SlideShare une entreprise Scribd logo

State of Encryption in Kenya

C
CollinsKimathi

Encryption is important for privacy but Kenya currently lacks comprehensive encryption laws. The Kenyan constitution guarantees privacy for citizens but does not provide specific guidance on encryption use. While some laws touch on encryption, there are no overarching laws regarding rights to encryption, licensing, or obligations to assist authorities. If Kenya enacts encryption legislation, it should balance privacy rights with law enforcement needs and involve input from technology companies, civil society groups, and citizens.

Internet
1  sur  4
Télécharger pour lire hors ligne
CC BY-NC-SA 4.0 State of Encryption in Kenya Encryption Everywhere @Collins Kimathi, Internet Society Kenya Chapter internetsociety.ke @ISOC_Kenya Introduction Modern age has come with improvements in many areas of our lives. One of this is the ease with which we can communicate with one another. The use of technological services such as email, chat platforms and social media has become an integral part of our day to day lives. One can even argue that they have become a part of us. With such deep levels of integration; the right to privacy that people are entitled to on a non-tech communication should be extended to these platforms. Encryption is the process where information passed through communication technologies is converted into an unreadable form and transmitted to the recipient who can convert the unreadable form back to the original message. This greatly reduces the risk that the real information can be understood by unintended recipients hence protecting the data for those who are the intended viewers. That way sensitivity of any information shared remains safeguarded. Right to Privacy Encryption is a technological solution that is used to guarantee privacy; and where there is a legal right to privacy it complements the law. Most communication platforms offer end to end encryption by default to ensure privacy; this is where message encryption happens in the sender’s device, on the transit channels and on the recipient’s device. This leaves the clear text version of the message only available to the sender and recipient while using the application. The Kenyan constitution guarantees privacy for its citizens. The constitution clearly states that every person has the right to privacy which includes the right not to have their person, home or property searched; their possessions seized; information relating to their family or private affairs unnecessarily revealed and the privacy of their communication infringed.1 However there are situations where this right can be infringed upon by state actors i.e. intelligence agencies and police. With encryption, some of the situations where state actors are required to infringe on privacy; whether legally sanctioned or not are almost impossible and some governments all over the world are considering ways to bypass encryption. Encryption is mentioned in the Data Protection Act of 2019, whereby a data controller or data processor is expected to protect personal identifiable data by considering encryption as a measure.2 While this is specific to personal data there is no guidance on the specifics in terms of use of encryption in the country. 1 Article 31 Privacy, Constitution of Kenya 2 Section 41, Data Protection Act
State of Encryption In Kenya – Encryption Everywhere CC BY-NC-SA 4.0 2 internetsociety.ke @ISOC_Kenya Encryption Laws The use of cryptography is one that needs to be protected and guided by the law where possible. It’s in this ambiguity that people take advantage of digital rights that should be aligned to human rights on freedom of expression and the right to privacy. The use of encryption will support human rights principles and governments have an opportunity to set proper baselines on how encryption can aid these principles in the digital era. According to the Travel Guide to Encryption Policy, governments should not impose a blanket ban on encryption as it would be against human rights principles.3 There is still a big risk of infringement when the government sets licensing requirements for encryption use or weak technical standards for encryption. Some governments have even put controls on import and export of encryption tools which inherently means that encryption standards used within their countries can be intentionally weak or have already been compromised by the government. In comparison to other countries, Kenya seems to have no specific laws that touch on encryption. According to Global Digital partners,4 Kenya misses the laws that are part of a baseline on the encryption legal framework. These are: a. General right to encryption Laws that allow people to utilize encryption products and services. This implies there are no legal requirements for one to use encryption; but they can use it within their own terms. b. Mandatory minimum or maximum encryption strength Laws that set down either minimum or maximum standards for encryption products and services. c. Licensing/registration requirements Laws that require providers (or users) of encryption products or services to be licensed or registered in some manner for use within the country. d. Import/export controls Laws that set out limitations or conditions on the lawful importation or exportation of encryption products or services. This can be to limit sale or acquisition of encryption services or products to and from some specific countries. e. Obligations on providers to assist authorities A law that requires private entities to assist state authorities to access the content of encrypted communication. f. Obligations on individuals to assist authorities Laws that provide for state authorities to be able to require individuals to decrypt (or assist in the decryption) of encrypted communications. National Public Key Infrastructure The Public Key Infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption according to the East Africa Communication Organization. 5 In Kenya, the Communications Authority (CAK) has the technical infrastructure that hosts Kenya’s National Public Key Infrastructure (NPKI). NPKI uses public key encryption to ensure that digital signatures and encrypted content can be traced back to identifiable users and/or organizations. The aim of the NPKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email.6 3 https://www.gp-digital.org/wp-content/uploads/2017/09/TRAVELGUIDETOENCRYPTIONPOLICY.pdf 4 https://www.gp-digital.org/world-map-of-encryption/ 5 http://www.eaco.int/admin/docs/publications/STANDARDS%20ON%20NATIONAL%20PUBLIC%20KEY%20INFRASTRUCTURE.pdf 6 http://icta.go.ke/the-national-public-key-infrastructure-npki/
