Biometric data collection in Kenya risky

An edited version of this article was published in the  Daily Nation on February 21, 2018.

I was buying a sim card when the customer care agent asked me to pose for a photo. I asked why they wanted a photo of me as they had all my personal information including a scanned copy of my national identity card. He mumbled back that government required SIM Card agents to take subscriber’s photos. Not convinced, I probed further on this new law but he could not elucidate the reasons. I later on discovered after reading the Kenya Information and Communications (Registration of SlM-cards) Regulations, 2015 that such a requirement doesn’t exist. The customer care agent either didn’t know the requirements, or lied to me about them.

 

This was not an isolated incident. Every day people give out their biometric data to both state and non-state agencies such as professional bodies, banks and even schools. Despite this mass data collection taking place for a while now, parts of the Kenyan citizenry have always expressed their reservations with the collection of biometric data.

 

During the first biometric voter registration in 2012, rumours were rife in western Kenya region on how fingerprint scans would make it easy for chiefs to arrest petty village offenders. Joseph Kamaru’s rendition of Mau Mau’s song Uhoro Uria Mwaiguire tells of a community mourning the incarceration of their war heros who refused to have their fingerprints taken. This reservation and fear played out recently in 2017 when some Mau Mau veterans raised concerns around biometric voter registration for fear of arrest over crimes they did while fighting for independence. All these show a lingering historical concern on the use of technology that communicates how some feel about the collection and use of biometric data.

In addition, there is currently no data protection law stipulating how personal information like biometric data should be handled and processed by both private and state actors. In fact, the only place where biometrics have been mentioned in Kenyan law is in the Elections Act. According to this legislation, biometrics are unique identifiers or attributes including fingerprints, hand geometry, earlobe geometry, retina and iris patterns, voice waves, DNA, and signatures. Even the abandoned Data Protection Bill of 2013 only contained a mention of fingerprints and blood type which were to be categorised as personal information.

 

Motivation behind collection of data

Data collection is part of know your customer logic, both for efficiency, trust and security. But increasingly, data collection has in itself become the business model of most companies. The value of personal aggregated personal thoughts, habits, and social networks are as valuable as any other high end market activities, witfully branded surveillance capitalism.

 

However, the collection and centralized storage of this highly sensitive and valuable data exposes these corporations to the risk of the data being misused at best and being stolen at worst. There are many reported cases of deliberate targeting of secure systems that hold sensitive data. These sensitive data is later sold to third parties in the black market who have illegal ways to monetize it such as by sale of data to fraudsters and identity theft.

 

In jurisdictions with data protection laws, the general privacy principle for corporations handling consumer data is that data obtained for one purpose shall not be used for any other purpose. This rule has general exceptions such as when the information is public, the data subject has given consent and public interest. However, Kenya has no data protection law which leaves personal information such as biometric data at the mercy of corporations that collect it. Security breaches and data loses are reported regularly in the US and Europe, but in Kenya there is no requirement for public or private sector entities to disclose such occurrences. Thus we don’t even know the risks that we face.

 

For example, during the 2017 general elections, many voters received targeted campaign texts messages that were rather too intrusive. The texts had the name of the voter and the exact constituency where they were registered as a voter. How politicians received access to the voter register and the voters cell-phone numbers remains a mystery to date. But it also shows us how vulnerable we are after subscribing for services where personal information is required, and could be shared with others without our knowledge.

 

One way we can push for accountability is by asking our newly elected parliamentarians to breathe life to Article 31 of the Constitution by legislating a data protection law. We are in dire need of a data protection law that give us, the data subjects, more say on how our personal information is collected and used by data processors. Daniel J Solove argued in his book ‘Conceptualizing Privacy’ that privacy ‘involves more than avoiding disclosure; it also involves the individual’s ability to ensure that personal information is used for the purposes she desires’.

 

Other than just the law, there is need for a legal obligation on data processors to be transparent about what data they are collecting, how will be used and who it will be shared with. This obligation can be based on the tort and crime of misuse of personal information. It will force data processors, such as public and private entities, to take data protection more seriously while protecting the data subject’s right to privacy. While many argue that they have nothing to hide, they should always remember that they have something to protect. Next time you think of buying a SIM Card, remember that you will probably be asked for more personal information than is required and that there is no law governing the use of that information.

