Thanks Ali and Liz for your responses and for raising further queries. We would also welcome recommendations. As of now, we will move your queries into our reporting template and will see what recommendations can be made in the final document. Let us keep the debate live. RgdsGrace Date: Mon, 25 Nov 2013 19:19:55 +0300 Subject: Re: [ISOC_KE] Day 1: On-line debate on African Union Convention on Cyber Security (AUCC) From: lizorembo@gmail.com To: ali@hussein.me.ke CC: isoc@orion.my.co.ke; ggithaiga@hotmail.com; kictanet@lists.kictanet.or.ke Thanks GG for starting this discussion. Ali has raised very important points. The questions to ask here is, what is the cost of banning anonymous advertising in the cyberspace? Is it worth it? and How will it affect business both online and offline? On Nov 25, 2013 3:46 AM, "Ali Hussein" <ali@hussein.me.ke> wrote: Grace and listers 1. Net Anonymity forms a cornerstone of how the Internet has evolved and grown to become the mass communication tool it is today. Although the proposals mean well in terms of trying to cap criminal activities it is a double edged sword. a) How will whistle blowers be protected if they feel their identities will be compromised? b) My right as a citizen to contribute in healthy sometimes sensitive political discourse in some cases require a certain level of anonymity. c) How we counter needs of national security and personal freedoms without blanket condemnation of particular religious or ethnic groups will define us as a nation and continent.d) We need to be very careful that we don't quash the very environment and ecosystem that has allowed some African countries to thrive and be thought leaders in the online space. Ali Hussein +254 0770 906375 / 0713 601113 "I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein Sent from my iPad On Nov 25, 2013, at 12:39 AM, Grace Githaiga <ggithaiga@hotmail.com> wrote: Good morning Listers Further to the announcement we made last Friday, we now commence this one week discussion on the African Union Convention on Cyber Security(AUCC)http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... on multiple lists of KICTANet and ISOC-KE, in Kenya and on I-Network list moderated by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and ISOC -Uganda. Background to the African Union Convention on Cyber Security (AUCC) African Union (AU) convention (52 page document) seeks to intensify the fight against cybercrime across Africa in light of increase in cybercrime, and a lack of mastery of security risks by African countries. Further, that one challenge for African countries is lack of technological security adequate enough to prevent and effectively control technological and informational risks. As such “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”. The Convention establishes a framework for cybersecurity in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime” (Conceptual framework). As an additional reference to the earlier ones, please find attached a letter that was sent to the AU by the Center for Intellectual Property and Information Technology law and Strathmore University school of law. We begin the discussion with Part 1 on Electronic transactions. Today, we will discuss two out of four articles from this section. Section III: Publicity by electronic means Article I – 7: Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken. Question: Should net anonymity be legislated? If so, what measures need to be or not be considered? Question: Should individuals or companies be obliged to reveal their identities and what are the implications? Article I – 8: The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible. Question: Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally? Over to you Listers. Let us engage and make concrete suggestions. A great week to you all. RgdsGG <RECOMMENDATIONS ON AUCC.pdf>_______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc _______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc

Dear GG, Indeed there is a need for proper acquisition of data for mailing purposes, there has to be proof of willing buyer willing seller, getting the right balance might be tricky but with an elaborate data protection act, this can be clearly defined. On Tue, Nov 26, 2013 at 12:24 AM, Grace Githaiga <ggithaiga@hotmail.com>wrote:

Dear Listers

We appreciate those who took time to respond to yesterday's questions. We also got a number of response from the Internet Governance Caucus list. Please feel free to go back to Day one and make further comments.

We have a reporting template and Robert Mureithi of CIPIT Strathmore University has created a google doc of the week's debate and where daily issues will be updated https://docs.google.com/document/d/1ir5NijyJLWw-SwQzkgyd68thvQwJs7yhMC3J7e9W...

