Submissions

KICTANet submissions have been sent to our engagement partners, policymakers, and policy implementers.

Name Description Downloads Download File Size
Name Description Downloads Download File Size
Memorandum on the draft Information and Communications Technology Authority Bill of June 2024
The memorandum on the draft ICTA Bill of June 2024 emphasizes the need for a fair, transparent, and inclusive approach to ICT regulation and governance. By addressing potential conflicts of interest, reducing administrative burdens, and promoting competitive recruitment, the proposed changes aim to foster a more dynamic and equitable ICT sector in Kenya.
 		47 downloads Download 158.9 KB
A Call Against Internet Shutdowns in Kenya - June 2024 Joint Press Statement

The hashtag #KeepItOn is a call to action urging the Kenyan government to not shut down the internet during protests against the #RejectTheFinanceBill2024. Internet shutdowns violate basic rights, hurt Kenya's economy, and damage its international standing.  

 		479 downloads Download 335.2 KB
Press statement - Call for a response on the Internet Shutdown in Kenya in June 2024

Kenyans denounce internet shutdown during #RejectFinanceBill2024 protests as a violation of free speech and access to information, despite prior assurances from the Communications Authority. This action violates provisions of the Constitution of Kenya and international human rights law, which guarantee fundamental rights and  freedoms, including freedom of expression, access to information, and peaceful assembly."

 		23 downloads Download 421.9 KB
KenSafeSpace: Statement on the Nationwide Internet Disruption in Kenya
The Kenyan government disrupted internet access nationwide on June 25th, 2024, coinciding with #RejectFinanceBill2024 protests. This contradicts the Communications Authority of Kenya's (CA) promise of no internet shutdown. Internet disruptions violate fundamental rights to freedom of expression, assembly, and access to information. 24 downloads Download 1.5 MB
Memorandum on The Finance Bill, 2024 (National Assembly Bills No. 30 of 2024)

In response to the call for public participation on the Finance Bill, 2024, we submitted a detailed analysis with our concerns and proposals on tax-related provisions.

 		294 downloads Download 330.7 KB
KICTANet Working Groups Feedback on ICT Sector Recommendations

A Kenyan report by KICTANet Working Groups explores ways to improve the digital landscape. Stakeholders provided input for a plan to create a fairer and more inclusive digital space. This plan was presented in March 2024 to the ICT Task Force and aims to guide Kenya towards a thriving digital future.

 		201 downloads Download 1 MB
Memorandum on the Budget Priorities FY 2024/25 for ICT Sector

This memorandum highlights key challenges and proposes solutions for Kenya's ICT budget in the coming fiscal year (2024/25). Presented in January 2024 during the Institute of Economic Affairs annual pre-budget hearing, it aims to influence budget decisions by the Treasury and Parliament for a stronger ICT sector.

208 downloads Download 126.6 KB
Joint Statement on the Proposed Cybercrime Treaty Ahead of the Concluding Session

A coalition of civil society groups and experts blasts the UN's draft Cybercrime Convention, saying it threatens human rights. They demand stronger protections and clear legal guidelines before it's adopted.

 		289 downloads Download 67.3 KB
Memorandum on The Kenya Information and Communications Act, 1998 and the Computer Misuse and Cybercrimes Act 2018.

KICTANet is pushing for legal changes to fight online violence against women. They want to update two key laws: the Information and Communications Act (1998) and the Computer Misuse and Cybercrime Act (2018). Their goal is to better define and address online harassment, stalking, and other forms of abuse women face online.

 		180 downloads Download 228.7 KB
Comments on Computer Misuse and Cybercrimes (Critical Information Infrastructure) Regulations 2023

KICTANet submitted a response to Kenya's proposed regulations on Critical Information Infrastructure (CII) protection. Their memorandum focuses on these regulations' impact on cybersecurity and digital rights. KICTANet recommends improvements like clearer definitions, stronger collaboration on cyber threats, and ensuring these regulations don't restrict online freedoms.

531 downloads Download 531.8 KB
Brief on the ODPC registration process and independence of data protection authorities
KICTANet's report helps Kenya implement its 2019 Data Protection Act. It offers technical guidance on registering data handlers and explains how this law interacts with new technologies. This aims to build Kenya's expertise in regulating data privacy as technology evolves. The report focuses on two key areas: 1) clarifying the difference between registering for data handling and complying with the law, and 2) ensuring the independence of data protection authorities.
 		328 downloads Download 232.1 KB
MEMORANDUM ON The Draft Kenya Information and Communication Act Amendment Bill, 2023

KICTANet submitted its feedback on Kenya's proposed amendments to the Information and Communications Act (2023). Their response includes a detailed analysis (likely in a table format) outlining their concerns and suggestions for specific provisions within the bill.

 		366 downloads Download 119.4 KB
Joint Memorandum on The Proposed Co-Regulation Framework for Audio-Visual Content Classification For Broadcast And Over The Top /Video On Demand Services

ARTICLE 19 and KICTANet partnered to challenge Kenya's film classification guidelines. They argue the current framework is unconstitutional and lacks proper research. They propose scrapping it and suggest: 1) including more voices in discussions (multi-stakeholder engagement), 2) basing decisions on Kenyan research, and 3) updating laws to align with the constitution.