State of Encryption In Kenya – Encryption Everywhere CC BY-NC-SA 4.0 3 internetsociety.ke @ISOC_Kenya The CAK has set a Root Certification Authority in the country that can license other entities to become Electronic Certification Service Providers.7 The CAK has been granted this authority by the Kenya Information and Communications Act of 1998, which grants it powers to license providers of Electronic Certification Service Providers. However, it is worth noting that there are no laws on the services of digital signatures and encryption. Stakeholders With the possibility of various laws being enacted on the use of encryption, several stakeholders will need to be brought on board for an effective legal framework to be set up. The establishment of a legal framework for the use of encryption will likely begin as a legislative process which lies solely in the hands of parliament. If the members of parliament lack clear knowledge on what encryption entails, it will be the responsibility of other stakeholder groups such as civil societies, non-governmental organizations, technology companies and knowledgeable citizens to champion for a law that does not weaken or compromise human rights. There have been several countries where proposed encryption laws have been highly contested since they disregarded human rights, e.g. in Australia the TOLA (Assistance and Access) Act 2018 had clauses that came with heavy protests from civil society and technology companies leading to changes in the initial proposal.8 In Kenya, participation from non-government stakeholders has been seen in previous proposed laws such as the Computer Misuse and Cybercrimes Act, 2018 whereby contentious clauses have had to be amended.9 It is in the same spirit that any proposed encryption law in Kenya should be scrutinized for its usefulness to the citizens to prevent the law from becoming a tool for the government to use in oppressive ways. Conclusion The Kenyan legal framework may not address the use of encryption, but there are laws to protect the right to privacy of individuals. The role of encryption in the country does not necessarily need a legal framework; but with the Office of a Data Commissioner being available, some guidelines on its use could be helpful. The concerns of whether the government can break encryption or weaken cryptographic techniques when it becomes a challenge for law enforcement should be raised through consultative channels with all stakeholders. It is up to all stakeholders especially those in the Internet Society to advocate for strong and useful encryption laws that cannot be used against privacy rights and rights to personal information. Kenya needs to enact an encryption legislation as this will provide individuals with a degree of surety that their personal information; wherever it has been collected, stored, used or communicated to other persons can be kept secure and private. 7 https://ca.go.ke/industry/e-commerce-development/national-public-key-infrastructure/ 8 https://digitalrightswatch.org.au/2019/12/04/major-amendments-to-encryption-laws-are-a-step-in-the-right-direction/ 9 https://cipesa.org/2018/05/sections-of-kenyas-computer-misuse-and-cybercrimes-act-2018-temporarily-suspended/
State of Encryption In Kenya – Encryption Everywhere CC BY-NC-SA 4.0 4 internetsociety.ke @ISOC_Kenya About the author Collins Kimathi is an Information Security Specialist who works with organizations to design and implement Cyber Security Architecture around their infrastructure. He has worked for 6 years as an information security consultant. He has experience in setting up architecture to support information security compliance standards, threat intelligence and business continuity. In the last 2 years he has been focusing on Cloud architecture and security for fintech services. He’s part of ISOC Global Volunteer Training Program hoping to make a positive change to the internet community. The Internet Society Internet Society Kenya Chapter is an Internet technical community chartered by the Internet Society and registered in the Republic of Kenya. It seeks to provide leadership on Internet policy, technology standards and future development of the Internet in Kenya. The Chapter establishes and promotes principles that are intended to persuade governments and other stakeholder to make decisions that are right for the citizens and the nation’s future. Internet Society is the world's trusted independent source of leadership for Internet policy, technology standards, and future development. The Society has for many years been the champion for Internet advancement and open resource usage. More than simply advancing technology, we work to ensure the Internet continues to grow and evolve as a platform for innovation, economic development, and social progress for people around the world. Preparing a new generation to succeed as Internet technology, policy, and business leaders is a key objective for the Internet Society. To be successful, the next generation of Internet leaders will require a wide range of skills in a variety of disciplines as well as the ability and experience to work with people at all levels of society. For more information, please visit the Internet Society Kenya Chapter website at: www.internetsociety.ke Follow us: @ISOC_Kenya

