GROUP 10’S PRESENTATION. Cybercrime is categorized into three classes: 1.Cybercrime against the...

CYBER-CRIME AND CYBER-SECURITY IN

KENYA

GROUP 10’S PRESENTATION

Cybercrime is categorized into three classes:1. Cybercrime against the individual e.g.

electronic-money transfer fraud; piracy; hacking; cyber-bullying; identity-theft etc.

2. Cybercrime against property e.g. computer vandalism; transmission of malware (viruses and worms)

3. Cybercrime against government e.g. cyber-terrorism.

MAJOR WAYS IN WHICH CYBERCRIME IS PERPETUATED

ELECTRONIC MONEY TRANSFER FRAUD Transfer of electronic money based on

misrepresented or fraudulent information for the purpose of stealing it.

Losses to fraud in Kenya’s financial institutions rose to 1.6 billion Kenya shillings for the first nine months of 2013; this was nearly triple the amount reported stolen in the first nine months of 2012.

This new data exposes weak deterrence and investigation systems in the sector.

CYBERCRIMES AGAINST THE PERSON (MOST COMMON TYPE IN KENYA)

The Banking Fraud Investigations Department (BFID) in

its monthly crime reports cited identity theft, electronic funds transfer, bad cheques, credit card fraud, hacking and forgery of documents as methods used to defraud financial institutions.

In a report released by Deloitte East Africa titled ‘Financial Crime Survey 2013’ it was reported that approximately only a third of the fraud cases are reported. This is because many financial institutions choose not to go public out of fear that it could tarnish the name of such an institution.

ELECTRONIC MONEY TRANSFER FRAUD CONTD.

The use of the internet through a computer or

electronic devices to engage in obnoxious behavior directed at a specific person or group of persons and it usually involves threats, cyber stalking, insults, defamatory or libelous statements, falsification, fraud among other actions.

Can be effected through emails, through messages on social media, short messaging services, phone calls and voice over internet protocol (e.g. Skype).

CYBER BULLYING

The Kenya Information and Communications

Act does not mention cyber bullying as one of the cyber offences. Although it may not be punishable as an offence in itself, it may be argued that stipulated offences under the Act are enablers or forms of cyber bullying.

CYBER BULLYING contd.

The unauthorized reproduction or use of

copyrighted material, a patented invention or a trademarked product

The most common form of piracy in Kenya is software piracy. This is due to the fact that software piracy laws in Kenya are very lax thus providing a fertile ground for downloading illegal software and applications without judicial prosecution.

A piracy study conducted in 2011 showed that 79% of Kenyans use pirated software

PIRACY

An amnesty campaign was initiated by the Kenya

Copyright Board with the support East and Southern Africa where end-users running counterfeit software can discontinue illegal use and acquiring genuine versions of the software without penalty within a period of thirty days.

Microsoft, the world’s leading software company, is fully committed to this initiative and is offering discounts on genuine versions of some of its most popular software e.g. Microsoft Office and Windows 7 Pro.

PIRACY contd.

NATIONAL FRAMEWORK1. KENYA INFORMATION COMMUNICATIONS ACT The main Act that tackles cybercrime in Kenya. Section 83W makes it an offence to access

computer data without authorization; Section 83V makes it an offence to access a

computer with the intent of committing an offence; Section 84 B makes it an offence to cause the loss

of another person’s data by deletion or interfering with the computer system

THE LEGAL FRAMEWORK OF CYBERCRIME IN KENYA

Section 84D makes it an offence to publish in

electronic form any material that is lascivious that corrupts the public’s morals;

Section 84E deals with publication for fraudulent purpose;

Section 84G makes it an offence to change without authorization, the mobile phone equipment identity.

THE LEGAL FRAMEWORK OF CYBERCRIME IN KENYA contd.

2. PENAL CODEINFORMATION AS A THING CAPABLE OF BEING STOLEN The Kenya Information Communications Act

amended section 267 of the Penal Code to include information in the class of things that are capable of being stolen.

Section 275 of the Penal Code: any person who commits this offence is guilty of a felony labeled theft and is liable to imprisonment for three years

THE LEGAL FRAMEWORK OF CYBERCRIME IN KENYA contd

FORGERY Any person who forges any document or electronic record is

guilty of a felonious offence unless owing to circumstances of the forgery or nature of the thing forged some other punishment is provided, to imprisonment for three years.

Section 472 of the Code further provides that a person utters a false document when they make a document purporting to be in fact what it is not; when they alter a document without authority in such a manner that if authorization had been given to alter the document, it’s very nature or effect would have been altered; or when they introduce into the document without authority matter which if authorized would alter the effect of the documen

THE LEGAL FRAMEWORK OF CYBERCRIME IN KENYA contd.

OPTIONAL PROTOCOL TO THE UNITED NATIONS CONVENTION ON THE RIGHTS OF THE CHILD ON THE SALE OF CHILDREN, CHILD PROSTITUTION AND CHILD PORNOGRAPHY

This protocol defines pornography as any representation, by whatever means, of a child engaged in real or simulated explicit sexual activities or any representation of the sexual parts of a child for primarily sexual purposes and prescribes the criminalization of such conduct and talks about the role of the internet in distributing pornography.