 		530 downloads Download 311.8 KB
Joint Memorandum on Huduma Bill, 2021

The Huduma Bill (2021) proposes a major overhaul of Kenya's identification system. It would combine birth/death registration, ID cards, passports, and a national database (Huduma Namba) under one law. To ensure everything is done carefully and transparently, there needs to be an in-depth discussion about the bill's details and the design of the entire system.

 		456 downloads Download 826.8 KB
Joint Memorandum on Draft KICA Regulations, 2022

This joint memorandum analyzes four draft regulations for Kenya's communication sector: the Kenya Information and Communications (Broadcasting ) Regulations, 2022; the Kenya Information and Communications (Registration of Telecommunications Service Subscribers) Regulations, 2022; the Kenya Information and Communications (Access and  Infrastructure Sharing) regulations; and, the Kenya Information and Communications (Interconnection) Regulations 2022. 

 		644 downloads Download 415.8 KB
Submission on New USF Strategic Plan 2022-2026

Kenyans are praising a new plan to use the Universal Service Fund (USF) to support community networks. This would fill in gaps in internet access, especially for people with disabilities, women, and youth. The plan is applauded for considering findings from past studies and holding public consultations. To make these networks successful, experts recommend the government provide training to help communities develop the skills they need to build and manage them.

 		467 downloads Download 112.5 KB
Memorandum on the Huduma Bill 2021
KICTANet developed and submitted a memorandum on The Huduma Bill 2021 as part of a coalition of Kenyan civil society organisations with expertise in issues of identification, civil registration, nationality rights, data protection and privacy, minority rights, children’s rights, human rights, and other related issues. The Huduma Bill is proposing the largest set of changes to the legal framework governing Kenya’s identification system since before independence. If enacted, the Huduma Bill would become the single law anchoring birth and death registration, issuance of identification cards, issuance of passports, and governance of the National Integrated Identity Management System (NIIMS, also referred to as Huduma Namba). As such, the draft legislation, system design, and all other decision points around NIIMS must be considered very carefully, comprehensively, and transparently. 670 downloads Download 176.4 KB
The Office of the County Printer Bill, 2021
The Kenya ICT Action welcomes the development of legislation for County Printers through The Office of the County Printer Bill, 2021. Of great importance will be the role the offices will play in ensuring citizen participation in governance through the availability of official government documents. In this proposal, KICTANet recommends the inclusion of digital versions of publications by the County Printers. The adoption of digital versions of documents will ensure increased accessibility of the documents to members of the public who may have limited access to physical copies of important documents published by the County Printers. It is our sincere hope that the above recommendation will be included in the law to increase public awareness on public documents through the provision of digital access. 477 downloads Download 96.1 KB
Open Letter on the Computer Misuse and Cybercrimes (Amendment) Bill, 2021
On Wednesday 7 July, 2021, six civil society organisations sent an open letter and memorandum to Garissa Township MP Hon. Aden Duale expressing deep concern over the proposed amendments to the Computer Misuse and Cybercrimes Act (CMCA), 2018 and calling for the immediate withdrawal of the Computer Misuse and Cybercrimes (Amendment) Bill, 2021 in its entirety. If enacted, an outright ban on pornography will be enforceable in Kenya, and the government will possess the power to interfere with access to communications platforms and digital technologies. The Computer Misuse and Cybercrimes (Amendment) Bill, 2021 will also expand illegitimate cyber-harassment and cyber-terrorism provisions in the CMCA, 2018. 603 downloads Download 577.7 KB
Memorandum on the Computer Misuse and Cybercrimes (Amendment) Bill, 2021
On Wednesday 7 July, 2021, six civil society organisations sent an open letter and memorandum to Garissa Township MP Hon. Aden Duale expressing deep concern over the proposed amendments to the Computer Misuse and Cybercrimes Act (CMCA), 2018 and calling for the immediate withdrawal of the Computer Misuse and Cybercrimes (Amendment) Bill, 2021 in its entirety. If enacted, an outright ban on pornography will be enforceable in Kenya, and the government will possess the power to interfere with access to communications platforms and digital technologies. The Computer Misuse and Cybercrimes (Amendment) Bill, 2021 will also expand illegitimate cyber-harassment and cyber-terrorism provisions in the CMCA, 2018. 1469 downloads Download 169.7 KB
Comments on licensing and shared spectrum for community networks
KICTANet community held a 4 day moderated discussion on it’s mailing list on the Licensing and Shared Spectrum Framework for Community Networks. The responses are archived online on this link https://lists.kictanet.or.ke/pipermail/kictanet/2021-May/subject.html#start under the subject [kictanet] Licensing and Shared Spectrum Framework for Community Networks for Kenya online discussion and [kictanet] Shared Spectrum Framework for Community Networks for Kenya online discussion 478 downloads Download 115.6 KB
Memorandum on the Data Protection Regulations 2021

The Kenya ICT Action Network (KICTAnet) presents this memorandum in response to the call by the Ministry of ICT, Innovation and Youth Affairs through a Taskforce on the development of the Data Protection Regulations for public participation on the Data Protection (General) Regulations, 2021, the Data Protection (Registration of Data Controllers and Data Processors) Regulations, 2021, and the Data Protection (Compliance and Enforcement) Regulations, 2021.

