The Annual Meeting of the Board of Trustees of the Libya Technology Foundation: Reviewing Achievements, the Annual Report, and the 2025 Plan
The annual meeting of the Board of Trustees of the Libya Technology Foundation was held today, January 18, 2025, at the Foundation’s headquarters in Tripoli. The meeting was attended by trustees, members of the Board of Directors, administrative staff, and several members and advisors. During the meeting, the annual activity report was presented, highlighting the key achievements and projects that contributed to advancing the mission and goals of the Foundation. Additionally, the financial report was reviewed, with observations provided on performance, accounting errors, and ways to improve them.
The council discussed the challenges faced by the Foundation over the past year, as well as future opportunities to strengthen partnerships and diversify funding sources. Emphasis was placed on adhering to spending policies that ensure efficient resource utilization, with a commitment to keeping operational expenses below 20% of the total budget.
The Foundation reaffirms its commitment to achieving its objectives and strengthening its role as a leading technology institution in Libya.
We are pleased to announce that the Libyan Technology Foundation has officially become a member of the PKI Consortium, a global alliance that includes leading organizations in the field of Public Key Infrastructure (PKI).
Through this step, the foundation aims to strengthen its position in the field of cybersecurity, support digital transformation in Libya, and enhance trust in digital assets and electronic communications both locally and globally.
The PKI Consortium is one of the most prominent platforms that brings together experts and organizations to develop policies, improve practices, and create standards that ensure the security and integrity of digital information.
Through this membership, the Libyan Technology Foundation seeks to contribute effectively to shaping the future of digital infrastructure and bringing global expertise to Libya to achieve significant progress in the field of digital security.
Under the supervision of the Libya Technology Foundation, a specialized training on Microsoft 365 was conducted for the employees of Free Fields Organization as part of the 365 Project, which aims to support civil society organizations in Libya.
Goals of the 365 Project:
Assisting Civil Society Organizations in Digital Transformation: Providing Microsoft 365 services free of charge to legally registered and non-profit organizations in Libya, with the goal of enhancing their efficiency and effectiveness.
Contributing to Societal Digital Transformation: Supporting civil society organizations that deliver services beneficial to the local community.
Empowering Civil Society Organizations: Supplying these organizations with the necessary technology and training their members on its use.
Key Topics Covered During the Training:
Introduction to Microsoft 365: Understanding how to use various tools within the cloud system and how organizations can leverage these tools to improve collaboration and productivity.
Introduction to Outlook: Managing emails professionally, organizing schedules, and tasks using the calendar feature.
Introduction to Teams: Enhancing team communication through various channels and conducting remote meetings effectively.
Introduction to Planner: Flexible project and task organization, distributing work among team members.
The Libya Technology Foundation continues to deliver the 365 Project, which enhances the capacities of civil society organizations and promotes digital transformation in Libya by providing technical tools and appropriate training.
We are proud to share this success and remain committed to offering innovative training programs that keep pace with the latest technological developments.
The Libya Technology Foundation has contacted the Libyan Parliament to present its comments and proposed amendments to the Cybercrime Law No. (5) of 2022, following a series of dialogue sessions with relevant stakeholders in the technical and legal community.
The comments included the rewording of several articles to enhance technical and legal precision, such as the definitions of encryption, digital identity, and digital forensic evidence. The foundation also called for the modification of penalties in certain articles to focus on fines instead of imprisonment and to ensure the law aligns with the constitutional declaration and the rights to freedom of speech and expression.
Additionally, the foundation proposed adding articles related to cyber extortion, cyberbullying, and online defamation, emphasizing the importance of involving technical and legal experts to ensure a comprehensive legal framework that effectively addresses cybercrimes.
Here is the text of the letter:
“To: The Honorable Members of the Libyan Parliament – House of Representatives
Subject: Community Comments Regarding the Cybercrime Law
Dear Sir/Madam,
We appreciate your national efforts and the dedication of the teams that continue working tirelessly to maintain the legislative foundations in the Libyan state. We wish you success and always stand with you in support of your endeavors.
