Companies

CCK sets up team to peep into private Internet use

PIX

File | Nation The Communications Commission of Kenya has said the four local mobile networks have disconnected a total of 1,280,840 unregistered Sim cards five days after the deadline

CCK has set up a team to monitor all Internet traffic — including personal e-mails — in what it said was an effort to curb rising cases of cyber crime.

The committee of IT experts, Internet Service Providers and security agencies was formed after a recent announcement by the communications industry regulator that it would establish a system to monitor Internet communications.

Also see Bloggers seek to reduce defamatory content

The Communications Commission of Kenya (CCK) cited increased cyber security threats since Kenya entered the global superhighway with the landing of the undersea fibre-optic cable in Mombasa three years ago.

Also see: Police target Internet cafes in war on cybercrime

“Tackling cyber crime needs a multifaceted approach and that is why the government is collaborating with the private sector,” said Michael Katundu, the acting director of IT Services at CCK.

The collaboration will be extended to include other countries because cyber crime knows no boundaries.

Cyber crimes take various forms, including violation of confidentiality, integrity of content, copyright and trademark infringement.

There are also the more serious crimes such as cyber terrorism, cyber warfare and cyber laundering that the more advanced economies such as the US have been grappling with.

In the past year, more than 2,000 Web sites have been hacked with forensic experts saying that cyber crime costs East Africa’s economy, Kenya included, Sh3 billion annually.

Mr Katundu said in an interview yesterday that the formation of the National Cyber Security Steering Committee would pave way for the creation of a central desk — the Kenya Computer Incident Response Team (Ke-CIRT) — to handle cyber crimes.

Currently, each organisation handles its computer or Internet security separately, making it difficult to deal with attacks that range from defacement to hacking of Web sites.

Brian Longwe, an industry IT expert, said the surge in cyber crimes required the private sector to share experiences and best practices learnt from other countries with the government.

“Without proper mechanisms to curb cyber crime, the country will not be able to promote electronic commerce or encourage online transactions at a time when the government is working on ways to deliver its services electronically,” Mr Longwe said.

The centralised desk to deal with cyber crime gives individuals or companies the first point of contact and could help reduce the lengthy process of getting a court order to pull down, for instance, derogatory photos of individuals posted online.

Three weeks ago, CCK announced its intention to instal an Internet traffic monitoring equipment known as Network Early Warning System (NEWS) to monitor traffic on Kenyan networks and respond to possible cyber threats.

Deployment of the system will entail installation of sensors on each Internet Service Provider’s (ISP) network.
The sensors will relay information to a central node for collection and analysis for possible cyber threats.
The system, which is expected to be operational by July, has already run into opposition  from  some Internet Service Providers (ISPs) who say it is in breach of the Constitution.

Article 31 of Constitution grants citizens the right to privacy, including a clause preventing infringement of “the privacy of their communication.”

A lawyer, Paul Muite said the inclusion of private sector members in the committee did not mean the regulator was now within the law.

“The starting point here is the Constitution, which CCK is not adhering to. The work of investigating crime is vested to the Criminal Investigation Department and not CCK,” said Mr Muite.

He added that CCK would be inviting litigation by monitoring people’s e-mails without a specific court order in line with Articles 31 and 34 of the Constitution.

Previously, some telecommunications operators opposed the deployment of the monitoring tool, saying Kenya did not have laws to guide how CCK would use the data gathered.

However, CCK argues that the Kenya Information and Communications Act gives it power to develop a national cyber security management framework.

The regulator says it will be the sole custodian of the data and infrastructure service providers will sign strict confidentiality terms.