Why Parliament must not pass the anti-pornography bill

By Winfred Gakii.

Early 2021, Garissa Township MP Aden Duale tabled a bill to criminalize pornography. The Computer Misuse and Cybercrime (Amendment) Bill, 2021 was gazetted on 16th April 2021 and read for the first time on 9th June 2021. The bill seeks to amend the Computer Misuse and Cybercrimes Act, 2020, which is currently being challenged at the Court of Appeal as unconstitutional.  In his presentation on the purpose of the bill, Duale states that the objective of the bill is to protect children from exposure to inappropriate sexual content. 

The Departmental Committee on Communication, Information and Innovation received two memoranda from the public participation call; one joint memorandum from civil societies, including ARTICLE 19 Eastern Africa and another one from the Communications Authority of Kenya. Both memoranda warned that the bill violates freedom of expression and by and large recommended deletion of the anti-pornography clauses and those that criminalize content that might cause people to commit suicide or join extreme religious or cult activities. The Committee on 4th August 2021 recommended the Bill for tabling in Parliament with only slight textual amendments, and recommendation for deletion of the anti-terrorism clause. This clause criminalizes the publication of electronic messages aimed at recruiting members of the public to terrorist activities and imposes a fine of up to twenty million and an imprisonment term of up to 25 years. A similar offence under Section 30A of the Prevention of Terrorism Act imposes a maximum imprisonment term of 14 years. The offence is improperly canvassed under the bill since it is already an offence in Kenya elsewhere. The clause also risks exposing individuals to excessive criminal liability since, with the same facts, one could be charged under both laws. The bill is currently ripe for second reading. 

The bill

The Computer Misuse and Cybercrime (Amendment) Bill, 2021 introduces, among others, the offences of production, possession and publication of pornography through a computer system. It further criminalizes downloading, distributing, transmitting, disseminating, circulating, delivering, exhibiting, lending for gain, exchanging, barter, selling or offering for sale, letting on hire or offering to let on hire, offering in any way, or making available in any way from a telecommunications apparatus pornography. 

The bill also mandates the National Computer and Cybercrimes Coordination Committee to recommend some websites to be rendered inaccessible within the Republic of Kenya. It further prohibits the use of electronic media to promote terrorism, extreme religious or cult activities. 

The vague definition of pornography

Every offence must be clearly defined to delineate prohibited conduct from benign actions. Additionally, the offence must be defined precisely to guide the courts in determining criminal cases before them; and the police in enforcing the law. Even more importantly, the clarity enables the public to regulate their conduct accordingly. Finally, a concise definition of offences ensures that legitimate conduct is not curtailed, especially when it comes to legitimate speech. 

Pornography is defined in the Computer Misuse and Cybercrime (Amendment) Bill to include any data, whether visual or audio, that depicts persons engaged in sexually explicit conduct. This definition is open to interpretation and police will have discretion on who to arrest and charge based on their individual interpretation of what constitutes ‘sexually explicit conduct. The phrase ‘sexually explicit’ is so subjective that it will lead to inconsistent application of the provision. The overbroad nature of its definition will open it up for abuse. 

Even more alarming is the clause that mandates the National Computer and Cybercrimes Coordination Committee to recommend websites to be rendered inaccessible. The Committee comprises mostly representatives from the security sector including internal security, Kenya Defence Forces, National Police Service, National Intelligence Service and Director of Public Prosecutions. There are no criteria established for determining what websites should be blocked. Related, there is the likelihood of recommending blockage of websites with legitimate content. This proposed procedure contravenes international law as content moderation practices by the government have to incorporate judicial oversight as a check. Removal of websites will interfere with the free flow of information online violating the right to freedom of expression and access to information. 

Privacy concerns 

The bill criminalizes both the demand and the supply of pornography. It prohibits content that adults can view in the privacy of their homes or gadgets. It also criminalizes the private sharing of pornographic content as well as possession. The enforcement of the provisions of the bill on the demand side will invariably violate the right to privacy. This is because efficient enforcement of the law will inevitably necessitate surveillance of the public’s communications and searches of their homes. Heavy censorship and surveillance of communications renege on the democratic promise of the 2010 Constitution.

Punitive penalties 

The offences under the bill attract a penalty of up to KES 20 million or an imprisonment term of up to five years, or both. The penalty and the imprisonment term are extremely disproportionate given the conduct they seek to deter.

Limitation of freedom of expression under the Constitution 

While freedom of expression is not an absolute right, its limitation must comply with the Constitutional criteria in place. Freedom of expression can only be limited under the Constitution of Kenya when it relates to propaganda for war; incitement to violence; hate speech; or advocacy of hatred that constitutes ethnic incitement, vilification of others or incitement to cause harm; or is discriminatory. There is also responsibility imposed on individuals that, in exercising freedom of expression, they shall respect the rights and reputation of others. Any limitation must be provided for in law, serve a legitimate aim and be necessary and proportional in a democratic state. 

What is the legitimate aim of prohibiting pornography? International law recognizes the protection of children as a legitimate ground for prohibiting pornography. The Convention on Cybercrime of the Council of Europe, otherwise known as the Budapest Convention, encourages states to criminalize the production, possession and distribution of child pornography. The African Union Convention on Cybersecurity and Personal Data Protection, which has not come into force yet, also only obligates states to criminalize child pornography. Child pornography is already criminalized under Section 24 of the Computer Misuse and Cybercrimes Act, 2018 and is punishable by a penalty of up to KES 20 million, and an imprisonment term of 25 years or both. Protection of children is therefore sufficiently addressed in the Act. 