*Today, we move on to Day 2 discussion. This is a continuation of Day one on Part 1 on Electronic transactions.*

Today, we raise two questions:

*Article I – 9: **Direct marketing through any form of indirect communication including messages forwarded with automatic message sender, facsimile or electronic mails in whatsoever form, using the particulars of an individual who has not given prior consent to receiving the said direct marketing through the means indicated, shall be prohibited by the member states of the African Union.*

*Article I – 10:*

* The provisions of Article I – 9 above notwithstanding, direct marketing prospection by electronic mails shall be permissible where:*

*1) The particulars of the addressee have been obtained directly from him/her,*

*2) The recipient has given consent to be contacted by the prospector partners*

*3) The direct prospection concerns similar products or services provided by the same individual or corporate body.*

*Question:* I*s this a realistic way of dealing with spam? *

*Article I – 27*

*Where the legislative provisions of Member States have not laid down other provisions, and where there is no valid agreement between the parties, the judge shall resolve proof related conflicts by determining by all possible means the most plausible claim regardless of the message base employed.*

*Question:* *What is the meaning of this article and is it necessary? Some clarity needed!*

We welcome your thoughts.

Rgds

GG

_______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc

-- Barrack O. Otieno +254721325277 +254-20-2498789 Skype: barrack.otieno http://www.otienobarrack.me.ke/

'Buyers who bought this item also bought these items' and a list of recommended items similar to what you bought appears under your shopping cart. How would we categories this? Some may say that this is smart coming from Amazon. Some may consider it spooky and border line privacy issues. The point I'm making is that I don't want some 'Smart Alec' government functionary deciding for me what I should see or not see online (or off line for that matter). That is a personal choice and of course we have plenty of tools to stop some of these 'intrusive' online practices.

I feel you Ali, But Amazon can claim that their business intelligence is in their terms of service

True that. But how many of us actually read the fine print? Of course you,would say that the onus is on us to read...:) Ali Hussein +254 0770 906375 / 0713 601113 "I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein Sent from my iPad

On Nov 26, 2013, at 11:01 PM, Kivuva <Kivuva@transworldafrica.com> wrote:

...

'Buyers who bought this item also bought these items' and a list of recommended items similar to what you bought appears under your shopping cart. How would we categories this? Some may say that this is smart coming from Amazon. Some may consider it spooky and border line privacy issues. The point I'm making is that I don't want some 'Smart Alec' government functionary deciding for me what I should see or not see online (or off line for that matter). That is a personal choice and of course we have plenty of tools to stop some of these 'intrusive' online practices.

I feel you Ali, But Amazon can claim that their business intelligence is in their terms of service

Good morning Listers Today is day 4 and our focus is on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME. We raise two questions: Article III – 14: Harmonization 1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality. Question: What is the principle of double criminality here? Section II: Other penal sanctions Article III – 48 Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment. Question: What is the interpretation of additional punishment? Is this not granting of absolute powers to judges? We are almost getting there! Like Walu has reminded us, this is our opportunity to contribute and shape this debate. Over to you! A great day to you all.RgdsGG

Many thanks GG, This is an emerging subject area that requires collaboration from our learned friends across the region. As it is we dont have a well established legal system on the continent to deal with cross border dispute resolution which forces us to resolve most our domain name related issues through WIPO. Two years ago i heard of an African initiative by lawyers to establish an institution that would tackle domain related issues. Can Victor Kapiyo or Grace Bomu appraise us on this if they are in the know? , i suppose we would need an African court for that purpose which would equally mean a set of laws or convention, like the one we are discussing to provide the basis of Judgement. Borrowing Ali's words a crime online is similar to a crime offline and should be subjected to due jurisprudence on merit. I think additional punishment might mean community service as well, we live that to the Judges ours is to agree on the basis of the judgements which is the law. On Thu, Nov 28, 2013 at 4:53 AM, Ali Hussein <ali@hussein.me.ke> wrote:

Grace and listers

Firstly let us address the issue of Double Criminality. According to Wikipedia:-

*Double criminality* (also known as *dual criminality*) is a requirement in the extradition <http://en.wikipedia.org/wiki/Extradition> law of many countries. It states that a suspect can be extradited from one country to stand trial for breaking a second country's laws *only* when a similar law exists in the extraditing country.

