Computer and Cyber crimes bill 2016 Day 2 of 5 Part III Investigation Procedures
Dear Listers, Thank you for your contribution on yesterdays discussions on the offences, feel free to still comment on it under that mail stream posted by Barrack yesterday. Today we discuss the Investigation Procedures of this bill. It outlines the powers and procedures to be followed by the authorities in carrying out computer and cyber related offences investigations. This section touches on pertinent issues as outlined below: 20 — Scope of procedural provisions 21 — Search and seizure of stored computer data 22 — Power to search without a warrant in special circumstances 23 — Record of and access to seized data 24 — Production order 25 — Expedited preservation and partial disclosure of traffic data 26 — Real-time collection of traffic data 27 — Interception of content data 28 — Obstruction and misuse 29 — Appeal 30 — Confidentiality and limitation of liability You can access the bill here: http://www.mygov.go.ke/?p=11234 or download the attached document. *The Concerns* 1. To what extent are the service providers supposed to disclose their client data to the authorities? 2. Does any of the search or seizure powers given to authorities in this section violate any privacy rights enshrined in our constitution? 3. Has this part extensively covered all the investigation procedures required for all the offences stated in part II? 4. Does it match the international standards? If it does not, kindly point out areas that need to be incorporated into the bill. N/B: Feel free to raise any concern or question not suggested here. We are looking forward to your feedback on the above concerns and much more. Thank you. Barrack and Karis. -- Best Regards, Kelvin Kariuki Twitter Handle: @teacherkaris Alt email: kkariuki@mmu.ac.ke Mobile: +2547 29 385 557
Hey Listers, I have waited for this chance since the Bill was first shared. As a human rights advocate, my eyes were after clauses that are likely to be abused to limit rights and fundamental freedoms. I was able to come across some provisions which are likely to limit Art 31. Section 22, the power to search without a warrant and to confiscate a computer will be abused. In the past they have done that and this provision will just empower the powers at be to do it more on those who have dissenting opinions. Section 24(6) this provision requires a police officer to just apply to the I.G for an order to compel a service provider or a data custodian to share your data. This provision is likely to be abused. Section 25, I wonder at what point will the officers seek leave of the court for the preservation and disclosure to take place? Section 26 & 27 are on the need of a court order to allow ones communications to be intercepted. Still, doesn't sit well with me. For how long will ones rights to privacy be limited? I feel like this provision is likely to be abused. One can appeal according to Section 29, but how will one know that their communications are being intercepted? These provisions give too much power to security agencies. On Jul 26, 2016 8:05 AM, "Kelvin Kariuki via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,
Thank you for your contribution on yesterdays discussions on the offences, feel free to still comment on it under that mail stream posted by Barrack yesterday.
Today we discuss the Investigation Procedures of this bill. It outlines the powers and procedures to be followed by the authorities in carrying out computer and cyber related offences investigations.
This section touches on pertinent issues as outlined below:
20 — Scope of procedural provisions 21 — Search and seizure of stored computer data 22 — Power to search without a warrant in special circumstances 23 — Record of and access to seized data 24 — Production order 25 — Expedited preservation and partial disclosure of traffic data 26 — Real-time collection of traffic data 27 — Interception of content data 28 — Obstruction and misuse 29 — Appeal 30 — Confidentiality and limitation of liability
You can access the bill here: http://www.mygov.go.ke/?p=11234 or download the attached document.
*The Concerns*
1. To what extent are the service providers supposed to disclose their client data to the authorities?
2. Does any of the search or seizure powers given to authorities in this section violate any privacy rights enshrined in our constitution?
3. Has this part extensively covered all the investigation procedures required for all the offences stated in part II?
4. Does it match the international standards? If it does not, kindly point out areas that need to be incorporated into the bill.
N/B: Feel free to raise any concern or question not suggested here.
We are looking forward to your feedback on the above concerns and much more.
Thank you.
Barrack and Karis.
