The Kenya government is keen on tackling the increasing cases of Cyber crime with the Communication Authority of Kenya creating new rules aimed at stemming out the information security threats. Among these measures include the setting up of a forensic laboratory in the next three months which, will monitor imminent threats, thwart possible attacks as well as work with the Judiciary to tackle such incidents. Currently the National Computer Incident Response Team handles cyber security incidents and the lab is set to bolster these efforts.
The government is also planning to issue all Kenyan internet users with unique virtual identities. To kick-off, all the devices will be issued with unique IP (internet protocol) addresses. This will in addition to tackling cyber crime allow for fighting vices such as terrorism and hate speech online. The project has been in the works since 2012, when the government commissioned the Public Key Infrastructure (PKI) with the intent of issuing securely signed digital certificates through a trusted certificate authority who in this case is KENIC.
Implementation will also ensure secure electronic transactions and business efficiency in the digital realm. The issuance of these digital certificates and IP addresses will allow for uptake of e-Government services. It will also bolster other areas of the economy such as financial services and storage of medical health information. The project is in line with the Communication Authority’s National Cyber Security Framework, a multi-sectoral defense strategy aimed at combating increasing cases. While we laud these efforts in tackling cyber crime, the project raises interesting concerns with regards to user privacy as it means the government can with intent spy on individuals.
The government is basically trying to implement the Kenyan version of the Great wall of China. Instead of encouraging companies and government institutions to use security best practices such as stronger passwords, traffic encryption via https and whatnot, they resort to put out what can be termed as a mass but flawed surveillance system. Not even USA, with its large spy network called the NSA, forces people do to this. I simply feel that Kenya is borrowing the wrong examples from China.
Another thing that irks me is forcing all Kenyan websites to be hosted in the country. I should be free to host my site wherever I want, be it in Kenya or Tajikistan. Last time I checked, KENIC did not provide me any money for hosting, email support, server maintenance. I get that we should support Kenyan hosting companies and other service providers but it should never be forced.
What will happen to those people that decide to fully use AWS or Google app engine?These are services whose servers are not based in Kenya and more importantly, have a very fluid data architecture meaning your data is stored in different locations. Should I be forced to use an inferior service in the name of being ‘Team Kenya’? Bullshit.
I am not a lawyer but I have a huge feeling that the directives imposed by the Communication Authority simply infringe the privacy clauses afforded by the constitution, clauses that apply whether you are in a toilet or using the internet. I will be willing to support a class action suit if need be. The government has the right to tackle cybercrime but it should simply stop applying blanket ‘solutions’ without realising the impact on privacy and, something more important to their coffers, the economic impact of being forced to forfeit technologies such as cloud computing (AWS, App Engine etc.) just for the reason of singing some flawed tune.
[…] but individuals have also suffered from these incidents. Keen on tackling these increasing cases, the Communication Authority of Kenya created new rules in 2014 to tackle these issues. Among the measures included the setting up of a forensic […]
Comments are closed.