What you need to know:
- It is not clear how the procedures to be prescribed by the Cabinet Secretary would operate alongside existing safeguards.
- Furthermore, the Kenya Information and Communications Act was amended in 2013 to give the Communications Authority more leeway to access our data.
- With the systematic weakening of privacy protections, we must be cognizant of the fact that other actors, not just governments, may well have access to our data.
The online space has facilitated our enjoyment of the right to free speech guaranteed by the Constitution, powered by the Internet freedom we enjoy in Kenya today.
The mobile phone serves as the primary tool through which social media are accessed here. Furthermore, we feed our mobile phones with our financial data, such as M-Pesa and mobile banking, and our health data.
We feed them with our social networks, established through whom you call and text and how often you do so, and our hopes, dreams, fears and desires through Google searches, online purchase history, pages you like, and much, much more.
What are our perceptions about online security and privacy, and what laws protect our rights to them? Is this a consideration or cause for concern for the millions connected to the Internet who increasingly rely on it for day-to-day activities, and even livelihood?
Privacy International offers a concise description of what privacy is, why it matters, and how it relates to technology:
Privacy enables us to create barriers and manage boundaries to protect ourselves from unwarranted interference in our lives, which allows us to negotiate who we are and how we want to interact with the world around us. Privacy helps us establish boundaries to limit who has access to our bodies, places and things, as well as our communications and our information.
Article 31 of the Constitution guarantees everyone a right to privacy, which includes the right not to have the privacy of their communications infringed upon. However, in the wake of increased insecurity, both online and offline, many governments have proposed measures that threaten their citizens’ rights to privacy.
They argue that it is important for state actors to have access to all forms of communication, or data, in order to ensure our safety and security.
In December 2014, we all witnessed the kerfuffle through which the Security Laws (Amendment) Act was passed in Parliament, and quickly assented to by the President.
The pressure was on from the citizenry, the international community and the business community to address insecurity, which was at an all time high. Several clauses were introduced, some of which still hold to date, and that could make for murky interpretations.
For instance, Section 69 of that law, which amended the Prevention of Terrorism Act, introduced contentious provisions that allow the National Security Organs to intercept communication “for the purposes of detecting, deterring and disrupting terrorism in accordance with procedures to be prescribed by the Cabinet Secretary.”
It further states that “the right to privacy under Article 31 of the Constitution shall be limited...for the purpose of intercepting communication directly relevant in the detecting, deterring and disrupting terrorism.”
It is not clear how the procedures to be prescribed by the Cabinet secretary would operate alongside existing safeguards, which entail making warrants ex parte and before a judge of the High Court - in the case of the National Intelligence Service - or a Magistrate’s Court- in the case of the police - when seeking powers to investigate terror-related concerns or offences.
The National Intelligence Service, the National Police Service, and the Kenya Defence Forces make up Kenya’s National Security Organs.
Telecommunication operators are custodians of the data generated from our communications through our devices. Through Article 31 of the Kenya Information and Communication Act (2009), licensed telecommunication operators were prohibited from interception and disclosing of intercepted messages sent through licensed telecommunication systems. This was also enforced in the 2010 Consumer Protection regulations.
However, the Kenya Information and Communications (Registration of Subscribers of Telecommunication Services) Regulations, adopted in 2014, present a differing provision. Section 13 of the regulations requires licensed operators to grant the Communications Authority’s officers what is essentially unfettered access to “systems, premises, facilities, files, records and other data for compliance with the Act and these Regulations.”
Furthermore, the Kenya Information and Communications Act was amended in 2013 to give the Communications Authority more leeway to access our data. How does all this bode for citizens?
A survey released this month byIpsos and the Centre for International Governance Innovation shows that 75 per cent of Kenyans interviewed agree that law enforcement agencies should have the right to access the content of their citizens’ online communications for valid national security reasons.
'NOTHING TO HIDE'
While the justification for this sentiment is not mentioned, I hypothesise that it stems from the rather popular notion that if one has nothing to hide, one should not worry if a government agency accesses your online communication.
Will these legal measures, added to the prevailing sentiment among citizens on what government should have access to, lead to a more secure nation?
The irony is that our individual privacy and security could essentially be weakened so as to make our country more secure.
There are more questions than answers to this issue. The debate is going on in many jurisdictions, the recurring theme being that for governments to fulfill their obligations to keep their citizens safe, they must compromise some of that security and safety through surveillance technologies.
With the systematic weakening of privacy protections, we must be cognizant of the fact that other actors, not just governments, may well have access to our data.
A Data Protection Bill, which has been ready for adoption since 2014, is yet to be passed, yet it is a crucial tool with which to regulate the collection, retrieval, processing, storing, use and disclosure of personal data.
In the meantime, one cringes to think who has access to your personal data and for what they might possibly be using it.