The Future of Cyberspace in Kenya

(As first posted on Medium).

The Global Conference on Cyberspace, hosted by the Kingdom of the Netherlands on 16th and 17th April, 2015, was a very interesting one to have attended. The convening drew attendance from governments and private sector players; civil society were invited to the table, with a one and a half day pre-event that served as a capacity-building program, and an ‘unconference’ event where they could set the agenda, discuss further on issues that were brought up at the conference, or those not tackled altogether.

The themes under which the future of cyberspace was discussed, were freedom, security and growth. The three are interesting departure points to assess cyberspace considerations in each country. For instance, in Kenya, we continue to enjoy Internet freedom, something I contend is by default, not design, in that it hasn’t been a space that the government has attempted to regulate from the onset. That said, the freedom enjoyed as a result of minimal regulation also exposes individual users and institutions alike to any number of risks — data privacy violations, cyber fraud, to name a few. Kenya is currently awaiting two pieces of legislation: the Data Protection Bill and the Cybercrime and Computer Related Crimes Bill that will introduce measures to protect user privacy as well as provide legal options through which to address cybercrime grievances. Reviews of various versions of these bills have noted that there have been clauses that could undermine freedom of expression. It will be imperative for the Legislative processes to balance provisions on security, privacy and freedom on the Internet.

We will soon need to have a conversation on Net Neutrality in Kenya. India is currently engaging in a conversation on the issue, around the regulatory attempts that could undermine it. The Internet.org effort by Facebook and other tech companies, already on Kenya’s shores (in partnership with Airtel) has come under criticism, that it undermines the principle of network neutrality. The initiative, aimed at first time Internet users in the developing world, is already missing the mark, as the target group makes up for a very minimal percentage of its current users. (If you are an Internet.org user in Kenya, would love to hear your thoughts on the service!)

On security, insights from the 2014 Kenya Cyber Security Report indicate the growing risks that individuals and institutions are increasingly facing — ranging from malware, to fraud. User security in online banking systems locally has been found wanting (read from page 28 of the above report on this). Awareness of the risks posed in cyberspace is minimal, and measures to address and mitigate cyberspace risks, challenges and threats exist mostly on paper. For instance, Kenya has a national cybersecurity strategy penned by the ICT Ministry that outlines measures to be taken to secure the country’s cyberspace and ensure cyber resilience. Since 2012, Kenya has supposedly had a National Computer Incident Response Team Coordination Centre (KE-CIRT/CC), in accordance with ITU recommendations. The said centre is housed under the Communications Authority of Kenya. Its work and impact is unknown, though, you can supposedly report an incident or vulnerability. The importance of such a response mechanism has motivated individual efforts by IT security professionals to offer incident response, share information and raise awareness, in the glaring absence of institutional mechanisms within government. The Kenyan government was once again quick to sign up as a ‘founding member’ of the Global Forum on Cyber Expertise that was unveiled at the close of the conference. Will be watching with unabated breath to see the government’s contribution to this new body. We all remember the repeated defacing of the Kenya government institutions’ websites, as well as hacking of social media accounts…makes one wonder what all these strategies and institutions in place are up to. The same government could violate our constitutional right to privacy in the name of national security. (Let’s not forget the scandal that was the Chinese nationals arrested in Runda in December last year, and who as yet, haven’t been prosecuted for the lack of legislature to this effect.)

On growth, it was rightfully noted that “the Internet is rapidly becoming the most critical infrastructure for economies around the globe”. In Kenya, business and economic growth facilitated by the Internet has massive opportunities as well as challenges. Our Internet-based annual economic outputs are currently valued at approximately Kshs. 100 billion, the second highest in Africa. Impressive indeed. However, further growth and diversification of Internet and cyberspace-related economic activity is limited by lack of regulatory frameworks such as the aforementioned Data Protection Bill. Kenya was once poised to set up a Business Process Outsourcing (BPO) sector, greatly undermined as a result of a delayed process of enacting the Bill. Initiatives and investments such as Rockefeller’s Digital Jobs Africa bear massive potential, but challenges- including talent — need to be addressed carefully and strategically to ensure that the country can derive more economic growth and generate employment via cyberspace activities.

It’s not all up to government though. Training institutions (with their ever increasing ICT-oriented courses and curricula) need to churn out talent that can either be hired or that can be enterprising around the Internet economy. Civil society needs to align itself to the cyberspace, to keep government (and private sector) in check in their efforts, as many of them could undermine freedoms that have been hard-earned. Academia have their research and analytical work cut out for them. All have to work together to facilitate knowledge exchange and wholesomely contribute to a safe, free and secure cyberspace in Kenya.

A Side Note: other interesting observations from the conference.

From the onset, governments as represented by Ministers read out statements on their position and efforts on enhancing the cyberspace. It was particularly interesting to note the different angles from which various countries approached the discussion. MENA countries emphasized that countering terrorism in the cyberspace is their priority. China invited others to join them in their efforts, reiterating that they believe in the freedom, security and growth of the cyberspace (lots of eyes rolled). Sub-Saharan African countries — Uganda, Senegal and Ghana — read out their ministerial statements, in which they reiterated commitment to passing laws to address cyberspace related issues, with Senegal referring to the African Union Convention on Cyber Security and Personal Data Protection, recently adopted by the regional body as a guiding principle for their local efforts. There was the usual extending of a begging bowl; assistance from the Global North was sought.

It was noticeable that Kenya, Nigeria and South Africa weren’t as vocal/visible. The three countries are ‘leaders’ in Internet connectivity and have significantly large ICT sectors, one wonders where their ministers of ICT and/or Foreign Affairs were.

It was interesting how most discussions boiled down to matters of mass surveillance (many spirited attempts at justifying it from government types), privacy and security(whether one can exist without the other) in cyberspace.

On civil society participation, it was good to note involvement within the conference programme (e.g. Nnenna Nwakanma’s inclusion in the opening panel, where she fantastically represented civil society voice) and beaming their thoughts out loud via the Twittersphere. That said, I was rather disappointed by the low turnout at the unconference, given dissatisfaction expressed in the main conference discussions by civil society types in attendance. Some of the unconference sessions, however, were interesting, others altogether problematic. (In my view the framing around ‘the next (two) billion Internet users’ worries me…that’s for another day).

However, it was also notable that no civil society organisations were founding members of the Global Forum on Cyber Expertise…so much for a multi-stakeholder approach!