-- Best Regards,
Kelvin Kariuki Twitter Handle: @teacherkaris Alt email: kkariuki@mmu.ac.ke Mobile: +2547 29 385 557
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Hi Francis, You raise an important point. In a recent tribunal, call data was used as primary evidence to establish a tribunal. However during cross examination the purported source of the call data denied providing the evidence that was purportedly submitted using their name thus putting the whole tribunal into jeopardy, in your opinion as a legal practitioner and other legal practitioners how does this bill prevent misuse of the legal process or the call data as was the case in the tribunal? trumped up charges if a very common practice and its even worse when your data is purpotedly accessed without your consent and used for ill intentions. Regards On 7/26/16, Francis Monyango via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Hey Listers, I have waited for this chance since the Bill was first shared. As a human rights advocate, my eyes were after clauses that are likely to be abused to limit rights and fundamental freedoms. I was able to come across some provisions which are likely to limit Art 31. Section 22, the power to search without a warrant and to confiscate a computer will be abused. In the past they have done that and this provision will just empower the powers at be to do it more on those who have dissenting opinions. Section 24(6) this provision requires a police officer to just apply to the I.G for an order to compel a service provider or a data custodian to share your data. This provision is likely to be abused. Section 25, I wonder at what point will the officers seek leave of the court for the preservation and disclosure to take place? Section 26 & 27 are on the need of a court order to allow ones communications to be intercepted. Still, doesn't sit well with me. For how long will ones rights to privacy be limited? I feel like this provision is likely to be abused. One can appeal according to Section 29, but how will one know that their communications are being intercepted? These provisions give too much power to security agencies. On Jul 26, 2016 8:05 AM, "Kelvin Kariuki via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,
Thank you for your contribution on yesterdays discussions on the offences, feel free to still comment on it under that mail stream posted by Barrack yesterday.
Today we discuss the Investigation Procedures of this bill. It outlines the powers and procedures to be followed by the authorities in carrying out computer and cyber related offences investigations.
This section touches on pertinent issues as outlined below:
20 — Scope of procedural provisions 21 — Search and seizure of stored computer data 22 — Power to search without a warrant in special circumstances 23 — Record of and access to seized data 24 — Production order 25 — Expedited preservation and partial disclosure of traffic data 26 — Real-time collection of traffic data 27 — Interception of content data 28 — Obstruction and misuse 29 — Appeal 30 — Confidentiality and limitation of liability
You can access the bill here: http://www.mygov.go.ke/?p=11234 or download the attached document.
*The Concerns*
1. To what extent are the service providers supposed to disclose their client data to the authorities?
2. Does any of the search or seizure powers given to authorities in this section violate any privacy rights enshrined in our constitution?
3. Has this part extensively covered all the investigation procedures required for all the offences stated in part II?
4. Does it match the international standards? If it does not, kindly point out areas that need to be incorporated into the bill.
N/B: Feel free to raise any concern or question not suggested here.
We are looking forward to your feedback on the above concerns and much more.
Thank you.
Barrack and Karis.
-- Best Regards,
Kelvin Kariuki Twitter Handle: @teacherkaris Alt email: kkariuki@mmu.ac.ke Mobile: +2547 29 385 557
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
Hey Barrack, Now, concerning the issue of illegally obtained evidence in cybercrime trials, I think the bill justifies it. It gives leeway to security agencies to access personal data held by data custodians without a warrant. The clauses I highlighted are weapons that will be used to infringe the right to privacy. The only recourse one has is an appeal either to the High Court or Court of Appeal once the powers at be have started intercepting your communications according to Section 30. Hope that advices you on the situation we will have before us once the Bill is enacted without any changes. Cheers On Jul 27, 2016 8:51 AM, "Barrack Otieno" <otieno.barrack@gmail.com> wrote:
Hi Francis,
You raise an important point. In a recent tribunal, call data was used as primary evidence to establish a tribunal. However during cross examination the purported source of the call data denied providing the evidence that was purportedly submitted using their name thus putting the whole tribunal into jeopardy, in your opinion as a legal practitioner and other legal practitioners how does this bill prevent misuse of the legal process or the call data as was the case in the tribunal? trumped up charges if a very common practice and its even worse when your data is purpotedly accessed without your consent and used for ill intentions.
Regards
Hey Listers, I have waited for this chance since the Bill was first shared. As a human rights advocate, my eyes were after clauses that are likely to be abused to limit rights and fundamental freedoms. I was able to come across some provisions which are likely to limit Art 31. Section 22, the power to search without a warrant and to confiscate a computer will be abused. In the past they have done that and this
will just empower the powers at be to do it more on those who have dissenting opinions. Section 24(6) this provision requires a police officer to just apply to
On 7/26/16, Francis Monyango via kictanet <kictanet@lists.kictanet.or.ke> wrote: provision the
I.G for an order to compel a service provider or a data custodian to share your data. This provision is likely to be abused. Section 25, I wonder at what point will the officers seek leave of the court for the preservation and disclosure to take place? Section 26 & 27 are on the need of a court order to allow ones communications to be intercepted. Still, doesn't sit well with me. For how long will ones rights to privacy be limited? I feel like this provision is likely to be abused. One can appeal according to Section 29, but how will one know that their communications are being intercepted? These provisions give too much power to security agencies. On Jul 26, 2016 8:05 AM, "Kelvin Kariuki via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,
Thank you for your contribution on yesterdays discussions on the offences, feel free to still comment on it under that mail stream posted by Barrack yesterday.