Recommandé

Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyShruti Bansal
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgCyber StratG
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochureJean Luc Creppy
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentationAshokkumar Gnanasekar
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 

Recommandé

Personal data protection bill
Personal data protection bill Personal data protection bill
Personal data protection bill Mathew Chacko
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyShruti Bansal
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgCyber StratG
 
Personal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochurePersonal Data Protection Singapore - Pdpc corporate-brochure
Personal Data Protection Singapore - Pdpc corporate-brochureJean Luc Creppy
 
GDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfGDPR and Personal Data Transfers 1.1.pdf
GDPR and Personal Data Transfers 1.1.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cyber security awareness presentation
Cyber security awareness presentationCyber security awareness presentation
Cyber security awareness presentationAshokkumar Gnanasekar
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
Privacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataPrivacy shield: What You Need To Know About Storing EU Data
Privacy shield: What You Need To Know About Storing EU DataSchellman & Company
 
An overview on laws against spamming in India
An overview on laws against spamming in IndiaAn overview on laws against spamming in India
An overview on laws against spamming in IndiaAltacit Global
 
Les faux prophetes
Les faux prophetesLes faux prophetes
Les faux prophetesGnazalé Stéphane
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراق
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراقتحليل قانوني لمشروع قانون جرائم المعلوماتية في العراق
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراقHayder Hamzoz
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacyIntegral university, India
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Tietoturva ja tietosuoja Office 365 -palveluissa
Tietoturva ja tietosuoja Office 365 -palveluissaTietoturva ja tietosuoja Office 365 -palveluissa
Tietoturva ja tietosuoja Office 365 -palveluissaHarto Pönkä
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network SecuritySachithra Gayan
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance PreparationLawPlus Ltd.
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Information Technology Act
Information Technology ActInformation Technology Act
Information Technology Actmaruhope
 
IT (4).pdf
IT (4).pdfIT (4).pdf
IT (4).pdfMadhavi38
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
Introduction to cyber law.
Introduction to cyber law. Introduction to cyber law.
Introduction to cyber law. PROF. PUTTU GURU PRASAD
 
cyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimecyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimeSumedhaBhatt2
 
Presentation ict3992
Presentation ict3992Presentation ict3992
Presentation ict3992Areniym Lovelova
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfRiley Claire
 
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdfPRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdflinda gichohi
 
Intellectual Property Law In Internet
Intellectual Property Law In InternetIntellectual Property Law In Internet
Intellectual Property Law In Internetguesta5c32a
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? Abraham Vergis
 
Introduction to cyber law.
Introduction to cyber law. Introduction to cyber law.
Introduction to cyber law. PROF. PUTTU GURU PRASAD
 

Contenu connexe

Tendances

An overview on laws against spamming in India
An overview on laws against spamming in IndiaAn overview on laws against spamming in India
An overview on laws against spamming in IndiaAltacit Global
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراق
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراقتحليل قانوني لمشروع قانون جرائم المعلوماتية في العراق
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراقHayder Hamzoz
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Tietoturva ja tietosuoja Office 365 -palveluissa
Tietoturva ja tietosuoja Office 365 -palveluissaTietoturva ja tietosuoja Office 365 -palveluissa
Tietoturva ja tietosuoja Office 365 -palveluissaHarto Pönkä
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network SecuritySachithra Gayan
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance PreparationLawPlus Ltd.
 

