The Standard

Opinion: Cyber security bill will make us responsible for our actions online

By Fiona Asionga | 6yrs ago
ICT Cabinet Secretary Joe Mucheru

It has taken Kenya’s ICT sector close to eight years to come up with an appropriate cyber security draft bill. What is a bit saddening is the fact that we have put out the cyber security bill before we could have the data protection required for effective implementation of the Access to information law. Maybe we need to take a few steps back and reflect on why cyber security, data protection and access to information laws are important for ICT sector’s growth.

The Kenya Internet Exchange Point has grown in such leaps of over 120 per cent annually, making it the fastest growing internet exchange point on the continent.

This has been achieved through collaboration with government in the development of the right policy framework and supporting regulations that have enabled Kenya to be the region’s ICT Hub and the most connected country on the continent.

With Internet penetration as per the ITU at 89.4 per cent, Kenya is leading the pack in Africa. However, in the advent of the new cyber crime bill, absence of the data protection law and existing access to information law what happens to the investor? Is the industry at a level where we can make such positive headway without the influence of foreign and local investors?

The bill highlights fundamental concerns likely to affect the business environment moving forward. For example, Clause 29 that outlines investigation procedures to be undertaken by the investigation officer with regards to interception of content data.

 It states that where a police officer has reasonable grounds to believe that the content of any specifically identified electronic communication is required for the purpose of a specific investigation in respect to an offence he may intercept the data. It also requires that service providers not to inform their customers when the customers are being investigated.

 This provision raised the question of protection of privacy rights; enshrined the Constitution of Kenya 2010. It also contradict key international practices that may influence whether or not a certain category of Kenya ICT businesses will continue to thrive or close shop.

It is essential that national laws touching on data protection align to the General Data Protection Regulations recently approved by the European Union to come into force in May 2018 (GDPR requirements). This will create a conducive business environment for the investor yet at the same time safe for all citizenry. Loose data protection and privacy laws  may mean that any EU registered business already in place in our country will risk winding up as a result of the heavy sanctions in place within the EU.

At the same time local businesses handling data from the EU will find their contracts canceled. Alternate routes to ensure compliance to EU GDPR and other privacy laws in place should be implemented and clause 29 amended to accommodate the individual rights for service providers to  inform their customers when, who and what of their data is requested or intercepted.

Clause 24 on searching without a warrant ignores the existence of the cyber space and has been written on a backdrop of access to physical premises. In the cyber age it is difficult to know in which premises an attack is taking place because of the manner in which technology can be implemented, adopted or deployed.

 It would be interesting to understand at what point and how in the cyber space a police officer will suspect an offence is been or likely to be committed so as to access the premises without a warrant and take possession of such computer system. It is most unlikely that a police officer will just be roaming around the cyber space so as to come across an offence being committed or likely to be committed within the cyber space.

On the whole the Computer and Cyber Crime bill 2017 addresses important concerns that affect everyone but the basis of online security begins with us. It will put many in check, since having passwords for systems you should not access will be outlawed as soon as it is accented and shall carry a fine on conviction not exceeding ten million shillings or imprisonment for a period not exceeding five years.

We will have to be more responsible for our actions as end users since the burden of responsibility shall be with the owner or creator of the data. Under the proposed law, service providers are expected to collaborate with the security agents in dealing with offenders.

 

 

Related Topics

cyber security Internet Exchange ICT
.

Latest Stories

Ogolla's last moments in troubled North Rift
Premium Ogolla's last moments in troubled North Rift
National
By Standard Team
4 hrs ago
Premium Duale rules out political rallies at refurbished Uhuru Park
Politics
By Pkemoi Ng'enoh
4 hrs ago
Puzzle of 5 helicopter crashes in 12 months
National
By Benjamin Imende
4 hrs ago
.

The Standard Insider

Ogolla's last moments in troubled North Rift
By Standard Team 4 hrs ago
Premium Ogolla's last moments in troubled North Rift
North Rift: Kenya's valley of death
By Julius Chepkwony and Steve Mkawale 4 hrs ago
Premium North Rift: Kenya's valley of death
Military top shots likely to succeed Ogolla
By Fred Kagonye and Benjamin Imende 4 hrs ago
Premium Military top shots likely to succeed Ogolla
Firm claims duress in fake fertiliser probe
By Josphat Thiong’o 4 hrs ago
Premium Firm claims duress in fake fertiliser probe
.

Digger Classified

DIGGER MOTORS

DIGGER JOBS

DIGGER REAL ESTATE

GET OUR NEWSLETTER

Subscribe to our newsletter and stay updated on the latest developments and special offers!

CONNECT WITH US

FOR THE LATEST JOB ADVERTS

join Digger Classifieds telegram channel
The Standard
© 2024. The Standard Group PLC. All rights reserved