Strengths and weaknesses of Cybercrimes Bill

There is a new bill

A revised version of this article was published in the Business Daily newspaper on the 21st of September 2017.

The question of how prepared Kenya is to deal with cybercrimes can no
longer be wished away. Cybercrimes not only cause damage but also
leave their victims embarrassed. Hence, not so many incidences are
reported by the victims. To address this issue, the Leader of Majority
Hon. Aden Duale sponsored the Computer and Cybercrimes Bill in June,
2017. It is a major improvement from the two cybercrime bills that
were published by Senate and the National Assembly last year.

The objectives of the draft act are to protect the confidentiality and
integrity of computer systems, programs, data while preventing the
unlawful use of computer systems. The proposed law is also meant to
facilitate the investigation and prosecution of cybercrimes and
facilitate international co-operation on cross-border cybercrime
matters.

Part two of the bill provides for the offenses covers various offences
in the cyberspace. As expected, hacking offences feature prominently
in this part. Hacking offences are where security measures of a
computer system are bypassed and unauthorised access, interference and
interception take place. To complement the anti-hacking sections, the
possession and use of stuff that can be used to hack for the primary
purpose of committing a crime is going to be outlawed. Sharing of
passwords with unauthorised persons to grant them unauthorised access,
interference and interception is also going to be a crime when the
bill becomes law.

A major positive in the bill are the provisions meant to protect
critical infrastructure. This includes public utilities (electricity,
water), public transportation, communications infrastructure, banking
and financial services among many others. This protection is crucial
because the economy can really suffer in the event of an unplanned
interruption such a mobile money outage. Safaricom recorded losses
earlier in the year when their systems went down countrywide.

Reports of Al-Shabaab destroying telecommunication masts show us that
foreign foes target critical infrastructure. From the Stuxnet attack
on the Iranian nuclear program, it is clear that there is a hanging
threat of cyber-attacks on our critical infrastructure. The draft law
has a provision on how to deal with a resident who aids a foreigner in
cyber-espionage and other attack on critical infrastructure.

Fake News
The draft law intends to outlaw false publications. The motivation
behind this definitely to curb the fake news menace that has become
major issue. While the idea is welcome, there is the fear that the
provision is beyond the scope of the limits of the right to freedom of
expression as contained in the constitution. A better approach would
have been to perhaps set a test to check the damage caused by the fake
news. The danger of this, damage; is that it makes it similar to the
old crime criminal defamation. In the landmark Jackline Okuttah case,
the High Court declared the crime of criminal defamation to be
unconstitutional.

Children’s rights find their way in this draft law with a provision
cracking the whip on online child pornography. This provision together
with the provision on cyber stalking and bullying will help save lives
of many internet users who meet human predators online. Computer
forgery and fraud are also going to be crimes once the bill becomes
law and this will help the many who get scammed online. The bill also
contains provisions on confiscation of proceeds of cybercrime and
compensation of victims, which is a major plus considering this is
criminal law.

The vague
A conspicuous section of the draft law proposes a punishment for
offenses under any other law through the use of a computer section.
The openness of this provision makes it vague and open to abuse the
way section 29 of the Kenya Information and Communication Act 1998
was. The KICA provision was declared unconstitutional in 2016 by Mumbi
Ngugi J in the case of Geoffrey Andere.

The investigation procedures acknowledge the need of a warrant prior
to an investigation also the exceptions are based on the Criminal
Procedure Code. Security agents with warrants will lawfully be able to
ask service providers to give out data and access to consumer computer
systems. The draft law provides for a protection of the service
provider from any liability.

The last part contains provisions on extradition and cooperation with
foreign nations in investigation and trial of cyber criminals. This is
a plus considering the cross border nature of cybercrimes.

The bill is clearer, well intentioned and covers much of issues to do
with cybercrime. With public participation and stakeholders input, it
will be a laudable cybercrimes law.

