Battle against rising cyber crime should not infringe on the citizens’ right to privacy

It is hardly necessary to emphasise the impact of modern telecommunications in human life.

The growth of the telecommunications sector has tremendously revolutionised all spheres of human interactions.

To illustrate, according to available statistics, there are more than 20 million mobile telephone users in Kenya.

It is estimated that this number will increase by an additional five million in just two years.

The growth in the mobile telephony market is not only characterised by the increase in numbers but also by the development of mobile cellular networks.

Some mobile telecommunication companies have already rolled out fourth generation networks and compatible telecommunication devices.

This has led to the emergence of new services and applications for mobile cellular services such as:

(a) mobile banking,

(b) blogging,

(c) push-to talk services,

(d) location-based services,

(e) group chat applications

(f) personalisation and customisation services, and

(g) mobile games.

There are, of course, other important developments in mobile, wireless, portable and pervasive computing technologies that rely on other network technologies, with different reach and mobility handling capabilities.

These include wireless local are networks, the developing WiMax standards, satellites and developments in the internet protocol to allow in-motion and mobile communication.

Besides, the recent entrance in the Kenyan telecommunications market of companies providing big broadband based on fibre access will further add to the growth of telecommunications services.

The growing availability of high speed bandwidth is likely to enhance growth opportunities in the field of triple play.

These developments will undoubtedly impact positively on economic growth.

For example, the Mobile Banking product offered by Safaricom popularly known as M-Pesa has significantly improved the flow of money in the financial system.

Besides, the Internet is a remarkable facilitator for exchanging ideas. Data posted on the Internet is transmitted by altering the amplitudes, frequencies, or phases of electromagnetic waves.

System users send messages across borders through a series of interlinked servers.

A variety of physical network media, such as Ethernet or Token Ring, transform electrical charges into the lines, letters, and pictures appearing on computer screens.

Persons searching for educational or commercial providers can find a plethora of Web sites with interactive electronic dictionaries, newspapers, games, health care information, and government links.

The list of services available on the Internet is limited only by human imagination and advances in computer technology, both of which improve rapidly.

But there are some negative developments associated with growth in the telecommunication sector.

The worldwide explosion of communication technologies creates significant challenges for law enforcement agencies and national security organisations responsible for battling various forms of crime and terrorism.

The sophistication of criminal enterprises in exploiting emerging communication channels has increased with the rising popularity of these channels, posing a very real challenge to organisations responsible for protecting public safety and reducing the impact of crime on communities.

Given the broad availability of communication options and the relative ease with which criminal networks and terrorist groups can exchange information across these channels—-by both data and voice communication—the impetus to intercept illicit exchanges and track the operations of criminal enterprises is very strong and compelling.

For example, potential terrorists can easily use forms of mobile and internet communications to plan mass murder.

Others can use these services to spread hate messages, paedophilic information, or spread malicious falsehoods.

These negative externalities have brought to fore the role of the government in regulating telecommunications information and specifically the permitted instances where legislation may allow security agencies to lawfully intercept telecommunication information on the grounds of public security, public health or public morality.

An overlapping framework of national regulation in the telecommunications sector should establish the foundation for the monitoring of telecommunications, implemented to enable law enforcement agencies to intercept messages or information being distributed for illegal purposes.

The Policy framework for the telecommunications sector in Kenya is somewhat undeveloped.

The Government of Kenya developed the National Communications and Information Technology Policy in 2006, a time when the telecommunications sector was still growing and undoubtedly require updating to reflect the growing numbers, increased services and emerging challenges.

On cybercrime and the specific issue of lawful interception of telecommunication information, the ICT policy merely contains a one paragraph statement recognising the challenges brought by modern telecommunications and requires the country to establish an adequate legal framework and capacity to deal with national security, network security, cyber-crime and terrorism.

Besides, the ICT policy requires the establishment of mechanisms for international cooperation to combat cross-border crimes.

Further, the policy envisages the development of an e-security structure.

ICT policy

While the ICT policy requires the development of new legal framework “national security, network security, cyber-crime and terrorism” that will presumably cover aspects of lawful interception, it is desirable that adequate preparation is made.

The interception of telecommunication informational in a matter that inextricably appears to infringe on the right to privacy of individuals.

Therefore, the enacting of a legislation that permits lawful interception of telecommunication information requires a careful assessment and balancing of divergent interests. 

As a starting point, there is need to review the ICT policy to incorporate specific guidelines and legislative steps needed on lawful interception, as an emerging issue in cyber-security.

In the later parts of this essay, an attempt is made to highlight the critical issues that underlie lawful interception at both policy and legal fronts. .

These can be used to lay foundation of the suggested policy development and legal enactment.

Be that as it may, the Government has in the past made spasmodic attempts to enact legal framework on lawful interception.

Currently, there is no substantive legal regime governing lawful interception of telecommunication information in Kenya.

The Kenya Communication and Information Act, the statute that governs and regulates the telecommunications sector in Kenya does not contain adequate provisions on the subject.

The Act merely provides that one of the functions of the Communication Commission of Kenya (CCK), the sector regulator, in relation to broadcasting services shall be to protect the right to privacy of all persons.

Other than this, there is no clause that allows the Communication Commission of Kenya, for example, to prescribe regulations or guidelines on the interception of telecommunication information.

