Strengths and weaknesses of Cybercrimes Bill

There is a new bill

A revised version of this article was published in the Business Daily newspaper on the 21st of September 2017.

The question of how prepared Kenya is to deal with cybercrimes can no
longer be wished away. Cybercrimes not only cause damage but also
leave their victims embarrassed. Hence, not so many incidences are
reported by the victims. To address this issue, the Leader of Majority
Hon. Aden Duale sponsored the Computer and Cybercrimes Bill in June,
2017. It is a major improvement from the two cybercrime bills that
were published by Senate and the National Assembly last year.

The objectives of the draft act are to protect the confidentiality and
integrity of computer systems, programs, data while preventing the
unlawful use of computer systems. The proposed law is also meant to
facilitate the investigation and prosecution of cybercrimes and
facilitate international co-operation on cross-border cybercrime

Part two of the bill provides for the offenses covers various offences
in the cyberspace. As expected, hacking offences feature prominently
in this part. Hacking offences are where security measures of a
computer system are bypassed and unauthorised access, interference and
interception take place. To complement the anti-hacking sections, the
possession and use of stuff that can be used to hack for the primary
purpose of committing a crime is going to be outlawed. Sharing of
passwords with unauthorised persons to grant them unauthorised access,
interference and interception is also going to be a crime when the
bill becomes law.

A major positive in the bill are the provisions meant to protect
critical infrastructure. This includes public utilities (electricity,
water), public transportation, communications infrastructure, banking
and financial services among many others. This protection is crucial
because the economy can really suffer in the event of an unplanned
interruption such a mobile money outage. Safaricom recorded losses
earlier in the year when their systems went down countrywide.

Reports of Al-Shabaab destroying telecommunication masts show us that
foreign foes target critical infrastructure. From the Stuxnet attack
on the Iranian nuclear program, it is clear that there is a hanging
threat of cyber-attacks on our critical infrastructure. The draft law
has a provision on how to deal with a resident who aids a foreigner in
cyber-espionage and other attack on critical infrastructure.

Fake News
The draft law intends to outlaw false publications. The motivation
behind this definitely to curb the fake news menace that has become
major issue. While the idea is welcome, there is the fear that the
provision is beyond the scope of the limits of the right to freedom of
expression as contained in the constitution. A better approach would
have been to perhaps set a test to check the damage caused by the fake
news. The danger of this, damage; is that it makes it similar to the
old crime criminal defamation. In the landmark Jackline Okuttah case,
the High Court declared the crime of criminal defamation to be

Children’s rights find their way in this draft law with a provision
cracking the whip on online child pornography. This provision together
with the provision on cyber stalking and bullying will help save lives
of many internet users who meet human predators online. Computer
forgery and fraud are also going to be crimes once the bill becomes
law and this will help the many who get scammed online. The bill also
contains provisions on confiscation of proceeds of cybercrime and
compensation of victims, which is a major plus considering this is
criminal law.

The vague
A conspicuous section of the draft law proposes a punishment for
offenses under any other law through the use of a computer section.
The openness of this provision makes it vague and open to abuse the
way section 29 of the Kenya Information and Communication Act 1998
was. The KICA provision was declared unconstitutional in 2016 by Mumbi
Ngugi J in the case of Geoffrey Andere.

The investigation procedures acknowledge the need of a warrant prior
to an investigation also the exceptions are based on the Criminal
Procedure Code. Security agents with warrants will lawfully be able to
ask service providers to give out data and access to consumer computer
systems. The draft law provides for a protection of the service
provider from any liability.

The last part contains provisions on extradition and cooperation with
foreign nations in investigation and trial of cyber criminals. This is
a plus considering the cross border nature of cybercrimes.

The bill is clearer, well intentioned and covers much of issues to do
with cybercrime. With public participation and stakeholders input, it
will be a laudable cybercrimes law.

Is Kenya Ready for Unique Identifiers? Part I

It is reported that some 1.6 million students have registered to sit for the Kenya Certificate of Primary Education (KCPE) and Kenya Certificate of Secondary Education (KCSE) examinations in October 2017. As always, preparations for these examinations involves stringent security measures to curb cheating. Beyond cheating, forgery of academic degree certificates and other official documents is also on the rise. To fight this vice, the government has put various measures in place, the latest being introducing a six- character Unique Personal Identifier (UPI). This UPI will be linked to an electronic database with the educational records of all individuals from primary school up to university level. Other than blocking exam cheats and fake certificate fraudsters, the UPI will also be used to curb the theft of public funds by eliminating ‘ghost’ teachers and inflated student enrollment figures.