Is Kenya Ready for Unique Identifiers? Part I

It is reported that some 1.6 million students have registered to sit for the Kenya Certificate of Primary Education (KCPE) and Kenya Certificate of Secondary Education (KCSE) examinations in October 2017. As always, preparations for these examinations involves stringent security measures to curb cheating. Beyond cheating, forgery of academic degree certificates and other official documents is also on the rise. To fight this vice, the government has put various measures in place, the latest being introducing a six- character Unique Personal Identifier (UPI). This UPI will be linked to an electronic database with the educational records of all individuals from primary school up to university level. Other than blocking exam cheats and fake certificate fraudsters, the UPI will also be used to curb the theft of public funds by eliminating ‘ghost’ teachers and inflated student enrollment figures.

To read the rest of the article, click here.

Quick Thoughts on Biometrics, General Elections and Security in Kenya

In 1927, Liberian opposition presidential candidate Thomas J Faulkner was confident of unseating the incumbent in the general elections. The Faulkner-led People’s Party had marshalled support from all corners of the country and across all classes of people. On Election Day, Faulkner received 9,000 votes in what was supposed to be a landslide win. In the end, Faulkner lost to the incumbent Charles D. B. King who received 243,000 votes in an election with only 15,000 registered voters! Charles D.B. King’s script has been replicated in many African states and in the year 2007, it was replicated in Kenya.

In 2007 General Elections, voting irregularities were the order of the day and the results were violently contested. Many lost their lives and hundreds of thousands had to flee from their homes. The international community mediation team led by former UN Secretary General Kofi Annan came and negotiated a power-sharing deal between the incumbent Mwai Kibaki and opposition candidate Raila Odinga thereby forming a national coalition government.

To read the rest of the article, click here.

A Review of the Communications Authority Guidelines for Dissemination of Political SMS Text Messages and Social Media Content

Gazette Notice

In the run-up to the 2013 elections, Safaricom announced that it would control political messaging distributed via its network. This measure was put in place to avoid unnecessary attacks on individuals, their families and ethnic communities. The giant mobile network operator wanted to ensure that the bulk political SMS sent through its platform would not fall foul of the laws of Kenya. By publishing its own guidelines on bulk SMS of a political nature, Safaricom was working within its legal boundaries of leverage. This move was inspired by the Electoral Code of Conduct, which was part of the 2011 Elections Act that specifically prohibited hate speech in political campaigns. These guidelines were met by furor from the political class but the media peace campaigns drowned their voices.

To read the rest of the article, click here.

Is the Kenyan legal system ready for the Big data industry?

This article was first published in the Business Daily newspaper on the 22nd of June 2017.

Source: Forbes

Thousands around the world have signed up to online platforms for different services such as email, social media and news. Due to the borderless nature of the internet, markets are unlimited and people from different jurisdictions can subscribe to these sites. Note that despite the universal access, internet borders exist to enable people to pay for stuff using their local currencies, to provide use of local languages to users and regulation purposes.

Silicon Valley giants tend to have the advantage of the ‘data-network effect’ which enables them use data collected from customers in exchange for ‘free’ services such as email and social media. They use this data to attract more customers who generate more data that is used in improving services which attracts more customers. Behind this phenomena is a lot of behavioral economics, big data analysis and ad targeting.

Most of these data usually comes from personal communication devices, hence within the ambit of privacy laws and regulations in the nations where they are registered. In jurisdictions like Kenya where there are no strict privacy laws, it is usually up to the service providers’ good will to vet what data they will use and what they cannot use.

While it may appear to be a win-win situation because people don’t pay for access to online platforms, a data subject ought to have more say in how their personal information is being used. Many internet corporates have turned their subscribers to data mines which raises many ethical and legal questions.

First, there is the constitutional right to privacy. This is enshrined in Article 31 of the Constitution which protects the privacy of ones communications from being infringed. The Data Protection Bill is for an act that will give effect to Article 31 while regulating the processing and use of personal data.

The European Union laws on the right to privacy are really strict and they give more power to the data subject on their data unlike the US laws which are lax. In March, the US Congress passed a resolution to roll back the Federal Communications Commission (FCC) privacy rules which would have required Internet Service Providers to get a customer’s express permission before selling “sensitive data” like their browsing history. These regulations would have given the data subject a stronger say over their data like in Europe but the Congress voted against it.

