Saturday, January 24, 2009

The Communications Act could have gone Further

Putts Law states that technology is dominated by two types of people – those who understand what they do not manage and those who manage what they do not understand. The Kenya Communications (Amendment) Act 2008 has made a spirited attempt in assisting us manage what we don’t fully understand.

From an electronic commerce, security and forensics point of view, The Act has commendably addressed various substantive issues.

A range of financial tokens that underlie e-commerce have been secured against fraudsters. Case in point is Formation and Validity of Contracts where a contract shall not be denied validity or enforceability solely on the ground that an electronic message was used for the purpose.

It is therefore possible to use digital signatures that provide reliable authentication of documents in computerized digital form. These signatures have been legally recognised. This means that where a law requires a signature of a person, this requirement can be met if an advanced electronic signature is used within the context of a relevant agreement.

The implications of this aspect on e-commerce are wide-ranging. You can electronically sign credit contracts with virtual banks and use virtual letters of credit to conduct business. Other aspects that will enhance e-commerce include Attribution/Retention of Electronic Records and Acknowledgement of Receipts.

On ICT security and forensics, The Act has fundamentally altered the electronic security landscape in Kenya. The notable inclusions include the entrenchment and substantiation of electronic records (or evidence).

Electronic records are now legally recognised and can be retained in their original form. This means that your internet history logs, for instance, can now be used as evidence. Attribution is also now legal in that an e-mail receiver can legally act on the contents of an e-mail after identifying its source.

It is now illegal to gain Unauthorised Access to a Computer System, Modifying Computer Material without Authority, Disclosing Passwords, Committing Electronic Fraud, Publishing Obscene Information and Planting Viruses/Trojans in systems.

There are however some significant omissions that should have been included in The Act. Firstly we must divorce ICT from media and publish a dedicated and detailed ICT Act. Some might argue that ICT and media are converging. My contention is that ICT, being a complicated technology with multi-faceted functions, should be recognised as an independent framework despite its use in the media and other sectors.

Electronic investigation has been given a cold shoulder by this Act. Codes of electronic investigation and evidence handling procedures should have been outlined in more detail.

Information is today’s commodity of choice. This digital property will invariably ignite conflict. It would therefore have been advisable to include an ICT intellectual property framework in this Act. Finally the Amendment Act could have meted stricter penalties for sponsors and perpetrators of child pornography, which is has become a menace in Kenya.

In sum, this Amendment Act is a commendable first step. What should be appreciated is that ICT is dynamic and more legislative and policy work needs to be constantly developed.


Anonymous said...

The publishing of The Communications Act 2008 is a step in the right direction. As one who participated in the consultations of the Kenya ICT Strategy (which was initially meant to be an ICT Policy/Act) I find this new act to be straight to the point.

I would argue that if such provisions as quoted by the author on IT security, e-Commerce, etc. have been included in the Communications Act, then there is no need for an ICT Act. What would be its subject coverage? Wouldn't this lead to ovelaps in their jurisdictions? Would it not be a beneficial to bridge any gaps identified other than by enact a new act?

The problem of slow evolution of computer legislation that is out of step with the technology is recognized world wide. The Kenyan situation is not unique. My experience with Kenyan legislative process is that is one lengthy, over-consulted unprocedural overpoliticised process. What is required is for legislation to keep up with developments in the society, which goes for other legislation, be they on agriculture, land or water. Not long ago, IT people and lawyers found that the UK Computer Misuse Act 1990 was antiquated. It was argued, for instance, that it did not cater for computer hacking and such malicious code attacks on the computer systems. Their reaction was to flag and update such sections as appropriate.

All leading nations in technology development take serious steps to not just regulate the IT industry but to develop and spur its growth.

In fact, it has been argued that if our aim is to foster growth in the IT industry then we must shift from strict regulation and control to more promotion. All successful Anglophone countries in this field; US, Australia, Canada, UK and to a lesser extent South Africa have implemented strategies with research, promotion and strong public-private partnerships in this area.

Therefore whilst I agree with the author's comments on the Communications Act, enacting an ICT Act is definitely not the answer.


electronic signature said...

Agreed. Digital Signature is the best way of providing authentication of documents in computerized digital form. Digital Signature consists of data in digital document. It is easy to send data from one place to another one.