To read the rest of the article, click here.

Quick Thoughts on Biometrics, General Elections and Security in Kenya

In 1927, Liberian opposition presidential candidate Thomas J Faulkner was confident of unseating the incumbent in the general elections. The Faulkner-led People’s Party had marshalled support from all corners of the country and across all classes of people. On Election Day, Faulkner received 9,000 votes in what was supposed to be a landslide win. In the end, Faulkner lost to the incumbent Charles D. B. King who received 243,000 votes in an election with only 15,000 registered voters! Charles D.B. King’s script has been replicated in many African states and in the year 2007, it was replicated in Kenya.

In 2007 General Elections, voting irregularities were the order of the day and the results were violently contested. Many lost their lives and hundreds of thousands had to flee from their homes. The international community mediation team led by former UN Secretary General Kofi Annan came and negotiated a power-sharing deal between the incumbent Mwai Kibaki and opposition candidate Raila Odinga thereby forming a national coalition government.

To read the rest of the article, click here.

A Review of the Communications Authority Guidelines for Dissemination of Political SMS Text Messages and Social Media Content

Gazette Notice

In the run-up to the 2013 elections, Safaricom announced that it would control political messaging distributed via its network. This measure was put in place to avoid unnecessary attacks on individuals, their families and ethnic communities. The giant mobile network operator wanted to ensure that the bulk political SMS sent through its platform would not fall foul of the laws of Kenya. By publishing its own guidelines on bulk SMS of a political nature, Safaricom was working within its legal boundaries of leverage. This move was inspired by the Electoral Code of Conduct, which was part of the 2011 Elections Act that specifically prohibited hate speech in political campaigns. These guidelines were met by furor from the political class but the media peace campaigns drowned their voices.

To read the rest of the article, click here.

Is the Kenyan legal system ready for the Big data industry?

This article was first published in the Business Daily newspaper on the 22nd of June 2017.

Source: Forbes

Thousands around the world have signed up to online platforms for different services such as email, social media and news. Due to the borderless nature of the internet, markets are unlimited and people from different jurisdictions can subscribe to these sites. Note that despite the universal access, internet borders exist to enable people to pay for stuff using their local currencies, to provide use of local languages to users and regulation purposes.

Silicon Valley giants tend to have the advantage of the ‘data-network effect’ which enables them use data collected from customers in exchange for ‘free’ services such as email and social media. They use this data to attract more customers who generate more data that is used in improving services which attracts more customers. Behind this phenomena is a lot of behavioral economics, big data analysis and ad targeting.

Most of these data usually comes from personal communication devices, hence within the ambit of privacy laws and regulations in the nations where they are registered. In jurisdictions like Kenya where there are no strict privacy laws, it is usually up to the service providers’ good will to vet what data they will use and what they cannot use.

While it may appear to be a win-win situation because people don’t pay for access to online platforms, a data subject ought to have more say in how their personal information is being used. Many internet corporates have turned their subscribers to data mines which raises many ethical and legal questions.

First, there is the constitutional right to privacy. This is enshrined in Article 31 of the Constitution which protects the privacy of ones communications from being infringed. The Data Protection Bill is for an act that will give effect to Article 31 while regulating the processing and use of personal data.

The European Union laws on the right to privacy are really strict and they give more power to the data subject on their data unlike the US laws which are lax. In March, the US Congress passed a resolution to roll back the Federal Communications Commission (FCC) privacy rules which would have required Internet Service Providers to get a customer’s express permission before selling “sensitive data” like their browsing history. These regulations would have given the data subject a stronger say over their data like in Europe but the Congress voted against it.

A perusal of the draft Kenyan data law shows that service providers will still have a lot discretion, pertaining the use of personal data as they will be required to only notify the data subject. It allows the sale of personal data if permitted by any other law. It would be great if individuals are legally empowered to allow their personal data to be used by service providers who collect it like in the EU region.

The challenge of such a provision is that people have “learned helplessness”, where no one cares to read the terms and conditions of the online services they subscribe to according to Alessandro Acquisti of Carnegie Mellon University. Hence there is a possibility that very few will exercise this right even when they are codified.

