In mid-2017, Kenya’s Computer and Cybercrime Bill 2017 was gazetted, meaning locals had the chance to look at its suggestions. The bill covered all possible computer-related offenses for the public. This means that if the bill becomes law, no citizen will feign ignorance as for breaking the computer laws.
It is worth noting that the bill is important in a nation that continues to be subject of multiple cases of cyber-crime. The latest occurrence hit one of country’s top financial institutions, an intrusion that saw culprits get away with millions of shillings. Such happenings carry stiff penalties in the bill’s second part. For instance, unauthorized access of computer system carries a KES 5 million fine or 3 years imprisonment or both. Perhaps the bill’s toughest penalty is for offences involving protected computer systems that attracts a KES 25 million fine or KES 20 years jail time, as well child pornography that costs KES 20 million in fines and/or 25 years jail time.
TESPOK (Technology Service Providers of Kenya) is one of the institutions that influences ICT policy and regulations by engaging the government at relevant levels. The organization analysed the gazetted bill and had key contributions and recommendations before it progresses to the next stage.
To begin with, TESPOK proposes an amendment for Clause 8, which highlights the penalty for the offense of illegal devices. It is suggested the word ‘illegal’ be included in the clause’s definition for clarity as it has not been defined.
Secondly, Clause 13, which looks into child pornography cases, should drop transmission of child pornography as an offence as suggested in the bill.
“Intermediaries will be held responsible for data transmitted through their infrastructure. This is costly and impractical with the service providers,” reads a comment by TESPOK.
Thirdly, TESPOK suggests the deletion of Clause 23 that highlights search and seizure of stored computer data during an investigation.
“The requirement that an investigation officer seize a computer system during an investigation is impractical as it will have heavy implications on the business environment,” comments TESPOK.
Clause 34, which defines the power to search without a warrant in special circumstances, is equally questionable. The organization calls for further clarification for this segment to avoid confusion.
“The wording ‘special circumstances’ does not make it concise as to when there would be a search without a warrant.”
Another amendment addresses Clause 27 that provides for expedited preservation and partial disclosure of traffic data for service providers. TESPOK suggests a revision of the proposal to give a static definition of ‘stored data’ and ‘preserved data’ since retention and preservation do not mean the same thing. At the same time, ‘data moves very fast and switches do not store data.’
Lastly, TESPOK needs Clause 29 be deleted as it creates a basis for interception of content data that will compromise privacy rights and subject service providers to legal issues.
We will apprise you of the progress of these suggestions as the bill undergoes further scrutiny.