Tendances (10)

An overview on laws against spamming in India
An overview on laws against spamming in IndiaAn overview on laws against spamming in India
An overview on laws against spamming in India
 
Les faux prophetes
Les faux prophetesLes faux prophetes
Les faux prophetes
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراق
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراقتحليل قانوني لمشروع قانون جرائم المعلوماتية في العراق
تحليل قانوني لمشروع قانون جرائم المعلوماتية في العراق
 
Data and software privacy
Data and software privacyData and software privacy
Data and software privacy
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Tietoturva ja tietosuoja Office 365 -palveluissa
Tietoturva ja tietosuoja Office 365 -palveluissaTietoturva ja tietosuoja Office 365 -palveluissa
Tietoturva ja tietosuoja Office 365 -palveluissa
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network Security
 
PDPA Compliance Preparation
PDPA Compliance PreparationPDPA Compliance Preparation
PDPA Compliance Preparation
 

Similaire à State of Encryption in Kenya

Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Information Technology Act
Information Technology ActInformation Technology Act
Information Technology Actmaruhope
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
cyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimecyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimeSumedhaBhatt2
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfRiley Claire
 
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdfPRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdflinda gichohi
 
Intellectual Property Law In Internet
Intellectual Property Law In InternetIntellectual Property Law In Internet
Intellectual Property Law In Internetguesta5c32a
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? Abraham Vergis
 
Averting the dangers embedded in lack of privacy law in nigeria by arazim
Averting the dangers embedded in lack of privacy law in nigeria by arazimAverting the dangers embedded in lack of privacy law in nigeria by arazim
Averting the dangers embedded in lack of privacy law in nigeria by arazimArazim Sheu
 
Presentation ICT3
Presentation ICT3Presentation ICT3
Presentation ICT3safa
 
Presentation ICT2
Presentation ICT2Presentation ICT2
Presentation ICT2safa
 
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...Nzeih Chukwuemeka
 
Presentation Ict
Presentation IctPresentation Ict
Presentation Ictsafa
 
Cyber crime in the digital age
Cyber crime in the digital ageCyber crime in the digital age
Cyber crime in the digital ageSaman Sara
 
feb 2018 - Sub22 - The impact of new and emerging information and communicati...
feb 2018 - Sub22 - The impact of new and emerging information and communicati...feb 2018 - Sub22 - The impact of new and emerging information and communicati...
feb 2018 - Sub22 - The impact of new and emerging information and communicati...Timothy Holborn
 
security issue in e-commerce
security issue in e-commercesecurity issue in e-commerce
security issue in e-commercePalavesa Krishnan
 

Similaire à State of Encryption in Kenya (20)

Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Information Technology Act
Information Technology ActInformation Technology Act
Information Technology Act
 
IT (4).pdf
IT (4).pdfIT (4).pdf
IT (4).pdf
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
Introduction to cyber law.
Introduction to cyber law. Introduction to cyber law.
Introduction to cyber law.
 
cyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimecyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crime
 
Presentation ict3992
Presentation ict3992Presentation ict3992
Presentation ict3992
 
What are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdfWhat are the new laws under Canada Digital Privacy Act.pdf
What are the new laws under Canada Digital Privacy Act.pdf
 
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdfPRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
PRIVACY RIGHTS ARE HUMAN RIGHTS (2).pdf
 
Intellectual Property Law In Internet
Intellectual Property Law In InternetIntellectual Property Law In Internet
Intellectual Property Law In Internet
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore?
 
Introduction to cyber law.
Introduction to cyber law. Introduction to cyber law.
Introduction to cyber law.
 
Averting the dangers embedded in lack of privacy law in nigeria by arazim
Averting the dangers embedded in lack of privacy law in nigeria by arazimAverting the dangers embedded in lack of privacy law in nigeria by arazim
Averting the dangers embedded in lack of privacy law in nigeria by arazim
 
Presentation ICT3
Presentation ICT3Presentation ICT3
Presentation ICT3
 
Presentation ICT2
Presentation ICT2Presentation ICT2
Presentation ICT2
 
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
Gsma pmp - enhancing data protection and privacy in nigeria through the dat...
 
