Could someone kindly shed some light on the following. 1. With regards to Part IV Section 12, sub section 2, are there protections for legitimate information security research? Particularly my concern is with the reporting and disclosure of security vulnerabilities. 2. In Part IV Section 30 on the acquiring of tools; is the offence acquisition of said tools or in using such tools for illegitimate purposes? On 04/08/2016 11:59 AM, kictanet-request@lists.kictanet.or.ke wrote:

------------------------------

Message: 3 Date: Thu, 4 Aug 2016 11:53:19 +0300 From: Francis Monyango <monyango93@gmail.com> To: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Subject: Re: [kictanet] Cyber Security and Data Protection (Senate) Bill Viz Computer and Cyber Crimes Bill (Parliament) - Need for Harmonization Message-ID: <CAOnWQhjfCO76eYa8_O=zi6m9m0jhquJaagr8BKCA6ki2Tr3gyw@mail.gmail.com> Content-Type: text/plain; charset="utf-8"

Hello everyone,

Part II of the C.Security and Protection Bill will set up the National Cyber Security Threat Response Unit which O think should be the designate unit to execute functions and procedures in Part III of the Computer & Cybercrimes Bill 2016. No one wants random police checking in their premises to confiscate computers or phones in the name of section 22.

The C.Security and Protection Bill does not have extraterritorial jurisdiction provisions which would enable extradition. We all know the nature of cyber crimes and the recent arrest of Kick Ass Torrents owner Artem Vaulin is a testimony of how effective extraterritorial jurisdiction can be. The C.Security and Protection Bill does not also have provisions on online hate which is a big problem in Kenya. The issue of forfeiture of proceeds and profits of cybercrimes is not also in the bill. All these were provided for in the Computer and Cybercrimes Bill 2016.

The right to privacy, is 'under threat' in section 9. The drafters of this law have tried to mitigate the extent of breach in Section 10 and 11 where they give limitations to the information sharing between entities. However, I still wonder why it is taking forever for the Data Protection Bill to made law.

Section 22 outlaws phishing while section 24 criminalises identity theft which has become rampant in this age of Facebook and Instagram. Section 25 illegalises pornography. In the Computer and Cybercrimes Bill, only child pornography was expressly outlawed. Cases of children being sexually exploited by persons they met online are on the rise and section 26 outlaws it.

Sharing of intimate photos of another person will also be a crime. The other thing that this bill covers is cyber squatting which we had discussed some time back. However, I think this provision should be thoroughly debated so as to avoid ambiguity during interpretation.

I think the Cybersecurity and Protection Bill is much better drafted when compared to the Computer and Cybercrimes Bill. I however join those who call for these two draft laws to be amalgamated.