 		660 downloads Download 229.8 KB
Memorandum on the ICT Practitioner’s Bill 2020, Submitted to The National Assembly
The Information Communication Technology (ICT) Practitioners Bill, 2020. KICTANet through this petition seeks to respond to the advertisement by the Clerk of the National Assembly, pursuant to Article 118(1) (b) of the Constitution and Standing Order 123 (7) inviting interested members of the public to submit any representations on the said Information Communication Technology Practitioners Bill, 2020. The Bill seeks to establish a legal framework for the training, registration, licensing, practice and standards of Information Communication Technology (ICT) professionals in Kenya. After intense consultations through the mailing lists kictanet.or.ke, and through social media, KICTANet strongly opposes the Bill for the following reasons: 1. Objective: The Bill does not seek to solve any identified problem. It in fact creates more problems in our society as outlined below with the most critical factor being the risk of loss of employment for the youth and stifling of innovation that will result if the proposed form of regulation of the ICT industry is enforced. It is our position that the level of global innovation that has been seen as a result of the ICT industry can be attributed to the freedom to innovate without boundaries, and that the proposed legislation will be a severe blocker for innovation not just in Kenya but the entire region where Kenya has been at the forefront of delivering innovation. 2. No Policy Backing: Good governance standards require that Bills to enact legislation are informed by an appropriate policy framework. Currently, there is no evidence to show the rationale that informed this Bill. This is the third time the Bill is being introduced and yet once again the proposers of the Bill have failed to show why we need the Bill or the ills it will cure. The challenges meant to be addressed by the bill are adequately covered by available legal avenues through both civil and criminal proceedings in the case of malpractice by a practitioner. Furthermore the ICT industry is so wide that it would be futile to attempt to cluster players in the industry, even users of social media and other tech platforms that are utilised in daily life for processing documents, files and enterprise resource planning (ERP) would need to be registered as practitioners. 3. Public Participation: Players in the ICT sector have had a positive history of consultations with the government since 2005 during development of the Kenya ICT Policy. This ICT Practitioners Bill goes against this spirit as it appears to have been drafted and sponsored by a single person without the robust and required level of public participation that characterises the sector, and demanded by the Constitution. This Bill was developed without input from those affected by it, namely technologists, associations of persons working in ICT related work, civil society, private bodies in the ICT industry, academics working on ICT related issues and the public at large. The Bill therefore is not a legitimate representation of the views of the stakeholders working in the ICT sector. Further it contravenes Article 10 of Kenya’s 2010 Constitution which makes it mandatory for public participation in governance, including policy and law making. 4. Incongruence with other laws and policies: The Bill does not interface with Government policies on social and economic development, movement of labour as well as ICT development. For example, it goes against the National ICT Policy 2020 whose main objectives include: Grow the contribution of ICT to the economy to 10% by 2030, by using ICT as a foundation to the creation of a more robust economy, providing secure income and livelihoods to the citizenry; leverage regional and international cooperation and engagements to ensure that Kenya is able to harness global opportunities; position the country to take advantage of emerging trends such as the shared and gig economy by enhancing our education institutions and the skills of our people, and fostering an innovation and start-up ecosystem that is able to lead on a global scale; and gain global recognition for innovation, efficiency, and quality in public service delivery. Services will be delivered in a manner that ensures we have a prosperous, free, open, and stable society. 5. Impracticality: The contents of the Bill are impractical to implement. This is a demonstration that the Bill drafters lacked a proper understanding of the needs of the sector or a holistic approach to identifying key issues affecting stakeholders, and their views on the solutions to those issues. For example, Section 10 of the Bill on the functions of the proposed institute will be required to approve courses for purposes of registration of ICT Practitioners. Given that ICT courses are always changing and almost every course now has an ICT aspect to it, it will be an almost impossible task to determine what courses one will be required to undertake to be termed as an ICT Practitioner. Further, the section also states that the institute shall administer an examination to determine whether one qualifies to be an ICT Practitioner given that the broad nature of ICT implementing this may prove an impossible task. The Bill has failed to recognise the malleable and evolving nature of ICT with the evolution of new programming languages and innovation on an almost daily basis. 6. Incoherence: The Bill contains many inconsistencies that would make it extremely difficult to implement. At a foundational level, the Bill fails to define unequivocally who an “ICT Practitioner” is. The definition given by the Bill is so broad it captures the entire population. Given that Kenyan Mobile phone penetration is at 100% going by the definition of ICT and ICT Practitioner, majority of the Kenyan population will be classified as ICT Practitioners. 