Cybercrime Bill 2016
Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234 Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu.
I have read through the bill, and - although I am not a lawyer - it looks like it has been well thought out and makes sense (unlike *another* recent bill!). My main concern, with this (or any other) bill, is where it may be open to abuse, intimidation, and/or corruption. I hope those with 'legal' minds may discover the specific areas which may be open to abuse, and where further clarification within the bill may address those concerns. Specifically, related to those whose work involves the provision, and/or testing of the security of systems to guard against possible cybercrimes. I would like to see a section where specific exemption is allowed where permission by a person in authority over a computer system or telecommunications network is given to a specific person or organisation to conduct testing of a system's security - commonly referred to as 'penetration testing' or 'pentest' My initial thoughts. Tony On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu.
-- Tony White
I have read the bill.I have noted major loopholes that can be used to breach the fundamental human right to privacy. But now to answer Tony on clauses that penetration testing, section 4(2) of the bill talks about unauthorized access. I believe if one is doing a 'pen test', they have been authorized to access that system. Section 6(2) of the bill is on interference. It also talks about permissions hence, not a crime to do a pentest. Lastly, section 8 (3)(a) states that activities described in the section do not constitute an offence if the acts are intended for the authorised training, testing or protection of a computer system. There you have it. I hope I haven't gone all legalese on that one. Francis Monyango On Jul 13, 2016 2:17 PM, "Tony White via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
I have read through the bill, and - although I am not a lawyer - it looks like it has been well thought out and makes sense (unlike *another* recent bill!).
My main concern, with this (or any other) bill, is where it may be open to abuse, intimidation, and/or corruption. I hope those with 'legal' minds may discover the specific areas which may be open to abuse, and where further clarification within the bill may address those concerns.
Specifically, related to those whose work involves the provision, and/or testing of the security of systems to guard against possible cybercrimes. I would like to see a section where specific exemption is allowed where permission by a person in authority over a computer system or telecommunications network is given to a specific person or organisation to conduct testing of a system's security - commonly referred to as 'penetration testing' or 'pentest'
My initial thoughts.
Tony
On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu.
-- Tony White
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
@Francis - agreed, but I didn't feel it was clear enough as to who was able to authorise, and for the tester, to possess the 'tools of the trade' - remember, a tool - even a panga - may be used for legitimate purposes, or for committing crimes - possession of the tool does not constitute the crime. Cheers, Tony On 14/07/2016, Francis Monyango via kictanet <kictanet@lists.kictanet.or.ke> wrote:
I have read the bill.I have noted major loopholes that can be used to breach the fundamental human right to privacy. But now to answer Tony on clauses that penetration testing, section 4(2) of the bill talks about unauthorized access. I believe if one is doing a 'pen test', they have been authorized to access that system. Section 6(2) of the bill is on interference. It also talks about permissions hence, not a crime to do a pentest. Lastly, section 8 (3)(a) states that activities described in the section do not constitute an offence if the acts are intended for the authorised training, testing or protection of a computer system.
There you have it. I hope I haven't gone all legalese on that one.
Francis Monyango On Jul 13, 2016 2:17 PM, "Tony White via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
I have read through the bill, and - although I am not a lawyer - it looks like it has been well thought out and makes sense (unlike *another* recent bill!).
My main concern, with this (or any other) bill, is where it may be open to abuse, intimidation, and/or corruption. I hope those with 'legal' minds may discover the specific areas which may be open to abuse, and where further clarification within the bill may address those concerns.
Specifically, related to those whose work involves the provision, and/or testing of the security of systems to guard against possible cybercrimes. I would like to see a section where specific exemption is allowed where permission by a person in authority over a computer system or telecommunications network is given to a specific person or organisation to conduct testing of a system's security - commonly referred to as 'penetration testing' or 'pentest'
My initial thoughts.
Tony
On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu.
-- Tony White
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- Tony White
I get you Tony, Me thinks it's the states business to stop you from using your tools in a way that causes harm to others. On the issue of authority, I don't think the proposed legislation was written with one authorizing body in mind. Private parties can authorize. Anyone can report of a breach of this law when they so believe that it has happened. Since it's criminal law, burden of proof lies on the prosecution to show how one's activities amount to a breach of this law. Francis Monyango On Jul 14, 2016 7:43 AM, "Tony White via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
@Francis - agreed, but I didn't feel it was clear enough as to who was able to authorise, and for the tester, to possess the 'tools of the trade' - remember, a tool - even a panga - may be used for legitimate purposes, or for committing crimes - possession of the tool does not constitute the crime.
Cheers, Tony
On 14/07/2016, Francis Monyango via kictanet <kictanet@lists.kictanet.or.ke> wrote:
I have read the bill.I have noted major loopholes that can be used to breach the fundamental human right to privacy. But now to answer Tony on clauses that penetration testing, section 4(2) of the bill talks about unauthorized access. I believe if one is doing a 'pen test', they have been authorized to access that system. Section 6(2) of the bill is on interference. It also talks about permissions hence, not a crime to do a pentest. Lastly, section 8 (3)(a) states that activities described in the section do not constitute an offence if the acts are intended for the authorised training, testing or protection of a computer system.
