,” the Commission said at the time.

Herbert Moyo is a journalist researching digital surveillance with support from the Media Policy & Democracy Project (MPDP), run by the University of Johannesburg, Department of Communication and Media.