ICT secretary Joe Mucheru. [Daily Nation]
Cyber criminals will serve 20 years in jail if parliament passes a Bill seeking to tame the growing white-collar crime of hacking into government databases to mine State secrets for sale to foreign countries.A revised version of a 2016 law, also proposes fines of up to Sh10 million for “unlawful” access or interception of data from a national critical information infrastructure to “benefit a foreign State against” Kenya states the The Computer and Cybercrimes Bill 2017.The revisions to the proposed law, which was published in June 2017, had been inspired by the Russian hacking scandal in the 2016 US elections, said ICT secretary Joe Mucheru.Mr Mucheru further emphasized “We had an election in the United States and it became very clear that cyber espionage is actually the way things are going”.Kenya has had its own share of election hacking scandal arising from opposition National Super Alliance’s (Nasa) claim that the electoral commission’s systems were electronically compromised during the August 8 elections.The proposed law’s purview extends beyond government-held data or systems. The critical information infrastructure covered in the law includes systems which, were they to be destroyed or corrupted, would have adverse effects on the nation.Some of this infrastructure, such as telecommunications systems, are not held by the government but by private companies.The proposed law also targets purveyors of fake news, which was prevalent during the August elections. A clause in the Bill sets a penalty of Sh5 million and a prison term of two years for publishers of “false, misleading or fictitious data” with the intention that such “data shall be considered or acted upon as authentic.”The Cybercrimes Bill is meant to seal a gap in Kenya’s regulatory framework and to harmonise disjointed laws.However, Mr Mucheru says the new law is meant to get rid of ambiguities in the legal framework.The proposed law also arms the investigating agencies of government with the procedure for investigating and collecting evidence on cybercrimes.Police officers will obtain court orders to intercept, access and seize data stored on computers and from Internet service providers. Police have also been empowered to seize data without warrant when they suspect that the law is about to be broken.Companies compelled to provide the information, on mobile subscribers for instance, could also be gagged from informing their customers or the public of warrants on the data. The law would also compel those with technical know-how to assist law enforcement in carrying out investigations. People hacking into computer systems or sharing passwords and access codes without authority will face jail terms of three years or fines of Sh5 million.Where the target of the hack was a protected system — the military, law enforcement, banks, telecoms firms, and public utilities — the fines are hiked to Sh25 million or 20 years in prison. This fines, however, vary with the KCIA.