The High Court’s pronouncement in constitutional Petition Number 206 of 2019, which dismissed Bloggers Association of Kenya’s (BAKE) contention that some provisions of the Computer Misuse and Cyber Crimes Act were unconstitutional, greenlighted the way for the full implementation of this law. To understand the rationale and purpose of this law, section 3 is instructive. Under section 3, the purposes of the Act are to: “i) protect the confidentiality, integrity, and availability of computer systems data and programs; ii) forestall the unlawful use of computer systems; iii) assist in the prevention, detection investigation, prosecution and punishment of cybercrimes; iii) guard the rights to privacy freedom of expression and access to information; and iv) promote international collaboration on matters addressed by this Act.” Briefly put, the Act aims to deter irresponsible, objectionable, and malicious use of the internet by punishing and providing remedial measures for such misbehavior.
Part 3 of the Act spells out the computer and cyber offences and the punishment they attract. They include: i) unauthorised access; ii) access with intent to commit further offence; ii) unauthorised interference; iii) unauthorised interception; iv) unauthorised disclosure of password or access code; v) cyber-espionage; vi) false publications; vii) child pornography; viii) computer forgery; ix) computer fraud; x) computer fraud; xi) cyber harassment; xii) cybersquatting; xiii) identity theft and impersonation; xiv) phishing; xv) interception of electronic messages or money transfers, xvi) willful misdirection of electronic messages; xvii) cyber terrorism; xviii) inducement to deliver electronic messages, xix) intentionally withholding message delivered erroneously; xx) unlawful destruction of electronic messages; xxi) wrongful distribution of obscene or intimate images; xxii) fraudulent use of electronic data; xxiii) issuance of false e-instructions.
Interestingly, unlike ordinary criminal offences, the Act extends criminal liability to corporations under section 43.
Notably, mental disposition is an integral ingredient for criminal liability to be established in many of the listed offences above. For example, it is not sufficient that a person has merely caused loss of property to another person by interfering or manipulating any data stored in a computer for them to be convicted for the offence of fraudulent use of electronic data under section 38. Instead, the accuser must satisfy that the accused knowingly altered or manipulated the data, leading to the accuser losing their property. On the flip side, some offences will be established without the mental aspect. Such is the case in section 37, where a person who transfers, publishes, or distributes obscene or intimate images of another person through computer data transfer systems shall be guilty on conviction and liable to a fine not exceeding Ksh. 200,000, or imprisonment for a maximum period of two years, or both.
Additonally, the Act creates the National Computer and Cybercrimes Coordination Committee, which is principally charged with exercising an oversight role in matters relating to computer misuse and cybercrimes. This oversight role is very expansive as to include providing the government with advice touching on the security dynamics of blockchain technology, critical infrastructure, mobile money, and trust accounts.
Written by Edward O. Sudi