Section 2 of Computer Misuse and Cybercrime Act No 5 of 2018: Interpretation
In this Act, unless the context otherwise requires —
"access" means gaining entry into or intent to gain entry by a person to a program or data stored in a computer system and the person either—
(a) alters, modifies or erases a program or data or any aspect related to the program or data in the computer system;
(b) copies, transfers or moves a program or data to—
(i) any computer system, device or storage medium other than that in which it is stored; or
(ii) to a different location in the same computer system, device or storage medium in which it is stored;
(c) causes it to be output from the computer in which it is held, whether by having it displayed or in any other manner; or
(d) uses it by causing the computer to execute a program or is itself a function of the program;
"Authority" means the Communications Authority of Kenya (Cap. 411A);
"authorised person" means an officer in a law enforcement agency or a cybersecurity expert designated by the Cabinet Secretary responsible for matters relating to national security by notice in the Gazette for the purposes of Part III of this Act;
"blockchain technology" means a digitized, decentralized, public ledger of all crypto currency transactions;
"Cabinet Secretary" means the Cabinet Secretary responsible for matters relating to internal security;
"Central Authority" means the Office of the Attorney General and Department of Justice;
"Committee" means the National Computer and Cybercrimes Coordination Committee established under section 4;
"computer data storage medium" means a device, whether physical or virtual, containing or designed to contain, or enabling or designed to enable storage of data, whether available in a single or distributed form for use by a computer, and from which data is capable of being reproduced;
"computer system" means a physical or virtual device, or a set of associated physical or virtual devices, which use electronic, magnetic, optical or other technology, to perform logical, arithmetic storage and communication functions on data or which perform control functions on physical or virtual devices including mobile devices and reference to a computer system includes a reference to part of a computer system;
"content data" means the substance, its meaning or purport of a specified communication;
"critical information infrastructure system or data" means an information system, program or data that supports or performs a function with respect to a national critical information infrastructure;
"critical infrastructure" means the processes, systems, facilities, technologies, networks, assets and services essentials to the health, safety, security or economic well-being of Kenyans and the effective functioning of Government;
"cybersquatting" means the acquisition of a domain name over the internet in bad faith to profit, mislead, destroy reputation, or deprive another from registering the same, if the domain name is —
(a) similar, identical or confusingly similar to an existing trademark registered with the appropriate government agency at the time of registration;
(b) identical or in any way similar with the name of a person other than the registrant, in case of a personal name; or
(c) acquired without right or intellectual property interests in it;
"data" means any representation of facts, information or concepts in a form suitable for processing in a computer system, including a program suitable to cause a computer system to perform a function;
"interception" means the monitoring, modifying, viewing or recording of non-public transmissions of data to or from a computer system over a telecommunications system, and includes, in relation to a function of a computer system, listening to or recording a function of a computer system or acquiring the substance, its meaning or purport of such function;
"interference" means any impairment to the confidentiality, integrity or availability of a computer system, or any program or data on a computer system, or any act in relation to the computer system which impairs the operation of the computer system, program or data;
"mobile money" means electronic transfer of funds between banks or accounts' deposit or withdrawal of funds or payment of bills by mobile phone;
"national critical information infrastructure" means a vital virtual asset, facility, system, network or process whose incapacity, destruction or modification would have —
(a) a debilitating impact on the availability, integrity or delivery of essential services including those services, whose integrity, if compromised, could result in significant loss of life or casualties; or
(b) significant impact on national security, national defense, or the functioning of the state;
"network" means a collection of hardware components and computers interconnected by communications channels that allow sharing of resources and information;
"password" means any data by which a computer service or a computer system is capable of being obtained or used;
"pornography" includes the representation in books, magazines, photographs, films, and other media, telecommunication apparatus of scenes of sexual behaviour that are erotic or lewd and are designed to arouse sexual interest";
"premises" includes land, buildings, movable structures, a physical or virtual space in which data is maintained, managed, backed up remotely and made available to users over' a network, vehicles, vessels or aircraft;
