THE CYBERCRIME OFFENSES – THE COMPUTER MISUSE AND CYBER CRIMES ACT 2018
Introduction.
A cybercrime offense refers to any illegal activity that involves the use of computers, digital devices, or networks. This includes crimes such as unauthorized access to computer systems, hacking, identity theft, cyber fraud, cyberbullying, spreading malware or viruses, child exploitation, etc.
In light of this, and to curb such offenses, the Parliament of Kenya was keen on enacting the Computer Misuse and Cybercrimes Act, 2018, (“the Act”) which stipulates a variety of offenses to be recognized under our jurisdiction. Some of the offences provided for in Act are:
- Unauthorized access
Section 14 of the Act delineates the offense, stipulating that a person commits an offense when they intentionally circumvent security measures to cause a computer system to perform a function, with knowledge that their access is unauthorized. Upon conviction, the individual may be liable to a fine not exceeding Five Million Kenya Shillings (Kshs 5,000,000/-), or imprisonment for a term not exceeding three (3) years, or both penalties concurrently.
However, two limbs have to be satisfied to qualify for this offense:
- If the person lacks entitlement to control access of the relevant kind to the program or data, and
- If the person lacks consent from any authorized person to access the computer system through any function to the program or data.
2. Access with intent to commit a further offense
A person who commits the offense of unauthorized access, intending to commit another offense under any law or to facilitate the commission of such an offense by themselves or another person, commits an offense. Upon conviction, the individual shall be liable to a fine not exceeding Ten Million Kenya Shillings (Kshs. 10,000,000/-), imprisonment for a term not exceeding ten (10) years, or both penalties concurrently. This provision is encapsulated under Section 15 of the Act.
3. Unauthorized interference
An interference is deemed unauthorized if the person causing it lacks entitlement to do so, and does not possess consent from an authorized person to interfere.
When a person intentionally performs an act without authorization that results in unauthorized interference with a computer system, program, or data, they commit an offense. Upon conviction, the individual may be subject to a fine not exceeding Ten Million Kenya Shillings (Kshs. 10,000,000/-), imprisonment for a term not exceeding five (5) years, or both penalties concurrently.
4. Cyber espionage
This refers to the unauthorized access of confidential information using computer networks, often targeting government or organizational data.
In Kenya, any individual who engages in such activities to gain access to critical data, databases, or national critical information infrastructure, or to intercept data to or from these entities, with the intent to benefit a foreign state at the expense of the current state, commits an offense. Upon conviction, the offender may face a twenty-year (20) term of imprisonment, a fine not exceeding Ten Million (Kshs 10,000,000/-) Shillings, or both penalties concurrently.
If the commission of such an offense results in injury to any person, upon conviction, the offender may be liable to a term of imprisonment not exceeding twenty (20) years. Moreover, if the offense leads to the death of a person, upon conviction, the offender may be liable to imprisonment for life.
Additionally, if such an offense is committed with the intent to benefit a foreign country against Kenya, the offender may be liable upon conviction to imprisonment for a term not exceeding twenty (20) years, a fine not exceeding Ten Million Kenya Shillings (Kshs 10,000,000/-), or both penalties concurrently.
5. False publication
This refers to the deliberate dissemination of false, misleading, or fictitious data with the intention and belief that it will be regarded or acted upon as genuine. Accordingly, under Kenyan law, any person who engages in such conduct, whether or not for financial gain, shall be held liable. Upon conviction, the individual may face a fine not exceeding Five Million Kenya Shillings (Kshs 5,000,000/-), or imprisonment for a term not exceeding two (2) years, or both penalties concurrently.
Conclusion.
The provisions outlined in the Computer Misuse and Cybercrimes Act of Kenya underscore the critical need to safeguard digital infrastructure and personal data in an interconnected global landscape. The Act categorizes and penalizes a range of cybercrimes, such as unauthorized access, cyber espionage, cyber harassment, identity theft, and online fraud, holding offenders accountable under the law. By addressing these offenses, the Act aims to bolster cybersecurity measures, safeguard individuals and entities from cyber threats, and promote responsible utilization of technology. Moreover, it acts as a deterrent against cybercriminal activities, thereby fostering a safer and more secure digital environment within Kenya.
“The information provided in this article is intended for general legal advice and does not constitute legal advice for any specific transaction or case. Since each transaction presents a unique legal context, it is advisable to retain a legal adviser for specific transactions.”
To contact CR Advocates LLP, send us an email at info@cradvocatesllp.com or call +254 714887777 or Book a strategy call HERE or direct message us on WhatsApp at your convenience. Our legal team will be happy to help you.