Kenya's new cybercrime law opens the door to privacy violations, censorship

2018-05-30 13:40


Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Mercy Muendo, Mount Kenya University

More and more Kenyans are connecting to the internet, most frequently from mobile devices like phones and tablets.

There are, of course, big benefits to increased connectivity. These include the rise of mobile money transactions and access to loans. But there are downsides, too. The country has been targeted by hackers in several major attacks.

In May 2018 the Kenyan government responded to these and other high profile cyber attacks by signing the Computer and Cyber Crime Act into law. This seems a strange decision, since legislation already exists that deals with these issues.

The Kenya Information Communication Act and the Penal Code and its regulations already criminalised several cybercrimes. It could have been amended to, for instance, increase the penalties for certain crimes. Instead its provisions have been superseded by the Computer and Cyber Crime Act.

The new act is too vague when it comes to important details, particularly those that deal with the issue of surveillance. Will Kenya’s authorities use this legislation to “eavesdrop” on citizens? The act also criminalises the publication online of false information or hate speech. But it does not explain what “hate speech” entails in this context, and seems to lean towards outright censorship in parts.

The new act criminalises “false publications”, but offers no real definition of these. It also doesn’t give guidelines for distinguishing what it calls hate speech from speech that’s protected under Kenya’s existing laws.

That could pose a problem in a country where people often share opinions, news and views via the internet. Kenya is a polarised country – especially during election times. If one was to make a comment online that is offensive about a certain leader of a specific county it might be categorised under the new act as hate speech or incitement to violence.

The spirit of the act is to be applauded. It aims to boost security and Kenya’s cyber health. But it also violates fundamental individual rights and there is a need to reframe some provisions so it’s not abused by the criminal justice system.

File 20180525 51091 13m79b4.jpg?ixlib=rb 1.1A new act is trying to lock down cyber crime in Kenya. Ink Drop/Shutterstock

What the act says

The new Computer and Cyber Crime Act has several stated aims. For instance, it offers a framework for the timely and effective detection, investigation and prosecution of computer crimes. Such crimes include unauthorised access to or interference with computer systems by third parties; the distribution of child pornography and online harassment like bullying and stalking; and the production of fake publications.

These and other crimes described in the act come with very steep fines. For example, the crime of “fake publication” attracts a fine of 5 million Kenyan shillings (USD$50,000) or 10 years in prison. Unauthorised interference or interception of state protected computers attracts the longest sentence: 20 years.

Unfortunately the legislation is extremely vague when it comes to defining some of the offences, leaving a great deal open to individual interpretation. That’s particularly troubling when it comes to things like “fake publications”, since the act could be misused to censor free expression in the online space. And that directly contradicts the country’s Constitution.

The provisions around “publication of false information” and “hate speech” are too broadly framed. The worry is that such blanket provisions might lead to a damping down of free expression. Citizens may even self-censor, not sharing different opinions or views, because they worry that these will somehow contravene the act.

The act also lays the ground for international cooperation around prosecuting cyber crimes. And it sets up a crime reporting database. Any person who has information about a threat, attempt or actual cyber attack is now legally obliged to share this with the database within 24 hours of the incident. If they don’t, they’re liable for a fine or could be jailed for up to two years.

One problem with this is that it shifts liability on to the victim or target of the cyber crime. There should be a distinction between aiding and abetting a crime and actually being an ignorant victim or target who is not aware of the act’s reporting requirement.

Another is that once a planned crime has been reported, surveillance will be necessary to confirm it. Section 24 of the Act has a provision for searches without a warrant. This may take the form of blanket surveillance of, for instance, a WhatsApp group because of one person’s comments in that group. Others in the group who are not involved in any crime will also be “watched” by the state. This is a violation of citizens’ basic rights.

Moving forward

This act will have a big impact on Kenya’s information technology environment. In some cases this is a good thing: cyber crime must be taken seriously and criminals brought to book.

The ConversationBut there are challenges, too. The act in its current form infringes on Kenyans’ right to privacy through surveillance and the collection of data from users. The Act should be returned to parliament to amend the same and include parameters and guidelines on how the freedom of expression and privacy are to be limited. For example giving guidelines for one to understand what is hate speech, violent speech or ethnic incitement. Which speech is not protected and why. If not then the questions for Kenyans to ponder would be whether they are willing to give up their rights for cyber security.

Mercy Muendo, Lecturer, Information Technology and the Law, Mount Kenya University

This article was originally published on The Conversation. Read the original article.

Read more on:    kenya  |  east africa

Join the conversation! encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

Inside News24

Traffic Alerts

Jobs in Cape Town [change area]

Jobs in Western Cape region

Reporting Accountant

Cape Town
Network Finance Professional / Prudential
R310 000.00 - R360 000.00 Per Year

SQL Reporter

Cape Town
Communicate Cape Town IT
R10 000.00 - R12 000.00 Per Month

HSE Manager

Cape Town
Tumaini Consulting
R550 000.00 - R650 000.00 Per Year

Property [change area]

There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.