A new cyber-crime law is in the offing, with the draft Bill set for tabling in Parliament for debate by March.
The draft, dubbed Cyber-Crime and Computer Related Offences Bill 2014, is to address offences against confidentiality, integrity and availability of computer data and systems. It also seek to curb cyber stalking, hate speech and identity related crimes.
“A person found to be in offence of unauthorised access to computer data attracts a fine of not less than Sh1 million, or a three-year jail term,” says the draft in part.
“A corporation attracts a fine not exceeding Sh50 million.”
Kenya still relies on Central Depositories Act and the Penal Code, among other frameworks, that are not clear with regard to arresting and prosecuting cyber-crime suspects.
“This will go on record as one of the most effective cyber security laws in Kenya as it aims to concentrate on ways of getting electronic evidence against the accused and at the same time focuses on police and prosecution,” said Director of Public Prosecution Keriako Tobiko.
Kenya has for long relied on physical evidence to arrest cyber criminals, a move that has stifled efforts towards reduction of the vice. ICT specialists say that cyber criminals need cyber expert surveillance since it is hard to physically detect both international and local cyber criminals.
Recent research shows that Kenya’s cyber security remains among the weakest in the world, exposing mobile phone subscribers and Internet users to data interceptions.
Euclid Consultancy, a cyber-security firm, states that service providers are using outdated network security software that is easy to hack.
In April, a Bangladesh hacker was able to access Kenyan domains belonging to major service providers such as Google, Microsoft, LinkedIn, HP, Dell and Kaspersky. Millions of users on the networks were redirected to the hacker’s site, which showed the message that the sites had been hacked. This reveals the high level of exposure to cyber-crime in the country and worldwide.
In 2012, Deloitte company noted that banks in East Africa alone lost about Sh4 billion to fraudsters who took advantage of weak security mechanisms. Communication Commission of Kenya currently targets to increase Internet penetration from the current 41.6 per cent to 70 per cent, a move that will increase cyber-crime cases. The regulator, however, says strict regulations will help curb the vice.
“We have introduced strict regulations that restrict Internet usage and protect data online; a person is required to have a digital certificate to transact online. This will enable us to know who is committing which crime in the Internet,” said CCK director Francis Wangusi.
The government has made several attempts in the past to combat cyber- crime, only to be faced with implementation and financial constraints.
Kenya, through the EAC ministry, CCK and the Central Bank, joined Burundi, Rwanda, Tanzania and Uganda in harmonising regional cyber laws in 2010. Talks are still ongoing and have not yielded tangible results.
In June 2013, a committee was formed to spearhead efforts against cyber-crime under the Communication Act of Kenya. The Act declared war on cyber criminals, with stiff penalties prescribed for unlawful acts like cyber hacking, and bullying.
The Kenya Information and Communications Act hosts electronics and mobile transaction laws and provides for cyber-crime in the country.
Mr Tobiko faults the law, saying, “KICA was not created with cyber-crime in mind, hence it is not comprehensive. That is why cyber criminals are roaming around freely.”
He added that there is a need for a specific law that deals with prosecution of cyber criminals.
Restrict Internet usage
Kenya has also backed an African Union convention on cyber-crime that seeks to restrict Internet usage by member countries. Stakeholders in ICT are lobbying against the convention, saying it will have substantial negative effects on Kenya’s online economy and social culture.
“We are obliged to second the petition because it addresses most cyber security problems that Kenyans are facing right now. The vice is costing us Sh2 billion annually,” said ICT Cabinet secretary Fred Matiangi.
Former permanent secretary in the Ministry of Information and Communication, Dr Bitange Ndemo, however defers with Mr Matiangi on supporting the convention.
“Kenya is barely getting the Internet economy yet we want to put excessive legislation in place. By 2017, the global cyber security market is expected to skyrocket to Sh10.2 trillion from Sh5.4 in 2011,” said Dr Ndemo. “In most cases, the statistics do not make sense and many developing countries are being wooed into spending a fortune in cyber security,” he added.