The Bill seek to give the State powers to monitor and demand certain information from Internet Service Providers, telecommunication companies and cyber operators.
New sanctions and software tools to snoop and hack accounts of internet subscribers and SIM-card users as well as decryption of encrypted data await Kenyans or anybody residing in the country if a proposed law is enacted.
The Kenya Information Communications Act (KICA) (Amendment) Bill ,2025, if adopted by the National Assembly and signed into law as originally published, will be “the most” draconian and intrusive laws against freedom of speech, expression, dissemination through electronic means and right to privacy contrary to the constitution.
The Bill, sponsored by Aldai MP Marianne Kitany, currently before the National Assembly, seeks to give the Cabinet Secretary in charge of Information sweeping powers to monitor and demand certain information from Internet Service Providers (ISPs), telecommunication companies and cyber operators.
The Bill proposes to amend various sections of KICA with the implication of intruding into the prerogatives of Media Council of Kenya (MCK) and in the process, weaken its power over regulation of broadcast content by creating another layer of surveillance.
The Bill has already been faulted, with former Speaker of the National Assembly Justin Muturi and city lawyer David Ochami warning that it violates the constitution and the Data Protection Act among other laws.
To enforce the proposed snooping and surveillance, ISPs and anybody who sells Subscriber Identification Module (SIM)-cards shall be required to install tools such as signature-creation devices- akin to face recognition module- to monitor the activities of customers which can be retrieved by the State at will.
Specifically, clause 3 of the Bill seeks to amend section 27A of KICA to require that an internet service provider shall operate a meter billing system, which shall assign to each customer a unique and identifiable meter number.
“The Bill seeks to require internet service providers to develop and deploy quality metered billing systems capable of monitoring customer usage, convert to readable details and creating invoices based on consumption and align their metrics with the value the customers get from various internet services,” the Bill reads.
While the proposed amendments are packaged as seeking to enable internet subscribers or investors to reap financial benefits for their labour and investment, a closer scrutiny discloses “something sinister”.
For instance, the Bill seeks to empower some larger tech or broadcast firms to spy on smaller ones. Clause 3 of the Bill also further proposes that the internet service provider shall allow for user verification of invoices.
“An internet service provider licensed under this Act shall submit to the Authority, at least once in every financial year, information on the billing system including internet meter numbers issued to subscribers,” reads the Bill.
The Bill comes as mandarins at the Ministry of Information, Communications and the Digital Economy and security agencies revealed that the government has already acquired and installed the surveillance technology tools “required to monitor and even hack accounts of users”.
“The tools have been installed and are already working. The purpose of the proposed amendments is to legitimize the usage of the tools,” said an insider at the Ministry with another from a security agency concurring.
Mr Muturi said that the proposed changes to the law have no place in the current constitution as he accused President William Ruto of clawing back on democratic gains the country has made.
“This is the clearest evidence that President Ruto is hell bent on clawing back at the freedoms that Kenyans fought so hard for,” said Mr Muturi.
“He wants to take the country back to the dark days. He is nostalgic about trappings of a dictator and the imperial presidency of yester years,” the Speaker Emeritus spoke of the president.
This even as Mr Ochami accused the government of creating a new layer of institutions and operators that are earmarked to use the software tools to monitor emails, intrude into electronic communication and decrypt any encrypted personal or corporate information.
“This Bill is bad for modern day Kenya. Internet users, including those on a personal computer or cybercafé will be required to register or own an electronic or digital signature that can be used to track them and which can be retrieved by the state or its agents and from which the state and its agents can track and even intercept electronic information, legally,” warns Mr Ochami.
The Bill goes on to define a signatory to mean a person who holds a signature-creation device and acts either on his own behalf or on behalf of the natural or legal person or entity he represents.
It also defines SIM-card as an independent electronically-activated device designed for use in conjunction with telecommunication apparatus to transmit and receive indirect communications by providing access to telecommunication systems.
It also enables telecommunication systems to identify the particular SIM and its installed information.
A signature-creation data means unique data such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature.
Signature-creation device means a configured software or hardware used to implement the signature-creation data.
The signature-creation device is the equivalent of face recognition technology used to spy on citizens in digital states.
This essentially gives the State the legal right to hack into your phone or computer using software without breaking the law.
To empower some larger tech or broadcast firms against smaller ones or to spy on smaller ones, the Bill creates a “significant market power” phrase.
It goes on to define the phrase to mean “a position of economic strength enjoyed by a licensee which enables it to prevent effective competition being maintained on the relevant market by affording it the power to behave independently of its competitors, customers and consumers.”
In one fell swoop, the Bill is proposing to assign the Communications Authority of Kenya (CA) the power reserved for the Media Council of Kenya to superintend media breaches and electronic and broadcast content while taking away police authority to investigate electronic crime.
This, according to Mr Ochami, violates the National Police Service Act.
“The constitution grants the police the investigatory powers over acts of crime. So, it will be unconstitutional to assign this role to an entity that lacks the capability,” said Mr Ochami.
If successfully enacted into law, all SIM-card holders and broadcast licence holders shall be asked to register or seek licenses afresh.
But granting of these licenses shall not be automatic as they may be denied “subject to wide and unpredictable criteria set by the Cabinet Secretary for Information.
“By these amendments one can be denied this registration for failing or refusing to supply unnecessary or intrusive information,” warns Mr Ochami.
The constitution provides that only a court order or a valid criminal investigation should allow retrieval of private data held by a service provider.
However, under the proposed law State agents will be, legally, mandated to order or retrieve such information on their own motion or on order from the service provider.
This means that no court order shall be required to receive and retrieve private data for civil proceedings.
Article 24 of the constitution states that any limitation of fundamental rights should not be unreasonable and unjustifiable in a democracy.
The constitution goes on to protect citizens from unwarranted invasion of their privacy and also decrees that the state has no authority to limit one’s rights in a manner that infringes on the rights of others.
“The State, before enacting a law to limit or circumscribe rights must ensure that such legislation is specific and not broad and all sweeping. It should consider whether there are less punitive or restrictive measures to achieve the intended purpose,” Mr Muturi says.