Today we discuss the Investigation Procedures of this bill. It outlines the powers and procedures to be followed by the authorities in carrying out computer and cyber related offences investigations.
This section touches on pertinent issues as outlined below:
20 — Scope of procedural provisions 21 — Search and seizure of stored computer data 22 — Power to search without a warrant in special circumstances 23 — Record of and access to seized data 24 — Production order 25 — Expedited preservation and partial disclosure of traffic data 26 — Real-time collection of traffic data 27 — Interception of content data 28 — Obstruction and misuse 29 — Appeal 30 — Confidentiality and limitation of liability
You can access the bill here: http://www.mygov.go.ke/?p=11234 or download the attached document.
*The Concerns*
1. To what extent are the service providers supposed to disclose their client data to the authorities?
2. Does any of the search or seizure powers given to authorities in this section violate any privacy rights enshrined in our constitution?
3. Has this part extensively covered all the investigation procedures required for all the offences stated in part II?
4. Does it match the international standards? If it does not, kindly point out areas that need to be incorporated into the bill.
N/B: Feel free to raise any concern or question not suggested here.
We are looking forward to your feedback on the above concerns and much more.
Thank you.
Barrack and Karis.
-- Best Regards,
Kelvin Kariuki Twitter Handle: @teacherkaris Alt email: kkariuki@mmu.ac.ke Mobile: +2547 29 385 557
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy,
do
not spam, do not market your wares or qualifications.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
As an addition would it not be fair to oner of data and safer for the Controller to give an opportunity to defend themselves before the data is handed to authorities? Plus wouldn't be even more settling to have the right to be informed about inquiries and status of inquiries of one's data. Scenario: if a money transfer service is requested or made to hand over your transaction records, wouldn't be fair to have you notified of the demand and give you the chance to consent or protect via legal means? On Jul 26, 2016 08:05, "Kelvin Kariuki via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,
Thank you for your contribution on yesterdays discussions on the offences, feel free to still comment on it under that mail stream posted by Barrack yesterday.
Today we discuss the Investigation Procedures of this bill. It outlines the powers and procedures to be followed by the authorities in carrying out computer and cyber related offences investigations.
This section touches on pertinent issues as outlined below:
20 — Scope of procedural provisions 21 — Search and seizure of stored computer data 22 — Power to search without a warrant in special circumstances 23 — Record of and access to seized data 24 — Production order 25 — Expedited preservation and partial disclosure of traffic data 26 — Real-time collection of traffic data 27 — Interception of content data 28 — Obstruction and misuse 29 — Appeal 30 — Confidentiality and limitation of liability
You can access the bill here: http://www.mygov.go.ke/?p=11234 or download the attached document.
*The Concerns*
1. To what extent are the service providers supposed to disclose their client data to the authorities?
2. Does any of the search or seizure powers given to authorities in this section violate any privacy rights enshrined in our constitution?
3. Has this part extensively covered all the investigation procedures required for all the offences stated in part II?
4. Does it match the international standards? If it does not, kindly point out areas that need to be incorporated into the bill.
N/B: Feel free to raise any concern or question not suggested here.
We are looking forward to your feedback on the above concerns and much more.
Thank you.
Barrack and Karis.
-- Best Regards,
Kelvin Kariuki Twitter Handle: @teacherkaris Alt email: kkariuki@mmu.ac.ke Mobile: +2547 29 385 557
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/thomaskaberi%40gmail.c...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Interesting proposal that i agree with @Thomas, i think this should be the case in line with the fact that one is innocent until proven guilty, i wonder what other listers think. In your opinion does this bill take care of this concern. Regards On Wed, Jul 27, 2016 at 12:07 PM, Thomas Kaberi via kictanet <kictanet@lists.kictanet.or.ke> wrote:
As an addition would it not be fair to oner of data and safer for the Controller to give an opportunity to defend themselves before the data is handed to authorities? Plus wouldn't be even more settling to have the right to be informed about inquiries and status of inquiries of one's data.