7. Stifling Innovation: The Bill if enacted would stifle innovation in the country. Innovation is the hallmark and driver of ICTs and more so economic growth. The Bill requires innovators who normally come up with solutions such as coders, developers, network engineers, programmers, application developers, mobile phone repairers, and many others to register with an authority before they can innovate and consequently earn from their labour. Innovators need stronger protection for their innovations, access to credit, less regulation, and incentives from the government. Consequently, a more robust intellectual property law regime and policies that promote access to finance for young innovators would be more suitable under the circumstances. 8. Priorities in the ICT sector: As stated above, the ICT sector has a history of consultative policy and legislation making. Stakeholders have identified among others, Digital Taxes Policy Framework, and Data Protection Regulations to support the Data Protection Act as urgent priorities. We urge Parliament to use this legislative opportunity to assist the stakeholders in achieving these urgent priorities as they are paramount to the development of Kenya through ICTs. One critical area that needs urgent attention is the protection of ICT critical infrastructure that will ensure that the current losses of maintenance and replacing expensive infrastructure are reduced through the formulation of a legal framework for assets. 9. Youth and Development: Stakeholders in the ICT sector are as committed as the government in ensuring the use of ICTs to give youth more opportunities to develop themselves and achieve their destiny. Unfortunately, this ICT practitioners Bill does the opposite by creating hurdles in the form of academic requirements, incorporation requirements, and mandatory and annual registration before they can earn a living from ICT-related work. 10. Overrating University/Formal Education: The Bill is completely incognisant of the revolution brought about by ICTs that enables self-learning and other methods of acquiring knowledge. It makes it mandatory for one to acquire a university degree or diploma, suggesting that those are the only paths to education and training. Further, the Bill fails to recognize that there is a large number of people in the ICT sector who are self-taught and have managed to innovate without having gone to a learning institution. This Bill risks discouraging a culture of innovation and may lead to brain drain as people may leave Kenya to go seek opportunities elsewhere, where their talent is appreciated. Some of the best companies ever created such as Microsoft, Apple and Facebook came from people who did not have a university qualification. 11. Global Practices and Policies: ICTs and the Internet are by their very nature global. The ICT practitioners Bill is not anchored on any international best practice or policy. Its effect would be to isolate Kenyan skilled ICT human resources and probably lead to labour migration from the country to other jurisdictions where there is an enabling environment to practice. Further, the bill has no provision in it for bringing in external trainers and consultants and hence damages the industry by working against international knowledge sharing. Also, the Bill creates serious and deep problems with intercompany staff transfers or people in multi-nationals coming in to work on intra-company projects that require external resources. The overall result may be a reduced tax base as people will end up leaving Kenya to seek opportunities in countries that provide conducive environments for them to innovate and create thriving businesses. 12. Multistakeholder Environment: The ICT Sector is not a homogeneous sector such as medicine or engineers. It is a multi-professional sector that comprises professionals from different industries. ICT practitioners include teachers, academia, business, civil society, engineering, and other sectors registered by other institutions. Therefore, it would not be in the best interests of the country to attempt to bring under regulations all these professionals. A better solution would be to develop a conducive environment for these stakeholders to maximise their potential and contribute to nation-building. This Bill does not do that. 13. Standards prescription by a non-ICT Standard body: ICT experts and users in Kenya and globally use, implement or create products and services that are built on global technical standards. These technical standards are built on guiding principles, such as end-to-end interoperability, that ensure continued evolution and permissionless innovation. A non-ICT-standards-making body, cannot propose policy or law that defines who is a practitioner of a resource, that knows no boundaries, and is designed to empower everyone to be creative and innovative. It is evident that whoever drafted the ICT Practitioners Bill did not have the interest of the public at heart. Our humble prayer is that the Bill is withdrawn in its entirety as it shall create unnecessary problems in the space of innovation and economic development through ICTs. 740 downloads Download 235.5 KB
CWG-Internet: Online Open Consultation on Expanding Internet Connectivity
Date: 5th December 2020. CWG-Internet: Online Open Consultation (December 2020) The ITU Council Working Group on International Internet-related Public Policy Issues (CWG-Internet) is holding an open consultation (online and physical) on the following topic: Expanding Internet Connectivity ​CWG-Internet invites all stakeholders to submit contributions on international​​ internet-related public policy issues relating to expanding internet connectivity, focusing on the following questions:    

