Computer Misuse Act

Section Interpretation Section In this Act, unless the context otherwise requires— “ access ” means gaining entry to any electronic system or data held in an electronic system or causing the electronic system to perform any function to achieve that objective; “ application ” means a set of instructions that, when executed in a computer system, causes a computer system to perform a function and includes a set of instructions held in any removable storage medium which is, for the time being, in a computer system; “ authorised officer ” has the meaning assigned to it in section 31 ; “ child ” means a person under the age of eighteen years; “ computer ” means an electronic, magnetic, optical, electrochemical or other data processing device or a group of such interconnected or related devices, performing logical, arithmetic or storage functions; and includes any data storage facility or communications facility directly related to or operating in conjunction with such a device or group of such interconnected or related devices; “ computer output ” or “output” means a statement, information or representation, whether in written, printed, pictorial, graphical or other form— (a) produced by...

Section Securing access Section A person secures access to any program or data held in a computer if that person — views, alters or erases the program or data ; copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held; uses or destroys the program or data ; or causes the program or data to be output from the computer in which it is held whether by having it displayed or in any other manner.

Section Using program Section A person uses a program if the function he or she causes the computer to perform— causes the program to be executed; or is itself a function of the program .

Section Authorised access Section Access by a person to any program or data held in a computer is authorised if— the person is entitled to control access to the program or data in question; or the person has consent to access that program or data from any person who is charged with giving that consent.

Section References Section A reference to a program or data held in a computer includes a reference to any program or data held in any removable storage medium and a computer may be regarded as containing any program or data held in any such medium. A reference to a program includes a reference to part of a program .

Section Modification of contents Section A modification of the contents of any computer takes place if, by the operation of any function of the computer concerned or any other computer connected to it result into— a program , data or data message held in the computer concerned being altered or erased; or a program , data or data message being added to its contents.

Section Unauthorised modification Section Modification is unauthorised if— the person whose act causes it, is not entitled to determine whether the modification should be made; and he or she does not have consent to the modification from a person who is entitled.

Section Production order Section Where the disclosure of data is required for the purposes of a criminal investigation or the prosecution of an offence, an investigative officer may apply to court for an order compelling— a person to submit specified data in that person ’s possession or control, which is stored in a computer system; and any service provider offering its services to submit subscriber information in relation to such services in that service provider’s possession or control. Where any material to which an investigation relates consists of data stored in a computer , computer system or preserved by any mechanical or electronic device , the request shall be deemed to require the person to produce or give access to it in a form in which it can be taken away and in which it is visible and legible.

Section Preservation order Section An order made under subsection (1) shall remain in force— An investigative officer may apply to court for an order for the expeditious preservation of data that has been stored or processed by means of a computer system or any other information and communication technologies, where there are reasonable grounds to believe that such data is vulnerable to loss or modification. For the purpose of subsection (1) , data includes traffic data and subscriber information. until such time as may reasonably be required for the investigation of an offence; or where prosecution is instituted, until the final determination of the case or until such time as the court deems fit.

Section Disclosure of preservation order Section An investigative officer may, for the purpose of a criminal investigation or the prosecution of an offence, apply to court for an order for the disclosure of— all preserved data , irrespective of whether one or more service providers were involved in the transmission of such data ; or sufficient data to identify the service providers and the path through which the data was transmitted; or electronic key enabling access to or the interpretation of data .

Section Unauthorised access Section A person who, without authorisation— The intent of a person to commit an offence under this section need not be directed at— accesses or intercepts any program or another person ’s data or information ; voice records or video records another person ; or shares any information about or that relates to another person , Any person who intentionally and without authority to do so, interferes with data in a manner that causes the program or data to be modified, damaged, destroyed or rendered ineffective, commits an offence. Any person who unlawfully produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including a computer program or a component which is designed primarily to overcome security measures for the protection of data or performs any of those acts with regard to a password, access code or any other similar kind of data , commits an offence. Any person who utilises any device or computer program specified in subsection (3) in order to unlawfully overcome security measures designed to protect the program or data or access to that program or data, commits an offence. Any person who acc...

