Kenya’s Computer Misuse and Cybercrimes Act: What you need to know
The new law is supposed to curb cyber crimes and computer related offences. But will it do more harm than good?
The Computer Misuse and Cybercrimes Act of 2018 was drafted and assented to on 16 May, 2018 and came into force on 30 May, 2018. The Hacks and Hackers Nairobi chapter dove into the topic on its pros and cons led by a panel of experts in the field including; Ephraim Kenyanito, Program Officer, Digital Article 19; Henry Maina, Regional Director, Article 19 and Mercy Mutemi, a lawyer specializing in Internet Law and Policy. The panel was moderated by Shitemi Khamadi of the Bloggers Association of Kenya.
The new law caused quite a buzz with Kenyans online poking holes in its broad scope that provides authorities with the discretion of prosecuting individuals for freedom of expression at large.
“The police use a catch-all term, ‘national security’, and with the cyber espionage clause in the new act, a police officer could accuse you of subverting the course of justice if you refuse to comply with the law,” said Kenyanito, confirming the fear that the new law could be used against Kenyans innocently interacting online.
What techies need to know
Techies are also at risk of being accused for crimes such as using tech-tools that protect data online. “Tools like PGP that encrypt emails could be construed as an attempt to subvert the course of justice,” said Kenyanito.
Another pitfall the law exposes is the unclear or false definition of terms. An example of this is the use of the term ‘critical infrastructure’ which refers to an information system, program or data that supports or performs a function with respect to a national, critical information infrastructure. The Director of the newly created National Computer and Cybercrimes Co-ordination Committee is expected to designate certain systems as critical infrastructure, leaving a loophole of what the committee can decide to term as ‘critical infrastructure’ by their own standards.
Another example is the term ‘cybersquatting’ which is the practice of registering well-known company or brand names, as Internet domains, in the hope of reselling them at a profit. It has been wrongly described within the cybercrimes law, bringing ambiguity to whom exactly the law applies to, Maina reveals.
“The new law does not seem to understand concepts like cloud computing, which means that someone can be accused of a crime but the evidence is not even located on their computer,” said Maina.
Techies should also be aware that they may be called upon to act as experts during investigations when the police do not have the expertise, and may be compelled to under the cyber espionage clause. Meaning failure to comply could be construed as a criminal offence.
What journos need to know
According to Khamadi, journalists’ necks are on the guillotine. In recent months, Tanzania, Uganda and now Kenya have passed laws that tighten the already repressed Press Freedom rights in the region. Maina noted that most of the 14 countries in Eastern Africa now have cybercrime laws, but only seven have access to information laws. This shows that governments care more about cyber security, and not about individual rights.
Kenyanito revealed that this crackdown happened not by chance, but by design.
Whistleblowers are also at risk under the new law. Journalists may be compelled to reveal their sources at any time.
Maina also warns that for journalists, the cybercrime law may get them jailed for destroying their notes in the name of destruction of evidence.
What we all need to know
One thing is clear…
This law brings into stark relief how lax Kenyans have been with their personal data in the online space. However, we all need to get our acts together. According to Mutemi, the ambiguity of the clauses in the law may lead to ordinary Kenyans inadvertently landing in hot soup just for their usual online activities. “The cybercrime act has covered the act of committing offences, but not the intent of the act. Normal functionality such as deleting emails and messages may be a crime because it is not clear,” she said.
She also points out that the cybercrime act does not cover the aspect of international jurisdiction and conflict of laws between Kenya and other countries leaving loopholes in terms of extradition of international hackers.
This conversation began #HHNBO participants’ journey to understanding this law and ensuring they understand the new implications of their online activities.
The fight continues
On 29th May 2018, High Court Judge John Mativo suspended the implementation of some sections of the newly signed Cyber Misuse and Cyber Crimes Act 2018. The bloggers had sued the National Assembly, the Director of Public Prosecution and the Inspector General of Police over the bill, which they say infringes and threatens freedom of expression.
Keep an eye out for June’s Hacks/Hackers Nairobi meetup, and congratulations to the winner of the tweeting contest, Joshua Ondeke!
The worlds of hackers and journalists are coming together, as reporting goes digital and Internet companies become media empires.
Journalists call themselves “hacks,” someone who can churn out words in any situation. Hackers use the digital equivalent of duct tape to whip out code.
Hacker-journalists try and bridge the two worlds. Hacks/Hackers Africa aims to bring all these people together — those who are working to help people make sense of our world. It’s for hackers exploring technologies to filter and visualize information, and for journalists who use technology to find and tell stories. In the age of information overload and collapse of traditional business models for legacy media, their work has become even more crucial.
Code for Africa, is the continent’s largest Open Data and civic technology initiative, recognises this and is spearheading the establishment of a network of Hacks/Hackers chapters across Africa to help bring together pioneers for collaborative projects and new ventures.