1. What are the challenges and opportunities for expanding Internet connectivity, particularly to remote and under-served areas? 

  • Community networks require infrastructure deployment and service provision licenses to operate in the telecommunications sector. In the majority of African countries, license categories exist only for national operators and are costly.
  • Operators’ licensing, mobile broadband spectrum assignments are also done nationally in exchange for high fees. This exclusive and broad regulatory framework results in inefficient use of spectrum, where either assigned spectrum is not used in rural and remote areas, or regulators do not find enough companies interested in paying those fees and have an unassigned mobile broadband spectrum.  
  • The majority of community networks in Africa exist in low-income areas making it challenging to get access to financing and the human capacity required to deploy, operate, and maintain these networks. The initial start-up financing for most of the CNs has been through private grant funding programs.
   

2. What are the roles of governments and non-government actors in overcoming these challenges?

Role of Government
  • Tax incentives.
  • Mandating infrastructure sharing (enabling communities to access government infrastructure or infrastructure of established operators).
  • Expansion of license-exempt frequencies.
  • Adoption of dynamic spectrum licensing and spectrum sharing.
  • Streamlining licensing procedures to make them accessible to communities.
  • Governments to mandate funding for universal network access, and allocate a portion of that funding for the growth of community networks. 
  Role of non-government actors
  • Capacity-building at the community level to ensure communities have the knowledge to implement community networks. 
  • A structured dialogue between all stakeholders to find ways community networks can be supported and be more widespread in underserved areas. For example, KICTANet has worked with Community Networks for several years, and in 2020, it produced the first Policy brief on Community Networks in the region to act as a dialog document to policymakers. Community networks have been shown to be very effective in achieving affordable access to the internet. 
   

3. How can small/community/non-profit operators help in promoting the increase of Internet connectivity?

  • Social purpose networks such as community networks offer a holistic approach to digital inclusion enabling contextualizing meaningful connectivity with local realities.
  • Communities have a wealth of knowledge that remains untapped, these communities are able to mobilize resources and information enabling them to deploy and operate connectivity infrastructure at lower costs. 
  • Beyond access community networks create a platform that promotes building local capacities, creation, and distribution of locally relevant content.
  • Community networks contribute to local economies, workforce development, and fostering social connections. 
 		471 downloads Download 69.6 KB
Memorandum to the Judiciary on Virtual Proceedings due to Covid-19
As of 23 April 2020, Kenya had 320 confirmed cases of Covid-19 virus, the highest within the East African Community with around 848 cases.[1] The government has taken steps to contain the spread of the pandemic including among others, implementing a nation-wide curfew, mandatory quarantine, contacts tracing and recommending hand washing and sanitizing, mask wearing and social distancing measures. Following the announcement of the pandemic, the Judiciary and the National Council on the Administration of Justice (NCAJ) took measures to scale down the operations of courts across the country, and made recommendations to safeguard the health of court users and court officials. However, these drastic measures have resulted in calls to balance the need to ensure access to justice, service delivery and the health and safety measures. Consequently, the NCAJ has seen it fit to find ways to upscale court operations and quickly pivot them by fast-tracking the use of technology to ensure continued access to justice.[2] In the past month, the NCAJ and various courts across the country have demonstrated their versatility, resilience, innovation and ability to leverage on video conferencing applications to hold meetings and deliver judgements and rulings respectively. These efforts to adapt are indeed commendable and KICTAnet applauds the effort. KICTAnet further welcomes the recent announcement by the Chief Justice that Microsoft has donated its Microsoft Teams video conferencing application for use by the Judiciary in the coming weeks. The rapid adoption of video conferencing technologies are not without its fair share of challenges. Courts still need to address the legal issues surrounding technology usage, capacity of court users to understand and use of the technologies, the application features and the new procedures required. Further, the financial resources to ensure the availability of functional equipment, reliable internet connectivity and technical support will be key. A critical  challenge in our view, is the lack of clear guidelines on etiquette and procedures when conducting court sessions through video conferencing. It is worth noting that while virtual court sessions are similar to open court proceedings, it is not enough to translate open court procedures to virtual sessions. [1] EAC CommonHealth Data Map https://covidcheck.eac.int/ [2] Statement on justice sector operations in the wake of the COVID-19 pandemic http://ncaj.go.ke/statement-on-justice-sector-operations-in-the-wake-of-the-covid-19-pandemic/ 652 downloads Download 262.3 KB
Public Consultation on Dynamic Spectrum Access Framework for Use of TV White Spaces 2020

On the 3rd March 2020, the Communications Authority of Kenya (CA) invited all stakeholders to submit their comments with respect to the Draft Dynamic Spectrum Access Framework for Authorisation of the Use of TV White Spaces. The following organizations are herewith submitting their comments with the common objective to help create a quality and affordable telecommunications service to all Kenyans, especially those in rural and underserved areas :

  • Kenya ICT Action Network (KICTANet)
  • Tunapanda
  • Association for Progressive Communications, apc.org
  • Internet Society. www.internetsociety.org
  • Rhizomatica

General Comments

We welcome the fact that CA is moving forward with TVWS regulation and further that dynamic spectrum management may be considered for other bands in the future. Dynamic spectrum management has the potential to directly address the challenge of underutilised spectrum in rural areas.

We would like to urge CA to move forward with all reasonable haste in implementing TVWS regulation. The current pandemic has brought home to the world how important affordable access to communication when people’s movements are restricted. TVWS technology can enable network operators to offer innovative and affordable connectivity in underserved regions.

 		566 downloads Download 107 KB
Tech Solutions to covid-19: Responses from KICTANet list
ICTs are already playing a critical role in the management of the COVID-19 situation through information dissemination and availing tools that support business continuity, education and commerce just to mention a few.  KICTAnet notes that it is important to support the continuity of activities such as learning, business and civic activities, and citizens' access to information.  Pursuant to the notice requesting for public input into the COVID-19 Situation, and after intense consultation with our stakeholders, and as an ICT community, we acknowledge that there are many suggestions necessary. However, our interest is in how ICTs can be utilized in the 3 thematic areas highlighted by the Senate COVID19 Adhoc Committee. 782 downloads Download 85.7 KB
Data Protection (Civil Registration) Regulations, 2020

Executive Report

ARTICLE 19 Eastern Africa (or ARTICLE 19 EA ) and the Kenya ICT Action Network (or KICTANet ) present this memorandum in response to the call for public participation on the said Data Protection (Civil Registration) Regulations, 2020 currently being considered by the Principal Secretary, State Department of Information Communication and Technologies (or ICT ) and Innovation.

