Octopus Cybercrime Community

The Computer Misuse and Cybercrime Bill, which was drafted with the assistance of the Council of Europe, was adopted in 2018 by the Inter-Agency Technical Committee on the Development of a Comprehensive Cyber Crimes Law. The National Assembly (Parliament) added some clauses, which are mostly relevant to content-related criminal offences before it passed it to law (Computer Misuse and Cybercrimes Act - CMCA). A better part of the Act is in line with the provisions of the Budapest Convention.

 The Bloggers’ Association of Kenya (BAKE) raised concerns on constitutionality of the Act and filed a petition to the High Court, which suspended 26 sections of the Act. The High Court, after the hearing, dismissed the application to suspend the 26 sections of the Act in February 2020, thus leading to full operationalization of the Act.

The Act deals with offences relating to computer systems including but not limited to unauthorised access, unauthorised interference, unauthorised interception, unauthorised disclosure of passwords, cyber espionage, false publications, child pornography, cyber terrorism and wrongful distribution of obscene or intimate images. It also deals with computer forgery, computer fraud, cyber harassment, publication of false information, cybersquatting, identity theft and impersonation, phishing, interception of electronic messages or money transfers, wilful misdirection of electronic messages and fraudulent use of electronic data among other cybercrimes.

The procedural powers listed in the CMCA include: search and seizure, record of and access to seized data, production order, expedited preservation and partial disclosure of traffic data, real-time collection of traffic data and interception of content data, referring also to questions of confidentiality and limitation of liability. Among the amendments made during the consultation process, there was no specification of any legal ground to be presented to the judge for obtaining warrants for production orders and search and seizure.

The CMCA includes, among its objectives, the protection of the confidentiality, integrity, and availability of computer systems, programmes and data, as well as the protection of the rights to privacy, freedom of expression and access to information as guaranteed under the Constitution.

• Kenya Information and Commnications Act, CAP 411A, 1998, revised in 2012
  • amended by The Kenya Information and Communication (Amendment) Act, 2014
• Sexual Offences Act, 2006
• Penal Code, 2012
• Prevention of Terrorism Act, 2012

Part V of the Act refers to international cooperation, in addition to the Mutual Legal Assistance Act and the Extradition (Contiguous and Foreign Countries) Act. It lays down the general principles and specific measures such as: sharing of spontaneous information, expedited preservation of stored computer data, expedited disclosure of preserved data, mutual legal assistance regarding access of stored computer data, trans-border access to stored computer data with consent or where publicly available, MLA in the real-time collection of traffic data, MLA regarding interception of content data, and establishes the 24/7 point of contact.

The Attorney General’s Office and the Department of Justice may make and receive requests to/from other states for the above mentioned procedures.

• Mutual Legal Assistance Act, 2011
• Extradition (Contiguous and Foreign Countries) Act, 1968
• Requests for Mutual Legal Assistance in Criminal Matters – Guidance for Authorities Outside of Kenya, 2018