Category Archives: Guest Post

‘Big Brother is Watching’: The Implications of the Proposed collection of DNA Data in the Registration of Persons

03 Friday Aug 2018

Posted by in Guest Post, Information Technology

Leave a comment

Shutterstock ID 150725585

By Phillis Njoroge**

The Statute Law (Miscellaneous Amendment) Bill, 2018 seeks to amend a number of Acts and among them the Registration of Persons Act (Cap 107). This bill proposes the establishment of a National Integrated Identity Management System as well as the capture of biometric data and geographical data (GPS) during the registrations of persons in Kenya. This essentially means that one will be required to provide their biometric information before being issued with a National Identity card. Biometric information  in this context includes, fingerprint, hand geometry, earlobe geometry, retina and iris patterns, voice waves and Deoxyribonucleic Acid (DNA) in digital form.

It is foreseeable that this law will have positive and negative implications in various fields. A number of advantages that might come as a result of the collection and digitisation of biometric data include: identification accuracy, establishing accountability in the civil registry as each transaction shall be accurately documented by the individual associated with it, thus reducing the possibility of system misuse and fraud. Similarly, the risk of identity theft shall be reduced consequently leading to an improved return on investments due to the enhanced accuracy, accountability and reduced opportunities for misuse.

As much as this system comes with a number of advantages the collection and storage of DNA data in Kenya’s registry of persons raises a number of legal and ethical concerns. The grimmest of these is the potential contravention of Kenyans’ right to privacy, as provided for under Article 31 of the Constitution, particularly, the guarantee to not have information relating to one’s family or private affairs unnecessarily required or revealed.

DNA data is sensitive. It is not only a unique identifier of an individual, it also can be used to determine an individual’s entire genetic history including their propensity towards certain diseases. This brings it within the ambit of ‘family or private affairs’ as stipulated under Article 31 of the Constitution. The Government of Kenya has not provided sufficient justification for the collection of this data nor has it demonstrated that it shall institute the required stringent security measures within the National Integrated Identity Management System, for the protection of this data. This measure, if adopted, shall transform Kenya into an Orwellian ‘Big Brother State’.

Similar concerns were raised by Britons in their vote against a national data registry and identity cards in 2010. This registry would have required the collection of fingerprint, iris or palm-print data. Their biggest concern was that the collection and storage of up to 50 different kinds of information on one person, would amount to a sort of ‘big brother’ approach. They also felt that it was unclear how secure this data would be from manipulation.

The security of this data is thus under scrutiny.  Unlike passwords, biometric data such as DNA fingerprints and the like cannot be easily changed. This means that in the event of a data breach, one cannot easily reset their biometric details. The potential loss in the event of a breach is astronomical as a offender with a sample of the biometric data in question would obtain indefinite access to a database that is secured by the biometric data.

Moreover, the establishment of a DNA database in the absence of a comprehensive data protection legislation further puts the security of such data at risk. It is unclear whether Kenya will be able to afford the necessary encryption technologies and/or adopt the information security and privacy best practices like intrusion detection, breach reporting and having a risk management programs.

The collection of DNA data in a national registry of persons also raises the following ethical questions:

Firstly, who owns the collected DNA data? Given that DNA is unique to a particular individual it is appropriate to assume that DNA is owned by the individual whom it identifies. It is for this reason that the European General Data Protection Regulation (GDPR) in Article 4(5) requires that all organizations, bodies or persons seeking to collect DNA information (pseudo-anonymised data) from anyone to first have consent from that person.

The proposed law in Kenya does not however give people the opportunity to opt in or out of giving their DNA; it makes it a requirement for all Kenyans in order for them to be granted identification as citizens. The implication of refusal to provide such data is the deprivation of national identification documents and potentially one’s citizenship, contrary to Article 14 of the Constitution. As DNA is owned by the individual that it identifies, it is improper for the government or any other entity to collect such data without the explicit consent of the subject.

Given Kenya’s history with ethnic discrimination in both the public and private sector it is important to take into consideration the potential implications of the collection of DNA data, on a national level, on this issue. As DNA data can be used to identify the ethnicity of the subject, there is a risk of such data being abused to discriminate individuals based on their ethnicity. This is compounded by the fact that the Bill is silent as to the specific measures that shall be used to prevent the abuse of the National Integrated Identity Management System.

Additionally, the Ministry of Interior will also require GPS satellite details of Citizens’ homes. While the government can access mobile phones’ GPS data with  a court order, they typically have to follow certain procedures to obtain such data from Mobile Networks. However, the collection and storage of both GPS and DNA data as proposed by the Bill is without any oversight, and risks making Kenya a Police State.

