Computer Misuse and Cybercrimes Amendment Act, 2024: A step forward for security, or back for data and digital rights?
By Nelson Onyimbi,
In the midst of national mourning and global reaction to the news of the passing of Kenya’s former Prime Minister, H.E. Rt. Hon. Raila Odinga, the President, H.E. Dr. William Ruto, exercising his administrative duties, enacted 8 new bills into law. Among them is an amendment to the Computer Misuse and Cybercrime Act of 2018, and it is already stirring up a significant debate.
The Computer Misuse and Cybercrime (Amendment) Bill, 2024 , aims to tackle the growing threats of the misuse of digital spaces and platforms for rising cases of online fraud and harmful content. However, data and digital rights advocates have been partially suspicious about the potential of the law for abuse of dissenting opinions online and the gradual erosion of digital freedoms.
The amendment introduces several key changes to the existing law. Among the most notable are the explicit criminalization of SIM swapping, an expanded definition of phishing, and a controversial “kill switch” for websites and applications that may be deemed by the National Computer and Cybercrimes Co-ordination Committee (NCCCC) as content that may promote (but not limited to) various illegal activities (grey area), terrorism, pornography, or extreme religious practices.
The new bill defines several new terms, including “asset” (to include virtual assets), “identity theft”, “SIM card”, “terrorist act”, and “virtual account”. Phishing, which was previously limited to messages, has been broadened to include making those annoying phone calls that we constantly receive from people asking about our bank details while trying to con us. You must have received one of those at some point. This means that a scammer calling someone and pretending to be from a financial institution is now more clearly committing a crime, and there are legal implications officially in place. The amendment also introduces a specific new offense for “unauthorized SIM-card swap.” Think of the . Or anyone who intentionally tries to and/or illegally takes control of another person’s SIM card to commit a crime can now face a fine of up to KES 200,000 or imprisonment for up to two years, or both.
However, the most contentious part of the bill is the so-called “kill switch”. This provision grants the National Computer and Cybercrimes Co-ordination Committee (NCCCC) the authority to order a website or application to be made “inaccessible” if it’s deemed to be promoting illegal activities, child pornography, terrorism, or “extreme religious and cultic practices.”
From a data advocacy lens, while the intentions behind the bill may be well-intended, its broad and vague language is a cause for alarm. The power to shut down entire websites and applications without judicial oversight is a dangerous tool that could be used to silence dissent and stifle free speech. The phrases “illegal activities” and “extreme religious and cultic practices” are not clearly defined, leaving them open to interpretation and potential misuse by the authorities. Additionally, the lack of a clear framework for appeal and due process for website and application owners also raises eyebrows.
This is particularly concerning given Kenya’s recent history of internet disruptions during politically sensitive times, such as the #RejectFinanceBill2024 protests. Critics argue that the “kill switch” could be used to legitimize such shutdowns and further clamp down on online activism. Extreme misuse of this power may criminalize noble internet initiatives that may be seen as going against the government of the day, individuals, or institutions.
While the provisions against phishing and SIM swapping are a welcome step in protecting citizens from online fraud, the broad powers granted to the NCCCC threaten to undermine the very digital rights the bill should be protecting.
In all fairness, the Computer Misuse and Cybercrime (Amendment) Bill, 2024, presents itself as a double-edged sword; on one side, it has the potential to make the internet a safer place for Kenyans as it is gradually amended and improved, while the other side also carries the risk of creating a more restrictive and censored online environment. Hopefully, through advocacy, we envision that lawmakers will pick and address these concerns and ensure that the final version strikes a better balance between security and freedom.
Originally published at https://www.linkedin.com.