Secondly, data is “non-rivalrous” hence it can be copied and used by more than one entity at a time. This means that data can easily be used for other purposes than those agreed between the data subject and data controller (service provider). This has been the case in Kenya where people have raised complaints that they are receiving geographically targeted text messages from political aspirants. Such incidences are a definite breach of a data subject’s rights.

Thirdly, the Kenyan data protection bill has provisions for mandatory data sharing with government agencies. This not unheard of as nations such as Germany have laws that require insurers to jointly maintain data on issues such as car accidents that smaller firms cannot compile on their own. This data sharing is even part of the European Union’s new General Data Protection Regulation (GDPR), that will require online services to make it easy for data subjects to transfer their data to other service providers including competitors. However,

Regional legislation of cyber laws has worked for Europe who can boast of the right to be forgotten. For African countries, that may be the best approach since a united market has bigger bargaining power than individual states. There is a draft convention, the African Union Convention on Cyber-security and Personal Data Protection which contains regulations on data protection. If this draft is ratified, we can even demand that the some of servers of the biggest internet corporations be hosted within in the continent and prohibit transfer of personal data from outside Africa. China has draft regulations that require firms to store all “critical data” collected on servers based in the country. The United Kingdom Data Protection Act prohibits data controllers from transferring personal data outside the European Economic Area.

Consumers of online services need to remember that there is nothing like free lunch. Where the product is free, the product is probably you. Online corporations have become dependent on free data and they clearly have no interest in changing their deal with their users. Despite that, it is important that fundamental rights such as the right to privacy are protected.

Edited version of the article as published in the Business Daily

Big wins for freedom of expression

This article was first published in the Nairobi Law Monthly magazine June 2017 edition.

Freedom of Expression

When the Universal Declaration of Human Rights was being drafted over 50 years ago, no one could have foreseen the impact of some of its provisions on the future. Priority was world peace as the world was just healing from the Second World War.

Article 19 of the UDHR, which was later adopted by Kenya in its 2010 Constitution, provided for the right to freedom of expression, which includes “(a) freedom to seek, receive or impart information or ideas; (b) freedom of artistic creativity; and (c) academic freedom and freedom of scientific research.”

Article 19

Since, at the time of drafting this code, Kenya was still nursing the wounds from the 2007/2008 post-election violence, a limitation was imposed on this freedom as it did not extend to: “(a) propaganda for war; (b) incitement to violence; (c) hate speech;(d) advocacy of hatred…”

Kenyans who voted for the Constitution in the 2010 referendum wholly agreed upon these limitations. The effect of this was that colonial laws that had been used to oppress vocal citizens became unconstitutional. Although arrests still take place, one by one, these laws are being quashed after petitions to the High Court by arrested persons.

The criteria for limitations for this right was judicially reiterated in the case of Coalition for Reforms and Democracy vs. The Republic (2015) where the High Court held that limitations to freedom of expression must be on grounds which are permitted under Article 33 (2) and that the State has a duty to demonstrate that the limitation is justifiable, and that freedom of expression is not a right to be interfered with lightly.

KICA s29 case: Geoffrey Andare vs. Attorney General & Director of Public Prosecutions (2016)

The accused, Geoffrey Andare, was charged under Section 29 of the Kenya Information Communication Act with the offence of improper use of licensed telecommunication system. The particulars of the offence were that he, through his Facebook account, posted grossly offensive electronic mail with regard to the complainant, a Mr Titus Kuria, in which he stated, “You don’t have to sleep with the young vulnerable girls to award them

opportunities to go to school, that is so wrong! Shame on you,” knowing it to be false and with the intention of causing annoyance to the complainant.

Mr Andare approached the High Court in person with an urgent application seeking to stop his prosecution in the said criminal case. The Court held that the provisions of Section 29 were so vague, broad and uncertain that individuals wouldn’t know the parameters within which their communication falls. Therefore it would offend the rule requiring certainty in legislation that creates criminal offences.

Section 29 imposed a limitation on the freedom of expression in vague, imprecise and undefined terms that go outside the scope of the limitations allowed under Article 33 (2) of the Constitution. Hence, section 29 of the Kenya Information and Communication Act was found to be unconstitutional for violating Article 33 of the Constitution.

