Communications Authority Clarifies Proposed Cybersecurity Measures For Public WiFi Services In Kenya
I wrote a blog post earlier this week here on the extreme measures that Kenya’s Communications Authority (CA) intended to take with regards public WiFi use in the country, as reported in the mainstream media. Thankfully, many of my concerns that led to the blog post were unfounded according to a press release that I received from them this morning! I breathed a sigh of relief on reading the key highlights, as follows:
- The CA is currently in the process of developing regulations for cybersecurity and electronic commerce and the same will be subjected to public consultations in due course. These regulations shall be implemented exclusively by the CA in line with its mandate
- The draft regulations will have provisions that require installations of Public WI-FI to integrate a component that obliges its users to log in for identification purposes. In this regard, operators of cyber-cafes and public wireless hotspots shall be required to identify users before providing them with Internet access services. The identification shall be through a user registration system that ties each user to a registered mobile phone number. Operators of cyber-cafes shall also be required to ensure that system logs are retained in their original form for a defined period, install Closed Circuit Television (CCTV) for surveillance and use public Internet Protocol (IP) addresses for its computers. There is however no requirement for users to register their devices with KENIC
- The CA is currently spearheading the signing of a multi-partite Memorandum of Understanding (MoU) with the Registrar General in the Office of the Attorney General, the Telecommunications Service Providers Association of Kenya (TESPOK), the Kenya Education Network (KENET), the Domain Registrars Association of Kenya (DRAKE), the Kenya Network Information Centre (KENIC) and the Authority. The MoU aims at facilitating stakeholder collaboration in programs that promote the growth of Dot KE domain name and not to compel any locally registered organization to acquire a Dot KE (.KE) domain name.
- Although the CA encourages local hosting of content, including websites, the Regulations do not obligate anyone, including Kenyan companies, to host their websites within the country. The draft regulations however require the Authority to facilitate the promotion of the Dot KE domain name, local content creation and hosting, the use of local languages in content creation and the local routing of Internet traffic.
- The Regulations further cover aspects of data retention, protection and security; cybercrime reporting and management; electronic commerce, limitation of liability of service providers; and offences and penalties, among others.