It is important to note that the Libya Technology Foundation, established on August 25, 2020, with registration number 60-2020, has worked alongside many governmental institutions, companies, and local communities. Our teams have acted as a link between the state and society, striving to bridge gaps and enhance collaboration among various stakeholders in Libya.
Regarding the Cybercrime Law, approved by the Libyan Parliament under Law No. 5 of 2022, which has sparked extensive debate and diverse views within the Libyan tech community, the foundation saw the necessity to initiate discussions with various organizations, bodies, and concerned parties.
A series of dialogue meetings were organized to discuss the Cybercrime Law, aiming to collect different viewpoints from relevant stakeholders, in accordance with the constitutional declaration, applicable laws in Libya, and global best practices in such laws. During these meetings, various opinions were exchanged, reflecting the foundation’s commitment to supporting constructive dialogue and promoting transparency and cooperation on national and technical issues.
Official amendments suggested:
Article Number
Amendment
1
Point 5: Reword the definition of encryption. Point 7: Modify the definition of digital forensic evidence to: “Data that leaves a digital trace and can be prepared, transmitted, or stored digitally through computer systems, communication networks, or various types of digital storage devices, enabling the computer to perform a specific task.”
1
Point 8: Reword the definition of digital identity in a technical and scientific manner. Point 10: Modify the definition of “electronic payments.” Point 12: Modify the definition to “interception or surveillance.” Add a separate definition for “interception” as: “Preventing data from reaching its destination or partially or completely redirecting it.” Additional definitions: National Authority for Information Security and Safety, personal data, privacy.
6
Modify the article to distinguish between literary and scientific works, innovations, and republishing processes.
7
Modify the name of the National Authority for Information Security and Safety. Remove the clause “(except in cases of urgent security necessity)” and amend the article as: “The National Authority for Information Security and Safety may monitor what is published or displayed over the international information network or any other technical system and block anything that stirs racial or regional hatred or extremist religious or sectarian ideas that could destabilize community security or disrupt public peace. Monitoring of emails or conversations is only allowed by court order issued by the competent judge or in urgent cases, with justification for the urgency provided later and accepted by the judiciary.”
9
Modify the text to: “No individual or entity may produce, possess, provide, distribute, market, manufacture, import, or export encryption tools that have been previously prohibited in public publications of the National Authority for Information Security and Safety without obtaining a license or permission from the authority.”
12
Review the penalties in this article by a legal body to include a fine only, without imprisonment.
13
Modify the text: “Anyone who unlawfully intercepts an information system with the intent of obtaining digital data or linking it with other electronic systems will be punished by imprisonment for no less than six months and a fine between 1,000 and 5,000 dinars.”
21
Reword the article to align with the constitutional declaration, preserving the right to freedom of expression and opinion.
24
Review the penalties in this article by a legal body to include a fine only, without imprisonment.
25
Review the penalties in this article by a legal body to include a fine only, without imprisonment.
26
Review the penalties in this article by a legal body to include a fine only, without imprisonment.
28
Point 5: Change the term “electronic money” to “electronic payments.” Add the phrase “with knowledge of this” to all points of this article.
30
Combine this article with Article 21, concerning the mixing or alteration of sound or images, ensuring compatibility with the constitutional declaration and preserving rights to expression and freedom.
34
Modify the text: “Anyone who disrupts or obstructs electronic government work or public authority activities using any electronic means will be punished by imprisonment and a fine no less than 10,000 dinars and no more than 100,000 dinars.” The definition should focus on criminal intent and not affect the government’s or ministries’ definition of disrupting freedom of speech.
36
Modify the text: “Anyone who damages, hides, alters, erases, or tampers with digital evidence will be punished by imprisonment for no less than five years and a fine between 10,000 and 100,000 dinars.”
37
Modify the text: “Anyone who broadcasts or publishes misleading data or information that threatens public safety and security in the state or any other country through the international information network or any other electronic means will be punished by imprisonment for no less than five years and a fine between 10,000 and 100,000 dinars.” These data should be false and not supported by any professional or journalistic references. The right to express facts, reports, and data protected by law and the constitutional declaration should be respected.