Criminal Defamation case: Jacqueline Okuta & Another vs. Attorney General & 2 others [2017]

Defamation is usually a civil matter but in Kenya, it used to be a criminal offence under Section 194 of the Penal Code. In the case of Jacqueline Okuta & another vs. Attorney General & 2 Others [2017], the first petitioners had been charged with the offence of criminal defamation under Section 194 as read with Section 36 of the Penal Code.

The particulars of the charges against the petitioners were that they used Facebook to publish words with intent to defame one Cecil Miller. The petitioners submitted that Section 194 of the Penal Code violated the right to freedom of expression beyond the orbit of limitations permitted by the constitution under Article 33 (2) (d).

The High Court agreed with this assertion and reiterated that freedom of expression is secured under Article 33 of the Constitution. It also emphasised that any limitation must fall within the scope and ambit of the provisions of Article 24 of the Constitution. It found that criminal defamation couldn’t be reasonably justified in a democratic society as it offends the right to freedom of expression. Criminal sanctions on speech ought to be reserved for the most serious cases particularised under Article 33 (2) (a)- (d) where the Constitution aims at protecting public interest and peace.

The Robert Alai case, Petition 174 of 2016

This recent win comes from a judgement before Justice Enoch Chacha Mwita of the Constitutional and Human Rights Division, who declared Section 132 of the Penal Code to be unconstitutional. This section had criminalised undermining the authority of public office.
The petitioner in this case, Robert Alai had been charged under the offense for criticising the Head of State, President Uhuru Kenyatta. The offence carried a prison term of three years for those found guilty of the offence.

The High Court found the provision to have an unjustifiable limitation to freedom of expression, especially for an open and democratic society such as Kenya. It was therefore found inconsistent with Article 33(2) of the Constitution.

The 2017 Kenyan techno-legal issues watch list

  1. Election laws amendments

In Kenya, the election mood is rife. The Christmas holiday period was awash with debates on amendments to the Elections Act, 2011 and the special house sessions in Parliament. The issue being a proposed amendment to Section 44 of the election law to allow for manual back-up. The interesting part will be the legal implications of the entire process and its contribution to jurisprudence in the event of election petitions.

  1. Hate speech online

Speaking of politics, online hate in Kenya tends to be ethnic-political. People post all manner of stuff on social media. Just like in the US, there will be a lot of false political news which will most likely raise tensions. The challenge will be on the National Cohesion and Integration Commission (NCIC) to apprehend and ensure prosecution of all those who will engage in hate speech online. Past incidences have shown that apprehending anonymous perpetrators has not been a difficult thing for security officers.

  1. Internet shutdown

Looking back at the 2007/08 post-election violence and how hate speech fanned the flames of conflict, there is a general fear of an internet shut down during the election period. During the special Parliamentary sessions in December, the phone signals were jammed and the internet was shut around that area. That sent a strong signal that this year, the government may not shy away from shutting down the internet especially during the elections period. African states like Uganda and Ethiopia have been quick to shut down the internet. The overall effect of these steps are yet to be quantified and be known.

  1. Electronic filing of suits

Other than politics, Chief Justice Maraga mentioned in one of his first speeches after being sworn in that filing of law suits will soon be digital. This will be interesting development as it follows the WhatsApp serving of Cyprian Nyakundi by National Bank of Kenya. The plaintiff was unable to locate the reknown blogger and the High Court granted leave for substituted service of the sermons to enter appearance by way of email, newspaper advertisement and WhatsApp.

  1. Blogs vs Mainstream media

Technological disruption is also affecting the media business. With blogs popping up everywhere, the risk of fake news is real as observed during the recent US elections. Many fake stories on Donald Trump were all over the internet, written by individuals who were simply after advertisement money. The issue of click baiting false stories has put social media giant on the spotlight and it has reacted by changing it policy on article links shared on the platform.

Going into an election, many fake stories will surface and it is up to the readers to check its credibility. The Constitution of Kenya in Article 34 provides for the freedom of the media but subject to the conditions that limit freedom of expression. While the media is under the Media Council of Kenya, blogs do not fall under this ambit. Thus making it a tall order when it comes to enforcement of credibility in their news.