A perusal of the draft Kenyan data law shows that service providers will still have a lot discretion, pertaining the use of personal data as they will be required to only notify the data subject. It allows the sale of personal data if permitted by any other law. It would be great if individuals are legally empowered to allow their personal data to be used by service providers who collect it like in the EU region.

The challenge of such a provision is that people have “learned helplessness”, where no one cares to read the terms and conditions of the online services they subscribe to according to Alessandro Acquisti of Carnegie Mellon University. Hence there is a possibility that very few will exercise this right even when they are codified.

Secondly, data is “non-rivalrous” hence it can be copied and used by more than one entity at a time. This means that data can easily be used for other purposes than those agreed between the data subject and data controller (service provider). This has been the case in Kenya where people have raised complaints that they are receiving geographically targeted text messages from political aspirants. Such incidences are a definite breach of a data subject’s rights.

Thirdly, the Kenyan data protection bill has provisions for mandatory data sharing with government agencies. This not unheard of as nations such as Germany have laws that require insurers to jointly maintain data on issues such as car accidents that smaller firms cannot compile on their own. This data sharing is even part of the European Union’s new General Data Protection Regulation (GDPR), that will require online services to make it easy for data subjects to transfer their data to other service providers including competitors. However,

Regional legislation of cyber laws has worked for Europe who can boast of the right to be forgotten. For African countries, that may be the best approach since a united market has bigger bargaining power than individual states. There is a draft convention, the African Union Convention on Cyber-security and Personal Data Protection which contains regulations on data protection. If this draft is ratified, we can even demand that the some of servers of the biggest internet corporations be hosted within in the continent and prohibit transfer of personal data from outside Africa. China has draft regulations that require firms to store all “critical data” collected on servers based in the country. The United Kingdom Data Protection Act prohibits data controllers from transferring personal data outside the European Economic Area.

Consumers of online services need to remember that there is nothing like free lunch. Where the product is free, the product is probably you. Online corporations have become dependent on free data and they clearly have no interest in changing their deal with their users. Despite that, it is important that fundamental rights such as the right to privacy are protected.

Edited version of the article as published in the Business Daily

Big wins for freedom of expression

This article was first published in the Nairobi Law Monthly magazine June 2017 edition.

Freedom of Expression

When the Universal Declaration of Human Rights was being drafted over 50 years ago, no one could have foreseen the impact of some of its provisions on the future. Priority was world peace as the world was just healing from the Second World War.

Article 19 of the UDHR, which was later adopted by Kenya in its 2010 Constitution, provided for the right to freedom of expression, which includes “(a) freedom to seek, receive or impart information or ideas; (b) freedom of artistic creativity; and (c) academic freedom and freedom of scientific research.”

Article 19

Since, at the time of drafting this code, Kenya was still nursing the wounds from the 2007/2008 post-election violence, a limitation was imposed on this freedom as it did not extend to: “(a) propaganda for war; (b) incitement to violence; (c) hate speech;(d) advocacy of hatred…”

Kenyans who voted for the Constitution in the 2010 referendum wholly agreed upon these limitations. The effect of this was that colonial laws that had been used to oppress vocal citizens became unconstitutional. Although arrests still take place, one by one, these laws are being quashed after petitions to the High Court by arrested persons.

The criteria for limitations for this right was judicially reiterated in the case of Coalition for Reforms and Democracy vs. The Republic (2015) where the High Court held that limitations to freedom of expression must be on grounds which are permitted under Article 33 (2) and that the State has a duty to demonstrate that the limitation is justifiable, and that freedom of expression is not a right to be interfered with lightly.

KICA s29 case: Geoffrey Andare vs. Attorney General & Director of Public Prosecutions (2016)

The accused, Geoffrey Andare, was charged under Section 29 of the Kenya Information Communication Act with the offence of improper use of licensed telecommunication system. The particulars of the offence were that he, through his Facebook account, posted grossly offensive electronic mail with regard to the complainant, a Mr Titus Kuria, in which he stated, “You don’t have to sleep with the young vulnerable girls to award them

opportunities to go to school, that is so wrong! Shame on you,” knowing it to be false and with the intention of causing annoyance to the complainant.

