Testimony about the Cyber Security and Protection Bill before before the Kenyan Senate ICT- Committee
On 05th July 2016, the Kenyan Senate ICT Committee published the Cyber Security and Protection Bill. This was followed by a public hearing on the same draft bill on 19th October, 2016.
Here is a call for public input into the process:
Please see below my prepared statement that I presented on key clauses:
Ephraim Percy Kenyanito LL.B (Hons)
ICT Policy specialist,
experienced in human rights work and technology policy work in Africa
Dear Chair of the Senate ICT Committee and esteemed members. As a Kenyan citizen and a Legal Researcher/ Policy Analyst working on the connection between African ICT & Media Law, Human Rights, Intellectual Property Rights and International Development; I am pleased to have this opportunity to present my thoughts on the important work of protecting Kenyan citizens online.
I congratulate the Senate for this draft but would like to point out that there is an already existing similar process under the Ministry of Information, Communications and Technology (ICT). This process has been carried out under a multistakeholder format and has resulted in drafting of the Computer and Cyber Crimes Bill 2016. I would thus urge the Senate to look into this process and to find ways to merge the two draft bills.
However, despite my above comments, I would be happy to point out a few clauses in the senate Bill that I would request that they be considered for redrafting:
KEY CONTENTIONS PROVISIONS THAT THE COMMITTEE SHOULD REDRAFT
Section 12- 14:- Protection for digital security researchers
I would urge that the Senate Committee should redraft this section and ensure that it allows for protection for digital security researchers as they find and demonstrate the existence and extent of systems vulnerabilities. This has been considered under Section 4 (2), Section 6 (2) as read with Section 8 (3) (a) of the Computer and Cyber Crimes Bill 2016
The Senate Bill unfortunately does not recognize the important work carried out by researchers to enhance the protection of internet users unlike the Bill drafted at the Ministry which would allow for digital security research in conditions where, “…intended for the authorised training, testing or protection of a computer system;…” This is a good guidance as to when access to such systems exceeds an individual’s lawful authority.
Section 17, 18, 24, 25, 26 and 29- Criminalisation of Computer use
Esteemed committee members, I would like to point out that the offenses listed out in this clause are already covered in various Kenyan Laws and thus no need to create different penalties for the same offenses had they been carried out offline. These laws include the: Penal Code, Sexual Offenses Act, National Cohesion and Integration Act, Media Act No. 3 of 2007, and Films and Stage Plays Act. It is unnecessary and disproportionate to increase penalties for existing crimes if they have a computer component as it can potentially discourage ICTs adoption by the Kenyan community, a goal which the government has been advocating for under Kenya’s Vision 2030, the Africa Union Agenda 2063 and the United Nations Sustainable Development Goals.
I would further urge that in-case the committee sees a lacuna in how the offenses are addressed in those laws, they ought to amend each law separately and not potentially criminalize the use of Computers.
Specifically, I would cite Section 29 of the draft Bill as an example of the dangers of this trend. The draft law attempts to criminalise the use of names of others without looking into Limitations and Exceptions to domain laws, Copyright and Trademark laws. For example some names have meanings in other languages and would thus not be afforded protection, for example the name “Uhuru” is a name and is also a swahili word. In the manner that the draft law has been provided, it would provide blanket penalties without these considerations.
Section 14, 19 and 24: Need for comprehensive data Protection laws
I congratulate the senate for attempting to protect the data of Kenyan citizens through these provisions but would urge that there exists a Kenyan Data Protection Bill. I therefore urge the Senate that the best way to protect and advance the rights of Kenyans is to work for speedy passage of a comprehensive privacy and data protection law framework, building on these earlier efforts and would urge that as the Senate looks into this Bill, they should ensure that the Bill additionally ensures that the Private Sector is affords more protection of citizen’s data given their important role in service delivery to the Kenyan public.
THANK YOU VERY MUCH.
EPHRAIM PERCY KENYANITO
Legal Researcher/ Policy Analyst.
P.S- The Picture below was taken after the testimony before the Kenyan Senate ICT Committee.