today’s world, technology is taking over at a very fast pace. Since its
development 25 years ago, at least 3.77 billion people use the internet today.1
This has in turn posed a new risk with regards cyberspace. Cybercrime refers to
a crime committed using the internet.2 The
main examples of cybercrime are; hacking, identity theft, internet fraud,
piracy, child pornography, cyberstalking and cyberbullying. This also includes
traditional crimes in which computers are used in enabling illicit activities. Cybersecurity
is defined by the Government of Kenya
Cybersecurity Strategy as ‘the processes and mechanisms by which
computer-based equipment, information and services are protected from
unintended or unauthorized access, change or destruction.3

the year 2016, Kenya lost 17.7 billion shillings to cybercrime and the numbers
are expected to grow if no measures are taken since many businesses are being
Governments in an attempt to curb this evil are forced to strengthen
surveillance and come up with a legal framework aimed at providing safer
computer usage.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

pose a threat to privacy as a result of the ability of infiltration of an
individual’s system by hackers who apply different methods. On April 16th
and 17th 2011, hackers broke into Sony servers and stole personal
data from approximately 24.6 million Sony Online Entertainment users which
included names, addresses, phone number and debit card records.5 Moreover,
surveillance by the government may also affect the right to privacy of an

 Companies lose money as a result of DoS7
attacks and economic espionage. The need to look into our current laws
regarding protection of individual rights and to companies’ protection from
computer attacks comes into play. According to a research conducted by the U.S’
National Cyber Security Alliance, 60% of small companies that suffer a cyber
attack are out of business within six months.8

of child pornography and cyberbullying are not to be escaped as Kenya is affected
with the same. The United Nations Convention on the Rights of the Child has
adopted an Optional Protocol due to concerns about the ‘growing availability of
child pornography on the internet and other evolving technologies’.9 However,
the issue of child pornography become complex when states have set different
age to qualify someone being considered a child. Will there be criminal
liability when the servers hosting the pornographic materials of a 17 year-old are
contained in a country where legally a child is anyone below the age of 16 but,
they have been accessed by someone from a country whose set age of majority is
18? Back home, the Communications Authority of Kenya launched the Child Online
Protection (COP) campaign in a bid to protect children from cybercrime
especially cyber bullying and children pornography.

becomes more complex when cybercrime is viewed in its finer details. Usually,
cybercrimes are international in nature. This is cured by international
harmonization of laws relating to cybercrime and extradition especially under
the principle of dual criminality. The Budapest
Convention on Cybercrime, 2001, is an important instrument drawn up by the
Council of Europe in a bid of harmonizing cybercrime laws. The United Nations Convention on Transnational
Organized Crime (UNTOC) also deals with transnational organized crime of
which cybercrime can fall, if the offence is committed in more than one state.  

to curb cybercrime usually are divide into; (i) protective laws, which are
aimed at ensuring high level of computer integrity, (ii) detection laws, mainly
aimed at ensuring that if a computer integrity is bypassed, then the incident
can be identified, (iii) investigative laws, that can give police and other
players the rights to access a computer system for evidence purposes and (iv)
prosecution laws, that outlines the different penalties for offenders. Kenyan
law as it is does not meet the proper threshold in this areas meaning that
computer integrity can be tampered with and the hacker finds an avenue for
escape. This paper aims at looking into the lacuna in our legal instruments
aimed at enhancing cybersecurity. 



problem that arises is whether the laws currently in place in Kenya, with
regards cybercrime, are sufficient to help curb the growing issue that is
affecting individuals and the country’s economy at large and whether the lack
of Kenya being party to international instruments on cybercrimes has any effect
on its effective dealing with cybercrimes. This also includes a scrutiny of the
current Computer and Cybercrimes Bill of
2017, in a bid of establishing whether it is up to the task of countering
cybercrime if passed into law. Further, there currently tends to be a high
number of unreported cybercrimes to the police and the few that are reported
rarely are followed through to prosecution.




research aims at answering the following question;

Are our current laws
sufficient, as they are, in a bid of curbing cybercrimes committed to its
nationals, be it by a national within the country or a non-national outside the

What is the reason
behind a low number of cybercrime prosecutions across the country despite
multiple incidences of cybercrime?

Is there a need of
revising the Evidence Act to cater for cybercrime offences?

Can cybercrime be
solved only by tightening up our local laws or do we need to be part of
regional and multilateral instruments dealing with cybercrime?




paper aims to achieve the following objectives;

Analyse the current
laws and the bill in parliament that are aimed at curbing cybercrime.

Establish the link
between national laws and international laws with regards cybercrime and
thereby find if there is any need for harmonization of the same and the role of
each in dealing with cybercriminals.

Compare Kenya
cybercrime laws with those of other developed nations who have managed quite
considerably to deal with cybercrime, in a bid of suggesting the way forward
for Kenya.




is a general rule accepted by the Positivist School of Thought that the main
intention of laws is to provide order and governance of a society provided that
the laws are made in accordance with rules recognized by that society.

