Discussion: Shaping Kenya’s Cybersecurity Ecosystem

Dear Linda,

Thanks for sharing your insights. I agree with you on the need to review
our penalties in the CMCA as imposing higher and more stringent penalties
for cybercrimes will act as a powerful deterrent, discouraging potential
criminals from engaging in such activities due to the increased risk of
severe consequences. But this begs the questions, which other listers can
chip in, i.e.:

1. How high a penalty do you think will suffice?
2. How do we accurately compute the enhanced penalties which we so need?

For example:
S.31 on cyber terrorism has penalties of up to 10 years imprisonment, a
fine of Kshs. 5 million or both.
S.21 on cyber espionage has penalties of up to 20 years imprisonment, a
fine of Kshs. 10 million or both.

Then there is S.19 pertaining to unauthorized disclosure of passwords or
access codes which has penalties of up to 3 years imprisonment or a fine
of Kshs. 5 million or both.

And yet with GOK embracing e-governance, with over 14,000 services uploaded
on E-Citizen with a target total of 21,000 services, with the private
sector also embracing digital transformation the unauthorized disclosure of
passwords and access codes can have serious socio-economic and national
security repercussions to our Republic.

Remember the Colonial Pipeline cyberattack that brought gas and fuel
supplies to most of the East Coast of the USA was due to one compromised
password.

Stay happy,
Mutheu.

On Thu, Aug 15, 2024 at 3:00 PM Linda Wairure via KICTANet <
[email protected]> wrote:

> Dear David,
>
>
> This is a timely and interesting discussion. My responses are as follows;
>
>
> 1. Do you believe that legal actions taken under the CMCA have been
> effective in deterring computer misuse and cybercrimes? To some extent
>
> If not then why do you think they have been ineffective?
>
> Some of the challenges include limited resources due to the nature of the
> cases, lack of awareness on the legal actions available under the CMCA,
> proper recruitment of technical expertise and slow judicial processes have
> hindered its full effectiveness. Additionally, the ever-evolving nature of
> cyber threats often outpaces legislative frameworks, making it difficult to
> address new forms of cybercrimes.
>
>
>
> 2. In your opinion are the penalties prescribed by the CMCA
> sufficient to deter cybercriminals? If not then which sections do you think
> need higher penalties, and what penalties would you propose in such an
> instance?
>
> These penalties may not be sufficient, especially for offenses like cyber
> espionage, cyber terrorism, and large-scale financial fraud. Increasing
> penalties for these offenses could enhance deterrence. For example;
> enhancing penalties for cyber terrorism (Section 33) and cyber espionage
> (Section 21) to include longer imprisonment terms and higher fines could be
> considered.
>
>
> Kind regards,
>
> Linda Gichohi.
>
> On Tue, 13 Aug 2024 at 23:55, David Indeje via KICTANet <
> [email protected]> wrote:
>
>> *Our Day 2 * discussion on the Computer Misuse and Cybercrimes Act (CMCA)
>> <ipkenya.wordpress.com/wp-content/uploads/2018/05/the-computer-misuse-and-cybercrimes-act-2018.pdf>
>> will focus on:
>>
>>
>> *Section 3: Effectiveness of Legal Actions Pursuant to the CMCA.*
>>
>> 1. Do you believe that legal actions taken under the CMCA have been
>> effective in deterring computer misuse and cybercrimes? If not then why do
>> you think they have been ineffective?
>> 2. In your opinion are the penalties prescribed by the CMCA
>> sufficient to deter cybercriminals? If not then which sections do you think
>> need higher penalties, and what penalties would you propose in such an
>> instance?
>> 3. Are there instances of misuse of the CMCA for political purposes
>> or to target specific individuals or groups?
>> 4. How has the public perception of the CMCA and its enforcement
>> impacted the effectiveness of legal actions under the CMCA?
>>
>>
>> *Section 4: Effectiveness of Safeguards Under the CMCA.*
>>
>> 1. Are the safeguards in place to prevent abuse of the CMCA, such as
>> those related to surveillance, search, and censorship, adequate? If not
>> then what can be done to enhance them?
>> 2. How can these safeguards be strengthened to protect individual
>> rights and freedoms?
>> 3. Have there been instances of abuse of the CMCA that have come to
>> your attention?
>> 4. What mechanisms are in place to hold accountable those who misuse
>> the CMCA?
>>
>>
>>
>>
>> —
>> *Kind Regards,*
>>
>> *David Indeje*
>>
>> *@**KICTANet* <www.kictanet.or.ke/>
>> * Communications *_____________________________________
>> +254 (0) 711 385 945 | +254 (0) 734 024 856
>> KICTANet portals
>> Connect With Us <linktr.ee/Kictanet>
>> ______________________________________
>>
>>