There you have it. I hope I haven't gone all legalese on that one.
Francis Monyango On Jul 13, 2016 2:17 PM, "Tony White via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
I have read through the bill, and - although I am not a lawyer - it looks like it has been well thought out and makes sense (unlike *another* recent bill!).
My main concern, with this (or any other) bill, is where it may be open to abuse, intimidation, and/or corruption. I hope those with 'legal' minds may discover the specific areas which may be open to abuse, and where further clarification within the bill may address those concerns.
Specifically, related to those whose work involves the provision, and/or testing of the security of systems to guard against possible cybercrimes. I would like to see a section where specific exemption is allowed where permission by a person in authority over a computer system or telecommunications network is given to a specific person or organisation to conduct testing of a system's security - commonly referred to as 'penetration testing' or 'pentest'
My initial thoughts.
Tony
On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu.
-- Tony White
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at
https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy,
do
not spam, do not market your wares or qualifications.
-- Tony White
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/monyango93%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Dear Walu and all, If there is time, I propose we have a moderated discussion the way we discussed the ICT Policy 2016. Kind regards, T. Mwololo Waema | Professor of Information Systems | School of Computing & Informatics | University of Nairobi | PO Box 30197-00100, Nairobi | @timwololo On 13 July 2016 at 10:18, Walubengo J via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Listers,
I know we have just come from an intensive 2week review of the ICT Policy. But PS Itemere says there is more work need on the Cybercrime Bill @ http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word.
@ Mose- could u put this up on Jadili as well? @ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point.
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/timwololo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Im in on a moderated discussion. Let me know the day place and time. We can have this before the meeting with the ministry/govt. On 14 Jul 2016 03:10, "Mwololo Waema Tim via kictanet" < kictanet@lists.kictanet.or.ke> wrote:
Dear Walu and all,
If there is time, I propose we have a moderated discussion the way we discussed the ICT Policy 2016.
Kind regards,
T. Mwololo Waema | Professor of Information Systems | School of Computing & Informatics | University of Nairobi | PO Box 30197-00100, Nairobi | @timwololo
On 13 July 2016 at 10:18, Walubengo J via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Listers,
I know we have just come from an intensive 2week review of the ICT Policy. But PS Itemere says there is more work need on the Cybercrime Bill @ http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word.
@ Mose- could u put this up on Jadili as well? @ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point.
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/timwololo%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/jgitau%40gmail.com
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Dear Listers, As requested below, we intend to run the above discussions in a more structured manner from next week Monday. I thank those who had already made contributions but request that you still participate under the specific themes as will be announced to make the consolidation exercise easier. Mr. Kevin Kariuki and Barrack will lead this exercise. best regards. walu From: Mwololo Waema Tim <timwololo@gmail.com> To: Walubengo J <jwalu@yahoo.com>; KICTAnet ICT Policy Discussions <kictanet@lists.kictanet.or.ke> Cc: ISOC Kenya Chapter <isoc@lists.my.co.ke> Sent: Thursday, July 14, 2016 1:09 PM Subject: Re: [kictanet] Cybercrime Bill 2016 Dear Walu and all, If there is time, I propose we have a moderated discussion the way we discussed the ICT Policy 2016. Kind regards, T. Mwololo Waema | Professor of Information Systems | School of Computing & Informatics | University of Nairobi | PO Box 30197-00100, Nairobi | @timwololo On 13 July 2016 at 10:18, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote: Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234 Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu. _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/timwololo%40gmail.com The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
Listers, The bill is an incredible improvement from the previous attempt. It does well to touch on trans boundary requests for data, a particular sticking point for the municipal competencies of law enforcement agencies. However, it leaves us still with the usual tool of Mutual legal assistance Treaties which have been condemned elsewhere for inefficiency. However, it is quite likely that less formal channels of cooperation might be more effective. May this be the place to start work on an inter governmental investigation agency? Further, we are lacking a statutory framework for data protection/privacy protection (the bill on data protection only deals with public sector data). It is entirely unclear what procedures are to be followed by cloud providers in cooperating with law enforcement agencies that are holding third party data on private networks...! Finally, will the traditional tools of search and seizure work for digital data that is volatile, easily shifted, and with cloud computing dis aggregated in non discrete bits across multiple environments and jurisdictions On Wed, Jul 13, 2016 at 10:18 AM, Walubengo J via kictanet < kictanet@lists.kictanet.or.ke> wrote:
Listers,
I know we have just come from an intensive 2week review of the ICT Policy. But PS Itemere says there is more work need on the Cybercrime Bill @ http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word.
@ Mose- could u put this up on Jadili as well? @ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point.
walu.
_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/dgichuki%40strathmore....
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-- *Note: *All emails sent from Strathmore University are subject to Strathmore’s Email Terms & Conditions. Please click here <http://www.strathmore.edu/en/email-policy> to read the policy. "Visit our Facebook <https://www.facebook.com/StrathmoreUniversity>Page and Twitter <https://twitter.com/StrathU>Account".
participants (7)
-
awatila@yahoo.co.uk -
Douglas Gichuki -
Francis Monyango -
John Gitau -
Mwololo Waema Tim -
Tony White -
Walubengo J