For example, if Country A has no laws against blasphemy<http://en.wikipedia.org/wiki/Blasphemy>, double criminality could prevent a suspect being extradited from Country A to face blasphemy charges in another country.

This is of course a double edged sword. The implication here on harmonization of regional laws is a red flag. What may be kosher in Zimbabwe may not pass muster in Kenya. I get the feeing here that the interest of the Citizenry is secondary to Government. I'm a strong proponent of less Government not more.

On the issue of additional punishment. I sometimes get the feeling that we think human behavior is different online as opposed to offline. Fraud is fraud whether off or online. Impersonation (as opposed to anonymity) is still impersonation and depending on why you are impersonating someone it still is a crime.

I honestly get confused on some of these issues. It's like saying we will have separate laws when you break the law at home, at work or in the bus!! Stealing is stealing, whether offline or online!! Murder is murder whether on the bus or in space!!

Lets simplify the penal code so that we don't have to create new laws every time a new medium of communication comes!

Ali Hussein

+254 0770 906375 / 0713 601113

"I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein

Sent from my iPad

On Nov 28, 2013, at 12:56 AM, Grace Githaiga <ggithaiga@hotmail.com> wrote:

Good morning Listers

Today is day 4 and our *focus is on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME. *We raise two questions:

*Article III – 14: Harmonization*

*1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality.*

*Question*: *What is the principle of double criminality here?*

*Section II: Other penal sanctions*

*Article III – 48*

*Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment.*

*Question: * *What is the interpretation of additional punishment? Is this not granting of absolute powers to judges?*

We are almost getting there! Like Walu has reminded us, this is our opportunity to contribute and shape this debate. Over to you!

A great day to you all. Rgds GG

_______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc

-- Barrack O. Otieno +254721325277 +254-20-2498789 Skype: barrack.otieno http://www.otienobarrack.me.ke/

Ngigi You are quite correct. The principle though also applies even in the analogue world hence extradition laws are usually complex. The point I'm making is that the legal experts must start thinking out of the box and simplify this. I'm sure some list way back when TV and Radio was the new new thing were debating the same issues. Us humans are now going for holidays in space..Soon we may be inhabiting those far off places..we must be prepared across the board including a new way of looking at laws and enforcing them. Ali Hussein +254 0770 906375 / 0713 601113 "I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein Sent from my iPad

On Nov 28, 2013, at 9:52 AM, Ngigi Waithaka <ngigi@at.co.ke> wrote:

Ali,

Been following this debate about crimes either done 'Analogue', old way or 'Digital', new way.

I do feel with the coming of the Intermet age, crime is not as straight forward. Let me use an example.

If I woke up today walked to The Daily Nation and published an article calling Ali a thief, I think by the laws of this country I stand to get sued for Slander.

Now, if I flew to country X far far away, that doesn't have similiar laws, say Fiji Islands, and called Ali a thief, would Ali sue me? I think probably not. I am not even in Kenya and in the country I am in its not a crime to do so.

Now, here is the interesting aspect; what if I was in Kenya, wrote a letter saying Alex is a thief, sent it to Fiji Islands and had it published there? Would I get sued for a crime?

I look at the Internet as the latter scenario; where we publish blogs, host them in far away countries (Fiji Islands) and then go ahead and unleash vitriol on anyone we like. But, are our actions Criminal and by what Law?

If you look at it, what crime is might not be that obvious afterall.

Waithaka Ngigi A1.iO

Waithaka Ngigi

Alliance Technologies Nairobi, Kenya

www.A1.io

Grace and listers

Firstly let us address the issue of Double Criminality. According to Wikipedia:-

Double criminality (also known as dual criminality) is a requirement in the extradition law of many countries. It states that a suspect can be extradited from one country to stand trial for breaking a second country's laws only when a similar law exists in the extraditing country. For example, if Country A has no laws against blasphemy, double criminality could prevent a suspect being extradited from Country A to face blasphemy charges in another country.

