While Kenya has outgrown her Information Communication Technology (ICT) sector, her social media has come of age, a scholar of law observes.
For this reason, Dr Peter Onyango Onyoyo argues that the country needs laws that will deal with cybercrime. Onyoyo is a don at the University of Nairobi’s School of Law, Kisumu Campus.
The lecturer says the Ministry of Communication has a great role to play to ensure sanity in the ICT sector. In his research titled “Examining ‘Electronic Fraud’ in Kenya and the Impact on Commercial Justice”, Dr Onyoyo notes:
“As much as the Kenyan consumer behaviour is rapidly tending towards post-modernity, and deploying digital machines to control transfer of money, any reasonable person must admit that Internet offenses are on the rise and they are here to stay.”
For this reason, Onyoyo says, Government has to design reticent financial legal frameworks to countermeasure fraudulent behaviour in the financial sector.
The legal researcher singles out the mobile banking sector as a fertile ground for electronic fraud. “As much as mobile banking works for the low, medium and high economy, it comes with its own sui generis offences that likewise deserve legal investigation,” he reports in his research paper.
The report further says that what M-Pesa started in a simple format in less than a decade has eventually become a general finance principle guiding the micro-economy and macro-economy not only in Kenya but almost within the East African region.
“Users of mobile banking systems have increased rapidly. Use of mobile phones, iPads and tablets, and personal computers in transacting business has got into the ordinary economic DNA of the Kenyan society or social engineering stage. M-Pesa fraud seems to be following firmly on the same paths. The initial phase of M-Pesa fraud has been purely sociological,” says the research.
Some examples of the sociological methods used include a fraudster sending a text message to an unsuspecting M-Pesa customer – the message purports to have originated from M-Pesa. The sender then calls the victim and asks the victim to send back the money as it was sent to a wrong number. The victim complies and thereby loses money in the process.
Explicit laws lacking
Mobile phones are in the hands of almost every Kenyan. The use of such gadget has also been simplified to meet the needs of every person in spite of education level.
Simultaneously, theft and fraud through mobile banking have been on the increase to an extent of prejudicing the entire existing commercial law sector and, most importantly, the financial justice system.
Mobile banking frauds seem to be maturing step by step following in the footsteps of e-mail, as well as social media and network related scams.
If this be the case, then network providers operating mobile banking services have many reasons to worry because soon consumers won’t be targeted by calls or text messages only, but by software viruses and related malware.
Currently, there is no explicit law to deal with cyber crime in Kenya. The closest the law in the land comes to dealing with electronic fraud is in the Copyright Act, Section 26. The Act states:
“Copyright in a literary, musical or artistic work or audio-visual work shall be the exclusive right to control the doing in Kenya of any of the following acts, namely the reproduction in any material form of the original work or its translation or adaptation, the distribution to the public of the work by way of sale, rental, lease, hire, loan, importation or similar arrangements, and the communication to the public and the broadcasting of the whole work or a substantial part thereof, either in its original form or in any form recognizably derived from the original.”
About this Act, Onyoyo says: “This proviso is concerned with the “literary works” but not digital software. Litigating patent rights can get increasingly complicated when a contentious matter is already in public domain. A non-disclosure Agreement signed between two parties is insufficient to support a winning case as the law stands. The important point about a patent is not whether it is valid or invalid, but what it is that it disclosed, because, after the disclosure is made by an appellant to the world, it is impossible for them to get an injunction restraining respondents from disposing what is common knowledge.
“The burden of proof of the infringement of the industrial property rights lies with the complainant who must prove beyond reasonable doubt that he had the copyright against the offence. Even if the law holds that local courts can make reference to binding court precedents from other foreign jurisdictions, Kenya must work harder on its own domestic cybercrime jurisprudence in order to guarantee more electronic security in the financial sector. Fraud management system must be tightened to avoid such ulterior offences within private and government institutions.”
As easy as it is insecure
A computer is a toolbox which contains many complicated software which carry information that is interpreted by data processors, and works more-or-less as the human brain using stored memory. Developers software like mobile and e-banking, work on digital technologies that process, store and transfer signals around the globe with limited restrictions both from international and municipal laws.
“Electronic technology has made life much easier but more insecure than ever before. Unquestionably, State agencies are rapidly adopting computing systems and use of e-learning to improve on bureaucracy and spur economic growth. The current bureaucracy undoubtedly depends on digital technology for its survival and effectiveness. In tow are modern crimes and these new crimes shall require new legal knowledge and proper legal framework suitable to govern cyber-space crimes without interfering with other rights,” says Onyoyo.