39
Merge this article with Article 9.
41
Add this article to Article 28.
42
Review the penalties in this article by a legal body and refer to the Penal Code.
46
Review the penalties in this article by a legal body to include a fine only, without imprisonment.
47
Add the phrase “with intent to harm others.”
48
Review the article by judicial and enforcement authorities.
50
Detail the article by judicial and enforcement authorities.
General Comments on the Law:
The law does not mention specific terms such as “technical, legal, criminal, procedural.”
There is no clear methodology in drafting the law, nor was there an explanatory memorandum included in the draft despite our attempts.
There is no provision for interpretation in case of disputes.
The discretionary power of the judge is not mentioned.
No mention of preventive measures.
No mention of the duration of the retention of computers and digital evidence.
No reference to technical expertise or reliance on cybercrime experts.
We suggest adding the following articles:
Cyber extortion.
Cyberbullying.
Online defamation.
Hosting sites and their legal responsibility.
Protection of personal data.
Dealing with crimes related to artificial intelligence.
Regulation of digital currencies and related crimes.
Digital forgery.
Protection of witnesses and whistleblowers in cybercrimes.
International cooperation in cybercrimes.
Issuance of several executive regulations to organize the implementation of this law.
Legal and Technical Errors in the Libyan Cybercrime Law:
Based on our research, differing opinions, and extensive studies in analyzing this law, we have identified the following issues:
Inaccurate Legal Drafting: Some definitions and terms used in Article 1 lack legal and technical precision, leading to difficulties in interpreting the provisions. For example:
The definition of “cybercrime” is not comprehensive of all types of electronic criminal activity.
The definition of “encryption” does not cover all its uses in line with international practices.
Ambiguity and Redundancy in Some Articles:
Article (9) regarding the possession of encryption tools does not differentiate between legal usage and encryption for legitimate purposes (e.g., data protection).
Article (11) on “unauthorized access” lacks a clear definition of what constitutes hacking.
Article (34) about “disrupting government operations” is too broad and could lead to multiple interpretations, such as opinions, content, and legal activities published in digital space.
Contradiction with Human Rights:
Monitoring of publications (Article 7) could violate privacy and freedom of expression rights, especially without clear standards.
Lack of Balance Between Penalties
Many penalties seem disproportionate to the nature of the crimes, which could lead to unfair enforcement:
Imprisonment and heavy fines in Article (19) for producing or distributing pornography, while more severe crimes like human trafficking (Article 43) have similar or lesser penalties.
Article (38) on incitement to murder or suicide is vague and does not specify exceptions or how intent should be proven, requiring further clarification.
5- Lack of Execution Guarantees
Article (7), which allows monitoring of what is published, needs clearer guarantees to protect individual rights, as relying on a “court order from a misdemeanant judge” may not be sufficient for monitoring private messages.
Article (52) related to judicial officers does not specify criteria for employee selection or the scope of their powers, which could lead to abuse of authority, especially in the cyber domain.
6- Conflict with International and Domestic Laws
Article (3) discusses the applicability of the law for crimes that begin or are committed in Libya but does not take into account international cooperation or agreements signed or being negotiated at the international level.
Articles related to blocking websites and encryption (Articles 8 and 9) may conflict with international agreements related to internet freedom and data protection.
7- Lack of Regulatory Framework
Absence of an article clearly defining the responsibilities of the National Authority for Information Security and Safety or licensing standards (as in Article 9).
No clear mechanism for enforcing penalties or monitoring implementation.
8- Outdated or Inconsistent Technical Terminology
Some terms, such as “computer viruses,” need updating to include a broader range of malicious software (such as ransomware or malicious bots).
No mention of crimes related to artificial intelligence or blockchain technologies.
9- Omission of Some Modern Cybercrimes
The law does not cover some common electronic activities like crimes related to:
Online extortion (Ransomware Attacks).
Targeted cyberattacks.
Forgery using artificial intelligence (Deepfakes).