This is of course a double edged sword. The implication here on harmonization of regional laws is a red flag. What may be kosher in Zimbabwe may not pass muster in Kenya. I get the feeing here that the interest of the Citizenry is secondary to Government. I'm a strong proponent of less Government not more. On the issue of additional punishment. I sometimes get the feeling that we think human behavior is different online as opposed to offline. Fraud is fraud whether off or online. Impersonation (as opposed to anonymity) is still impersonation and depending on why you are impersonating someone it still is a crime. I honestly get confused on some of these issues. It's like saying we will have separate laws when you break the law at home, at work or in the bus!! Stealing is stealing, whether offline or online!! Murder is murder whether on the bus or in space!! Lets simplify the penal code so that we don't have to create new laws every time a new medium of communication comes!

Ali Hussein

+254 0770 906375 / 0713 601113

"I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein

Sent from my iPad

...

On Nov 28, 2013, at 12:56 AM, Grace Githaiga <ggithaiga@hotmail.com> wrote:

Good morning Listers

Today is day 4 and our focus is on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME. We raise two questions:

Article III – 14: Harmonization

1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality.

Question: What is the principle of double criminality here?

Section II: Other penal sanctions

Article III – 48

Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment.

Question: What is the interpretation of additional punishment? Is this not granting of absolute powers to judges?

We are almost getting there! Like Walu has reminded us, this is our opportunity to contribute and shape this debate. Over to you!