Cybercrime is a criminal offense regarding the Internet, a violation of law on the Internet, an illegality committed with regard to the Internet, breach of law on the Internet, computer crime, contravention through the Web, corruption regarding Internet, criminal activity on the Internet, disrupting operations through malevolent programs on the Internet, electronic crime, Internet crime, sale of contraband on the Internet, stalking victims on the Internet, identify theft on the Internet and financial fraud in the internet, the report expounds.
Onyoyo adds: “As things stand, cybercrime is challenging judicial authorities to take necessary steps to develop tenable cybercrime jurisprudence. Such shall require a new legal doxology in terms of methods of teaching and communicating the law, a new Intellectual Property Jurisprudence, methods of drafting legislations, ways of interpreting and enforcing the law and a new approach of delivering financial justice. Such need shall shake the traditional practice of commercial law and shift the minds of practitioners to an improved digital understanding of financial laws.”
As Kenya moves rapidly towards adopting new electronic system, some European countries are reluctant to adopt mobile banking into their economic systems due to some cynical views regarding the technology.
Laws governing financial justice ought to be reviewed by Parliament. New banking laws must contemplate areas of online fraud. There is need for anti-cybercrime regulations such as the Espionage Bill, improved anti-trust Bill, Cybercrime Bill, and other laws related to the new crimes brought about by the digital technology.
Onyoyo avers that cybercrime law is a need whose time is running out with time. Kenya is of age to enact anti-cybercrimes law. It may require time but that time is now. It would be ideal to introduce financial police to carry out vigilance on any financial malpractice in Kenya.
Competing concerns
“The Legislature must amend and enact new laws that will be compatible with post-modern challenges such as e-banking, e-finance and e-fraud. The same legislature relies on the Executive to come up with policies and measures that shall ensure effective law enforcement frameworks and avail the funds to carry out the work needed in time.”
The don’s academic paper posits: “Formulating an e-security policy must balance a number of competing complex concerns, and in this sense it is just one of the requirements for risk management strategy. For instance, the Government of Kenya concedes that there are ghost workers in its workforce. The best way to track down these non-existent employees and to mitigate such risks is by introducing new digital policies that include biometric technology. It is in this direction that the Government will also manage its explosive wage Bill and maintain law and order.”
The rate at which the Country is adopting electronic technology and adapting it to suit our needs is not in tandem with the preparedness among the ordinary citizenry.
Digital backdoors
The innovative understanding of how the whole electronic mechanism operates is still not a privilege to all. Many citizens still require legal empowerment and bold training on the use of digital technology, including understanding how it can benefit the domestic economy without them becoming victims of financial cartels and fraudsters.
Evidentially, most software developers originate from emerging economies from the Far East region where, e-money and financial market are quite developed. There is no guarantee that the same minds behind these digital technologies cannot turn around and defraud the country. The probability of this challenge should be sufficient impetus for policy and law makers in Kenya to develop interest in formulating an appropriate cyber crime law.
“Kenyan devolved Governments have developed tendency of hiring foreigners for big tenders. Most of such awarded jobs shall be paid in long-term instalments with accrued substantive interests. The main rationale behind this choice is on technology and finance. Such open door policy requires precautions due to the fact that cyber criminals can find their way as well into the countries digital system through deployment of foreigners to deal with national jobs. E-security is already a fragile reality. There is no option but to write new laws to deal with emerging digital commercial crimes. The big answer is just to revolutionise legal system in Kenya and adjust it to the new requirements,” the report warns.
In conclusion the don opines that with clear remark, Kenya has embraced change and progress in its Constitution. Such change requires some sacrifice and hard work, especially in the legal transformation system. Use of digital machines to handle our economy is a reality that a State cannot do without. It would be misleading to handle financial fraud today as a normal issue. It is a serious issue that can result into mega financial scandals, especially with reports of cyber criminals hacking government systems at will, but which go unreported because government would rather save face.
More than a national problem
Cybercrime or computer crime must be urgently addressed. Proper legislation must be put in place to deal with whatever outcome or unexpected surprises cyber scandals, the reason being that Kenya is also a signatory to regional and international financial agreements that certainly impose their obligation and confer rights. As well, the country is a signatory to many international trade treaties and such like investment contracts are protected by the International Trade Law among others.
Given this scenario, it would be misleading to deal with e-banking, e-money, and fraud as national problem, rather than as an international reality. The Judiciary must be prepared to understand wholesale the challenges facing the existing justice system and make proper suggestions that would lead the country to a solution. Legal education institutions must as well consider urgently reviewing their curricula and adjusting them to the new ICT framework. The Government must also be vigilant of whatever gets into its jurisdiction and evaluate every technology before adopting it in wholesale.
The bona fide e-banking can be tamed by stringent laws and policies in order to counter cyber frauds. Lawmakers and policy makers must as well, be taken through the new technology and the e-law in a way that enacted laws may be compatible with postmodern requirements. It is a question of how to deal with computer crimes expeditiously and on time.