Scenario: if a money transfer service is requested or made to hand over your transaction records, wouldn't be fair to have you notified of the demand and give you the chance to consent or protect via legal means?
On Jul 26, 2016 08:05, "Kelvin Kariuki via kictanet" <kictanet@lists.kictanet.or.ke> wrote:
Dear Listers,
Thank you for your contribution on yesterdays discussions on the offences, feel free to still comment on it under that mail stream posted by Barrack yesterday.
Today we discuss the Investigation Procedures of this bill. It outlines the powers and procedures to be followed by the authorities in carrying out computer and cyber related offences investigations.
This section touches on pertinent issues as outlined below:
20 — Scope of procedural provisions 21 — Search and seizure of stored computer data 22 — Power to search without a warrant in special circumstances 23 — Record of and access to seized data 24 — Production order 25 — Expedited preservation and partial disclosure of traffic data 26 — Real-time collection of traffic data 27 — Interception of content data 28 — Obstruction and misuse 29 — Appeal 30 — Confidentiality and limitation of liability
You can access the bill here: http://www.mygov.go.ke/?p=11234 or download the attached document.
The Concerns
1. To what extent are the service providers supposed to disclose their client data to the authorities?
2. Does any of the search or seizure powers given to authorities in this section violate any privacy rights enshrined in our constitution?
3. Has this part extensively covered all the investigation procedures required for all the offences stated in part II?
4. Does it match the international standards? If it does not, kindly point out areas that need to be incorporated into the bill.
N/B: Feel free to raise any concern or question not suggested here.
We are looking forward to your feedback on the above concerns and much more.
Thank you.
Barrack and Karis.
-- Best Regards,
Kelvin Kariuki Twitter Handle: @teacherkaris Alt email: kkariuki@mmu.ac.ke Mobile: +2547 29 385 557
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/thomaskaberi%40gmail.c...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail...
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Barrack O. Otieno +254721325277 +254733206359 Skype: barrack.otieno PGP ID: 0x2611D86A
@Karis, Apologies for late intervention. Just looked at the Investigation Procedures and just have a concern in terms of 'who' does them. Whereas it is envisioned that a police officer would carry these out, it would have been better to qualify this in terms of a 'cyber-police' officer. Moving in and grabbing computer related equipment and data as if you are confiscating a sack of bhang may render the data useless or not-acceptable in a court of law since the defence lawyers may argue that there was no chain of custody with respect to the seized digital evidence. | | How to Keep a Digital Chain of Custody | | walu. From: Kelvin Kariuki <kelvinkariuki89@gmail.com> To: KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Cc: Barrack Otieno <otieno.barrack@gmail.com>; Grace Githaiga <ggithaiga@hotmail.com>; Grace Luice N. Mutung'u <nmutungu@gmail.com>; Walubengo J <jwalu@yahoo.com> Sent: Tuesday, July 26, 2016 8:04 AM Subject: Computer and Cyber crimes bill 2016 Day 2 of 5 Part III Investigation Procedures Dear Listers, Thank you for your contribution on yesterdays discussions on the offences, feel free to still comment on it under that mail stream posted by Barrack yesterday. Today we discuss the Investigation Procedures of this bill. It outlines the powers and procedures to be followed by the authorities in carrying out computer and cyber related offences investigations. This section touches on pertinent issues as outlined below: 20 — Scope of procedural provisions21 — Search and seizure of stored computer data22 — Power to search without a warrant in special circumstances23 — Record of and access to seized data24 — Production order25 — Expedited preservation and partial disclosure of traffic data26 — Real-time collection of traffic data27 — Interception of content data28 — Obstruction and misuse29 — Appeal30 — Confidentiality and limitation of liability You can access the bill here: http://www.mygov.go.ke/?p=11234 or download the attached document. The Concerns1. To what extent are the service providers supposed to disclose their client data to the authorities?2. Does any of the search or seizure powers given to authorities in this section violate any privacy rights enshrined in our constitution?3. Has this part extensively covered all the investigation procedures required for all the offences stated in part II?4. Does it match the international standards? If it does not, kindly point out areas that need to be incorporated into the bill.N/B: Feel free to raise any concern or question not suggested here. We are looking forward to your feedback on the above concerns and much more.Thank you. Barrack and Karis. -- Best Regards, Kelvin KariukiTwitter Handle: @teacherkarisAlt email: kkariuki@mmu.ac.keMobile: +2547 29 385 557
participants (5)
-
Barrack Otieno -
Francis Monyango -
Kelvin Kariuki -
Thomas Kaberi -
Walubengo J