One cannot therefore ignore the security risk in collecting DNA data in the absence of elaborate data protection laws. These privacy and surveillance reservations are valid given the Cambridge Analytica (CA) scandal where 50 million facebook users’ data was collected and shared with CA, which built ‘psychographic’ profiles of facebook users. These profiles were then used in targeted political messaging during the United States’ 2016 election. Similarly, research carried out by CIPIT into the privacy implications of the use of biometrics in Kenya’s 2017 general elections established that Kenyans received unsolicited political campaign messages which contained accurate data on their names and in some cases polling stations.  In light of the manipulation of personal data for profiling and other nefarious purposes, it is imperative that personal data, more so DNA data, is kept secure and only accessed by authorised personnel when absolutely necessary.

That said, keeping in mind the advantages of a National Integrated Identity Management System, is the risk of putting our DNA in the hands of our government worth it?

** Phillis Njoroge is a 4th Year Bachelor of Laws student at the Strathmore University.

Zero Rating of the Internet and its Impact on Net Neutrality

27 Friday Jul 2018

Posted by in Guest Post, Information Technology

Leave a comment

Mobile phone penetration in the Kenya has increased tremendously over the years. The Communication Authority of Kenya (CA), in its first quarter 2017/2018 financial year report placed mobile and Internet subscriptions in the country at 41 and 51 million subscriptions respectively. In spite of this increased mobile and Internet penetration, the high cost of accessing the Internet continues to be a constant hindrance to a majority of mobile users in Kenya.

Private companies, in response to this issue, have attempted to provide ‘free’ or subsidised Internet through what has come to be known as zero-rating of the Internet. In this practice, providers of zero-rated Internet, partner with Internet service providers (typically mobile networks) to subsidise access to the Internet. Access to the Internet under such programs is however limited to the zero-rated Internet providers’ website. Examples of such services include: Free Basics by Facebook and Wikipedia’s Zero.

These services are however extremely controversial due to concerns about their impact on net neutrality and effectiveness as a long-term policy for improving Internet access.

Proponents of zero-rated Internet claim that such services connect people who previously did not have access to the Internet especially in emerging markets in Africa and Asia. While connectivity may increase, the fact remains that Internet service providers and companies that engage in this service derive immense financial benefits from such services. For example, mobile Internet providers use free access to the Internet as an on-boarding strategy. Secondly, access to the Internet under this practice is limited to one or a few popular sites depending on the zero-rated Internet service in question. This calls to question the supposed ‘benevolence’ of such services especially in light of their detrimental impact on net neutrality, which holds that all content and users be treated equally so as to ensure free flow of information online.

While zero-rating can be viewed as beneficial to consumers as they do not incur data charges when visiting zero rated websites, it is detrimental as it in a sense changes the “face of the Internet” by limiting the number of websites which users can access. It effectively operates as an information control principally in the event that such services become ubiquitous and to the extent that they are the first point of entry to the Internet for millions and potentially billions of people.

Furthermore, zero-rating of the Internet jeopardizes freedom of expression online. The forums on which Internet users can freely develop and express their opinions are limited and to a great extent controlled by the parties that subsidize access to the Internet. The ideological underpinnings of the internet, and its role as a medium for advocacy on the protection of civil rights, is at danger of being obfuscated in this paradigm.

Moreover, zero-rating greatly reduces the incentive for content creators who do not have the required financial muscle to continue producing content. It is therefore no surprise that companies like Microsoft and other tech giants are at the forefront of championing zero rating. This is however highly ironic seeing that companies such as Wikipedia and Facebook would not have been able to transcend the ‘start-up’ stage had the Internet at their time of inception been limited through zero-rating. Again, the undermining of the right of Internet users to freedom of expression and uninhibited access to the Internet cuts to the core of this issue.

The impact of zero rated Internet is best gleaned through an analysis of the areas where it is widely offered as illustrated below.

Binge On™, is a video streaming service provided by T-Mobile, a mobile telecommunications company. Binge On™ provides zero-rated streaming for specific content providers while limiting the capacity of “non zero-rated” content providers from streaming its platform. “T-Mobile’s Binge On Violates Key Net Neutrality Principles” a report done by Stanford Law School found that T-Mobile, through its zero-rated service, stifled innovation by barring content creators who did not meet its substantial technical requirements. This exposes the fallacy of the perceived ‘altruism’ behind such services i.e. through the commercialization of information and innovation by extension. This further underscores the importance of maintaining ‘diversity of expression’, in the current knowledge economy, where large tracts of information are generated and disseminated online.