10- Issues with Seizure and Deportation (Articles 50 and 51)
Seizure and deportation in Articles (50 and 51) could be used arbitrarily without clear mechanisms for appeal or objection.
11- Conflict with Existing Laws
Article (49) states that criminal laws and complementary laws apply but does not specify how the new law coordinates with other laws, potentially leading to legislative conflict.
Articles concerning intellectual property (24 and 25) could conflict with national or international laws protecting intellectual property rights.
12- Lack of Clear Definition of the Responsible Entity
The law refers to the “National Authority for Information Security and Safety” without clearly defining its executive powers or its relationship with other entities like the Ministry of the Interior or the judiciary.
There is no clarification of the entity monitoring the enforcement of the law and ensuring that the powers granted are not misused.
13- Insufficient Investigation and Oversight Procedures
Article (36) on destroying digital judicial evidence does not provide clear mechanisms for investigating this type of crime, which is technically complex and requires specialized expertise.
The law lacks provisions specifying how to protect digital evidence to ensure its integrity and safety during investigations.
14- Restrictions on Legitimate Technology
Article (9) prohibits the possession of encryption tools without permission, which could negatively impact businesses and individuals who rely on encryption to protect their data. No exceptions are made for safe commercial or personal use.
Article (39) increases penalties excessively for encryption tools linked to the government and banks without establishing a regulatory framework for legitimate use.
15- Vagueness in National Security-Related Articles
Article (37) on publishing data that threatens national security or public safety does not define what constitutes a “threat” in precise terms, which opens the door for broad interpretations that could be used to restrict freedom of expression.
Article (45) about assisting terrorist groups lacks a precise definition of actions considered “assistance,” such as publishing critical articles or political analyses, which should be clarified to avoid wrongful accusations or exemptions.
16- Inconsistent or Impractical Penalties
Article (31) on gambling imposes heavy penalties of up to two years, while crimes like incitement to prostitution or the production of pornography in Article (19) have relatively lighter penalties, weakening the consistency of criminal policy.
Article (22) regarding “harassing others” does not clarify how intent or the nature of the act should be proven, leading to potential subjective interpretations.
17- Insufficient Safeguards for Citizens
Articles (7 and 8) on content monitoring and website blocking grant authorities broad powers without clear mechanisms to ensure citizens’ rights are not violated.
The law does not specify avenues for complaints or appeals if a website is blocked or content is monitored unjustly.
18- Lack of International Standards
The law does not align sufficiently with international standards on cybercrime laws, such as the Budapest Convention on Cybercrime, which is an international benchmark.
There is an absence of explicit references to international cooperation in combating cross-border crimes, despite Article (3) addressing it in part.
19- Lack of Special Protection for Minors
Although there are articles related to the exploitation of minors (such as Article 23), the law does not provide comprehensive protection for minors online, such as awareness or regulation of access to harmful content.
20- Inadequate Handling of Digital Economic Crimes
The law addresses economic crimes in a limited manner, such as Article (44) on money laundering, but does not cover:
Tax evasion using digital currencies.
Illegal trade on the dark web.
Crimes related to suspicious crowdfunding.
21- Weakness in AI-Related Provisions
The law does not address crimes related to the use of artificial intelligence, such as deepfake forgery, which has become a significant threat to personal and institutional security.
22- Lack of Provisions for Personal Data Protection
The law does not stipulate the protection of individuals’ personal data or the penalties for its misuse, which undermines trust in digital transactions.
23- Omission of Cyberterrorism Crimes
Despite mentioning terrorist groups in Article (45), there are no provisions addressing attacks on critical infrastructure (Critical Infrastructure Attacks), which are major cybercrimes.
24- Failure to Differentiate Between Regular Users and Professional Criminals
Some provisions criminalize actions that may be carried out by regular users without criminal intent (such as Article 14 on possessing decryption tools), potentially leading to unjust restrictions.
25- Lack of Awareness and Prevention Programs
The law focuses on penalties without providing provisions that require relevant authorities to implement awareness programs about cybercrime and its prevention.
