MEDIA LAW CAT

Right to privacy
Communication surveillance
Communications surveillance is the monitoring, interception, collection, preservation, and
retention of information that has been communicated, relayed, or generated over
communications networks to a group of recipients by a third party.
Communication plays a huge role in all of our lives. It helps us build relationships, share
experiences, and develop as individuals and as a society. As such, communications surveillance
is a significant interference with this fundamental need to communicate, and to do so on our own
terms, and with confidence that our thoughts are not shared beyond our control.
Without the security of knowing that your communications are private, our ability to create safe
boundaries and manage our relationships falls apart.
communications surveillance is conducted by
Developments in communications have brought us access to a diverse set of networks on which
to communicate. As communications technologies developed, from the telegraph to fixed
landlines to mobile communications and the internet, we have been given more control over who
we communicate with and the method in which to do so.
There are four main methods of communications surveillance, these are
Internet Monitoring: Internet monitoring is the act of capturing data as it travels across the
internet toward its intended destination. It can take place across any point of the physical or
electronic systems that comprise the internet.
Mobile Phone Monitoring: Mobile phone monitoring technologies capture information
transmitted over mobile networks. One of the most common forms of mobile phone monitoring
is through the use of IMSI Catchers. IMSI catchers, when deployed in a specific area, work by
presenting themselves as powerful base stations, enticing all phones in that given area to join its
“network” and then capture unique identification numbers from your phone, known as IMSIs. In
some cases, the most sophisticated forms of IMSI catchers have the capability to intercept calls
and even send messages to each registered phone.
Fixed Line Interception: Fixed line interception entails the capture of information as it travels
across public switched telephone networks (PSTN), which forms the backbone of our
international communication networks. The historical view of this form of surveillance involved
crocodile clips being attached to the physical line. Modern surveillance technologies of PSTN
still fundamentally operate in that way, where a physical probe is placed on the phone network
which allows for the interception of phone calls
Intrusion: Intrusion technologies clandestinely deploy malicious software (malware) on mobile
phones and computers.
 The malware, or Trojan, allows operators to take complete control over the target's device by
embedding itself in all system functions.
Who are the actors performing communications surveillance?
Anyone with these types of technologies can perform communications surveillance. It is often
the case that these actors include law enforcement agencies, intelligence agencies, private
company, or a malicious actor.
Is communications surveillance legal?
All surveillance must meet the minimum standards of being both necessary in a democratic
society to achieve a legitimate aim and proportionate to that aim. Individuals must be protected
against arbitrary interference with their right to communicate privately. When a government
wishes to conduct communications surveillance, it must only be done in accordance with clear
and transparent law.
The lawful interception of communications must be performed with proper legal authorization,
but what this authorization looks like varies across jurisdictions. Since communications
surveillance directly interferes with the right to privacy, any laws that allow for it must be
in accordance with human rights principles. The mere existence of surveillance laws do not make
the act of communications surveillance lawful.
Legal framework of communication surveillance in Kenya
The Kenya Information and Communications Act (2009), penalises the unlawful interception of
communications by service providers. Article 31 states:
“A licensed telecommunication operator who otherwise than in the course of his business—
(a) intercepts a message sent through a licensed telecommunication system; or
(b) discloses to any person the contents of a message intercepted under paragraph; or
(c) discloses to any person the contents of any statement or account specifying the
telecommunication services provided by means of that statement or account, commits an offence
and shall be liable on conviction to a fine not exceeding three hundred thousand shillings or, to
imprisonment for a term not exceeding three years, or to both.”
Article 83 states:
"(1) Subject to subsection (3), any person who by any means knowingly: —
(a) secures access to any computer system for the purpose of obtaining, directly or indirectly, any
computer service;
(b) intercepts or causes to be intercepted, directly or indirectly, any function of, or any data
within a computer system, shall commit an offence."
Article 93 (1) states:
"No information with respect to any particular business which—
(a) has been obtained under or by virtue of the provisions of this Act; and
(b) relates to the private affairs of any individual or to any particular business,
shall, during the lifetime of that individual or so long as that business continues to be carried on
be disclosed by the Commission or by any other person without the consent of that individual or
the person for the time being carrying on that business."