Section Access with intent to commit or facilitate commission of further offence Section Any person who commits any acts specified under section 11 with intent to— commit any other offence; or facilitate the commission of any other offence, The offence to be facilitated under subsection (1)(b) may be one committed by the person referred to in subsection (1) or by any other person. It is immaterial for the purposes of this section whether the act under this section is committed on the same occasion as the offence under section 11 or on any future occasion. Any person who commits an offence under this section is liable, on conviction, to a fine not exceeding two hundred forty currency points or to imprisonment for a term not exceeding ten years, or both.

Section Unauthorised modification of computer material Section For the purposes of subsection (1) , the requisite intent is an intent to cause a modification of the contents of any computer and by doing so— The intent under subsection (1) need not be directed at— A person who does any act which causes an unauthorised modification of the contents of any computer and has the requisite intent and the requisite knowledge at the time when he or she does the act commits an offence. to impair the operation of any computer ; to prevent or hinder access to any program or data held in any computer ; or to impair the operation of any such program or the reliability of any such data . any particular computer ; any particular program or data or a program or data of any particular kind; or any particular modification or a modification of any particular kind. For the purposes of subsection (1) , the requisite knowledge is knowledge that any modification that the person intends to cause is unauthorised. It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind specified in subsection (2) is intended to be permanent or temporary. A...

Section Unauthorised use or interception of computer service Section Subject to subsection (2) , a person who knowingly— For the purposes of this section, it is immaterial that the unauthorised access or interception is not directed at— secures access to any computer without authority for the purpose of obtaining, directly or indirectly, any computer service ; intercepts or causes to be intercepted without authority, directly or indirectly, any function of a computer by means of an electro­magnetic, acoustic, mechanical or other device, whether similar or not; or uses or causes to be used, directly or indirectly, the computer or any other device for the purpose of committing an offence under paragraph (a) or (b) , If any damage is caused as a result of an offence under this section, a person convicted of the offence is liable to a fine not exceeding one hundred sixty-eight currency points or to imprisonment for a term not exceeding seven years, or both. any particular program or data ; a program or data of any kind; or a program or data held in any particular computer .

Section Unauthorised obstruction of use of computer Section Any person who, knowingly and without authority or lawful excuse— interferes with or interrupts or obstructs the lawful use of a computer ; or impedes or prevents access to or impairs the usefulness or effectiveness of any program or data stored in a computer ,

Section Unauthorised disclosure of access code Section Any person who knowingly and without authority discloses any password, access code or any other means of gaining access to any program or data held in any computer knowing or having reason to believe that it is likely to cause loss, damage or injury to any person or property, commits an offence. Any person who commits an offence under subsection (1) is liable, on conviction, to a fine not exceeding two hundred forty currency points or to imprisonment for a term not exceeding ten years, or both; and in the case of a subsequent conviction, to a fine not exceeding three hundred sixty currency points or to imprisonment for a term not exceeding fifteen years, or both.

Section Unauthorised disclosure of information Section Except for the purposes of this Act or for any prosecution for an offence under any written law or in accordance with an order of court, a person who has access to any electronic data , record, book, register, correspondence, information , document or any other material, shall not disclose to any other person or use for any other purpose other than that for which he or she obtained access . Any person who contravenes subsection (1) commits an offence and is liable, on conviction, to a fine not exceeding two hundred forty currency points or to imprisonment for a term not exceeding ten years, or both.

Section Electronic fraud Section Any person who carries out electronic fraud commits an offence nd is liable, on conviction, to a fine not exceeding three hundred sixty currency points or to imprisonment for a term not exceeding fifteen years, or both. For the purposes of this section, “electronic fraud” means deception deliberately performed with the intention of securing an unfair or unlawful gain where part of a communication is sent through a computer network or any other communication and another part through the action of the victim of the offence or the action is performed through a computer network or both.