Mr Andare approached the High Court in person with an urgent application seeking to stop his prosecution in the said criminal case. The Court held that the provisions of Section 29 were so vague, broad and uncertain that individuals wouldn’t know the parameters within which their communication falls. Therefore it would offend the rule requiring certainty in legislation that creates criminal offences.

Section 29 imposed a limitation on the freedom of expression in vague, imprecise and undefined terms that go outside the scope of the limitations allowed under Article 33 (2) of the Constitution. Hence, section 29 of the Kenya Information and Communication Act was found to be unconstitutional for violating Article 33 of the Constitution.

Criminal Defamation case: Jacqueline Okuta & Another vs. Attorney General & 2 others [2017]

Defamation is usually a civil matter but in Kenya, it used to be a criminal offence under Section 194 of the Penal Code. In the case of Jacqueline Okuta & another vs. Attorney General & 2 Others [2017], the first petitioners had been charged with the offence of criminal defamation under Section 194 as read with Section 36 of the Penal Code.

The particulars of the charges against the petitioners were that they used Facebook to publish words with intent to defame one Cecil Miller. The petitioners submitted that Section 194 of the Penal Code violated the right to freedom of expression beyond the orbit of limitations permitted by the constitution under Article 33 (2) (d).

The High Court agreed with this assertion and reiterated that freedom of expression is secured under Article 33 of the Constitution. It also emphasised that any limitation must fall within the scope and ambit of the provisions of Article 24 of the Constitution. It found that criminal defamation couldn’t be reasonably justified in a democratic society as it offends the right to freedom of expression. Criminal sanctions on speech ought to be reserved for the most serious cases particularised under Article 33 (2) (a)- (d) where the Constitution aims at protecting public interest and peace.

The Robert Alai case, Petition 174 of 2016

This recent win comes from a judgement before Justice Enoch Chacha Mwita of the Constitutional and Human Rights Division, who declared Section 132 of the Penal Code to be unconstitutional. This section had criminalised undermining the authority of public office.
The petitioner in this case, Robert Alai had been charged under the offense for criticising the Head of State, President Uhuru Kenyatta. The offence carried a prison term of three years for those found guilty of the offence.

The High Court found the provision to have an unjustifiable limitation to freedom of expression, especially for an open and democratic society such as Kenya. It was therefore found inconsistent with Article 33(2) of the Constitution.

Fake news: The battle for clicks

fake news

It is no secret that technology has disrupted the media industry. In the past few years, media houses have downscaled operations, leading to many loss of jobs and have also changed their approach and joined the muddy battle for clicks. Every media house now has an online news blog even though the quality of news that they post leaves a lot to be desired.

In this new age, media houses do not just compete amongst themselves but also against blogs for traffic. As they say, all is fair in love and war. In this war, a huge number of blogs have resorted to posting sensational news so as to get views. This is because higher site views equals to higher ad revenue from online advertisers.

But fake news hasn’t been an issue until the recent US Presidential election when its impact was seen. Whether it has the potential to destroy a candidate or make him, politicians are now keen on social media now than before. One may say that maybe because of their knack for finances (adverts) over news that main media is now losing their credibility. This has created an opportunity for random blogs who rushed to update readers with the latest unbiased news. Unfortunately, this news is usually biased. Social media is set such that the algorithms feed a user with ‘more of what they want’. Hence denying them a chance to access divergent opinions and material posted on the network.

Suggestions have been made world over on the ideal remedy for this menace but in democracies, it is hard because it goes against the principles of free speech. The Canadian Supreme Court has held in a case to strike down a false news provision of law that the provision was contrary to the constitutional freedom of expression.

“The reality is that when the matter is one on which the majority of the public has settled views, opinions may, for all practical purposes, be treated as an expression of a ‘false fact,” the Learned Justices of the Court said.

In Kenya, the law limits the right to freedom of expression to the extent that one is not allowed to spread propaganda for war, incite people to violence, hate speech and advocate for ethnic hate. These limitations also apply to the media according to Article 34. The same constitutional provision also provides for the establishment of the Media Council of Kenya.

One of the roles the drafters of the Constitution envisioned this body to play is setting media standards while regulating and monitoring their compliance. It is with this powers that are expounded on in the Media Act that the Council accredits journalists while requiring them to follow the Code of Conduct for the Practice of Journalism. While the standards on accuracy, integrity and accountability apply to journalists; these standards do not apply to bloggers.