Recommendations

The following is a summary of our key recommendations:
1. The civil registration and identity management framework should be enacted through a stand-alone Act of Parliament. This should be subjected to (bicameral) legislative oversight and effective public participation. Notably, regulations should in practice provide general guidelines of practice, and cannot be used to regulate and create substantive systems which have implications on the effective and proper functioning of government, and which directly affect individuals’ identity.
a. Recommendation: Enact an ‘appropriate and comprehensive’ civil registration and identity management through an Act of Parliament introducing a Bill to amend the Registration of Persons Act (CAP 107).

2. The Data Protection Act (2019) cannot be used to give statutory effect to this civil registration system (or CRS ) as that is not the objective of the Act. CRSs provide the ‘foundation for national identity management systems’1 and are inherently linked to the generation, collection and utilisation of vital statistics which inform a nation’s development agenda, amongst other core functions. In Kenya, national identity management systems are provided for under the Registration of Persons Act (CAP 107) and the Citizenship and Immigration Act, 2011, the Refugees Act all of which legislate on CRS related issues, including national identity and the National Integrated Identity Management System (or NIIMS ) in Kenya.
a. Recommendation: Introduce a bill with these substantive amendments to the Registration of Persons Act which deals with civil registration, to address the inadequacies of the Act relating to civil registration. These regulations should not be anchored under the Data Protection Act, 2019.

3. The Regulations do not comply with the Data Protection Act (2019). In particular:
a. Section 18 of the Data Protection Act (2019), requires the prior registration and certification of all data controllers collecting and processing copious amounts of sensitive personal data by the Data Commissioner. The provisions dealing with automated decision-making provide limited duties for data controllers and limit the rights of data subjects, in violation of the Data Protection
Act (2019).
b. Regulations 10 and 13 impose fees which are not stated and therefore could be a challenge for low income data subjects.
c. The Regulations permit the retention of personal data by data controllers in perpetuity, despite the requirement for data to be retained in accordance with the ‘reasonably necessary' requirement, and in any event, should provide the period of retention.
d. The Regulations do not explicitly cater for, or have a mechanism to ensure that data breaches are notified to both the Data Commissioner, and data subjects, in line with section 43, Data Protection Act (2019) and international standards.
e. The Regulations fail to provide for a mechanism capable of ensuring that the transfer of personal data through a public network is transmitted using strong encryption methods given the known weaknesses of commonly used encryption systems.
f. The Regulations permit the transfer of personal data outside Kenya and directly contravenes sections 48 and 49 of the Data Protection Act (2019) as well as international standards.
g. The Regulations fail to flesh out the ‘adequacy’ requirement.
Recommendation: The government should fast-track the operationalisation of the Office of the Data Protection Commissioner (or ODPC ) to ensure that there is proper oversight over the collection and processing of sensitive personal data in accordance with the Data Protection Act (2019). The provisions of the proposed regulations should comply with the Data Protection Act, 2019.

4. The Regulations should provide explicit ( technical, personnel and procedural ) safeguards to ensure that personal information is accorded the highest safety and security, management and governance protection.

5. In conjunction with civil society and other stakeholders, the Ministry should develop ‘appropriate and comprehensive regulatory frameworks’ which adhere to the High Court’s orders in Consolidated Petitions No. 56, 58 and 59 (2019) and which pay proper homage to the letter and the spirit of the Data Protection Act (2019) and international standards which Kenya is bound by.

 		489 downloads Download 250.6 KB
Registration of Persons (National Integrated Identity Management System) Regulations, 2020

Executive Summary

ARTICLE 19 Eastern Africa (or ARTICLE 19 EA ) and the Kenya ICT Action Network (or KICTANet ) present this memorandum in response to the call for public participation on the said Registration of Persons (National Integrated Identity Management System) Regulations, 2020 currently being considered by the Cabinet Secretary, Ministry of Interior, and Coordination of National Government.

Key Recommendations

The following is a summary of our key recommendations:

1. The civil registration and identity management framework should be enacted through a stand-alone Act of Parliament. This should be subjected to (bicameral) legislative oversight and effective public participation. Notably, regulations, which generally provide guidelines of practice, cannot be used to regulate and create substantive systems which have implications on the effective and proper functioning of government, and which directly affect individuals’ identity.
a. Recommendation: Enact an ‘appropriate and comprehensive’ civil registration and identity management through an Act of Parliament introducing a Bill to amend the Registration of Persons Act (CAP 107).

2. The Regulations exceed the ambit of the Registration of Persons Act (CAP 107) and should not provide for the registration of infants and minors.

3. The Registration of Persons Act (CAP 107) should be amended to provide for a specific government entity responsible for the NIIMS, other than the Principal Secretary (whose docket is not named in either Act or the Regulations). All the functions relating to the registration of persons should be with the Principal Registrar and staff under section 4 (and Schedule) of the Registration of Persons Act (CAP 107).