Presentation Ict
Presentation IctPresentation Ict
Presentation Ict
 
Cyber crime in the digital age
Cyber crime in the digital ageCyber crime in the digital age
Cyber crime in the digital age
 
feb 2018 - Sub22 - The impact of new and emerging information and communicati...
feb 2018 - Sub22 - The impact of new and emerging information and communicati...feb 2018 - Sub22 - The impact of new and emerging information and communicati...
feb 2018 - Sub22 - The impact of new and emerging information and communicati...
 
security issue in e-commerce
security issue in e-commercesecurity issue in e-commerce
security issue in e-commerce
 

Dernier

原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样asdafd
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxChloeMeadows1
 
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样rgdasda
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebJie Liau
 
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理B
 
一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理A
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样Fi
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsrahman018755
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkklolsDocherty
 
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理Fir
 
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...Mumbai Escorts
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书A
 
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样Fi
 
一比一原版英国萨赛克斯大学毕业证如何办理
一比一原版英国萨赛克斯大学毕业证如何办理一比一原版英国萨赛克斯大学毕业证如何办理
一比一原版英国萨赛克斯大学毕业证如何办理SDSA
 
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理gfhdsfr
 
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书rgdasda
 
AI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model GeneratorAI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model Generator3DailyAI1
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...musaddumba454
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样A
 
一比一定制(Dundee毕业证书)英国邓迪大学毕业证学位证书
一比一定制(Dundee毕业证书)英国邓迪大学毕业证学位证书一比一定制(Dundee毕业证书)英国邓迪大学毕业证学位证书
一比一定制(Dundee毕业证书)英国邓迪大学毕业证学位证书gfhdsfr
 

Dernier (20)

原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
原版定制(Management毕业证书)新加坡管理大学毕业证原件一模一样
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
原版定制(PSU毕业证书)美国宾州州立大学毕业证原件一模一样
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
一比一原版(Bath毕业证书)英国桑德兰大学毕业证如何办理
 
一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理一比一原版布兰迪斯大学毕业证如何办理
一比一原版布兰迪斯大学毕业证如何办理
 
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
一比一原版(UWE毕业证书)西英格兰大学毕业证原件一模一样
 
Free scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirtsFree scottie t shirts Free scottie t shirts
Free scottie t shirts Free scottie t shirts
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
一比一原版(NYU毕业证书)美国纽约大学毕业证如何办理
 
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
💞 Safe And Seℂure ℂall Girls Dehradun ℂall Girls Serviℂe Just ℂall 🍑👄93157910...
 
一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书一比一定制加州大学欧文分校毕业证学位证书
一比一定制加州大学欧文分校毕业证学位证书
 
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
一比一原版(Soton毕业证书)南安普顿大学毕业证原件一模一样
 
一比一原版英国萨赛克斯大学毕业证如何办理
一比一原版英国萨赛克斯大学毕业证如何办理一比一原版英国萨赛克斯大学毕业证如何办理
一比一原版英国萨赛克斯大学毕业证如何办理
 
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
一比一原版(Exon毕业证书)英国埃克塞特大学毕业证如何办理
 
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
一比一定制(OSU毕业证书)美国俄亥俄州立大学毕业证学位证书
 
AI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model GeneratorAI Generated 3D Models | AI 3D Model Generator
AI Generated 3D Models | AI 3D Model Generator
 
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
100^%)( POLOKWANE))(*((+27838792658))*))௹ )Abortion Pills for Sale in Sibasa,...
 
原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样原版定制美国加州大学河滨分校毕业证原件一模一样
原版定制美国加州大学河滨分校毕业证原件一模一样
 
一比一定制(Dundee毕业证书)英国邓迪大学毕业证学位证书
一比一定制(Dundee毕业证书)英国邓迪大学毕业证学位证书一比一定制(Dundee毕业证书)英国邓迪大学毕业证学位证书
一比一定制(Dundee毕业证书)英国邓迪大学毕业证学位证书
 