Section 15 (1) of the Kenya Information and Communications (Consumer Protection)
Regulations (2010), states that:
“Subject to the provisions of the Act or any other written law, a licensee shall not monitor,
disclose or allow any person to monitor or disclose, the content of any information of any
subscriber transmitted through the licensed systems by listening, tapping, storage, or other kinds
of interception or surveillance of communications and related data.”
However, several recent legal developments have eroded protections against surveillance and
expanded the intelligence and law enforcement agencies' interception powers.
These include the National Intelligence Service (NIS) Act (2012), article 36 of which reads:
“(1) The right to privacy set out in Article 31 of the Constitution, may be limited in respect of a
person suspected to have committed an offence to the extent that subject to section 42, the
privacy of a person's communications may be investigated, monitored or otherwise interfered
with.
(2) The Service shall, prior to taking any action under this section, obtain a warrant under Part
V.”
Article 45 states:
“....an officer of the Service the power to obtain any information, material, record, document or
thing and for that purpose – (a) to enter any place, or obtain access to anything; (b) to search for
or remove or return, examine, take extracts from, make copies of or record in any other manner
the information, material, record, document or thing; (c) to monitor communication; or (d)
install, maintain or remove anything.”
The Prevention of Terrorism Act (2012) grants extensive powers to state authorities to limit
fundamental freedoms and encroach on the right to privacy through surveillance. Article
35 states:
“(1) Subject to Article 24 of the Constitution, the rights and fundamental freedoms of a person or
entity to whom this Act applies may be limited for the purposes, in the manner and to the extent
set out in this section.
(2) limitation of a right or fundamental freedom under subsection (1) shall apply only for the
purposes of ensuring —
(a) the investigations of a terrorist act;
(b) the detection and prevention of a terrorist act; or
(c) 'that the enjoyment of the rights and fundamental freedoms by an individual does not
prejudice the rights and fundamental freedom of others.
(3)The limitation of a fundamental right and freedom under this section shall relate to
(a) the right to privacy to the extent of allowing ...
(iii) the privacy of a person's communication to be investigated, intercepted or otherwise
interfered with.”
The Security Laws (Amendment) Act (2014) states in article 69, which is an amendment of the
Prevention of Terrorism Act, that:
“(1) The National Security Organs may intercept communication for the purposes of detecting,
deterring and disrupting terrorism in accordance with procedures to be prescribed by the Cabinet
Secretary.
(2) The Cabinet Secretary shall make regulations to give effect to subsection (1), and such
regulations shall only take effect upon approval by the National Assembly.
(3) The right to privacy under Article 31 of the Constitution shall be limited under this section
for the purpose of intercepting communication directly relevant in the detecting, deterring and
disrupting terrorism.”
The principal intelligence agency of Kenya is currently the National Intelligence Agency (NIS).
The NIS was established by the 2012 National Intelligence Service (NIS) Act; it is both the
domestic and foreign intelligence agency of Kenya. Its precursor, the National Security
Intelligence Service (NSIS), was created in 1998 as a successor of the Special Branch, which
dated to the late colonial period. Until 1999, the NSIS had been joined to the police.
In the case of Okoiti v. Communications Authority of Kenya
The High Court of Kenya held that the Communications Authority of Kenya’s plan to implement
a system that provided them with access to mobile service subscribers’ data was unconstitutional.
The case was brought by the executive director of a legal trust who believed that the plan to
install a communication surveillance system on mobile networks allowing access to certain
information of mobile service subscribers, including their call data records, was unconstitutional.
He argued that the policy formulation and implementation process lacked adequate public
participation and that the system itself amounted to a breach of mobile service subscribers’ rights
to privacy. The Government of Kenya argued that the system was needed to monitor and identify
illegal mobile devices. The High Court found that the system was “a threat to the subscribers’
privacy” and that there were less restrictive measures that could be used to identify illicit
devices. The High Court also found that the system had not been adopted in accordance with
law. In its judgment, the High Court relied on jurisprudence on the right to privacy from a range
of international and regional bodies, including the European Court of Human Rights and the
United Nations Human Rights Committee.