The Kenyan government has signed a new bill that will let it demand access to data from its citizens’ cell phones, laptops, and other ICT gadgets which it believes has implications for national security.
On December 12, 2020, Kenya’s President, Kenyatta Uhuru, assented to the Statute Law (Miscellaneous Amendments) Bill, 2020 that amends the country’s Official Secrets Act, 1968, among other laws.
The Bill states that Kenyans with mobile phones or other communication devices will be required to provide emails, WhatsApp messages, SMS or any other data which the government deems a threat to national security.
Those who refuse to provide the data upon demand run the risk of serving a one-year jail term and/or paying a fine of Ksh1 million (~$9,000).
The Bill initially gave the cabinet secretary in charge of security sweeping access to this data. But the new law demands that this information can only be obtained through a court order.
Although the government insists that this law will curb rising cases of cybercrime and terrorism in the country, there are sufficient grounds for suspicion. When it comes to protecting the rights of its citizens, the Kenyan government, like most in Africa, has not covered itself with glory.
First, a look at the law the Kenyan government is trying to amend.
What’s the Official Secrets Act and what’s changed?
Five years after its independence, the Official Secrets Act, 1968 was enacted to protect and preserve state secrets and state security.
Under this law, the government could obtain a warrant and demand any telegraph message sent to and from Kenya at any time.
The amendment in 2020 replaces telegraph with telecommunications devices, and the new definition of data seemingly goes beyond the original scope of the Official Secrets Act.
Unlike the telegraph, telecommunications devices carry a lot more data from diverse sources. In the information age, these are of great importance to individuals and various organisations.
The cabinet secretary could initially demand this data when needed, but there appears to finally be a check with the need to obtain a court order.
Interestingly, the government recently signed the Data Protection Act, 2019, which introduced comprehensive laws to protect its citizens’ data.
The broad definition of data in the proposed amendment seems to be at odds with existing laws on the citizens right to privacy.
A room for abuse
Besides the court order requirement, there’s little indication that this law will not be a recipe for abuse. Also, the Kenyan government has attempted to invade its citizens’ privacy before.
In 2017, the Communications Authority of Kenya pressured telecom companies like Safaricom, Airtel, and Telkom Kenya to install a data management software on all devices using their service.
It stated that this would help detect fake mobile devices, stop illegal international calls originating from Kenya, and stop people from finding ways to boycott international call traffic. The CA later revealed that it was also part of measures to guard against cybercrime.
However, Safaricom and other telcos did not install the software, stating that third parties could use it to access calls, texts, and sensitive information like financial details.
Protection or suppression
With several countries coming up with laws for data protection and digital rights, African countries seem to be presenting a mix of progressive and restrictive laws and regulations.
In Nigeria, for instance, lawmakers are reviewing the Digital Rights and Freedom Bill to protect the rights of its citizens on the Internet, and the Social Media Bill that seeks to fine or imprison those who spread what the government considers to be falsehood on the Internet.
Similarly, in Kenya, the Data Protection Bill and a Social Media Bill were under review in the House.
The Data Protection Bill has since been passed, but not much has been said of Kenya’s Social Media Bill since the uproar that ensued, but the recent amendment could raise more discussions.
As we explored in this piece, Kenya was among some African countries that used the pandemic as an excuse to hound its citizens on social media.
A certain Elijah Muthui Kitonyo was arrested for allegedly spreading misleading information on Twitter about the whereabouts of a COVID-19 patient in Kenya.
Elijah Muthui Kitonyo aged 23 years has been arrested in Mwingi for publishing misleading and alarming information on Corona virus.
He will be charged for publishing false information that is calculated or results in panic contrary to section 23 of the Computer Misuse…
— DCI KENYA (@DCI_Kenya) March 15, 2020
At other times, dissenting parties or peaceful protests are deemed acts detrimental to national security, so it is unclear what people will be ordered to reveal.
Once again, the recent amendment seems to be another important piece of legislation with questionable provisions.
Listen to Built in Africa, a podcast by Techpoint Africa
On January 27, 2021, Techpoint Africa will be hosting the brightest minds in decentralised finance/crypto at the Digital Currency Summit tagged “Building the money of the future” Click here for more details, registration and sponsorship.
Report: Millionaire West African startups” raised over $1.806 billion between 2010 and 2019, 97.9% of which went to Nigerian startups. Get a free overview and 50% purchase discount here.