The burgeoning of ICT into every aspect of everyday life has brought about the modern concept of the information society. This development of the information society offers great opportunities. Unhindered access to information can support democracy, as the flow of information is taken out of the control of state authorities (as has happened, for example, in Eastern Europe and North Africa). Technical developments have improved daily life – for example, online banking and shopping, the use of mobile data services and voice over Internet protocol (VoIP) telephony are just some examples of how far the integration of ICTs into our daily lives has advanced.
However, the growth of the information society is accompanied by new and serious threats. Essential services such as water and electricity supply now rely on ICTs. Cars, traffic control, elevators, air conditioning and telephones also depend on the smooth functioning of ICTs. Attacks against information infrastructure and Internet services now have the potential to harm society in new and critical ways.
Attacks against information infrastructure and Internet services have already taken place. Online fraud and hacking attacks are just some examples of computer-related crimes that are committed on a large scale every day. The financial damage caused by cybercrime is reported to be enormous. By some estimates, revenues from cybercrime in Kenya surpassed all other East African countries.
With 75.3 per cent of Kenyan citizens formally included in financial services through financial technology, one would logically expect a correspondent increase in cybersecurity investments in the financial services sector. Regrettably, this is the opposite in the case of Kenyan banks. The Kenya Cybersecurity Report 2016, highlights that about 44% of financial institutions run on a paltry cybersecurity budget of $1-1,000 annually, whilst about 33% of financial institutions in Kenya have $0 spend on all matters cybersecurity.
The Computer and Cybercrimes Bill, 2017 (the Bill)
On Friday 16 June 2017, the Computer and Cybercrimes Bill 2017 was officially gazetted. Part of Kenya’s Vision 2030 is recognizing ICT as one of the key drivers of socio-economic development in Kenya. The Bill is therefore intended to protect and ensure a secure and safe digital environment. Broadly, the Bill covers the following offenses
- Offenses against the confidentiality, integrity, and availability of computer data and systems;
- Content-related offenses; and
- Computer-related offenses.
1. Offenses against the confidentiality, integrity, and availability of computer data and systems
All offenses in this category are directed against (at least) one of the three legal principles of confidentiality, integrity, and availability. Unlike crimes that have been covered by criminal law for centuries (such as theft or murder), the computerization of offenses is relatively recent, as computer systems and computer data were only developed around 60 years ago. The effective prosecution of these acts requires that existing criminal law provisions not only protect tangible items and physical documents from manipulation but also extend to include these new legal principles.
2. Content-related offences
This category covers content that is considered illegal, including child pornography, cyberstalking and cyberbullying. The development of legal instruments to deal with this category is far more influenced by national approaches, which can take into account fundamental cultural and legal principles.
3. Computer related offences
This category covers a number of offences that need a computer system to be committed. Unlike previous categories, these broad offences are often not as stringent in the protection of legal principles. The category includes computer-related fraud and computer-related forgery, phishing and identity theft.
The purpose of this review is to give the reader an overview of the proposed bill. As a qualification, this review only reflects the bill from MyGov assuming there won’t be much change from the gazetted one.
While I have tried to be diligent in this review, delays often occur before new legislation are published and/or officially released and therefore I cannot confirm that the bill is the final version.