But section 83U of the Act that contains provisions prohibiting access into a computer system to obtain any programme contains derogation where access is allowed pursuant to the exercise of a statutory power to obtain information. 

This is a statutory recognition of the fact that the Government has power to enact a specific statute on lawful interception

Besides, the statutes governing the operations of the security agencies are equally silent on lawful interception of telecommunication services.

The Government has attempted to fill this lacuna in the recent past by piecemeal legislative reform proposals.

First, in 2005 the Anti-terrorism Bill was proposed. The bill contained substantial provisions allowing security agencies to lawfully intercept telecommunications provisions.

But it contained controversial provisions that sought to allow security agencies to seize property without due process, arrest and indefinitely detain suspects.

These issues stirred intense public debate forcing the government to shelve the bill.

Amongst other issues, it was rightly argued that provisions that disregarded due process were unconstitutional.

It was further argued that the bill vested on the security agencies unbridled powers that could be easily abused.

In the absence of an adequate consideration of issues, an explanation of the underlying policy objectives, and inclusion of adequate safeguards, the law on lawful interception is likely to stir similar public reaction.

Secondly, the Government has recently pushed through the enactment of the Mutual Legal Assistance Bill Act in 2009. 

The Act makes some provisions on lawful interception of telecommunication information.

The Act can be said to be the first major attempt by Kenya’s attempt to enact a specific statute on lawful interception of telecommunications information.

Despite the objective of the Act being to provide  the legal regime for mutual legal assistance to be given and received by Kenya in Kenya in investigations, prosecution and judicial proceedings, the Bill actually contains a substantive legal principles that appear to authorise interception of telecommunication information.

Ideally, given the situation-sensitive issues surrounding lawful interception, one would expect the enactment of a specific act of parliament that deals with issue.

Be that as it may, under the provisions of Article 27 of the Act, Kenya may execute a request from a requesting state for the interception and immediate transmittal of telecommunication information or the interception, recording and subsequent transmittal of telecommunication.

A request for Mutual Legal Assistance shall include:

(a) an indication of the authority making the request,

(b) confirmation a lawful interception order or warrant has been issued in connection with a criminal investigation, if such an order or warrant is required by law,

(c) information for the purposes of identifying the subject of the requested interception,

(d) details of the criminal conduct under investigation ,

(e) the desired duration of the interception and

(f) if possible, the provision of sufficient technical data, in particular the relevant network connection number, communication address or service identifier to ensure the request can be met.

Under Section 32 of the Act, a request may be made to Kenya from a requesting state for covert electronic surveillance.

Foreign law

Is this the best incorporation in legislative enactment of the principles on lawful interception of telecommunication information?

Not necessarily. Is it the only approach? Clearly not.

The provisions of the Act on lawful interception do not conform to the provisions of the Constitution.

It might create interpretational problems and if applied, its constitutionality can easily be challenged.

A number of reasons can be cited for this proposition.

First and critically important, the legislation does not provide for the circumstances, local warrant or interception order procedures.

The Attorney General is merely required to comply with requests that have been issued under foreign law and governed by exotic procedures.

This is very problematic in that there is no room for a person (the subject of interception) to challenge in Kenya, the legality or constitutionality of these procedures and law.

Currently, the High Court of Kenya has no jurisdiction to deal with the legality or otherwise of foreign procedures.

This puts a litigant in a difficult position where the only options available are to file proceedings in the requesting state country to prohibit the receiving into evidence information obtained upon interception in Kenya.

Alternatively, the aggrieved person has the option of seeking judicial redress in Kenya to preclude the Attorney General from transmitting the recorded information.

Secondly, providing for the interception of telecommunication information in Kenya by applying procedures and rules of the requesting state in Kenya may be considered as an attempt to apply foreign legal process in Kenya.

In essence, this extends the jurisdiction of the requesting state in Kenya, a clear affront to Kenya’s territorial sovereignty.

It would have been better if an Act of Parliament is enacted in Kenya that clearly provides for the rules and procedures to be followed in lawful interception.

These procedures should be subjected to a stringent constitutional test to preclude instances of flagrant violation of the right to privacy.

As it stands, the interception procedures in Mutual Legal Assistance Act are not adequate to meet the constitutional standards.

Persons enjoy the reasonable expectations of privacy as guaranteed by the Constitution; any legislation that takes away this right must be subjected to a cogent suitability test.

In sum the legal principles on lawful interception must be more nuanced, balanced and contain accurate rules that balance between the constitutional recognition of the right to privacy and instances where limitations of the right are permitted.

The derogations must be consistent with the aims of a free and open society.

Certainly, the Mutual Legal Assistance Act does not meet even the basic of the thresholds.

Given the sensitivity of the issue of lawful interception it is necessary that a substantive Act of Parliament is enacted.

A substantive statute on the interception of telecommunication information will not only cover all substantial themes on interception but also contain adequate safeguards to preclude abuse of discretion on the part of the security agencies.

This entails striking a balance between the privacy concerns of the citizenry and the public safety issues.

Kenya is not the first country to enact a statute of this kind. Countries such as United States, Australia have long enacted the Act and it has worked pretty well in their legal systems.

Mr Wanyama is an Advocate of the High Court and Member Young International Arbitration Group, London.