Proponents of this practice argue that zero rating is necessary if we are to achieve universal connectivity. The discussion above however, pokes serious holes into this argument. While universal connectivity is necessary to bolster communication, such hopes shall be relegated to a pipe dream as companies that cannot afford to zero rate their services are unable to fairly compete and reach consumers.

It is with this in mind that a need for a comprehensive legal and policy framework to address zero rating arises. Zero-rating should not be used as a substitute for Internet access. Openness, which is a central tenet of the Internet, must be legally protected. While, there are no country specific laws that deal with the effects of zero rating on freedom of expression, article 33(1a) of the Constitution of Kenya provides for the freedom to seek, receive and impart ideas. Internationally, article 19(2) of the International Covenant on Civil and Political Rights (ICCPR) provides for the freedom of expression.

The Internet is and should remain a bastion of freedom of expression. Kenya is thus bound to enact laws and policies that specifically protect this right ‘out of the normal context of speech’ seeing as Internet based modes of protection are protected under the ICCPR.

** Mercy King’ori is a 4th Year Bachelor of Laws student at the Strathmore University.

Tobacco Regulations, 2014: Balancing the Protection of Trade Secrets and the Right to Privacy.

04 Monday Jun 2018

Posted by in Guest Post, Intellectual Property, Trademark

Leave a comment

By Mercy King’ori**

The Tobacco Regulations of 2014, which were created to protect the health of smokers and “second hand smokers”, have been criticized for a lack of regard for the right to privacy for manufacturers’ trade secrets consequently stifling the rights of corporations engaging in otherwise legal business. This regulations came under scrutiny in the case of British American Tobacco Ltd v Cabinet Secretary for the Ministry of Health & 5 others [2017] eKLR where the appellants called for their annulment arguing that regulations 12-14, which require disclosure of key product information, violated their constitutional right to privacy and and may infringe on their intellectual property rights.

Part III of the regulations provides that the tobacco industry must provide the following information about their products:

  1. List of ingredients in tobacco products and tobacco product components;
  2. Reasons for including the ingredients;
  • All the toxicological data available to the manufacturer about the ingredients of the tobacco products and their effects on health and information on the characteristics of the leaves i.e. their type, percentage, percentage when expanded and changes made about tobacco product ingredients.

These requirements are a replica 2009 US law that granted the Food and Drug Administration (FDA) powers to direct tobacco companies to disclose ingredients in new products and changes to existing products. They also adhere to article 9 and 10 of the WHO Framework Convention on Tobacco Control (FCTC).

Whether the information that tobacco companies want to protect qualifies to be trade secrets is disputable. The law of confidence which is rooted in equity and legislated under article 39 of the Agreement on Trade- Related Aspects of Intellectual Property Rights (TRIPS) to which Kenya is a signatory to protects trade secrets. Article 39 of the Agreement stipulates that the following requirements must be met for information to be regarded as trade secrets: secrecy, commercial value and reasonable efforts to maintain secrecy.

The information held must be of a secretive nature though not absolutely secret. Employees, business partners and other persons can know the particulars, provided they keep them secret. Besides, ordinary and mundane information can be the subject of confidence so long as the information is private to the compiler. This was illustrated in Coco v AN Clark (Engineers) Ltd [1969] where the Court found that information that is common knowledge to a group of persons (in this case tobacco manufacturers) is part of the public domain and is not confidential. Therefore information regarding ingredients must be confidential to qualify as a trade secret.

Secondly, the information must have commercial value i.e. there must be some utility obtained from the information being secret. The manufacturer must be able to use it to acquire a business advantage over other manufacturer(s) in the same industry. Therefore, the information must only be known to the manufacturer to have commercial value. Disputably, players in the tobacco industry could argue that the information they guard has commercial value to them as it is what gives one company an edge over a competitor that uses different ingredients and manufacturing processes

Lastly, the owners of the secrets must carry out steps to ensure that the information is well secured. According to WIPO, some of the reasonable steps that can be taken to secure trade secrets include: non-disclosure agreements, training and capacity building with employees, instituting an information protection team, having a trade secret SWAT team, establishing due diligence and continuous third-party management procedures among others.