4. The regulations should provide explicit ( technical, personnel and procedural ) safeguards to ensure that registration information is accorded the highest safety and security, management and governance protection. This will ensure that trust is maintained in the digital ecosystem, by providing sufficient protection against abuse by authorised persons (public organs and private entities), independent
contractors, amongst others.

5. The regulations should provide explicit ( technical, personnel and procedural ) safeguards for the collection, processing, use, and transfer of NIIMS data relating to the registration of persons in line with the requirements under the Data Protection Act, 2019.

6. In conjunction with civil society and other stakeholders, the Ministry should develop ‘appropriate and comprehensive regulatory frameworks’ which adhere to the High Court’s orders in Consolidated Petitions No. 56, 58 and 59 (2019) and which pay appropriate homage to the Data Protection Act (2019). This will ensure that the Regulations adhere to and respect fundamental rights of freedom of expression (or FOE ), the right to information (or RTI ), the right to privacy in the Constitution of Kenya, 2010 and international law.

 

 

 		469 downloads Download 207.9 KB
Submission to the intersessional meeting New York UN Headquarters 3 December 2019

KICTANet’s submission to the intersessional meeting, 2-4 December 2019, New York UN Headquarters: 405 East 42nd Street, New York, NY, 10017 EU Delegation: 666 3rd Ave, New York, NY 10017

 		440 downloads Download 191 KB
KICA Amendment Bill 2019 National Assembly Bill Number 61 November 2019

Submissions done one 11th November 2019 at the National Assembly

 		441 downloads Download 275 KB
KICA Amendment Bill 2019 National Assembly Bill Number 20 November 2019