Recommendations from the Libya Technology Foundation:
As a community institution registered with the Civil Society Commission and working in the Libyan tech community to raise awareness of laws, regulations, and policies, we believe this law requires substantial amendments, revision, and reconsideration by specialists, expert houses, and relevant institutions, such as:
Ministry of the Interior – Criminal Investigation Department.
Ministry of Justice.
Office of the Public Prosecutor.
General Authority for Information.
General Authority for Communications and Information Technology.
National Authority for Information Security and Safety.
Expert houses and consulting institutions.
Civil society institutions.
Recommendations for the Law:
Establish law enforcement bodies, including:
An electronic crimes office.
An electronic crimes prosecution office.
An electronic crimes court.
Update legal terminology to align with international standards.
Reconsider penalties to align with the nature of crimes.
Add legal safeguards to protect basic rights and freedoms.
Expand the scope of covered crimes to include emerging threats.
Strengthen the regulatory and executive framework to ensure justice and transparency.
Redraft ambiguous provisions: define terms accurately and clarify criminal intent.
Include digital rights protection provisions: such as adding personal data protection clauses.
Introduce new technologies: such as addressing crimes arising from artificial intelligence and digital extortion.
Create an independent oversight body: to ensure the fair and transparent application of the law.
Strengthen international cooperation: by joining international agreements to combat cybercrime.
And then reintroduce it for approval – with the mentioned legal and technical amendments – to the Libyan Parliament for potential implementation by the government, ministries, and relevant bodies.
Ameen Younis SalehChairman of the Board Libya Technology Foundation
With great success and your continuous support, the Open Source Software Day was held on Saturday, December 28, 2024, at the new Edah Center in the University District, Tripoli, with the attendance of more than 70 participants, including enthusiasts, lecturers, volunteers, and specialists from the open-source community.
✨ Event Highlights: 🔹 Open Source Exhibition: Showcased key projects and tools available to the community. 🔹 Linux Competition: Participants competed to solve a Linux system challenge, sparking excitement and innovation. 🔹 Lectures and Panel Discussions: A selection of experts shared their knowledge on the latest open-source technologies. 🔹 Networking Sessions: A golden opportunity to connect and build partnerships with interested individuals and professionals in the field.
🔑 Success Begins with Your Support! We extend our gratitude to our outstanding partners—organizations and companies that believe in the power of open source to foster innovation and build a community that encourages collaboration and knowledge-sharing.
The Libyan Technology Foundation takes pride in the positive mention in the 2023 Annual Report of the Audit Bureau, highlighting the “Capacity Building” program we delivered to support the Bureau’s human resources.
The workshops conducted by the Foundation covered a variety of topics aimed at enhancing digital awareness and culture, including:
Introduction to international and local legislation and standards in the field of information technology.
Overview of information security policies, including privacy and protection.
Enhancing auditors’ skills and competencies in analyzing electronic data.
Supporting the Bureau in implementing its digital transformation plan.
Cybersecurity.
At the Libyan Technology Foundation, we believe in our role in empowering national institutions to keep pace with technological advancements and raising awareness of the importance of technology in improving performance and ensuring quality.
This achievement reflects our ongoing commitment to developing the digital capabilities of various entities in Libya. We value the trust of our partners and look forward to further fruitful collaborations.
This was mentioned in the Audit Bureau’s report about the Foundation – Capacity Building Project:
The Libyan Technology Foundation aims to promote innovation and progress in the field of technology by establishing an active and effective volunteers network. This network serves as a vital platform that brings together individuals who share a passion for technology and a desire to make a difference in their community.
Volunteers Network Goals:
Enhancing Community Engagement: Providing opportunities for volunteers to participate in local projects aimed at improving and developing technological skills.
Skill Development: Offering workshops to enhance technical and practical skills, helping volunteers achieve personal and professional growth.
Building Professional Networks: Creating opportunities for communication between volunteers and technology professionals, facilitating knowledge and experience exchange.
Project Contribution: Engaging volunteers in tangible projects that contribute to technological development in Libya, allowing them to apply their skills in practical environments.
Benefits of Joining the Volunteers Network:
Making a Positive Impact: Contributing to projects that benefit the community and help develop the technological environment in Libya.