Screen shots, consumer protection and online (in)justice

This article was first published in the Nairobi Business Monthly December 2016

Web presence is a requirement in modern business. It is hard to trust a business entity which you cannot Google. How else will you know about the previous customers’ feedback?
Trending online can really boost sales and businesses strive to trend for all the right reasons. The biggest nightmare is trending online negatively. The people online are more courageous and unforgiving due to their presumed anonymity.

A lot of customer service is done on social media platforms. Service providers and their customers prefer this since it is convenient. This can be said to be in line with consumer protection right under Article 46 of the Constitution. This exercise can be said to be enabled by the exercise of the right of freedom of expression and the right to information.

Other than customer care, people have used online platforms to push for proper governance and to ask for accountability. People have even pressured public officers into doing their duty like in the Koffi Olomide incident where the musician kicked his dancer at the airport and the pressure on social media forced government officials to take action and the musician was deported.

Screenshot Era

Online forums are sharing platforms. Media files in the form of videos and photos circulate by the minute. Since the Internet has revolutionized communication, a lot of it is done online. Smartphones now can have over three messaging applications for users. These phones enable users to take screenshots and users have developed a habit of sharing screenshots of their communications with others.

In 2015, screenshots of ‘Brother Ocholla’ circulated all over the Internet. ‘Brother Ocholla’ had apparently sent a rather inappropriate text to his prayer group on WhatsApp forum and a member leaked a screenshot. The screenshot trended on social media for a while with people making fun of the situation that ‘Brother Ocholla’ was in.

All too recently, a customer care agent of a telecommunication company contacted a customer whom he had served. The customer wasn’t too amused by his deeds and not only told him off by sharing the screenshot of the brief chat with the world. As a result, the young customer care agent lost his job since his employer had to show that it is doing something concerning the alleged privacy breach.

According to Kenya’s Evidence law, screenshots are admissible in a court of law. Section 106B of the Evidence Act states that any information contained in an electronic record shall be deemed to be a document, hence admissible. This is subject to several statutory conditions though.

The general rule is that whatever is posted online is not subject to privacy laws. This was the position in the US case of Palmieri v. United States. In this case, the American court found that if an individual discloses information to their Facebook friends, they have potentially disclosed it to the entire world. The petitioner had shared information with a friend on Facebook and the friend shared the information with the US government.

The court, in its analysis stated that from the moment the petitioner, Palmieri, disclosed information to his Facebook friends, they were free to use it as they wished. Because of this, he could not claim that his rights to privacy have been breached. And the same principle applies to anyone who sends an email or even writes a letter; they lose any expectation of privacy once it is delivered.

While we have a right to free speech, sometimes sharing screenshots can amount to a breach of the right to privacy. People ought to be careful not to expose too much information about others arbitrarily. If the image contains sensitive information, blur it. It is not yet law, but it is good practice. A suspected pedophile recently boasted of his misdeeds on social media. The young man even posted the child’s picture on his timeline.

Due to rage, people online shared the screen shot while calling for his arrest. In the process, they breached the minor’s rights as a victim of alleged defilement.

Similarly, the lady who complained online about the customer care agent’s privacy breach ought to have at least blurred the young man’s contacts before sharing the information online. Though she was enraged, the maxim states that he who goes to equity must do equity. The young man still had a right to be heard before any decision was made under application of the maxim audi alteram partem.

According to the Kenya Data Protection Bill, personal information or data includes contact details including telephone numbers of the person. This provision puts contacts at the same ambient as health records which we all agree is sensitive information. Hence it is safe to say that the lady had a prima facie case, but her mode of handling it leaves a lot to be desired. Social media is not even a genuine court of public opinion since it usually depends on the opinions of the influencers. The loudest in terms of traffic win even if they are wrong.

It would have been better to publish that information after inaction from the service provider after reporting it. A best-case scenario is the online reporting by Karimi Mwari who shared her experience with rogue Dakika Sacco matatu crew online after reporting the matter to the authorities. Action was taken and the culprits were apprehended.

Experience has shown us not to place absolute trust on the people in these online platforms. This is a lesson Peter Kenneth and Hillary Clinton know all too well. It applies to other situations too, such as seeking justice. It is advisable to follow due processes before sharing it because once it is out it is out.

Should we really regulate tech?

