Putts Law states that technology is dominated by two types of people – those who understand what they do not manage and those who manage what they do not understand. The Kenya Communications (Amendment) Act 2008 has made a spirited attempt in assisting us manage what we don’t fully understand.
From an electronic commerce, security and forensics point of view, The Act has commendably addressed various substantive issues.
A range of financial tokens that underlie e-commerce have been secured against fraudsters. Case in point is Formation and Validity of Contracts where a contract shall not be denied validity or enforceability solely on the ground that an electronic message was used for the purpose.
It is therefore possible to use digital signatures that provide reliable authentication of documents in computerized digital form. These signatures have been legally recognised. This means that where a law requires a signature of a person, this requirement can be met if an advanced electronic signature is used within the context of a relevant agreement.
The implications of this aspect on e-commerce are wide-ranging. You can electronically sign credit contracts with virtual banks and use virtual letters of credit to conduct business. Other aspects that will enhance e-commerce include Attribution/Retention of Electronic Records and Acknowledgement of Receipts.
On ICT security and forensics, The Act has fundamentally altered the electronic security landscape in Kenya. The notable inclusions include the entrenchment and substantiation of electronic records (or evidence).
Electronic records are now legally recognised and can be retained in their original form. This means that your internet history logs, for instance, can now be used as evidence. Attribution is also now legal in that an e-mail receiver can legally act on the contents of an e-mail after identifying its source.
It is now illegal to gain Unauthorised Access to a Computer System, Modifying Computer Material without Authority, Disclosing Passwords, Committing Electronic Fraud, Publishing Obscene Information and Planting Viruses/Trojans in systems.
There are however some significant omissions that should have been included in The Act. Firstly we must divorce ICT from media and publish a dedicated and detailed ICT Act. Some might argue that ICT and media are converging. My contention is that ICT, being a complicated technology with multi-faceted functions, should be recognised as an independent framework despite its use in the media and other sectors.
Electronic investigation has been given a cold shoulder by this Act. Codes of electronic investigation and evidence handling procedures should have been outlined in more detail.
Information is today’s commodity of choice. This digital property will invariably ignite conflict. It would therefore have been advisable to include an ICT intellectual property framework in this Act. Finally the Amendment Act could have meted stricter penalties for sponsors and perpetrators of child pornography, which is has become a menace in Kenya.
In sum, this Amendment Act is a commendable first step. What should be appreciated is that ICT is dynamic and more legislative and policy work needs to be constantly developed.