A great day to you all. Rgds GG

_______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.

Thanks Barrack, Ali, Kapiyo, Wangari and Ngigi. @Ali, thanks for providing us with clear explanation of what double criminality is all about, and taking note that it may be difficult to prosecute an offense in a country that lacks a law meant to nail an offender. Further, the information about the South African Government signing the Protection of Personal Information Act 2013 is useful and in particular that it paves the way for the regulator and other administrative aspects to gear up for policing the Act. @Kapiyo, your point about states being sovereign and that a state may or may not extradite or punish criminal suspects in terms of double criminality is noted. Additionally, we take note of your suggestion on the importance for states to harmonise cyber legislation to forestall persons getting away on the basis of double criminality. Thanks also for shedding light on the interpretation of concept of additional punishment and the fact that magistrates and Judges already posses this power when sentencing. It is now clear that the aim is to serve as a further deterrent against criminals as well as discourage judicial officers from ordering the minimum penalties available. @ Ngigi, you raise a good question that in my opinion calls for further discussion namely that when we publish blogs, host them in far away countries and then go ahead and let loose vitriol on those we don’t like, is this action seen as criminal and if so by what Law? I hope the legal minds on this mailing list can shed light on this one. @ Barrack, I totally agree that cybersecurity is an emerging area that requires collaboration by various stakeholders across the region. You are concerned that the Continent lacks a legal system to deal with cross border dispute resolution which forces people to resolve most of the domain name related issues through WIPO. @Kapiyo has provided the information about the Nairobi Centre for International Arbitration which was established in January with one of its main functions being to offer alternative dispute resolution (ADR) techniques. Would you find out if it handles domain name related concerns? @Wangari, you hypothesize that if all AU countries had similar cybersecurity guidelines, would countries then need to extradite? Well, it is a concern and I hope it can be answered by any of the listers. Thank you all for keeping this debate vibrant. I encourage you to still contribute if you have more ideas on the issues raised. Please feel free to go back to previous questions and lets debate them. Warmly GG Date: Thu, 28 Nov 2013 17:03:04 +0300 From: vkapiyo@gmail.com To: kictanet@lists.kictanet.or.ke CC: isoc@orion.my.co.ke Subject: Re: [ISOC_KE] [kictanet] Day 4: PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME I think the explanation on double criminality shared by Ali is clear. The clause on double criminality basically restates a principle of international criminal law which is generally well accepted and implemented here. It is both a sword and a shield. As a sword, to ensure that criminals are prosecuted for crimes they commit in foreign jurisdictions and as a shield, to ensure that individuals are not extradited to other jurisdictions to face charges for activities which are not criminal in their home countries. Plus we must remember that states remain sovereign and may or may not extradite or punish criminal suspects if they so feel. That said, the emerging trend today is to incorporate provisions that would require states to either surrender the suspects to a state wishing to prosecute or in the alternative, prosecute such persons in their own courts. Therefore, its important for states to harmonise their legislation with regard to cyber crimes so that such persons may not get away on the basis of double criminality. On additional punishment, I think that the intention is to enhance punishment provided by law for offences which are committed by digital communication. Hence, the effect would be that judges would be required where there is only a minimum sentence provided, to enhance the sentence to the maximum, a higher sentence or order additional punishment where the law so provides. Magistrates and Judges already have this power when sentencing, and as such this would serve as a further deterrent against criminals and discourage judicial officers from ordering the minimum penalties provided. Lastly, the Nairobi Centre for International Arbitration was established January vide the Nairobi Centre for International Arbitration Act and its board appointed by the President in June this year. Its key functions include: promoting and encouraging international commercial arbitration; administering domestic and international arbitration, as well as other alternative dispute resolution (ADR) techniques, under its auspices etc. I'm not sure whether the court is fully functional or competent to hear domain name disputes at the moment, given that its still quite new and it may take some time before people take such cases before it. LSK is also in the process of establishing a similar venture, but plans are still at their nascent stages. Victor Victor Kapiyo, LL.B ==================================================== “Your attitude, not your aptitude, will determine your altitude” Zig Ziglar On 28 November 2013 10:47, Ali Hussein <ali@hussein.me.ke> wrote: Ngigi You are quite correct. The principle though also applies even in the analogue world hence extradition laws are usually complex. The point I'm making is that the legal experts must start thinking out of the box and simplify this. I'm sure some list way back when TV and Radio was the new new thing were debating the same issues. Us humans are now going for holidays in space..Soon we may be inhabiting those far off places..we must be prepared across the board including a new way of looking at laws and enforcing them. Ali Hussein +254 0770 906375 / 0713 601113 "I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein Sent from my iPad On Nov 28, 2013, at 9:52 AM, Ngigi Waithaka <ngigi@at.co.ke> wrote: Ali, Been following this debate about crimes either done 'Analogue', old way or 'Digital', new way. I do feel with the coming of the Intermet age, crime is not as straight forward. Let me use an example. If I woke up today walked to The Daily Nation and published an article calling Ali a thief, I think by the laws of this country I stand to get sued for Slander. Now, if I flew to country X far far away, that doesn't have similiar laws, say Fiji Islands, and called Ali a thief, would Ali sue me? I think probably not. I am not even in Kenya and in the country I am in its not a crime to do so. Now, here is the interesting aspect; what if I was in Kenya, wrote a letter saying Alex is a thief, sent it to Fiji Islands and had it published there? Would I get sued for a crime? I look at the Internet as the latter scenario; where we publish blogs, host them in far away countries (Fiji Islands) and then go ahead and unleash vitriol on anyone we like. But, are our actions Criminal and by what Law? If you look at it, what crime is might not be that obvious afterall. Waithaka Ngigi A1.iO Waithaka Ngigi Alliance Technologies Nairobi, Kenya www.A1.io Grace and listers Firstly let us address the issue of Double Criminality. According to Wikipedia:- Double criminality (also known as dual criminality) is a requirement in the extradition law of many countries. It states that a suspect can be extradited from one country to stand trial for breaking a second country's laws only when a similar law exists in the extraditing country. For example, if Country A has no laws against blasphemy, double criminality could prevent a suspect being extradited from Country A to face blasphemy charges in another country. This is of course a double edged sword. The implication here on harmonization of regional laws is a red flag. What may be kosher in Zimbabwe may not pass muster in Kenya. I get the feeing here that the interest of the Citizenry is secondary to Government. I'm a strong proponent of less Government not more. On the issue of additional punishment. I sometimes get the feeling that we think human behavior is different online as opposed to offline. Fraud is fraud whether off or online. Impersonation (as opposed to anonymity) is still impersonation and depending on why you are impersonating someone it still is a crime. I honestly get confused on some of these issues. It's like saying we will have separate laws when you break the law at home, at work or in the bus!! Stealing is stealing, whether offline or online!! Murder is murder whether on the bus or in space!! Lets simplify the penal code so that we don't have to create new laws every time a new medium of communication comes! Ali Hussein +254 0770 906375 / 0713 601113 "I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein Sent from my iPad On Nov 28, 2013, at 12:56 AM, Grace Githaiga <ggithaiga@hotmail.com> wrote: Good morning Listers Today is day 4 and our focus is on PROMOTING CYBERSECURITY AND COMBATING CYBERCRIME. We raise two questions: Article III – 14: Harmonization 1) Member States have to undertake necessary measures to ensure that the legislative measures and / or regulations adopted to fight against cybercrime enhance the possibility of regional harmonization of these measures and respect the principle of double criminality. Question: What is the principle of double criminality here? Section II: Other penal sanctions Article III – 48 Each Member State of the African Union have to take necessary legislative measures to ensure that, in the case of conviction for an offense committed by means of digital communication facility, the competent jurisdiction or the judge handling the case gives a ruling imposing additional punishment. Question: What is the interpretation of additional punishment? Is this not granting of absolute powers to judges? We are almost getting there! Like Walu has reminded us, this is our opportunity to contribute and shape this debate. Over to you! A great day to you all.RgdsGG _______________________________________________ kictanet mailing list kictanet@lists.kictanet.or.ke https://lists.kictanet.or.ke/mailman/listinfo/kictanet Unsubscribe or change your options at https://lists.kictanet.or.ke/mailman/options/kictanet/ngigi%40at.co.ke The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development. KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications. _______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc _______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc

Listers, Emerging trends and security threats have forced people to start thinking of online security and child protection. I was listening to a colleague from Canada saying how citizens are increasingly getting comfortable with online surveillance. Africa has a very poor electronic commerce track record which might be linked to weak cyber cecurity as such we might want to strike a balance between freedom and responsibility online. Companies have stringent policies regarding the use of their Internet and network resources, iam tempted to imagine that we might require a stringent policy framework that can drive Africans towards maximizing on the potential of the internet, this becomes fuzzier when you analyse it from a perspective of the governments role. On Tue, Nov 26, 2013 at 12:08 AM, Grace Githaiga <ggithaiga@hotmail.com>wrote:

Thanks Ali and Liz for your responses and for raising further queries. We would also welcome recommendations. As of now, we will move your queries into our reporting template and will see what recommendations can be made in the final document.

Let us keep the debate live. Rgds Grace

------------------------------ Date: Mon, 25 Nov 2013 19:19:55 +0300 Subject: Re: [ISOC_KE] Day 1: On-line debate on African Union Convention on Cyber Security (AUCC) From: lizorembo@gmail.com To: ali@hussein.me.ke CC: isoc@orion.my.co.ke; ggithaiga@hotmail.com; kictanet@lists.kictanet.or.ke

Thanks GG for starting this discussion. Ali has raised very important points. The questions to ask here is, what is the cost of banning anonymous advertising in the cyberspace? Is it worth it? and How will it affect business both online and offline? On Nov 25, 2013 3:46 AM, "Ali Hussein" <ali@hussein.me.ke> wrote:

Grace and listers

1. Net Anonymity forms a cornerstone of how the Internet has evolved and grown to become the mass communication tool it is today. Although the proposals mean well in terms of trying to cap criminal activities it is a double edged sword.

a) How will whistle blowers be protected if they feel their identities will be compromised? b) My right as a citizen to contribute in healthy sometimes sensitive political discourse in some cases require a certain level of anonymity. c) How we counter needs of national security and personal freedoms without blanket condemnation of particular religious or ethnic groups will define us as a nation and continent. d) We need to be very careful that we don't quash the very environment and ecosystem that has allowed some African countries to thrive and be thought leaders in the online space.