Section Enhanced punishment for offences involving protected computers Section For the purposes of subsection (1) , a computer is treated as a “protected computer” if the person committing the offence knows or ought reasonably to have known that the computer or program or data is used directly in connection with or necessary for— Where access to any protected computer is obtained in the course of the commission of an offence under section 11 , 13 , 14 or 15 , the person convicted of an offence is, instead of the punishment prescribed in those sections, liable on conviction, to imprisonment for life. the security, defence or international relations of Uganda; the existence or identity of a confidential source of information relating to the enforcement of a criminal law; the provision of services directly related to communications infrastructure, banking and financial services, public utilities or public key infrastructure; or the protection of public safety including systems related to essential emergency services such as police, civil defence and medical services. For the purposes of any prosecution under this section, it shall be presumed, until the contrary is proved, that the ac...

Section Abetment and attempts Section Any person who abets another person in committing an offence under this Act, commits that offence and is liable, on conviction, to the punishment prescribed for that offence. Any person who attempts to commit any offence under this Act commits that offence and is liable, on conviction, to the punishment prescribed for that offence.

Section Attempt defined Section It is immaterial— When a person , intending to commit an offence, begins to put his or her intention into execution by means adapted to its fulfilment, and manifests his or her intention by some overt act, but does not fulfill his or her intention to such an extent as to commit the offence, he or she is deemed to attempt to commit the offence. except so far as regards punishment, whether the offender does all that is necessary on his or her part for completing the commission of the offence, or whether the complete fulfilment of his or her intention is prevented by circumstances independent of his or her will, or whether the offender desists of his or her own motion from the further prosecution of his or her intention; or that by reason of circumstances not known to the offender it is impossible in fact to commit the offence.

Section Child pornography Section Any person who— For the purposes of this section, “ child pornography” includes pornographic material that depicts— produces child pornography for the purposes of its distribution through a computer ; offers or makes available child pornography through a computer ; distributes or transmits child pornography through a computer ; procures child pornography through a computer for himself or herself or another person ; or unlawfully possesses child pornography on a computer , Any person who makes available pornographic materials to a child commits an offence. a child engaged in sexually suggestive or explicit conduct; a person appearing to be a child engaged in sexually suggestive or explicit conduct; or realistic images representing children engaged in sexually suggestive or explicit conduct. Any person who commits an offence under this section is liable, on conviction, to a fine not exceeding three hundred sixty currency points or to imprisonment for a term not exceeding fifteen years, or both.

Section Unauthorised sharing of information about children Section A person shall not send, share or transmit any information about or that relates to a child through a computer unless— the person obtains the consent of the parent or guardian of the child , or other person having authority to make decisions on behalf of the child ; the person is authorised by law; or the sending, sharing or transmitting of the information is in the best interest of the child . A person who contravenes subsection (1) commits an offence and is liable, on conviction, to a fine not exceeding seven hundred fifty currency points or to imprisonment for a term not exceeding seven years, or both.

Section Cyber harassment Section For the purposes of this section, “cyber harassment” is the use of a computer for any of the following purposes— Any person who commits cyber harassment is liable, on conviction, to a fine not exceeding seventy-two currency points or to imprisonment for a term not exceeding three years, or both. making any request, suggestion or proposal which is obscene, lewd, lascivious or indecent; threatening to inflict injury or physical harm to the person or property of any person ; or knowingly permits any electronic communications device to be used for any of the purposes mentioned in this subsection.

Section Cyber stalking Section Any person who wilfully, maliciously, and repeatedly uses electronic communication to harass another person and makes a threat with the intent to place that person in reasonable fear for his or her safety or to a member of that person ’s immediate family commits the crime of cyber stalking and is liable, on conviction, to a fine not exceeding one hundred twenty currency points or to imprisonment for a term not exceeding five years, or both.

Section Hate speech Section A person shall not write, send or share any information through a computer , which is likely to— ridicule, degrade or demean another person , a group of persons, a tribe, an ethnicity, a religion or gender; create divisions among persons, a tribe, an ethnicity, a religion or gender; or promote hostility against a person , group of persons, a tribe, an ethnicity, a religion or gender. A person who contravenes subsection (1) commits an offence and is liable, on conviction, to a fine not exceeding seven hundred fifty currency points or to imprisonment for a term not exceeding seven years, or both.