Hence they cannot be held to have breached the Code when they post fake news online. From the angle of defamation laws, some of these stories are not defamatory. Neither do they constitute a breach of Article 33(2). For example the many speeches attributed to Presidents Robert Mugabe and Donald Trump about Kenyans and corruption. If they were to be counter checked against the elements of defamation, they will fail. The statement might be false but not damaging per se, hence not warranting a suit for damages.

Some of the sites are not even within the Kenyan jurisdiction and no claim of damage may be sustained against them

Keeping in mind that this year is an election year in Kenya, the impact of sensational stories laced with ethnic chauvinism is a major concern to all. The Communications Authority of Kenya is already threatening an Internet shut down in the event people spew hate online. Recently, an ‘international’ propaganda website full of fake news on a Kenyan politician was exposed. The writer who hid under the name David Field was discovered to be a Kenyan techie. Even though it did not contain hate, the rising of such sites is a genuine cause for alarm.

Solutions that have been fronted include presentation of scientific evidence and engaging in reasoned arguments. However, the society as a whole finds academics unpalatable overrated. Evgeny Morozov’s solution however is the most reasonable. In his article, Moral panic over fake news hides the real enemy – the digital giants, he writes that the only way we can deal with click baiting fake news is by making online advertising less in our lives, especially at work and in communication.

While people may shun traditional media because of its links to politicians and corporations, they forget that the Internet companies they run to still act the same way. Perhaps the day we finally deny social media and search engines the clout they have in problem solving in all sectors including our politics is the day we will be free from the hazards of fake news online.

The 2017 Kenyan techno-legal issues watch list

  1. Election laws amendments

In Kenya, the election mood is rife. The Christmas holiday period was awash with debates on amendments to the Elections Act, 2011 and the special house sessions in Parliament. The issue being a proposed amendment to Section 44 of the election law to allow for manual back-up. The interesting part will be the legal implications of the entire process and its contribution to jurisprudence in the event of election petitions.

  1. Hate speech online

Speaking of politics, online hate in Kenya tends to be ethnic-political. People post all manner of stuff on social media. Just like in the US, there will be a lot of false political news which will most likely raise tensions. The challenge will be on the National Cohesion and Integration Commission (NCIC) to apprehend and ensure prosecution of all those who will engage in hate speech online. Past incidences have shown that apprehending anonymous perpetrators has not been a difficult thing for security officers.

  1. Internet shutdown

Looking back at the 2007/08 post-election violence and how hate speech fanned the flames of conflict, there is a general fear of an internet shut down during the election period. During the special Parliamentary sessions in December, the phone signals were jammed and the internet was shut around that area. That sent a strong signal that this year, the government may not shy away from shutting down the internet especially during the elections period. African states like Uganda and Ethiopia have been quick to shut down the internet. The overall effect of these steps are yet to be quantified and be known.

  1. Electronic filing of suits

Other than politics, Chief Justice Maraga mentioned in one of his first speeches after being sworn in that filing of law suits will soon be digital. This will be interesting development as it follows the WhatsApp serving of Cyprian Nyakundi by National Bank of Kenya. The plaintiff was unable to locate the reknown blogger and the High Court granted leave for substituted service of the sermons to enter appearance by way of email, newspaper advertisement and WhatsApp.

  1. Blogs vs Mainstream media

Technological disruption is also affecting the media business. With blogs popping up everywhere, the risk of fake news is real as observed during the recent US elections. Many fake stories on Donald Trump were all over the internet, written by individuals who were simply after advertisement money. The issue of click baiting false stories has put social media giant on the spotlight and it has reacted by changing it policy on article links shared on the platform.

Going into an election, many fake stories will surface and it is up to the readers to check its credibility. The Constitution of Kenya in Article 34 provides for the freedom of the media but subject to the conditions that limit freedom of expression. While the media is under the Media Council of Kenya, blogs do not fall under this ambit. Thus making it a tall order when it comes to enforcement of credibility in their news.