Ali Hussein

+254 0770 906375 / 0713 601113

"I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein

Sent from my iPad

On Nov 25, 2013, at 12:39 AM, Grace Githaiga <ggithaiga@hotmail.com> wrote:

Good morning Listers

Further to the announcement we made last Friday, we now commence this one week discussion on the African Union Convention on Cyber Security(AUCC)

http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... on multiple lists of KICTANet and ISOC-KE, in Kenya and on I-Network list moderated by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and ISOC -Uganda.

*Background to the African Union Convention on Cyber Security (AUCC)*

African Union (AU) convention (52 page document) seeks to intensify the fight against cybercrime across Africa in light of increase in cybercrime, and a lack of mastery of security risks by African countries. Further, that one challenge for African countries is lack of technological security adequate enough to prevent and effectively control technological and informational risks. As such “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”.

The Convention establishes a framework for cybersecurity in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime” (Conceptual framework).

As an additional reference to the earlier ones, please find attached a letter that was sent to the AU by the Center for Intellectual Property and Information Technology law and Strathmore University school of law.

*We begin the discussion with Part 1 on Electronic transactions. Today, we will discuss two out of four articles from this section.*

*Section III: Publicity by electronic means*

* Article I – 7:*

* Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken.*

*Question:* Should net anonymity be legislated? If so, what measures need to be or not be considered?

*Question:* Should individuals or companies be obliged to reveal their identities and what are the implications?

* Article I – 8:*

*The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible.*

*Question:* Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally?

Over to you Listers. Let us engage and make concrete suggestions.

A great week to you all. Rgds GG

<RECOMMENDATIONS ON AUCC.pdf>

_______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc

_______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc

_______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc

-- Barrack O. Otieno +254721325277 +254-20-2498789 Skype: barrack.otieno http://www.otienobarrack.me.ke/

