This article was first published in the Business Daily newspaper 14 August 2016.
If there is an industry that is hard to regulate, it is information and communication technology. Other than being too dynamic, it is complex. There is a common saying that a year in tech is 90 days.
This means it is an industry which nations all over the world will continue playing chase when it comes to regulation. In Kenya, the legislature has come up with two Bills of similar nature.
Namely, the Computer and Cybercrimes Bill, sponsored by Leader of Majority Aden Duale and the Senate’s Cybercrimes and Protection Bill sponsored by Committee on Information and Technology chairperson Mutahi Kagwe.
Cybercrime rates have been growing by the day and it is encouraging to see that the government is taking action. The Computer and Cybercrimes Bill seeks to criminalise unauthorised access and interference, gaining access with the intention of committing an offence and unauthorised interception. The latter being in the spirit of protecting privacy which is enshrined in the Constitution.
Unauthorised disclosure of password or access code, child pornography, computer forgery, computer fraud, cyber stalking and cyber-bullying are also criminalised, among others.
The Cybercrimes and Protection Bill, on the other hand, criminalises unlawful access to a computer system, system interference, unlawful interceptions, fraud and cyber-bullying. All these are covered in the other Bill. One can say that this Bill is elaborate since it ropes in more cyber offences than the Computer and Cybercrimes Bill.
The investigation procedures in the Computer and Cybercrimes Bill leave a lot to be desired. While the normal procedure is that a court issues a warrant is before security officers take any action that would infringe the privacy of an individual, there are clauses that allow any officer to act without a warrant.
While it may be argued that the intention of the provisions is to avoid unnecessary delay, there is a high likelihood of human rights breaches if the Bill is enacted into law without those provisions being aligned with the Constitution.
The Cybercrimes and Protection Bill prohibits the sharing of some personal information in the course of investigation like health records. Despite this, Kenya still needs the Data Protection Bill 2013 to be assented into law because data protection principles would provide a better guide with the handling of personal data.
The fact that two draft laws seek to regulate the same thing is appalling. What mischief did the legislators have that they drafted two Bills?