Screen shots, consumer protection and online (in)justice

This article was first published in the Nairobi Business Monthly December 2016

Web presence is a requirement in modern business. It is hard to trust a business entity which you cannot Google. How else will you know about the previous customers’ feedback?
Trending online can really boost sales and businesses strive to trend for all the right reasons. The biggest nightmare is trending online negatively. The people online are more courageous and unforgiving due to their presumed anonymity.

A lot of customer service is done on social media platforms. Service providers and their customers prefer this since it is convenient. This can be said to be in line with consumer protection right under Article 46 of the Constitution. This exercise can be said to be enabled by the exercise of the right of freedom of expression and the right to information.

Other than customer care, people have used online platforms to push for proper governance and to ask for accountability. People have even pressured public officers into doing their duty like in the Koffi Olomide incident where the musician kicked his dancer at the airport and the pressure on social media forced government officials to take action and the musician was deported.

Screenshot Era

Online forums are sharing platforms. Media files in the form of videos and photos circulate by the minute. Since the Internet has revolutionized communication, a lot of it is done online. Smartphones now can have over three messaging applications for users. These phones enable users to take screenshots and users have developed a habit of sharing screenshots of their communications with others.

In 2015, screenshots of ‘Brother Ocholla’ circulated all over the Internet. ‘Brother Ocholla’ had apparently sent a rather inappropriate text to his prayer group on WhatsApp forum and a member leaked a screenshot. The screenshot trended on social media for a while with people making fun of the situation that ‘Brother Ocholla’ was in.

All too recently, a customer care agent of a telecommunication company contacted a customer whom he had served. The customer wasn’t too amused by his deeds and not only told him off by sharing the screenshot of the brief chat with the world. As a result, the young customer care agent lost his job since his employer had to show that it is doing something concerning the alleged privacy breach.

According to Kenya’s Evidence law, screenshots are admissible in a court of law. Section 106B of the Evidence Act states that any information contained in an electronic record shall be deemed to be a document, hence admissible. This is subject to several statutory conditions though.

The general rule is that whatever is posted online is not subject to privacy laws. This was the position in the US case of Palmieri v. United States. In this case, the American court found that if an individual discloses information to their Facebook friends, they have potentially disclosed it to the entire world. The petitioner had shared information with a friend on Facebook and the friend shared the information with the US government.

The court, in its analysis stated that from the moment the petitioner, Palmieri, disclosed information to his Facebook friends, they were free to use it as they wished. Because of this, he could not claim that his rights to privacy have been breached. And the same principle applies to anyone who sends an email or even writes a letter; they lose any expectation of privacy once it is delivered.

While we have a right to free speech, sometimes sharing screenshots can amount to a breach of the right to privacy. People ought to be careful not to expose too much information about others arbitrarily. If the image contains sensitive information, blur it. It is not yet law, but it is good practice. A suspected pedophile recently boasted of his misdeeds on social media. The young man even posted the child’s picture on his timeline.

Due to rage, people online shared the screen shot while calling for his arrest. In the process, they breached the minor’s rights as a victim of alleged defilement.

Similarly, the lady who complained online about the customer care agent’s privacy breach ought to have at least blurred the young man’s contacts before sharing the information online. Though she was enraged, the maxim states that he who goes to equity must do equity. The young man still had a right to be heard before any decision was made under application of the maxim audi alteram partem.

According to the Kenya Data Protection Bill, personal information or data includes contact details including telephone numbers of the person. This provision puts contacts at the same ambient as health records which we all agree is sensitive information. Hence it is safe to say that the lady had a prima facie case, but her mode of handling it leaves a lot to be desired. Social media is not even a genuine court of public opinion since it usually depends on the opinions of the influencers. The loudest in terms of traffic win even if they are wrong.

It would have been better to publish that information after inaction from the service provider after reporting it. A best-case scenario is the online reporting by Karimi Mwari who shared her experience with rogue Dakika Sacco matatu crew online after reporting the matter to the authorities. Action was taken and the culprits were apprehended.

Experience has shown us not to place absolute trust on the people in these online platforms. This is a lesson Peter Kenneth and Hillary Clinton know all too well. It applies to other situations too, such as seeking justice. It is advisable to follow due processes before sharing it because once it is out it is out.