CONFRONTING CYBER CRIME IN KENYA

Prof Ben Sihanya

Advances in ICT have ushered in important socio-economic, political and cultural benefits as well as complex crimes. Some experts define cybercrime as “any activity that exploits cyberspace in terms of using its infrastructure and knowledge to commit crimes.’’ Criminals have developed new and more efficient techniques and the Internet provides a huge opportunity for crime. Numerous Internet users have fallen prey to various infringements of their rights and fundamental freedoms under the 2010 Constitution, including privacy, security and intellectual property. Examples include distribution of child pornography, or violent images, methods to commit suicide, recipes for explosives, copyright theft and campaigns for the sale of stolen items through classified ads or even auctions.

In Kenya the most common cybercrime is spamming, or the communication of unsolicited or offensive SMS and email attacks. 

Cybercrime, which must pose a threat to individuals, businesses and the state, is classified into three groups namely: attack on liberty or on automated systems; on cryptology system. First, liberty is a complex social and constitutional concept. It may encompass positive or negative. The loss of personal privacy in the Internet is one of the most dynamic cybercrime. Ethan Katsh defines privacy in his book Law in a Digital World as the power to control what people can come to know about you and an individual’s ability to control the treatment of personal data made available in electronic format or during the use of the Internet. Privacy includes data relating to health, financial records as well as relationships and political strategies.

Kenya is seeking to embrace the full power and potential of the Internet, Social networking sites like Facebook, Myspace, desktop dating and Twitter have witnessed an explosion of subscribers in a relatively short while. The personal information divulged on such sites may be used in a manner detrimental to owners. Communication via email and blackberry has become the norm in business circles. These modes have been hacked into and personal details divulged.

Moreover, (the illegal) credit reference bureaus mandated to collect and keep people’s data in Kenya are potential targets of cybercrime. Although Art. 31 of 2010 Constitution and the  Banking (Credit Bureau) Regulations 2008,  provide a basis for regulating the operation of such outfits, there is no clear and comprehensive law to protect private data. Such data may be used to compromise the interest of the organisations or individuals concerned. Ensuring the security and integrity of online and offline data would help address cybercrime. Kenya does not have sufficient legislative, policy and administrative measures mandating institutions as well as officials or individuals to secure and protect   personal data.

Second, attacks on automated data systems are increasing in Kenya. A data system consists of the network of all communication channels used within an organisation. It may run without direct human input. Such systems perform vital functions as they enable deviations from set standards to be discovered promptly. Kenyan organisations communicate a lot of vital information via internal networks (or intranets). When information is unlawfully accessed the consequences have been detrimental to the integrity of the institution.

Yet under the e-Government (and e-Governance) strategy, the Kenya Government is encouraging citizens to use services available the online to facilitate the processing their applications. The risks include the fact that if the system is not secure, online applications expose the agency to threats from hackers. Legislative, policy and administrative measures should be strengthened to limit this inevitable intrusion into private networks.

Third, attacks on the cryptology system are likely to increase as e-transaction expand through the fibre-enabled high speed Internet. Happily, the Draft Regulations for the Provision of Electronic Retail Transfers that governs e-transactions was released early this year by the Central Bank of Kenya. In addition, a Draft E-transactions Bill has been pending. The Draft Bill would enable the responsible authorities to have jurisdiction over certain cyber crimes, while giving a sense of security to business people and individuals that there is machinery to protect their interests in cyberspace.

Encrypting messages relevant Internet transmitted will help protect users. But the Government is unlikely to encrypt some messages. It is upon individual and organisations to ensure that they protect their interests through self help, and seek to enforce privacy through the Executive, Judiciary and Parliament in case of breach.

The 2010 Constitution provides for liberty and responsibility. Therein lies the challenge of addressing cyber crime especially regarding privacy.

Prof Ben Sihanya teaches Intellectual Property & Constitutionalism at the University of Nairobi Law School.

This articles was published in the Daily Nation on Friday April 8, 2011.