× Digital News Videos Health & Science Opinion Education Columnists Lifestyle Cartoons Moi Cabinets Kibaki Cabinets Arts & Culture Gender Podcasts E-Paper Tributes Lifestyle & Entertainment Nairobian Entertainment Eve Woman TV Stations KTN Home KTN News BTV KTN Farmers TV Radio Stations Radio Maisha Spice FM Vybez Radio Enterprise VAS E-Learning Digger Classified Jobs Games Crosswords Sudoku The Standard Group Corporate Contact Us Rate Card Vacancies DCX O.M Portal Corporate Email RMS

Opinion: Cyber security bill will make us responsible for our actions online

By Fiona Asionga | February 18th 2018
ICT Cabinet Secretary Joe Mucheru

It has taken Kenya’s ICT sector close to eight years to come up with an appropriate cyber security draft bill. What is a bit saddening is the fact that we have put out the cyber security bill before we could have the data protection required for effective implementation of the Access to information law. Maybe we need to take a few steps back and reflect on why cyber security, data protection and access to information laws are important for ICT sector’s growth.

The Kenya Internet Exchange Point has grown in such leaps of over 120 per cent annually, making it the fastest growing internet exchange point on the continent.

This has been achieved through collaboration with government in the development of the right policy framework and supporting regulations that have enabled Kenya to be the region’s ICT Hub and the most connected country on the continent.

With Internet penetration as per the ITU at 89.4 per cent, Kenya is leading the pack in Africa. However, in the advent of the new cyber crime bill, absence of the data protection law and existing access to information law what happens to the investor? Is the industry at a level where we can make such positive headway without the influence of foreign and local investors?

The bill highlights fundamental concerns likely to affect the business environment moving forward. For example, Clause 29 that outlines investigation procedures to be undertaken by the investigation officer with regards to interception of content data.

 It states that where a police officer has reasonable grounds to believe that the content of any specifically identified electronic communication is required for the purpose of a specific investigation in respect to an offence he may intercept the data. It also requires that service providers not to inform their customers when the customers are being investigated.

 This provision raised the question of protection of privacy rights; enshrined the Constitution of Kenya 2010. It also contradict key international practices that may influence whether or not a certain category of Kenya ICT businesses will continue to thrive or close shop.

It is essential that national laws touching on data protection align to the General Data Protection Regulations recently approved by the European Union to come into force in May 2018 (GDPR requirements). This will create a conducive business environment for the investor yet at the same time safe for all citizenry. Loose data protection and privacy laws  may mean that any EU registered business already in place in our country will risk winding up as a result of the heavy sanctions in place within the EU.

At the same time local businesses handling data from the EU will find their contracts canceled. Alternate routes to ensure compliance to EU GDPR and other privacy laws in place should be implemented and clause 29 amended to accommodate the individual rights for service providers to  inform their customers when, who and what of their data is requested or intercepted.

Clause 24 on searching without a warrant ignores the existence of the cyber space and has been written on a backdrop of access to physical premises. In the cyber age it is difficult to know in which premises an attack is taking place because of the manner in which technology can be implemented, adopted or deployed.

 It would be interesting to understand at what point and how in the cyber space a police officer will suspect an offence is been or likely to be committed so as to access the premises without a warrant and take possession of such computer system. It is most unlikely that a police officer will just be roaming around the cyber space so as to come across an offence being committed or likely to be committed within the cyber space.

On the whole the Computer and Cyber Crime bill 2017 addresses important concerns that affect everyone but the basis of online security begins with us. It will put many in check, since having passwords for systems you should not access will be outlawed as soon as it is accented and shall carry a fine on conviction not exceeding ten million shillings or imprisonment for a period not exceeding five years.

We will have to be more responsible for our actions as end users since the burden of responsibility shall be with the owner or creator of the data. Under the proposed law, service providers are expected to collaborate with the security agents in dealing with offenders.



Share this story
NASA is now stronger, says Kalonzo
“Politics have just started, there is no turning back, we must make sure that not again will elections be stolen and people rule by force.”
Opening Ceremony: Kenya takes her pride of place as 2020 Tokyo Paralympic Games begin
Team Kenya Paralympics strolled majestically into the Tokyo Olympic Stadium led by captain Rodgers Kiprop and Powerlifter Hellen Wawira for the Openin