Thank you Kivuva for your suggestions. They have been noted. Listers, just like Kivuva, please feel free to go back on any of the daily debate and comment. RgdsGrace From: Kivuva@transworldafrica.com Date: Wed, 27 Nov 2013 22:48:15 -0800 Subject: Re: [ISOC_KE] Day 1: On-line debate on African Union Convention on Cyber Security (AUCC) To: otieno.barrack@gmail.com CC: ggithaiga@hotmail.com; isoc@orion.my.co.ke; kictanet@lists.kictanet.or.ke I support article Article I – 7: as it is. Even if we are to protect the anonymity of advertisers, there should be a mechanism to track and identify them when a breach has occurred. What if a company advertises defamatory remarks about me or my company, I should be able through some mechanism to unveil the source of the defamation, otherwise the intermediary will have to bear the liability. Take an example of Google Ads, they are clearly identified as such, and if the add is not appropriate, there must be a way to identify the advertiser. Probably, the act can read something like this "Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall [There shall be a mechanism (database) to]clearly identify the individual or corporate body on behalf of whom it is undertaken." ______________________ Mwendwa Kivuva, Nairobi, Kenya. twitter.com/lordmwesh google ID | Skype ID: lordmwesh On 25 November 2013 14:02, Barrack Otieno <otieno.barrack@gmail.com> wrote: Listers, Emerging trends and security threats have forced people to start thinking of online security and child protection. I was listening to a colleague from Canada saying how citizens are increasingly getting comfortable with online surveillance. Africa has a very poor electronic commerce track record which might be linked to weak cyber cecurity as such we might want to strike a balance between freedom and responsibility online. Companies have stringent policies regarding the use of their Internet and network resources, iam tempted to imagine that we might require a stringent policy framework that can drive Africans towards maximizing on the potential of the internet, this becomes fuzzier when you analyse it from a perspective of the governments role. On Tue, Nov 26, 2013 at 12:08 AM, Grace Githaiga <ggithaiga@hotmail.com> wrote: Thanks Ali and Liz for your responses and for raising further queries. We would also welcome recommendations. As of now, we will move your queries into our reporting template and will see what recommendations can be made in the final document. Let us keep the debate live. RgdsGrace Date: Mon, 25 Nov 2013 19:19:55 +0300 Subject: Re: [ISOC_KE] Day 1: On-line debate on African Union Convention on Cyber Security (AUCC) From: lizorembo@gmail.com To: ali@hussein.me.ke CC: isoc@orion.my.co.ke; ggithaiga@hotmail.com; kictanet@lists.kictanet.or.ke Thanks GG for starting this discussion. Ali has raised very important points. The questions to ask here is, what is the cost of banning anonymous advertising in the cyberspace? Is it worth it? and How will it affect business both online and offline? On Nov 25, 2013 3:46 AM, "Ali Hussein" <ali@hussein.me.ke> wrote: Grace and listers 1. Net Anonymity forms a cornerstone of how the Internet has evolved and grown to become the mass communication tool it is today. Although the proposals mean well in terms of trying to cap criminal activities it is a double edged sword. a) How will whistle blowers be protected if they feel their identities will be compromised? b) My right as a citizen to contribute in healthy sometimes sensitive political discourse in some cases require a certain level of anonymity. c) How we counter needs of national security and personal freedoms without blanket condemnation of particular religious or ethnic groups will define us as a nation and continent.d) We need to be very careful that we don't quash the very environment and ecosystem that has allowed some African countries to thrive and be thought leaders in the online space. Ali Hussein +254 0770 906375 / 0713 601113 "I fear the day technology will surpass human interaction. The world will have a generation of idiots". ~ Albert Einstein Sent from my iPad On Nov 25, 2013, at 12:39 AM, Grace Githaiga <ggithaiga@hotmail.com> wrote: Good morning Listers Further to the announcement we made last Friday, we now commence this one week discussion on the African Union Convention on Cyber Security(AUCC)http://pages.au.int/sites/default/files/AU%20Cybersecurity%20Convention%20EN... on multiple lists of KICTANet and ISOC-KE, in Kenya and on I-Network list moderated by the Collaboration on International ICT Policy in East and Southern Africa (CIPESA) and ISOC -Uganda. Background to the African Union Convention on Cyber Security (AUCC) African Union (AU) convention (52 page document) seeks to intensify the fight against cybercrime across Africa in light of increase in cybercrime, and a lack of mastery of security risks by African countries. Further, that one challenge for African countries is lack of technological security adequate enough to prevent and effectively control technological and informational risks. As such “African States are in dire need of innovative criminal policy strategies that embody States, societal and technical responses to create a credible legal climate for cyber security”. The Convention establishes a framework for cybersecurity in Africa “through organisation of electronic transactions, protection of personal data, promotion of cyber security, e-governance and combating cybercrime” (Conceptual framework). As an additional reference to the earlier ones, please find attached a letter that was sent to the AU by the Center for Intellectual Property and Information Technology law and Strathmore University school of law. We begin the discussion with Part 1 on Electronic transactions. Today, we will discuss two out of four articles from this section. Section III: Publicity by electronic means Article I – 7: Without prejudice to Article I-4 any advertising action, irrespective of its form, accessible through online communication service, shall be clearly identified as such. It shall clearly identify the individual or corporate body on behalf of whom it is undertaken. Question: Should net anonymity be legislated? If so, what measures need to be or not be considered? Question: Should individuals or companies be obliged to reveal their identities and what are the implications? Article I – 8: The conditions governing the possibility of promotional offers as well as the conditions for participating in promotional competitions or games where such offers, competitions or games are electronically disseminated, shall be clearly spelt out and easily accessible. Question: Should an international (or should we call it regional) law legislate on promotional offers and competitions offered locally? Over to you Listers. Let us engage and make concrete suggestions. A great week to you all. RgdsGG <RECOMMENDATIONS ON AUCC.pdf>_______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc _______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc _______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc -- Barrack O. Otieno+254721325277+254-20-2498789 Skype: barrack.otienohttp://www.otienobarrack.me.ke/ _______________________________________________ isoc mailing list isoc@orion.my.co.ke http://orion.my.co.ke/cgi-bin/mailman/listinfo/isoc