State of Encryption in Kenya

  • 1. CC BY-NC-SA 4.0 State of Encryption in Kenya Encryption Everywhere @Collins Kimathi, Internet Society Kenya Chapter internetsociety.ke @ISOC_Kenya Introduction Modern age has come with improvements in many areas of our lives. One of this is the ease with which we can communicate with one another. The use of technological services such as email, chat platforms and social media has become an integral part of our day to day lives. One can even argue that they have become a part of us. With such deep levels of integration; the right to privacy that people are entitled to on a non-tech communication should be extended to these platforms. Encryption is the process where information passed through communication technologies is converted into an unreadable form and transmitted to the recipient who can convert the unreadable form back to the original message. This greatly reduces the risk that the real information can be understood by unintended recipients hence protecting the data for those who are the intended viewers. That way sensitivity of any information shared remains safeguarded. Right to Privacy Encryption is a technological solution that is used to guarantee privacy; and where there is a legal right to privacy it complements the law. Most communication platforms offer end to end encryption by default to ensure privacy; this is where message encryption happens in the sender’s device, on the transit channels and on the recipient’s device. This leaves the clear text version of the message only available to the sender and recipient while using the application. The Kenyan constitution guarantees privacy for its citizens. The constitution clearly states that every person has the right to privacy which includes the right not to have their person, home or property searched; their possessions seized; information relating to their family or private affairs unnecessarily revealed and the privacy of their communication infringed.1 However there are situations where this right can be infringed upon by state actors i.e. intelligence agencies and police. With encryption, some of the situations where state actors are required to infringe on privacy; whether legally sanctioned or not are almost impossible and some governments all over the world are considering ways to bypass encryption. Encryption is mentioned in the Data Protection Act of 2019, whereby a data controller or data processor is expected to protect personal identifiable data by considering encryption as a measure.2 While this is specific to personal data there is no guidance on the specifics in terms of use of encryption in the country. 1 Article 31 Privacy, Constitution of Kenya 2 Section 41, Data Protection Act
  • 2. State of Encryption In Kenya – Encryption Everywhere CC BY-NC-SA 4.0 2 internetsociety.ke @ISOC_Kenya Encryption Laws The use of cryptography is one that needs to be protected and guided by the law where possible. It’s in this ambiguity that people take advantage of digital rights that should be aligned to human rights on freedom of expression and the right to privacy. The use of encryption will support human rights principles and governments have an opportunity to set proper baselines on how encryption can aid these principles in the digital era. According to the Travel Guide to Encryption Policy, governments should not impose a blanket ban on encryption as it would be against human rights principles.3 There is still a big risk of infringement when the government sets licensing requirements for encryption use or weak technical standards for encryption. Some governments have even put controls on import and export of encryption tools which inherently means that encryption standards used within their countries can be intentionally weak or have already been compromised by the government. In comparison to other countries, Kenya seems to have no specific laws that touch on encryption. According to Global Digital partners,4 Kenya misses the laws that are part of a baseline on the encryption legal framework. These are: a. General right to encryption Laws that allow people to utilize encryption products and services. This implies there are no legal requirements for one to use encryption; but they can use it within their own terms. b. Mandatory minimum or maximum encryption strength Laws that set down either minimum or maximum standards for encryption products and services. c. Licensing/registration requirements Laws that require providers (or users) of encryption products or services to be licensed or registered in some manner for use within the country. d. Import/export controls Laws that set out limitations or conditions on the lawful importation or exportation of encryption products or services. This can be to limit sale or acquisition of encryption services or products to and from some specific countries. e. Obligations on providers to assist authorities A law that requires private entities to assist state authorities to access the content of encrypted communication. f. Obligations on individuals to assist authorities Laws that provide for state authorities to be able to require individuals to decrypt (or assist in the decryption) of encrypted communications. National Public Key Infrastructure The Public Key Infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption according to the East Africa Communication Organization. 5 In Kenya, the Communications Authority (CAK) has the technical infrastructure that hosts Kenya’s National Public Key Infrastructure (NPKI). NPKI uses public key encryption to ensure that digital signatures and encrypted content can be traced back to identifiable users and/or organizations. The aim of the NPKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email.6 3 https://www.gp-digital.org/wp-content/uploads/2017/09/TRAVELGUIDETOENCRYPTIONPOLICY.pdf 4 https://www.gp-digital.org/world-map-of-encryption/ 5 http://www.eaco.int/admin/docs/publications/STANDARDS%20ON%20NATIONAL%20PUBLIC%20KEY%20INFRASTRUCTURE.pdf 6 http://icta.go.ke/the-national-public-key-infrastructure-npki/