Kenya, as a signatory to TRIPS, is obligated to protect trade secrets. These regulations do not however protect trade secrets and business ‘know-how’ once it is revealed; meaning once revealed it loses its secrecy. This leaves trade secrets and business ‘know-how’, such as the list of ingredients and percentage of leaves expanded, vulnerable to appropriation.

In taking the role of devil’s advocate, it is worth considering whether the information that the tobacco industry is required to reveal under Part III really falls within the scope of trade secrets. Let us go back in history to understand the situation as it was that caused the emergence of such requirements. In 1998, 35 million pages of what was considered confidential information were revealed as a result of the Minnesota’s Tobacco Trial in the US. This information was on the harmful ingredients that tobacco companies used in the products. In what was considered the Master Settlement Agreement, the U.S. agreed not to sue the corporations in exchange of the corporations revealing all documents considered to be confidential to the public. It is important to note that one of the companies involved in the Supreme Court application to throw out the regulations was implicated in this law suit for failing to reveal to consumers harmful ingredients contained in their tobacco products.

Moreover, research carried out between 1937 and 2001 of tobacco companies, some of which operate in Kenya, revealed that tobacco ingredients are not secret rather the companies simply reverse engineer their competitor’s brands to create their own. This report argues that since the reverse engineering process is done routinely, it does not meet the threshold of secrecy for information to be a trade secret. The report implicates some multinationals that operate in Kenya. If this is anything to go by, then it negates the fact that the information in question has commercial value and is secret.

It is thus important to strike a balance between consumer protection measures and the protection of corporations’ intellectual property. Overzealous consumer protection regulations result in laws that infringe on corporations right to privacy and violate their intellectual property rights, to the detriment of their revenue and the country’s economy as a whole. Since the appeal was dismissed at the Supreme Court, it will be interesting to see whether the companies shall abide by the regulations.

** Mercy King’ori is a 3rd Year Bachelor of Laws student at the Strathmore University.

WHAT IS A ‘PUBLICATION’?

04 Monday Jun 2018

Posted by in Guest Post

Leave a comment

By Christopher Rosana**

Strange! That a man who has wit enough to write a satire should have folly enough to publish it.” These words by Benjamin Franklin ring in my head every moment I have to analyse defamation claims and the nuances of media in the digital age. The requirements for libel have not fundamentally changed for centuries; its principles have happily held sway. Those whose reputations have suffered walk away with their assigned damages – a solatium to their injured reputation. Principles may have remained unchanged, modified to new situations even, but there are corresponding misapprehensions on the meaning of ‘publication’ that have crept into the public mind.

For a successful defamation claim the following conditions must be present (1) the statement must be made to a third party – published; and (2) the statement must lower the claimant in the estimation of right-thinking members of society. In the second condition, it may be sufficient if the statement exposes the claimant to hatred, ridicule, contempt, or to be shunned.
What amounts to a ‘publication’? On this question rests all the blame for the massive amounts of damages that defendants have to pay. The rise of alternative forms of disseminating information, for instance Twitter, Facebook and their ilk, seems to have altered the understanding of what qualifies as a ‘publication’. In our minds we still picture an old dingy printing press churning away pieces of propaganda but never do we feel convinced that our tweets, blog posts, screenshots are actually ‘publications’.

As a legal term of art, ‘to publish’ is simply to make something known to a third party. To publish is not limited to paper and ink. Whatever form a person utilizes to communicate libelous information would not absolve them in a defamation claim. The libelous information must refer to a living client as you cannot defame the deceased.
The misapprehension leads to defences in the line of ‘It is not us saying it, we are just quoting x’. In Nicholas Biwott v Clays Limited & 5 Others, Bookpoint was held to be responsible for defaming the plaintiff even though they were merely selling a book which it did not author. Therefore, meaning of publication implicates the person even when they are not, technically speaking, the person ‘saying’ what is libelous in the circumstances. In the eyes of the law, if statements are libelous and one disseminates them to another, one must prove the truth of those statements. In the spread of libelous information, the question before the court is not whether the words were actually said but whether the words said are provable as true. When one spreads defamatory information, they are taken to have adopted and endorsed those words as their own.

Thus, sharing a defamatory tweet is publication in the selfsame way a printed newspaper would be. It is curious how we easily describe an online article as ‘published’ but we do not extend this to tweets, and Facebook posts. A common pitfall is when a newspaper publishes the revelations of an anonymous user that are ‘juicy’ but also happen to be defamatory to the person in reference. The defamed claimant would sue the newspaper since those words are taken as its own and since the original source has anonymised their online account, the newspaper will be at pains to prove the claims. In a similar instance with the same facts, you may share the defamatory claims on your Twitter or Facebook thinking that it is not a ‘publication’. There is no safety in numbers as the aggrieved party can choose to sue any one of the defaming defendants as shown in Nicholas Biwott v Clays Limited.

