I have read the bill.I have noted major loopholes that can be used to breach the fundamental human right to privacy. But now to answer Tony on clauses that penetration testing, section 4(2) of the bill talks about unauthorized access. I believe if one is doing a 'pen test', they have been authorized to access that system. Section 6(2) of the bill is on interference. It also talks about permissions hence, not a crime to do a pentest. Lastly, section 8 (3)(a) states that activities  described  in  the section do not constitute an offence if the acts are  intended  for  the  authorised  training,  testing  or protection  of  a  computer  system.

There you have it. I hope I haven't gone all legalese on that one.

Francis Monyango

On Jul 13, 2016 2:17 PM, "Tony White via kictanet" <kictanet@lists.kictanet.or.ke> wrote:
I have read through the bill, and - although I am not a lawyer - it
looks like it has been well thought out and makes sense (unlike
*another* recent bill!).

My main concern, with this (or any other) bill, is where it may be
open to abuse, intimidation, and/or corruption.  I hope those with
'legal' minds may discover the specific areas which may be open to
abuse, and where further clarification within the bill may address
those concerns.

Specifically, related to those whose work involves the provision,
and/or testing of the security of systems to guard against possible
cybercrimes.  I would like to see a section where specific exemption
is allowed where permission by a person in authority over a computer
system or telecommunications network is given to a specific person or
organisation to conduct testing of a system's security - commonly
referred to as 'penetration testing' or 'pentest'

My initial thoughts.

Tony


On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
> Listers,
> I know we have just come from an intensive 2week review of the ICT
> Policy.But PS Itemere says there is more work need on the Cybercrime Bill
> @http://www.mygov.go.ke/?p=11234
>
>
> Plse send your views on the Cyber Crime Bill and spread the word.
> @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward
> to these hackers as well. I seem to have been kicked off their list at one
> point.
> walu.


--
Tony White

_______________________________________________
kictanet mailing list
kictanet@lists.kictanet.or.ke
https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.