"program" means data representing instructions or statements that, if executed in a computer system, causes the computer system to perform a function and reference to a program includes a reference to a part of a program;
"requested State" means a state being requested to provide legal assistance under the terms of this Act;
"requesting State" means a state requesting for legal assistance and may for the purposes of this Act include an international entity to which Kenya is obligated;
"seize" with respect to a program or data includes to — (a) secure a computer system or part of it or a device;
(b) make and retain a digital image or secure a copy of any program or data, including using an on-site equipment;
(c) render the computer system inaccessible;
(d) remove data in the accessed computer system; or
(e) obtain output of data from a computer system;
"service provider" means —
(a) a public or private entity that provides to users of its services the means to communicate by use of a computer system; and
(b) any other entity that processes or stores computer data on behalf of that entity or its users;
"subscriber information" means any information contained in the form of data or any form that is held by a service provider, relating to subscribers of its services, other than traffic data or content data, by which can be established —
(a) the type of communication service used, the technical provisions taken thereto and the period of service;
(b) the subscriber's identity, postal, geographic location, electronic mail address, telephone and other access number, billing and payment information, available on the basis of the service agreement or arrangement; or
(c) any other information on the site of the installation of telecommunication apparatus, available on the basis of the service agreement or arrangement;
"telecommunication apparatus" means an apparatus constructed or adapted for use in transmitting anything which is transmissible by a telecommunication system or in conveying anything which is transmitted through such a system;
"telecommunication system" means a system for the conveyance, through the use of electric, magnetic, electro-magnetic, electro-chemical or electro-mechanical energy, of— (a) speech, music or other sounds;
(b) visual images;
(c) data;
(d) signals serving for the impartation, whether as between persons and persons, things and things or persons and things, of any matter otherwise than in the form of sound, visual images or data; or
(e) signals serving for the activation or control of machinery or apparatus and includes any cable for the distribution of anything falling within paragraphs (a), (b), (c) or (d);
"traffic data" means computer data relating to a communication by means of a computer system, generated by a computer system that formed a part in the chain of communication, indicating the communication's origin, destination, route, time, date, size, duration or the type of underlying service; and
"trust accounts" means an account where a bank or trust company is holding funds in relation to mobile money on behalf of the public depositors.
Enhance Your Research with Bookmarks and Annotations
Here's how you can use these features:
- To bookmark this page, click the "Bookmark this Page" button below the document title.
- To add an annotation, highlight text in the document and select "Add Annotation" from the toolbar that appears.
- These features are great for organizing your research and keeping track of key information.
- You can view and manage your bookmarks and annotations on your Bookmarks and Annotations page.
- Section 3 - Objects of the Act
The objects of this Act are to —
(a) protect the confidentiality, integrity and availability of computer systems, programs and data;
(b) prevent the unlawful use of computer systems;
(c) facilitate...
- Section 4 - Establishment of Committee
There is established the National Computer and Cybercrimes Co-ordination Committee.
- Section 5 - Composition of the Committee
(1) The Committee shall comprise of—
(a) the Principal Secretary responsible for matters relating to internal security or a representative designated and who shall be the chairperson;
(b) the...
- Section 6 - Functions of the Committee
(1) The Committee shall —
(a) advise the Government on security related aspects touching on matters relating to blockchain technology, critical infrastructure, mobile money and trust...
- Section 7 - Secretariat of the Committee
(1) There shall be a Secretariat which shall comprise of the Director and such number of public officers that, subject to the approval of the Committee, the Cabinet Secretary responsible for matters...
- Section 8 - Reports by the Committee etc
The Committee shall submit quarterly reports to the National Security Council.
- Section 9 - Critical information infrastructure
(1) The Director shall, by notice in the Gazette, designate certain systems as critical infrastructure.
(2) The Director shall designate a system as a critical infrastructure if a disruption of the...
- Section 10 - Protection of critical information infrastructure
(1) The Committee shall within reasonable time and in consultation with the owner or a person in control of an identified critical information infrastructure, submit to the National Security Council...