An edited version to this article was first published on Nairobi Business Monthly October 2016

Lady Justice Mumbi Ngugi of the High Court of Kenya declared, in May, section 29 (b) of the Kenya Information and Communication Act unconstitutional. This provision of law was found to be vague by the learned judge. Geoffrey Andare, a web developer who was charged under that Section in 2015 successfully challenged its constitutionality and the charges against him were dropped. This was the case for other bloggers who had been arrested for the offense this year.

Fast-forward to July and a Bill whose purpose is to regulate ICT practitioners surfaced. Its vagueness is stupefying to the extent that it may appear like there must be a vague law that touches on ICT at any given time.

Laws are not created to be aspirational documents and it is unfair to everyone including lawmakers to engage in acts of futility. This is why understanding the subject matter of a law is important. Information and communication technology is not only complex but also disruptive. It is a wave, which has destroyed careers at the same rate that it has created them.

The proposed law in Section 2 states the definition of ICT which ropes in all the possible uses of the technology including collecting, storing, processing, using and sending out of information. The definition includes the use of computers, mobile apparatus or any telecommunication system in the aforementioned activities. Further in the same Section, ICT practice is defined as practice of ICT for a fee or gain either in kind or cash while a practitioner is an individual who will be registered under the law to practice. From those definitions, pretty much everyone in this digital age becomes an ICT practitioner. Why? We use computers at the work place – practice for gain. Doctors use computerized machines for diagnosis- practice for gain. Use your phone to place a bet for a soccer match – practice for gain. The Bill ropes in everyone who uses technology and it raises the various jurisprudential questions. What mischief does it seek to remedy by regulating use of ICT by everyone?

Section 6 of the Bill provides for an institute and states it functions, which are already being executed by the Ministry of Information and Communication Technology and the Kenya ICT Authority. Global market forces also play a big role in enforcing some of these functions such as ensuring high standards amongst persons who engage in ICT practice. In our current digital world, enterprises compete globally. That is evidenced by the heavy use of social media and email servers that are not locally owned. Hence purporting to enforce standards for ICT nationally while the market is forcing us to catch up with the rest of the world will be jocose.

The institute in the proposed legislation will engage in protecting, assisting and educating Kenyans on matters to do with the profession of ICT. While the protection aspect of that function can be supported by Article 46 of the Constitution, existing government bodies such as the Communications Authority of Kenya already have consumer protection regulations to execute that role. Other protection mechanism exist in the market where information spreads as fast as digital media, forcing those who engage in ICT practice to prioritise user experience and consumer needs. The ICT Authority has been engaging in education activities on ICT, which renders the institute’s proposed function redundant.

On proposed function of approving of courses and administering examinations, it may be argued that the institute intends on creating uniformity in terms of qualifications like lawyers and accountants have. This function leads to the next one, which is, registration and license of ICT practitioners who according to Section 15 must have a degree and three years of experience. These requirements show a clear lack of understanding as to how the ICT industry works. Bill Gates, Steve Jobs, Mark Zuckerberg and many other prolific innovators in the ICT world have no university degrees to their names but they have changed the world. Had they been Kenyan at this time, they would not be allowed to engage in the practice of ICT. The ICT labour market tends to pick on the brilliant innovators who can do the job rather than individuals with papers. That is why it has been able to grow so fast because it is open to everyone who has something to offer. Placing restrictions based on academic qualification will outrightly amount to stifling innovation because, now even school going children are coding and making applications.

The Bill also states that the proposed institute will act as an arbitrator in any disputes between a licensed ICT Practitioner and a client. This proposal seems to be off, considering we have Chartered Arbitrators in the country and law courts. From recent history of the industry, disputes seem to be between those who engage in the practice of ICT with the example of the dispute between the brains behind Angani Cloud. The institute would have been better placed addressing such disputes because they affect the growth of the ICT industry. It would also have proposed to promote the industry internationally rather than itself though almost all listed functions are and can be executed by the existing bodies.

Sections 20 and 23 of the Bill are a noose on the necks of many in the industry currently since it insists on one having a license and prohibits those who won’t have it from recovering fees for ICT services. In our current corporate world, companies have invested in social media managers who handle their social media. No course in school teaches this yet it is a service that is so crucial to today’s business where digital presence is key. The people hired for these jobs fall under the scope of this Bill by virtue of engaging in ICT practice for gain. So will the enactment of this law spell doom for these people who engage in ICT practice in a field that is not taught in any school? Will it be illegal to be a blogger or have a YouTube channel? What about those who work for international tech companies remotely? Will this proposed law apply to them?