Submission done one 11th November 2019 at the National Assembly Chambers

 		452 downloads Download 213.9 KB
Submission of Memorandum on Data Protection Bill to National Assembly July 2019
We wish to submit the following recommendations for amendment of the Data Protection Bill. While overall we are highly supportive and enthusiastic as to the positive impact of the Bill, there are several provisions that if left as is could negatively impact innovation in the technology and finance sectors, and hinder both competition and consumer rights. Generally, it is a good bill that is well improved compared to previous versions. For example, the object of the proposed law is positive as opposed to previous versions that included exemptions in the objects. There are also fewer limitations on the right to privacy. There could be further sharpness on engagement of data subjects with data controllers and processors. There are several clauses that propose response to the the data subject “within a reasonable period”. While the rationale behind this is to ensure that data processors can continue with their core business even where there are numerous requests, there should be a better balance between business interests and data subject right to information. 522 downloads Download 444.8 KB
Finance Bill 2019 To National Assembly Departmental Committee On Finance And National Planning
The Finance Bill 2019 currently being considered by the Finance Committee of the National Assembly needs significant revisions to ensure that its protections are in harmony with those of fundamental rights of freedom of expression (or FOE) and the right to information (or RTI) as recognized by the Constitution of Kenya and international law. The current draft fails to recognise that the Kenyan jurisdiction has a nascent digital economy whose dynamism will be stifled via the imposition of onerous taxation burdens which are not adequate to protect freedom of expression and no provisions on ensuring that the law is consistent with the Access to Information Act and the Constitution. Instructively, Uganda’s failed imposition of Over the To (or OTT) taxation not only led to declining internet penetration rates, but also denied existing, vulnerable and marginalised communities their rights to access information and freely express themselves. Recommendations: 1. The Finance Committee of the National Assembly should re-define its definition of a ‘digital marketplace’ which is vague and may impact FOE and RTI disproportionately. 2. The Finance Committee of the National Assembly should postpone the imposition of taxation on Kenya’s nascent digital economy1 until a thorough cost-benefit assessment has been conducted and takes account of the difficulty latent in determining economic presence in dynamic digital transactions. 468 downloads Download 67 KB
Memorandum on Elections Laws Amendment Bill to the Senate Standing Committee on Justice Legal Affairs and Human Rights 2019
563 downloads Download 137.6 KB
Memorandum on policy regulatory framework for privacy and data protection submitted to the task force on Privacy and Data protection 2018
505 downloads Download 676.6 KB
Memorandum on Proposals for the Amendment of the Computer and Cybercrimes Bill 2017,
469 downloads Download 472.1 KB
Letter to Senate on Memorandum on Election Laws Amendment Bill 2017
498 downloads Download 220.2 KB
Memorandum on Election Laws Amendment Bill to the Senate 2017
499 downloads Download 430.3 KB
Memorandum on ICT Practitioners Bill submitted to the National Assembly 2016
450 downloads Download 122.1 KB
Critical Infrastructure bill submission 2015
The Secretariat, Director Programmes & Standards, ICT Authority Telposta Towers, 12th Floor, Kenyatta Avenue, P.O Box 27150-00100 Nairobi. To: [email protected],[email protected].   21 April 2015   Kenya ICT Action Network (KICTANet)’s input into the proposed Critical Infrastructure Bill   Acknowledge   ICT is a tool that is critical for operations and hence requires specialized attention: availability, integrity, and confidentiality.   Starting point:  
  1. Have criteria for defining what critical ICT infrastructure is.
  2. Distinguish between critical ICT infrastructure (Registry, content delivery networks) and traditional critical infrastructure.
  3. Question if there is need to put transport and energy infrastructure on the Internet and if so, how is it protected? Anything put on the internet is vulnerable.
  4. Acknowledge that business models of ICT companies are different from the traditional models of non-ICT critical infrastructures such as energy utilities and industrial control systems. They require more maintenance and upgrades that translate into much more investments.
  5. How do we ensure we have scalable and resilient critical infrastructure? In the past we have seen government institutions invest in white elephants, sending them back to the procurement room before the system goes live.
  6. Consider the need for expertise to deal with and protect the infrastructure (developers focusing on software security and information security professionals specializing in critical infrastructure).
  7. Consider cybersecurity but avoid raising fear, uncertainty and doubt.
  8. Avoid any type of strategy that hacks back. Hacking back will not fix broken infrastructure, and the attribution problem makes it very hard and sometimes impossible to find the real source of attacks. Focus on defense and resilience.
  9. Need to have websites running latest versions of software including security updates otherwise we will continue to experience this: https://www.google.com/#q=%22hacked+by%22+site:go.ke. There should be a big focus on identifying XP use and migrating away from XP usage in government and critical infrastructures.
  Management questions  
  1. Who manages critical infrastructures?
  2.  Should the government own/manage/handle infrastructures like the NOFBi?
  3. Which infrastructure can the government outsource? Which infrastructure is a security threat to outsource? Who are trusted partners for outsourcing?
  4. What is the value of investment in NOFBI while there is no last-mile connectivity? Should the NOFBI operator be able to go the long haul and provide last-mile services to all intended recipient(s) of the service?
  5. What levels of approvals are there (change management) for any change to happen in a critical internet resource? (Just last month, a misguided change at KENIC affecting DNSSEC affected the entire .ke domains for a whole day. No domain was accessible).
  6. How is the security and integrity of PKI maintained?
  7. How are the counties managing ICT county-specific infrastructure and what capacities exist at that level?
    Roll out/ Rapid Response questions  
  1. How fast can we roll out, upgrade, and repaired our fiber optic infrastructure? (There has been a deliberate systematic plot to ensure there are no ducts on wayleaves to pull fiber optic cable within minimum time, and cost-effectively).
  2. Can we vet the software that runs on and support critical infrastructure? We have had cases of defective and compromised firmware and compromised software that has payloads executed at certain times by malicious actors. Which software and hardware do we trust? Can we audit this software?
  3. What is the role of standards? ( ISO 27000 series Standards on Information Security and the ISO 20,000 series on Service Management).
   Regulation vs Legislation and questions regarding scope  
  1. Is it necessary to have an Act on critical infrastructure considering the dynamism and complexity of ICT? Would a few amendments under the KICA 2013 not suffice?
  2. Would it perhaps not be useful to have separate acts or regulations for critical internet infrastructure on the one hand, and critical infrastructures like (power and transport) connected to the internet on the other hand? The two types of critical infrastructure are related but require different and specialized approaches.
  3. The development of a critical infrastructure policy framework should precede the bill to contextualize the Critical Infrastructure bill. The policy framework should also have an implementation framework, a result of which could be the development of law. Before the development of the policy it may be necessary to conduct a study and expert consultation on the matter that includes a review of global best practices.
  4. The protection of critical infrastructure may be better managed under regulations rather than Bills/Acts. This is because in the fast-changing world of IT, what is critical today may not be tomorrow and vice versa. Who would have known five years ago that M-PESA would move beyond just sending money, to becoming a lifestyle for millions of Kenyans aka a critical infrastructure? You don’t manage such issues through hard-wired Acts, but through Regulation.
  Recommendations on Policy and law   The said policy and law should clearly outline:  
  • Definition of what constitutes critical infrastructure.
  • Distinguish between critical internet/ICT infrastructures and critical infrastructures connected to the internet.
  • Criteria for identification of CI.
  • Threat analysis to various CI in Kenya.
  • A risk management framework for the CI.
  • The requirement of mandatory minimum protection of critical infrastructure as well as demonstrated assurance through compliance. 
  • Coordination framework (including PPP arrangements, lead coordinating org, and perhaps the need for a single body?).
  • Investigate frameworks for threat intelligence and information sharing between all concerned stakeholders.
  • Incident reporting mechanisms and investigations of possible requirements for breach disclosure to all affected stakeholders.
  • Research and development strategies.
  • Capacity assessment and development. 
  • Funding mechanisms.
  • Implementation plan.
   Note: It will be important for institutions (private and public) to meet the law and associated regulatory requirements (Consistent with the 2010 constitution). In addition, Institutions must integrate their plans with agencies/bodies (e.g. fire, security, emergency, hospitals, etc.) that are critical to an effective response.     Submitted on behalf of KICTANet by Grace Githaiga, Victor Kapiyo, Barrack Otieno, Mwendwa Kivuva, John Walubengo, Matunda Nyanchama, Alex Comninos and Ali Hussein. 		455 downloads Download 122.7 KB

Loading

Translate »