- Section 11 - Reports on critical information infrastructure
(1) The owner or operator of a system designated as critical infrastructure shall report to the Committee any incidents likely to constitute a threat in the nature of an attack that amounts to a...
- Section 12 - Information sharing agreements
(1) A private entity may enter into an information sharing agreement with a public entity on critical information infrastructure.
(2) An agreement under subsection (1) shall only be entered into for...
- Section 13 - Auditing of critical information infrastructures to ensure compliance
(1) The owner or person in control of a critical information infrastructure shall annually submit a compliance report on the critical information infrastructure to the Committee in line with a...
- Section 14 - Unauthorised access
(1) A person who causes, whether temporarily or permanently, a computer system to perform a function, by infringing security measures, with intent to gain access, and knowing such access is...
- Section 15 - Access with intent to commit further offence
(1) A person who commits an offence under section 14 with intent to commit afurther offence under any law, or to facilitate the commission of a further offence by that person or any other person,...
- Section 16 - Unauthorised interference
(1) A person who intentionally and without authorisation does any act which causes an unauthorised interference, to a computer system, program or data, commits an offence and is liable on conviction,...
- Section 17 - Unauthorised interception
(1) A person who intentionally and without authorisation does any act which intercepts or causes to be intercepted, directly or indirectly and causes the transmission of data to or from a computer...
- Section 18 - Illegal devices and access codes
(1) A person who knowingly manufactures, adapts, sells, procures for use, imports, offers to supply, distributes or otherwise makes available a device, program, computer password, access code or...
- Section 19 - Unauthorised disclosure of password or access code
(1) A person who knowingly and without authority discloses any password,access code or other means of gaining access to any program or data held in any computer system commits an offence and is...
- Section 20 - Enhanced penalty for offences involving protected computer system
(1) Where a person commits any of the offences specified under sections 14,15, 16 and 17 on a protected computer system, that person shall be liable, on conviction, to a fine not exceeding twenty five...
- Section 21 - Cyber espionage
(1) A person who unlawfully and intentionally performs or authorizes or allows another person to perform a prohibited act envisaged in this Act, in order to —
(a) gain access, as provided under...
- Section 22 - False publications
(1) A person who intentionally publishes false, misleading or fictitious data or misinforms with intent that the data shall be considered or acted upon as authentic, with or without any financial...
- Section 23 - Publication of false information
A person who knowingly publishes information that is false in print, broadcast, data or over a computer system, that is calculated or results in panic, chaos, or violence among citizens of the...
- Section 24 - Child pornography
(1) A person who, intentionally —
(a) publishes child pornography through a computer system;
(b) produces child pornography for the purpose of its publication through a computer...
- Section 25 - Computer forgery
(1) A person who intentionally inputs, alters, deletes, or suppresses computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were...
- Section 26 - Computer fraud
(1) A person who, with fraudulent or dishonest intent—
(a) unlawfully gains;
(b) occasions unlawful loss to another person; or
(c) obtains an economic benefit for oneself or for another person,...
- Section 27 - Cyber harassment
(1) A person who, individually or with other persons, wilfully communicates, either directly or indirectly, with another person or anyone known to that person, commits an offence, if they know or...
- Section 28 - Cybersquatting
A person who, intentionally takes or makes use of a name, business name, trademark, domain name or other word or phrase registered, owned or in use by another person on the internet or any other...
- Section 29 - Identity theft and impersonation
A person who fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person commits an offence and is liable, on conviction,...
- Section 30 - Phishing
A person who creates or operates a website or sends a message through a computer system with the intention to induce the user of a website or the recipient of the message to disclose personal...
- Section 31 - Interception of electronic messages or money transfers
A person who unlawfully destroys or aborts any electronic mail or processes through which money or information is being conveyed commits an offence and is liable on conviction to a fine not exceeding...
- Section 32 - Willful misdirection of electronic messages
A person who willfully misdirects electronic messages commits an offence and is liable on conviction to a fine not exceeding one hundred thousand shillings or to imprisonment for a term not exceeding...