Lon Fuller in his book the Morality of Law writes about King Rex who promulgated a law that required his subjects to appear before the throne once summoned in ten seconds. His subjects responded by sending him a leaflet which read, “To command what cannot be done is not to make law; it is to unmake law, for a command that cannot be obeyed serves no end but confusion, fear and chaos.”

To criminalise the use of a computer or mobile phone for gain is not to make law. It is to unmake law. It is forcing our Silicon Savannah to drink hemlock. It is to command that which cannot be obeyed, enforced and even investigated, which is causing confusion, fear and chaos. The brains behind the Bill should really reconsider their stand and if possible, withdraw the Bill. If not, they should engage stakeholders. The Cabinet Secretary in charge is on record claiming that the Bill did not come from his Ministry and experts have found its provisions contradictory to the National Information & Communications Technology (ICT) Policy of 2016. As we embark on the journey of achieving Vision 2030, it is important for all of us to be on the same page so as to work together. For it is in our best interest as people that we progress together.

Why block chain technology can help resolve land transaction woes


An edited version to this article was first published on  Business Daily September 2, 2016

Land is dear to Kenyans. Despite how we abhor agriculture, everyone wants to own a plot somewhere. A result of this obsession is a lot of speculation in buying of land, over pricing and graft in the land registries. Law courts are busy deciding cases involving land transactions. And it runs across the divisions in the High Court, from the Land and Environmental Division to the Family Division.

We have recently witnessed high profile land rows where individuals have been accused of selling off a single parcel to many parties. While due diligence is key in investigation of titles especially in the conveyancing procedure, one can never be so sure with the results they get.

There are incidences where the official search results have shown the vendor as the owner only for the real owner to show up after completion of the transaction.

A solution to these pitfalls in the conveyancing process is block chain technology. A block chain is often described as a widespread, global distributed ledger running on millions of devices and open to anyone.

In it, anything of value like money, titles of land can be moved and stored securely and privately. The technology has a system of establishing trust though not through intermediaries like banks but through mass collaboration and powerful cryptography algorithms. This ensures integrity and trust between strangers while making it difficult to cheat. While cryptocurrencies like Bitcoin are the most notable products of block chain technology, land can be transacted through this technology.

The advantages that this type of transaction will have will be the availability of incorruptible land records. This will be availed by the distributed public ledger which tracks and records every transaction whose security is ensured due to its decentralised medium.

Hence where a buyer intends on investigating the title that a land vendor claims to have, block chain technology will enable verification of title since it will show the transaction records of that property and the owner and all previous owners.

South American countries like Honduras, have already committed to replace their existing land records with block chain technology which will eventually allow citizens to sell or buy property online. The distributed ledger is being embraced by more corporations like Factum which is applying it to the non-financial market of data management. The corporation uses public block chain-based identity ledgers in database management and data analytics to support applications.

Factom can be used by businesses and governments in simplification of records management, record business processes, and to address security and compliance issues. It maintains a permanent, time-stamped record of data in the block chain that allows companies and governments to reduce the cost and complexity of conducting audits, managing records while complying with the set laws. The Constitution of Kenya lists transparency as one of the principles of land policy and block chain technology will play a big role in ensuring that there is integrity in the system.

Bitland, a NGO in Ghana is also developing a land title system based on the Tao block chain. It is doing this since the Ghanaian government has failed to develop a fair and efficient land administration system despite numerous attempts. The system will also use GPS and satellite to verify the accuracy of the plots of land. Just like in Kenya where identifying the last owner of property rights over a  piece of land is an issue, they hope the system will reduce the disputes or make them more visible to prospective buyers. This will ensure security and reduce ownership cases.


While the distributed ledger might be the technology’s biggest strength, many legal questions arise. The question on who to sue when things go wrong since the entire structure of the block chain is decentralised is major.

Another challenge is on the form of conveyancing transactions, keeping in mind that most transactions that are legally binding are based on precedent forms and documents.

There is hope for this though, since it is expected that as time goes on consensus will develop with code libraries and there will be a uniformity.

While solutions cannot just be copy pasted from another jurisdiction, Kenya can pick lessons from nations that have already started using the technology.