Kenya: Press Releases: Communications Authority Statement on Measures to Manage Cybercrime
Friday, 03 July 2015

Nairobi, 1 July 2015 --- The Communications Authority of Kenya would like to refer to reports in the local media regarding some of the measures the authority is putting in place to manage cyber crime. The reports are based on the Director General’s remarks made during the 10th Annual General Meeting of the Association of Regulators of Information and Communications for Eastern and Southern Africa (ARICEA) currently being held in Nairobi on 30th June and 1st July 2015.

The reports allege that the authority is in the process of developing regulations which once implemented, will require public Wi-Fi hotspots users to register their devices with either their service providers or with the Kenya Network Information Centre (KENIC), the Registry for the Dot KE Domain Name space. The reports further purport that the authority is “working on a memorandum of understanding with the Registrar of Companies that will see anyone registering a company or business in Kenya compelled will be to acquire a dot ke (.ke) domain address”. Some reports even claim that the new regulations will require all Kenyan companies to host their websites in the country rather than outside.

 The authority wishes to clarify as follows:   

  1. The authority is currently in the process of developing regulations for cybersecurity and electronic commerce and the same will be subjected to public consultations in due course. These regulations shall be implemented exclusively by the authority in line with its mandate;

 2. The draft regulations will have provisions that require installations of Public WI-FI to integrate a component that obliges its users to log in for identification purposes. In this regard, operators of cyber-cafes and public wireless hotspots shall be required to identify users before providing them with Internet access services. The identification shall be through a user registration system that ties each user to a registered mobile phone number. Operators of cyber-cafes shall also be required to ensure that system logs are retained in their original form for a defined period, install Closed Circuit Television (CCTV) for surveillance and use public Internet Protocol (IP) addresses for its computers. There is however no requirement for users to register their devices with KENIC;

  3. The authority is currently spearheading the signing of a multi-partite Memorandum of Understanding (MoU) with the Registrar General in the Office of the Attorney General, the Telecommunications Service Providers Association of Kenya (TESPOK), the Kenya Education Network (KENET), the Domain Registrars Association of Kenya (DRAKE), the Kenya Network Information Centre (KENIC) and the authority. The MoU aims at facilitating stakeholder collaboration in programs that promote the growth of Dot KE domain name and not to compel any locally registered organization to acquire a Dot KE (.KE) domain name.

 4. Although the authority encourages local hosting of content, including websites, the Regulations do not obligate anyone, including Kenyan companies, to host their websites within the country. The draft regulations however require the authority to facilitate the promotion of the Dot KE domain name, local content creation and hosting, the use of local languages in content creation and the local routing of Internet traffic.

 5. The Regulations further cover aspects of data retention, protection and security; cybercrime reporting and management; electronic commerce, limitation of liability of service providers; and offenses and penalties, among others.

Comments (0)Add Comment

Write comment