[kictanet] Cyber Security and Data Protection (Senate) Bill Viz Computer and Cyber Crimes Bill (Parliament) - Need for Harmonization

Fri Aug 5 08:41:19 EAT 2016

Could someone kindly shed some light on the following.

1. With regards to Part IV Section 12, sub section 2, are there
protections for legitimate information security research? Particularly
my concern is with the reporting and disclosure of security vulnerabilities.

2. In Part IV Section 30 on the acquiring of tools; is the offence
acquisition of said tools or in using such tools for illegitimate purposes?

On 04/08/2016 11:59 AM, kictanet-request at lists.kictanet.or.ke wrote:
> ------------------------------
> 
> Message: 3
> Date: Thu, 4 Aug 2016 11:53:19 +0300
> From: Francis Monyango <monyango93 at gmail.com>
> To: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
> Subject: Re: [kictanet] Cyber Security and Data Protection (Senate)
> 	Bill Viz Computer and Cyber Crimes Bill (Parliament) - Need for
> 	Harmonization
> Message-ID:
> 	<CAOnWQhjfCO76eYa8_O=zi6m9m0jhquJaagr8BKCA6ki2Tr3gyw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Hello everyone,
> 
> Part II of the C.Security and Protection Bill will set up the National
> Cyber Security Threat Response Unit which O think should be the designate
> unit to execute functions and procedures in Part III of the Computer &
> Cybercrimes Bill 2016. No one wants random police checking in their
> premises to confiscate computers or phones in the name of section 22.
> 
> The C.Security and Protection Bill does not have extraterritorial
> jurisdiction provisions which would enable extradition. We all know the
> nature of cyber crimes and the recent arrest of Kick Ass Torrents owner
> Artem Vaulin is a testimony of how effective extraterritorial jurisdiction
> can be.
> The C.Security and Protection Bill does not also have provisions on online
> hate which is a big problem in Kenya. The issue of forfeiture of proceeds
> and profits of cybercrimes is not also in the bill. All these were provided
> for in the Computer and Cybercrimes Bill 2016.
> 
> The right to privacy, is 'under threat' in section 9. The drafters of this
> law have tried to mitigate the extent of breach in Section 10 and 11 where
> they give limitations to the information sharing between entities. However,
> I still wonder why it is taking forever for the Data Protection Bill to
> made law.
> 
> Section 22 outlaws phishing while section 24 criminalises identity theft
> which has become rampant in this age of Facebook and Instagram. Section 25
> illegalises pornography. In the Computer and Cybercrimes Bill, only child
> pornography was expressly outlawed. Cases of children being sexually
> exploited by persons they met online are on the rise and section 26 outlaws
> it.
> 
> Sharing of intimate photos of another person will also be a crime. The
> other thing that this bill covers is cyber squatting which we had discussed
> some time back. However, I think this provision should be thoroughly
> debated so as to avoid ambiguity during interpretation.
> 
> I think the Cybersecurity and Protection Bill is much better drafted when
> compared to the Computer and Cybercrimes Bill. I however join those who
> call for these two draft laws to be amalgamated.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 907 bytes
Desc: OpenPGP digital signature
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20160805/0e936c84/attachment.sig>