Christopher Rosana is a Legal Assistant at Nation Media Group (Legal Department)

Are Computers Legal Persons? – A Student’s Perspective

06 Tuesday Mar 2018

Posted by in Artificial Intelligence, Guest Post, Information Technology

Leave a comment

By Emmanuel M. Nzaku**

In 1892, when Mr. Aron Salomon was making leather boots and shoes in his White Chapel High Street establishment, he had no idea that his enterprise would shape the nature and operation of modern trade. Since his sons wanted to become business partners, he turned the business into a limited liability company. The company purchased Salomon’s business at an excessive price for its value with his wife and five elder children becoming subscribers and the two elder sons directors but as nominee for Salomon, making it a one-man business. Not only didn’t Mr. Salomon take 20,001 of the company’s 20,007 shares, the company also gave Mr. Salomon £10,000 in debentures. When the company’s business failed and it went into liquidation, Salomon’s right of recovery against the debentures stood prior to the claims of unsecured creditors, who would, thus, have recovered nothing from the liquidation proceeds.

Continue reading

Solid Intellectual Property Strategy Key to a Successful Events Planning Business

16 Friday Feb 2018

Posted by in Guest Post

1 Comment

By Jade Makory**

There is a noticeable boom in Kenya’s entertainment scene. People want to meet up with friends and family, eat and drink while listening to good music or enjoying art or cultural performances. This has led to fierce competition among event planners, who feel the need to set themselves apart from other event planners. To do so, they would need to have distinctive and original features to set their events apart. These unique features may manifest themselves as intellectual creations that would require protection and management as intellectual property (IP). These features may be: branding elements such as logos, slogans and names falling under trademark law in accordance with the Trademark Act; ornamental or aesthetic features of their products falling under industrial design law in accordance with the Industrial Property Act; and original works falling under copyright law in accordance with the Copyright Act.

Continue reading

Using Blockchain Technology to Digitise the Land Registry in Kenya

15 Thursday Feb 2018

Posted by in Blockchain, Guest Post, Information Technology

1 Comment

by Njeri Waweru**

Blockchain technology is set to be the most revolutionary technology since the Internet. it is famous for facilitating bitcoin transactions but it can serve many purposes, one of which is land title registration. Land title registration is an issue that plagues many African countries fraught with corruption and lack of transparency inhibiting the realisation of land an individual and the country as a whole.

Continue reading

Internet of Things for Agribusiness in Africa

08 Thursday Feb 2018

Posted by in Guest Post

Leave a comment

by Njeri Waweru**

The Internet of Things (IoT) is becoming a more integral part of the evolution of technology. It refers to a system of interrelated computing devices, objects, mechanical and digital machines that are provided with unique identifiers and the ability to transfer data over a network. It serves many different industries including healthcare, manufacturing, logistics and home and consumer electronics. The agricultural sector would benefit greatly from the evolution of IoT.

Continue reading

Internet Service Providers to be Enlisted in Fight Against Piracy in Kenya

06 Monday Nov 2017

Posted by in Guest Post

1 Comment

By Mercy Mutemi**

The world over, copyright owners have resigned to the reality that is it is now harder to protect their copyright over the internet in the age of the BitTorrent network, indexing sites and streaming sites. Indeed legislation is in place recognizing and protecting the economic and moral rights of authors, yet enforcing such protection remains elusive. It is no wonder then that countries are looking to ISPs to uphold copyright protection given the key role they play in availability of content.  Kenya has not been left behind- the recently published Copyright (Amendment) Bill, 2017 is set to co-opt ISPs in the fight against piracy.

The Bill is available online here.

Continue reading

Treatment of Cyberbullying in Kenya’s new Computer and Cybercrimes Act

14 Friday Jul 2017

Posted by in Guest Post

Leave a comment

By Rosine Mumanya**

Cyberbullying in Kenya is an issue that can no longer be ignored. In the digital age, some argue that not enough attention is given to this issue, until social media users who are victims of cyberbulling end up hurting themselves or even taking their own lives. In the fight against all forms of cybercrime including cyber-bullying, Kenya has been working on the Computer and Cybercrimes Bill of 2016 which was enacted in April 2017. An overview of the Bill was published previously on this blog here.

Continue reading