It is worth noting that the Uganda Constitutional Court on 13th August 2021 declared the anti-pornography provisions of the Anti-Pornography Act, 2014 unconstitutional. Besides the vague definition of pornography, the court stated that the Act did not elicit the legislative objective for the criminalization of pornography. The court noted that the provisions must be connected to the objectives they aim to achieve; a link which is clearly missing in the Kenyan Bill. There are lesser ways of restricting access to pornographic material by children that do not include a blanket ban on pornography with potentially significant and mass violation of free expression. Such include a requirement for companies to avail blocking or filtering software that requires the activating user to make an informed choice on the settings. The activating user would ideally be the parent or guardian. This form of regulation is self-imposed, and less detrimental to fundamental freedoms than government-imposed regulations.

The Computer Misuse and Cybercrime (Amendment) Bill will certainly create a chilling effect on freedom of expression. Given the vague definition of pornography and the harsh penalties, people will rather err on the side of caution and self-censor than face the full force of the law. Unfortunately, even those individuals producing, sharing or publishing legitimate content such as materials of scientific value, literature, learning or public interest are exposed adversely by the bill since they can only raise the defence during prosecution. This means that one can only invoke the defence long after they have been subjected to arrest and charges. As such, the bill will fundamentally stifle free speech; which is essential to a democratic state such as Kenya’s.

The up-shot? The anti-pornography bill is a frontal attack on freedom of expression and the National Assembly must not allow it to see the light of day. The MPs have the responsibility to protect the fundamental freedoms guaranteed under the Constitution in their delegated power. 

Winfred Gakii is an Advocate of the High Court of Kenya and Programme Officer- Civic Space at ARTICLE 19 Eastern Africa, and a Kenya School of Internet Governance 2021 alumni.

Trump’s new travel rules. To check-in, or not to check-in the laptop?

Written by Mwendwa Kivuva 

Humans have been traveling across the globe even before borders were drawn for reasons ranging from business, exploration, social, medical, education, and migration. After 9/11, traveling became more complex with tight Visa rules, military grade screening of passengers, and increased surveillance. The latest casualties of these tight measures are ICT savvy travelers.

In March 2017, The US and Britain introduced new regulations for flights[1] from Middle East, and Africa. The regulations ban passengers from carrying large electronic devices citing security concerns. The countries affected[2] were Jordan, Egypt, Turkey, Saudi Arabia, Qatar, Kuwait, Morocco and the United Arab Emirates. The circular from the US homeland security read:

These enhancements apply to 10 specific airports. The affected overseas airports are: Queen Alia International Airport (AMM), Cairo International Airport (CAI), Ataturk International Airport (IST), King Abdul-Aziz International Airport (JED), King Khalid International Airport (RUH), Kuwait International Airport (KWI), Mohammed V Airport (CMN), Hamad International Airport (DOH), Dubai International Airport (DXB), and Abu Dhabi International Airport (AUH).

With the new regulations, any device bigger than a hand help phone should be put in the checked-in luggage, and not carried onboard by the passenger. The listed devices are laptops, tablets, e-Readers cameras, Portable DVD players, and electronic game units larger than a smartphone, travel printers, and scanners.

In the age of Snowden and Wikileaks, these regulations pose a cyber security risk. It gives a window of opportunity for anybody targeting data in the devices to get access to the checked-in devices, usually a laptop. The checked-in laptops of persons of interests will either be cloned, or disappear altogether. A federal agent will mark the luggage of the person of interest, and along the several luggage transfer chain, locate it and remove the laptop and clone the hard disk getting away with a wealth of data. This process can be done by either physically removing the hard disk, using a live CD like Tails[3] to copy the contents of the laptop, or just crack the user account and gaining access to the laptop. This may sound far fetched, but federal agents have been known to go to great lengths to access information they deem necessary in their work.

Airlines have started being creative to help their clients experience the same convenience they are used to. For example, Emirates Airlines has introduced two services to it’s clients[4], a laptop handling service that lets clients use their devices until before boarding, and complimentary laptops for business and first class customers, where the customers are given Microsoft Surface 3 tablets to work onboard. Although this does not remove the security concerns mentioned above, it gives those who can afford a window to be productive while flying.

How do you secure your data while traveling?
The Electronic Frontier Foundation[5], an international non-profit digital rights group based in San Francisco, California, gives some suggestions on traveling with data, especially after the U.S. government reported an increase in the number of electronic media searches at the US border.

  • Store all sensitive data on a secure cloud offering like Dropbox or SpiderOak, or better still on a private hosted server.
  • Use a Chromebook as your travel laptop, which by default store all data on the cloud
  • If you must travel with your data, have two hard drives which you swap on convenience. One with a clean operating system install without any data, and another with the operating system and data, but only swapped when the laptop is in use.
  • Always use full strong disk encryption for all your data.

The next debate on information confidentiality is usually centered around the question, “Why should I care if I have nothing to hide?” The next article will try to answer that question. Do you have anything to hide?

Sources:

[1] Mideast Airlines Face Laptop Bans on Flights to U.S., Britain https://www.bloomberg.com/news/articles/2017-03-21/mideast-airlines-say-new-u-s-restrictions-will-force-changes

[2] Fact Sheet: Aviation Security Enhancements for Select Last Point of Departure Airports with Commercial Flights to the United States

https://www.dhs.gov/news/2017/03/21/fact-sheet-aviation-security-enhancements-select-last-point-departure-airports

[3] Privacy for anyone anywhere https://tails.boum.org/

[4] Emirates introduces tablet loan service to US-bound First and Business Class customers https://www.emirates.com/media-centre/emirates-introduces-tablet-loan-service-to-us-bound-first-and-business-class-customers

[5] Strong Full-Disk Storage Encryption https://www.eff.org/wp/digital-privacy-us-border-2017#full-disk