ICT experts warn regulator over plan to snoop on Internet users

A man simulating hacking into a computer. PHOTO: COURTESY

Investors and ICT experts say they will challenge any attempt by the Communications Authority of Kenya to monitor communication channels and devices in the run-up to the 2017 General Election.

They warn that the acquisition of digital surveillance equipment by the CA is unconstitutional and in violation of international treaties safeguarding digital privacy.

“We are very concerned because this raises real issues of surveillance and violates personal freedoms and is against the constitution,” Ms Grace Githaiga, a cyber security expert and part of the Kenya ICT Action Network (KICTAnet), said.

On Thursday, CA revealed that the Government had procured Sh2billion worth of equipment to monitor social media communication channels and smart phone devices. CA Director General Francis Wangusi said that the surveillance systems were purchased to monitor communication on social media for hate speech and will not be used indiscriminately against all Internet users.

ARBITRARY SHUTDOWNS

Mr Ben Roberts, CEO of Internet service provider Liquid Telecom states that the Government cannot effect a country-wide shutdown arbitrarily. “Shutting down the Internet because of a few people engaging in hate speech does not make sense and is detrimental to the economy,” he explained. “People use the internet and social media networks to conduct business and cutting them off could cause the economy huge losses.”

Mr Roberts further stated that the company would not shut down the Internet unless there is a proper legal process followed. “There is a set out legal procedure that governments around the world have to follow if they intend to have ISPs take down the Internet and this prevents arbitrary shutdowns,” he said. “We would not take such action unless in very extreme cases and there is evidence of a real threat.”

Concerns have been raised on the criteria that will be used to determine the threat level posed by a particular social media user or digital broadcaster to warrant their surveillance.

INFRINGED UPON

Article 31 (d) of the Kenyan Constitution enshrines the right to privacy of all Kenyans including the right to have one’s person, home or property searched, their possessions seized, information relating to their family or private affairs unnecessarily required or revealed or the privacy of their communications infringed upon.

This means that the CA risks a lawsuit from users who feel their rights have been violated. The move by the CA is also against UN Resolution 68/167 passed in December 2013 by 67 members. The resolution affirms that the right to privacy exists online and must be protected and calls on states to review their policy and legislation in relation to communication surveillance, interception and the collection of personal data.

“We have seen governments increasingly adopt a Big Brother mentality which we need to reduce,” said Mr Ali Hussein, a digital law expert in Nairobi.

“Citizens do not have a problem with governments seeking to find people who have done wrong but blanket surveillance is wrong and against the law.” The delay in implementation of the Data Protection Bill 2013 has also been cited as one of the policy loopholes that have left Kenyans exposed to data breaches.

The Data Protection Bill 2013 which is stuck between Parliament and the Attorney General’s office, lays out detailed safeguards to protect users’ privacy and data. The Bill covers institutions such as hospitals, schools, mobile service providers and supermarkets that hold Kenyans’ vast amounts of data that could be used for profit.

“A person who interferes with personal data of a data subject or infringes on the right of a person to privacy commits an offense and is liable on conviction to a fine not exceeding Sh100, 000 or to imprisonment for a term not exceeding two years or both,” reads a part of the Bill.