INTERNATIONAL LEGAL FRAMEWORK

UN CONVENTION ON THE RIGHTS OF THE CHILD

The United Nations Convention on the Rights of the Child calls upon Member States to prevent the exploitative use of children in pornographic material (Article 34 United Nation Convention on the Rights of the Child).

INTERNATIONAL LEGAL FRAMEWORK contd.

AFRICAN UNION DRAFT CONVENTION ON THE ESTABLISHMENT OF A CREDIBLE LEGAL FRAMEWORK FOR CYBER SECURITY IN AFRICA This convention is intended to strengthen member states

legislation on cybercrime, data protection and online transactions.

Kenya intends to ratify the draft convention however ICT stakeholders have filed a petition opposing the convention stating that the law will impose restrictions on cyber space. One of the issues contested by the stakeholders is that a provision requiring organizations engaging in financial transactions to provide full identity information including PIN and address information and this they say will threaten their confidentiality


The convention will deal with issues like

pornographic content and fraudsters stealing financial data from banks. An estimated 2 billion shillings is lost to cyber fraudsters in Kenya. The rising problem of espionage will also be tackled by the convention.


1. INTRODUCE LEGISLATION THAT DIRECTLY

DEALS WITH CYBERCRIMES Kenya lacks an elaborate and comprehensive

legislation on cybercrime to regulate the banking industry, giving rise to the increase in cybercrime.

The Kenya Information and Communication Act, remains the act that highlights cybercrime albeit not comprehensively. The Banking Act and the Central Bank of Kenya Act regulate the banking industry but the act did not envisage cybercrimes during its enactment.

HOW THE LAW SHOULD RESPOND TO RISING INSTANCES

OF CYBERCRIME IN KENYA

2. ADDRESS LEGAL PROCESS OF

CYBERCRIME INVESTIGATION. KICA which touches on cybercrime fails to

address the legal process of conducting cybercrime investigation which will translate to successful prosecutions hence deterrence.

This is evident as there has not been successful prosecution on perpetrators of the crime.


OF CYBERCRIME IN KENYA contd.

3. MOBILE SECURITY This refers to the policy, technical, managerial and

legislative safeguards applied to mobile systems and data to protect organizational and personal privacy.

The absence of such policies has made it difficult to prosecute such crimes. Though the government introduced mandatory SIM card registration this was a presidential directive and not a legislative directive which has led to minimum compliance from the mobile service providers.



4. INTERNET TRAFFIC MONITORING SOFTWARE It should come into legislation, making it mandatory for

monitoring telecoms service providers to co- operate in providing essential information in installing the internet traffic monitoring equipment, Network Early Warning System (NEWS).

The CCK Director in March last year came up with such intention, but it has never come into actualization.

Although it may amount to violation of individual civil liberties as envisioned under constitution of Kenya which provides for the privacy of their communication, international law and customs have suggested such freedoms may be derogated. Article 31 of the Constitution of Kenya.



5. MODIFICATION OF BANKING LAWS AND

REGULATIONS Since the Central Bank of Kenya is the body mandated

to regulate the banking activities of commercial banks and other financial organizations through its regulations, it should formulate specific regulations aimed at curbing cybercrimes for commercial banks and other stakeholders to operate within.

The Central Bank Act of Kenya and the Banking Act fail to cater for such crimes as when they were enacted cybercrimes in Kenya were the least of concern as modern concepts of banking had not developed



Additionally, other money transfer methods

have developed which are not adequately regulated by any statute or regulation. For instance, M-Pesa, which was founded in 2007 does not fall within any form of banking but may operate some functions of banking, is not adequately regulated thus giving room for crimes.

This is mainly because it does not fall under commercial banks or financial institution to be regulated by the Banking Act.



6. STRINGENT MEASURES ON HOLDERS OF

SENSITIVE INFORMATION Banks are normally entrusted with important client

information such as credit card numbers or account numbers. The law ought to regulate and introduce stiffer penalties to institutions safeguarding this information to prompt them to ensure such information is protected at all costs.

In the instances of online transactions banks ought to ensure the transaction is protected is a strong encryption method.



The law also ought to introduce a mandatory security

system in regards to automated teller machines such as making sure the machines are tamper proof to prevent card skimming. This may include digitization of the cards since the magnetic tape used is far too easy for skimmers to take advantage of.

The law ought to have a minimum digital security standard to curb cybercrime and all players in the industry ought to adhere to this standard.

The government ought to introduce a periodic inspection or random assessment mechanisms to ensure that all security methods employed by banks are up to date with current cybercrime trends.



7. THE LAW SHOULD KEEP UP WITH LATEST

DEVELOPMENTS While the law cannot possibly predict business

trends but it can however keep up with them (Mpesa case).

It’s the mandate of the regulating bodies to keep up with the latest technological advancements and adjust our laws accordingly. This may involve examining the latest cyber trends and getting security researchers to examine any possible flaws.



THANK YOU FOR YOUR ATTENTION.

THE END.

GROUP 10’S PRESENTATION. Cybercrime is categorized into three classes: 1.Cybercrime against the...

Documents

Transcript of GROUP 10’S PRESENTATION. Cybercrime is categorized into three classes: 1.Cybercrime against the...