[kictanet] Cybercrime Bill 2016

Tony White tony.mzungu at gmail.com
Thu Jul 14 07:42:28 EAT 2016


@Francis - agreed, but  I didn't feel it was clear enough as to
who was able to authorise, and for the tester, to possess the 'tools
of the trade' - remember, a tool - even a panga - may be used for
legitimate purposes, or for committing crimes - possession of the tool
does not constitute the crime.

Cheers,
Tony


On 14/07/2016, Francis Monyango via kictanet
<kictanet at lists.kictanet.or.ke> wrote:
> I have read the bill.I have noted major loopholes that can be used to
> breach the fundamental human right to privacy. But now to answer Tony on
> clauses that penetration testing, section 4(2) of the bill talks about
> unauthorized access. I believe if one is doing a 'pen test', they have been
> authorized to access that system. Section 6(2) of the bill is on
> interference. It also talks about permissions hence, not a crime to do a
> pentest. Lastly, section 8 (3)(a) states that activities  described  in
> the section do not constitute an offence if the acts are  intended  for
> the  authorised  training,  testing  or protection  of  a  computer
> system.
>
> There you have it. I hope I haven't gone all legalese on that one.
>
> Francis Monyango
> On Jul 13, 2016 2:17 PM, "Tony White via kictanet" <
> kictanet at lists.kictanet.or.ke> wrote:
>
>> I have read through the bill, and - although I am not a lawyer - it
>> looks like it has been well thought out and makes sense (unlike
>> *another* recent bill!).
>>
>> My main concern, with this (or any other) bill, is where it may be
>> open to abuse, intimidation, and/or corruption.  I hope those with
>> 'legal' minds may discover the specific areas which may be open to
>> abuse, and where further clarification within the bill may address
>> those concerns.
>>
>> Specifically, related to those whose work involves the provision,
>> and/or testing of the security of systems to guard against possible
>> cybercrimes.  I would like to see a section where specific exemption
>> is allowed where permission by a person in authority over a computer
>> system or telecommunications network is given to a specific person or
>> organisation to conduct testing of a system's security - commonly
>> referred to as 'penetration testing' or 'pentest'
>>
>> My initial thoughts.
>>
>> Tony
>>
>>
>> On 13/07/2016, Walubengo J via kictanet <kictanet at lists.kictanet.or.ke>
>> wrote:
>> > Listers,
>> > I know we have just come from an intensive 2week review of the ICT
>> > Policy.But PS Itemere says there is more work need on the Cybercrime
>> > Bill
>> > @http://www.mygov.go.ke/?p=11234
>> >
>> >
>> > Plse send your views on the Cyber Crime Bill and spread the word.
>> > @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone
>> forward
>> > to these hackers as well. I seem to have been kicked off their list at
>> one
>> > point.
>> > walu.
>>
>>
>> --
>> Tony White
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and
>> development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and
>> bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>


-- 
Tony White




More information about the KICTANet mailing list