@Francis - agreed, but I didn't feel it was clear enough as to who was able to authorise, and for the tester, to possess the 'tools of the trade' - remember, a tool - even a panga - may be used for legitimate purposes, or for committing crimes - possession of the tool does not constitute the crime. Cheers, Tony On 14/07/2016, Francis Monyango via kictanet <kictanet@lists.kictanet.or.ke> wrote:
I have read the bill.I have noted major loopholes that can be used to breach the fundamental human right to privacy. But now to answer Tony on clauses that penetration testing, section 4(2) of the bill talks about unauthorized access. I believe if one is doing a 'pen test', they have been authorized to access that system. Section 6(2) of the bill is on interference. It also talks about permissions hence, not a crime to do a pentest. Lastly, section 8 (3)(a) states that activities described in the section do not constitute an offence if the acts are intended for the authorised training, testing or protection of a computer system.
There you have it. I hope I haven't gone all legalese on that one.
Francis Monyango On Jul 13, 2016 2:17 PM, "Tony White via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
I have read through the bill, and - although I am not a lawyer - it looks like it has been well thought out and makes sense (unlike *another* recent bill!).
My main concern, with this (or any other) bill, is where it may be open to abuse, intimidation, and/or corruption. I hope those with 'legal' minds may discover the specific areas which may be open to abuse, and where further clarification within the bill may address those concerns.
Specifically, related to those whose work involves the provision, and/or testing of the security of systems to guard against possible cybercrimes. I would like to see a section where specific exemption is allowed where permission by a person in authority over a computer system or telecommunications network is given to a specific person or organisation to conduct testing of a system's security - commonly referred to as 'penetration testing' or 'pentest'
My initial thoughts.
Tony
On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu.
-- Tony White
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Tony White