Strengthening Personal Values: Working within a team that shares the same values and principles enhances personal experience and provides self-fulfillment.
Skill Development: Gaining hands-on experience in real technological projects and improving technical skills.
Expanding Networks: Connecting with professionals and organizations in the technology field, opening doors to future opportunities.
Volunteers Network Registration Requirements:
Volunteers must be 18 years or older.
Applicants should have an interest in technology or a desire to develop their technical skills.
Volunteers should be able to work within a team and communicate effectively to achieve project goals.
Commitment to the values and principles adopted by the Libyan Technology Foundation, including respect, integrity, and transparency.
Volunteers must be passionate about personal development and contributing to society through tech-driven projects.
Commitment to attending some training workshops or mentoring sessions organized by the foundation to effectively prepare volunteers.
The ability to dedicate time to volunteering to ensure efficiency and continuity in projects.
Register Now for the Paid Professional Training Program at the Libyan Technology Foundation!
We are excited to announce the opening of registration for the third edition of our Professional Training Program, following the remarkable success of the first and second editions.
This program aims to provide an exceptional opportunity for recent graduates in the field of Information Technology to gain valuable hands-on experience in this rapidly evolving industry.
Program Objectives:
Offer a unique opportunity for recent graduates to acquire practical experience in IT within a work environment equipped with the latest technologies.
Contribute to building the capacities of Libyan youth and developing their technical skills to become leaders in the field of technology.
Eligibility Criteria:
Hold a bachelor’s degree in Information Technology, Communications, or a related field.
Proficient in English.
Passionate about learning and development.
Resident of Tripoli.
Training Duration:
Two months.
Program Benefits:
Rewarding Outcomes: Gain a training certificate and hands-on experience in IT support, Microsoft 365, cybersecurity, and IT policies.
Enhanced Employability: Improve skills to compete in the job market, paving the way for exceptional career opportunities in IT.
Certification: Receive an official certificate detailing your training, evaluation, and acquired skills.
In a groundbreaking step that reflects our continued commitment to supporting digital transformation in Libya, the Libyan Technology Foundation launched yesterday, as part of the 12th International Technology Exhibition and Forum held on November 18, 2024, the first edition of the:
“Microsoft 365 Acceptable Use Policy V1.0”
What makes this edition unique? 🔹 Pioneering Legal Framework: The policy has been developed according to international standards, with contributions from local and international legal and technical experts to ensure its suitability for various work environments. 🔹 Enhanced Compliance: It provides clear standards for Libyan institutions on the optimal use of the Microsoft environment, ensuring alignment with global best practices. 🔹 Bridging Gaps: It addresses the gap between available technical and cloud solutions and their actual use within Libyan institutions. 🔹 Comprehensive Guiding Framework: This edition establishes a practical framework for managing usage, protecting data, and ensuring operational efficiency.
Policy Objectives: 1️⃣ Enable Libyan institutions to make the most of Microsoft 365 technologies in a safe and effective manner. 2️⃣ Promote a culture of compliance with global laws and technical standards. 3️⃣ Support digital transformation to contribute to the development of the digital economy in Libya. 4️⃣ Safeguard institutional information and data from technical and legal risks.
Who is this edition for?
Government and private institutions.
Technology and telecommunications companies.
Oil companies.
Commercial banks.
Universities and academic institutions.
Large-scale institutions using M365 systems.
For consultancy services related to this policy, please contact us via email:
The Libyan Technology Foundation announces the completion of the “Governance Guide for Digital Platforms of Government Entities.” This guide represents an important step toward enhancing the management and development of digital content within government institutions. It aims to clarify the policies and procedures necessary to ensure effective use and deliver outstanding services to citizens.
The guide was developed in collaboration with a group of experts and specialists in the field. It provides comprehensive guidelines on managing digital platforms and ensuring quality and credibility in public communication.
We also extend our gratitude to the Government Communication Center for its cooperation in the completion of this guide. We look forward to achieving its intended goals of strengthening government communication and improving the level of services provided.