- Section 33 - Cyber terrorism
(1) A person who accesses or causes to be accessed a computer or computer system or network for purposes of carrying out a terrorist act, commits an offence and shall on conviction, be liable to a...
- Section 34 - Inducement to deliver electronic message
A person who induces any person in charge of electronic devices to deliver any electronic messages not specifically meant for him commits an offence and is liable on conviction to a fine not exceeding...
- Section 35 - Intentionally withholding message delivered erroneously
A person who intentionally hides or detains any electronic mail, message, electronic payment, credit and debit card which was found by the person or delivered to the person in error and which ought to...
- Section 36 - Unlawful destruction of electronic messages
A person who unlawfully destroys or aborts any electronic mail or processes through which money or information is being conveyed commits an offence and is liable on conviction to a fine not exceeding...
- Section 37 - Wrongful distribution of obscene or intimate images
A person who transfers, publishes, or disseminates, including making a digital depiction available for distribution or downloading through a telecommunications network or though any other means of...
- Section 38 - Fraudulent use of electronic data
(1) A person who knowingly and without authority causes any loss of property to another by altering, erasing, inputting or suppressing any data stored in a computer, commits an offence and is liable...
- Section 39 - Issuance of false e-instructions
A person authorized to use a computer or other electronic devices for financial transactions including posting of debit and credit transactions, issuance of electronic instructions as they relate to...
- Section 40 - Reporting of cyber threat
(1) A person who operates a computer system or a computer network, whether public or private, shall immediately inform the Committee of any attacks, intrusions and other disruptions to the functioning...
- Section 41 - Employee responsibility to relinquish access codes
(1) An employee shall, subject to any contractual agreement between the employer and the employee, relinquish all codes and access rights to their employer's computer network or system immediately...
- Section 42 - Aiding or abetting in the commission of an offence
(1) A person who knowingly and willfully aids or abets the commission of any offence under this Act commits an offence and is liable, on conviction, to a fine not exceeding seven million shillings or...
- Section 43 - Offences by a body corporate and limitation of liability
(1) Where any offence under this Act has been committed by a body corporate—
(a) the body corporate is liable, on conviction, to a fine not exceeding fifty million shillings; and
(b) every person...
- Section 44 - Confiscation or forfeiture of assets
(1) A court may order the confiscation or forfeiture of monies, proceeds,properties and assets purchased or obtained by a person with proceeds derived from or in the commission of an offence under...
- Section 45 - Compensation order
(1) Where the court convicts a person for any offence under this Part, or foran offence under any other law committed through the use of a computer system, the court may make an order for the payment...
- Section 46 - Additional penalty for other offences committed through use of a computer system
(1) A person who commits an offence under any other law through the use of a computer system commits an offence and shall be liable on conviction to a penalty similar to the penalty provided under...
- Section 47 - Scope of procedural provisions
(1) All powers and procedures under this Act are applicable to and may beexercised with respect to any —
(a) criminal offences provided under this Act;
(b) other criminal offences committed by means...
- Section 48 - Search and seizure of stored computer data
(1) Where a police officer or an authorised person has reasonable grounds to believe that there may be in a specified computer system or part of it, computer data storage medium, program, data,...
- Section 49 - Record of and access to seized data
(1) Where a computer system or data has been removed or rendered inaccessible, following a search or a seizure under section 48, the person who made the search shall, at the time of the search or as...
- Section 50 - Production order
(1) Where a police officer or an authorised person has reasonable grounds tobelieve that —
(a) specified data stored in a computer system or a computer data storage medium is in the possession or...
- Section 51 - Expedited preservation and partial disclosure of traffic data
(1) Where a police officer or an authorised person has reasonable grounds to believe that —
(a) any specified traffic data stored in any computer system or computer data storage medium or by means of...
- Section 52 - Real-time collection of traffic data
(1) Where a police officer or an authorised person has reasonable grounds to believe that traffic data associated with specified communications and related to the person under investigation is...