Section Unsolicited information Section A person shall not send to or share with another person unsolicited information through a computer unless the sending or sharing of the unsolicited information is in the public interest. A person who contravenes subsection (1) commits an offence and is liable, on conviction, to a fine not exceeding seven hundred fifty currency points or to imprisonment for a term not exceeding seven years, or both. For the purposes of this section, “unsolicited information ” means information transmitted to a person using the internet without the person ’s consent, but does not include unsolicited commercial communication.

Section Malicious information Section A person shall not send, share or transmit malicious information about or that relates to another person through a computer . A person who contravenes subsection (1) commits an offence and is liable, on conviction, to a fine not exceeding seven hundred fifty currency points or to imprisonment for a term not exceeding seven years, or both.

Section Misuse of social media Section For the purposes of prosecution under this section, it shall be presumed, until the contrary is proved, that the information published, distributed or shared on a social media account which is— A person who uses social media to publish, distribute or share information prohibited under the laws of Uganda under a disguised or false identity, commits an offence. Where the information under subsection (1) is published, shared or distributed on a social media account of an organisation, the person who manages the social media account of the organisation shall be held personally liable for the commission of the offence. A person who contravenes subsection (1) is liable, on conviction, to a fine not exceeding five hundred currency points or to imprisonment for a term not exceeding five years, or both. verified by a social media operator, has been published, distributed or shared by a legal or natural person ; registered using a telephone contact, is published, distributed or shared by the person or organisation in whose name the telephone contact is registered; or registered using an email address which has been used or submitted as data by any data...

Section Compensation Section Where a person is convicted under this Act, the court shall in addition to the punishment provided therein, order such person to pay by way of compensation to the aggrieved party, such sum as is in the opinion of the court just, having regard to the loss suffered by the aggrieved party; and such order shall be a decree under the provisions of the Civil Procedure Act, and shall be executed in the manner provided under that Act.

Section Search and seizure Section Where a magistrate is satisfied by information given by a police officer that there are reasonable grounds for believing— An authorised officer may seize any computer system or take any samples or copies of applications or data — An authorised officer executing a search warrant referred to in subsection (3) may— compel a service provider, within its existing technical capability— that an offence under this Act has been or is about to be committed in any premises ; and that evidence that such an offence has been or is about to be committed in those premises , that is concerned in or is, on reasonable grounds, believed to be concerned in the commission or suspected commission of an offence, whether within Uganda or elsewhere; that may afford evidence of the commission or suspected commission of an offence, whether within Uganda or elsewhere; or that is intended to be used or is on reasonable grounds believed to be intended to be used in the commission of an offence. A computer system referred to in subsection (2) may be seized or samples or copies of applications or data may be taken only by virtue of a search warrant. The provisions of section 71 o...

Section Admissibility and evidential weight of data message or electronic record Section In any legal proceedings, the rules of evidence shall not be applied so as to deny the admissibility of a data message or an electronic record — When assessing the evidential weight of a data message or an electronic record , the court shall have regard to— The authenticity of the electronic records system in which an electronic record is recorded or stored shall, in the absence of evidence to the contrary, be presumed where— merely on the ground that it is constituted by a data message or an electronic record ; if it is the best evidence that the person adducing it could reasonably be expected to obtain; or merely on the ground that it is not in its original form. A person seeking to introduce a data message or an electronic record in any legal proceeding has the burden of proving its authenticity by evidence capable of supporting a finding that the electronic record is what the person claims it to be. Subject to subsection (2) , where the best evidence rule is applicable in respect of an electronic record, the rule is satisfied upon proof of the authenticity of the electronic records system i...

Section Territorial jurisdiction Section Subject to subsection (2) , this Act shall have effect, in relation to any person, whatever his or her nationality or citizenship and whether he or she is within or outside Uganda. Where an offence under this Act is committed by any person in any place outside Uganda, he or she may be dealt with as if the offence had been committed within Uganda.

Section Jurisdiction of courts Section A court presided over by a chief magistrate or magistrate grade I has jurisdiction to hear and determine any offence in this Act and, notwithstanding anything to the contrary in any written law, has power to impose the full penalty in respect of any offence under this Act.

Section Power to amend Schedule Section The Minister may, by statutory instrument, with the approval of Cabinet, amend the Schedule to this Act.