  • 3. State of Encryption In Kenya – Encryption Everywhere CC BY-NC-SA 4.0 3 internetsociety.ke @ISOC_Kenya The CAK has set a Root Certification Authority in the country that can license other entities to become Electronic Certification Service Providers.7 The CAK has been granted this authority by the Kenya Information and Communications Act of 1998, which grants it powers to license providers of Electronic Certification Service Providers. However, it is worth noting that there are no laws on the services of digital signatures and encryption. Stakeholders With the possibility of various laws being enacted on the use of encryption, several stakeholders will need to be brought on board for an effective legal framework to be set up. The establishment of a legal framework for the use of encryption will likely begin as a legislative process which lies solely in the hands of parliament. If the members of parliament lack clear knowledge on what encryption entails, it will be the responsibility of other stakeholder groups such as civil societies, non-governmental organizations, technology companies and knowledgeable citizens to champion for a law that does not weaken or compromise human rights. There have been several countries where proposed encryption laws have been highly contested since they disregarded human rights, e.g. in Australia the TOLA (Assistance and Access) Act 2018 had clauses that came with heavy protests from civil society and technology companies leading to changes in the initial proposal.8 In Kenya, participation from non-government stakeholders has been seen in previous proposed laws such as the Computer Misuse and Cybercrimes Act, 2018 whereby contentious clauses have had to be amended.9 It is in the same spirit that any proposed encryption law in Kenya should be scrutinized for its usefulness to the citizens to prevent the law from becoming a tool for the government to use in oppressive ways. Conclusion The Kenyan legal framework may not address the use of encryption, but there are laws to protect the right to privacy of individuals. The role of encryption in the country does not necessarily need a legal framework; but with the Office of a Data Commissioner being available, some guidelines on its use could be helpful. The concerns of whether the government can break encryption or weaken cryptographic techniques when it becomes a challenge for law enforcement should be raised through consultative channels with all stakeholders. It is up to all stakeholders especially those in the Internet Society to advocate for strong and useful encryption laws that cannot be used against privacy rights and rights to personal information. Kenya needs to enact an encryption legislation as this will provide individuals with a degree of surety that their personal information; wherever it has been collected, stored, used or communicated to other persons can be kept secure and private. 7 https://ca.go.ke/industry/e-commerce-development/national-public-key-infrastructure/ 8 https://digitalrightswatch.org.au/2019/12/04/major-amendments-to-encryption-laws-are-a-step-in-the-right-direction/ 9 https://cipesa.org/2018/05/sections-of-kenyas-computer-misuse-and-cybercrimes-act-2018-temporarily-suspended/
  • 4. State of Encryption In Kenya – Encryption Everywhere CC BY-NC-SA 4.0 4 internetsociety.ke @ISOC_Kenya About the author Collins Kimathi is an Information Security Specialist who works with organizations to design and implement Cyber Security Architecture around their infrastructure. He has worked for 6 years as an information security consultant. He has experience in setting up architecture to support information security compliance standards, threat intelligence and business continuity. In the last 2 years he has been focusing on Cloud architecture and security for fintech services. He’s part of ISOC Global Volunteer Training Program hoping to make a positive change to the internet community. The Internet Society Internet Society Kenya Chapter is an Internet technical community chartered by the Internet Society and registered in the Republic of Kenya. It seeks to provide leadership on Internet policy, technology standards and future development of the Internet in Kenya. The Chapter establishes and promotes principles that are intended to persuade governments and other stakeholder to make decisions that are right for the citizens and the nation’s future. Internet Society is the world's trusted independent source of leadership for Internet policy, technology standards, and future development. The Society has for many years been the champion for Internet advancement and open resource usage. More than simply advancing technology, we work to ensure the Internet continues to grow and evolve as a platform for innovation, economic development, and social progress for people around the world. Preparing a new generation to succeed as Internet technology, policy, and business leaders is a key objective for the Internet Society. To be successful, the next generation of Internet leaders will require a wide range of skills in a variety of disciplines as well as the ability and experience to work with people at all levels of society. For more information, please visit the Internet Society Kenya Chapter website at: www.internetsociety.ke Follow us: @ISOC_Kenya