Kenya: draft laws for the internet need redrafting

Access Now files comments on the regulations with Kenya’s Communications Authority

Last week, Dennis Itumbi, the Kenyan Presidency State House Director for Digital and Diaspora Media, hinted that the Kenyan government was preparing a bill to regulate the use of the social media, with the aim of preventing hate speech. The announcement came as a surprise, given the recent landmark legal ruling in Kenya that found that a similarly vague law had been abused, infringing on internet users’ rights.

It’s possible that government officials preparing the bill were emboldened by another High Court ruling —  the one on May 27th that dismissed a challenge mounted by Kenyan citizens and media consumers to the Kenya Information and Communications Act (KICA). Challengers had argued that KICA is unconstitutional, asserting that the law limits free speech online and imposes hefty fines on journalists and media firms.

Kenyan bloggers are up in arms about the new hate speech bill, which they point out cannot be realized without disregarding core constitutional provisions in Kenya.

It’s a legitimate criticism. And Access Now would like to highlight the fact that there are similarly dangerous provisions in draft regulations being proposed for implementation under KICA, collectively called the Draft 2016 Kenya Information and Communications Regulations. We have repeatedly warned against adopting these provisions since January of this year, attending and speaking out during the public consultations organized by Kenya’s Communications Authority. We have also prepared a written submission (PDF) that we have now filed with the government.

What are the problems with the draft regulations?

We commented on the following regulations:

  1. Cybersecurity Regulations 2016
  2. Electronic Transactions Regulations 2016
  3. Electronic Certification and Domain Name Administration Regulations 2016

The bulk of of our comments are focused on the cybersecurity rules. Several clauses in the draft regulations focus on privacy and the security of user data, and we appreciate the Communications Authority’s stated intent of improving data privacy in Kenya. We generally welcome these initial steps, even though we believe that the best way to protect and advance the rights of Kenyans is to work for speedy passage of a comprehensive privacy and data protection law framework, building on earlier efforts.

We have concerns about several of the proposed clauses, most notably:

  1. the proposed data retention mandate and the unclear powers the Communications Authority would have on this, and
  2. the dangerously broad requirement to proactively monitor and report on cybercrime incidents, which would increase surveillance of internet users and chill free expression online.

Many of these troubling clauses stand in contravention of international human rights standards for surveillance. Specifically, the principle of Necessity requires that “[s]urveillance laws, regulations, activities, powers, or authorities must be limited to those which are strictly and demonstrably necessary to achieve a legitimate aim. Communications Surveillance must only be conducted when it is the only means of achieving a legitimate aim, or, when there are multiple means, it is the means least likely to infringe upon human rights. The onus of establishing this justification is always on the State.”

What is the way forward?

Improving digital security is a way to increase the viability and usability of the internet as a platform for communications, and its effectiveness as a driver of commerce, education, health, and development generally. Security measures are integral to the effort to expand global access to information and communications technologies.

In May the Kenyan ICT Cabinet Secretary gazetted a new board to serve at the Communications Authority of Kenya for a period of three years, effective  April 29, 2016.

Access Now believes that new Communications Authority Board can use the proper drafting of these regulations as an opportunity for leadership. By making the right choices and ensuring that the regulations accord with international human rights law, the board can establish Kenya as a key player in shaping an open, secure internet that empowers its citizens and strengthens Africa’s internet ecosystem.

Access Now commends the Communications Authority of Kenya for approaching the challenging work of drafting these regulations. We remain engaged in this multi-stakeholder process in accordance with Article 10 of the Kenyan Constitution, which binds all State organs, State officers, public officers, and all persons, to engage in multi-stakeholder dialogue when making or implementing public policy decisions.