Hart argued that law is a system of social rules. This paper will be centred on
a positivist approach.

legislation widely is intended to provide order and governance of a society  in this digital era. This basically means that
cybercrime laws are important since, if left unregulated, the society will be a
digitized but a nasty place to live in as there will be an abuse of the
unregulated digital freedom.

paper lays its focus on the law as it is and not laying its concern on the
issue of morality of actions. An emerging group of individuals who refer to
themselves as ‘hacktivists’, tend to
qualify their hacking into others computers by claiming to be doing that for
the public benefit. Usually, they log into computers to find information vital
to the general public. However, the end does not justify the means. Taking a
positivist approach underlies the same as hacking and therefore protecting
computer integrity no matter the purpose or intention of a non-owner.

procedural character of positive law plays a major role in informing the
theoretical approach of this paper. Given the fact that cybercrime is usually
international in nature, certain procedures have to be followed so as to catch
up with a perpetrator outside a state’s jurisdiction. Natural law on the other
hand would dictate that a law applies everywhere to everyone. However, in
today’s world, there is recognized the issue of sovereignty and positive law is
the only avenue to cure that through bilateral and multi lateral treaties.




method to be adopted by this paper in research is through desk research. The desk
research will majorly include the analysing of the current multiple Kenyan
statutes which deal with cybercrime, the Computer
and Cybercrime Bills of 2017, Kenya extradition laws, international laws on
cybercrime, books authored by experts in the field of computer and the law.
This will be supplemented by essays, journals and internet search. The research
question and objectives of this paper will be met through this method as no
fieldwork is required to meet the objectives. Any data information required can
be accessed through desk research.





has been classed as an emerging national and transnational crime. Kenya has
been affected by incidences of cybercrime and this has seen billions lost to
the same. The fast growing nature of technology advancement has seen many
e-companies established and the increased use of online payments and online
banking. This in itself puts people at risk of experiencing a cyber attack.

Kenya Cyber Security Report 2016 has identified the following as the top cyber
security issues in 2016; insider threat, attack on computer systems by trojans
and malware, e-payments and e- commerce fraud, identity theft, mobile banking,
cyberstalking, social media abuse, data exfiltration and non- preparedness for
cyber threats.10  However, as it currently is, the laws in
place are inadequate to deal with the same. As a matter of fact, the laws that
deal with cybercrime in full or partly are many but since cybersecurity is a
fast evolving crime, and usually the process for coming up with a law is
usually lengthy, it means that the perpetrators would have even found a
different way of achieving the same means that there will be need for review of
the law.11

has been done in an aim of trying to come up with legal solutions as to how law
can be harmonized to ensure that it will still be effective despite the fast
changing nature of cybercrime.


his paper, The State of Cybercrime:
Current Issues and Countermeasures, Joash Dache defines cybercrime
countermeasures as an action, process, technology, device or system that serves
to mitigate the effect of a cyberattack against a computer, server, network or
associated device. In Kenya, there is established, under the Kenya Information
and Communications Act12,
the Kenya Computer Incidence Response Team (Ke – CIRT) mandated to
fight cybercrime in Kenya. This is part of the government trying to ensure
computer integrity and malicious IP addresses can be tracked and action taken

question arising from the same is whether the government has taken enough steps
really to ensure effective countermeasures given the high number of
cyberattacks reports while still a very low prosecution on cybercriminals.

the Cyber Policy Landscape: Kenya13there is noted the challenge of  a lack of specific and effective legislative
instruments on privacy, security, cybercrimes, ethical and moral conduct,
encryption, digital signatures, copyrights, intellectual property rights and
fair trade practices. These are vital areas that are affected by cybercrime but
lack their fair share when it comes to protection by the law. This becomes a
hindrance to the pursuit of a harmonized legal field to effectively manage and govern

are also forensic issues that have been identified in the 6th
edition of Computer Law: The Law and
Regulation of Information Technology14
with regards the investigation and gathering for appropriate evidence for a
criminal prosecution. This is usually difficult and complex given the temporary
nature of data. There is a need to look at our local laws on digital evidence
presentation before a court and find out whether there is a link between the
same and the low number of cybercrimes prosecution?

on cybercrime is often scarce but the available material show that the issue of
cybercrime is an emerging trend. Coming to Kenya, a comparison of our legal
regime vis-à-vis the material provided in different texts show a need for
research in this area as there still remain a lot of unchartered waters of
which, if looked into, Kenya can achieve its goals on cybersecurity.

1 last accessed on 17thNovember2017

2 Macmillan English
Dictionary For Advanced Learners,  Second

3 last accessed on 21st December 2017

4 last accessed on 17thNovember2017

5 last accessed on 24th December 2017

6 The Constitution of
Kenya, Article 31

7 DoS is an acronym for
Denial-of-Service attack which means a hacker tries to prevent a user from
accessing a service by flooding or sending information that results in a crash
of the server of a host connected to the internet.

-business/ last
accessed on 24th December 2017

9 Preamble of the Optional Protocol to the Convention on the Rights
of the Child on the Sale of Children, Child Prostitution and Child Pornography