NAME REGISTRATION SIGNATURE

NUMBER
1. VITALICE MATILDA MARGARET (GROUP L95S/15571/2023
LEADER)
2. MYRA WAMBUI NDEGWA L95S/15239/2023

3. NDUNDA CATHERINE MWENDE L95S/15246/2023

4. KEMUNTO FAITH MAUTI L95S/15390/2023
5. NYAKORA SCHIFFER L95S/15534/2023

6. LITALA PATIENCE KHASANDI L95S/15537/2023

7. JANICE WAMBUI WANJIRU L95S/15586/2023

8. DEBORA NEKESA SIMIYU L95S/15433/2023

9. MELODY NYAWIRA NGARI L95S/15260/2023

10. MORAA NYANCHOKA L95S/15237/2023

UNIT TITLE: CRIMINAL LAW 2

UNIT CODE: LPL 111

GROUP WORK BY GROUP 10 SREAM ONE

1|Page
Offences against security of state

1. Sedition

Sedition is a federal crime to advocate insurrection against the government or support for an
enemy of the nation during a time of war, through speeches, publications and organization.

Sections 38 and 39 of the Kenyan Sedition Law deal with offences related to sedition.

Here is a summary of the relevant sections:

Section 38 deals with printing or uttering seditious words. This section makes it an offence to
print or utter any words which are intended to do any of the following:

a) Invite people to violence against the Government or to overthrow the Government by

unconstitutional means.
b) Incite people to interfere with the lawful exercise of authority by the Government.

c) Incite hatred or contempt of the Government.

d) Promote feelings of ill-will or hostility between different communities.

Section 39 deals with the possession of seditious publications. This section makes it an
offence to have in your possession any seditious publication unless you can give a
satisfactory account of how you came into possession of it.

It is important to note that the law of sedition is a complex area and the following is not a
substitute for legal advice. If you are concerned about whether something you have done or said
may constitute an offence under the Sedition Law, you should consult with a qualified lawyer.

2. Terrorism

Is unlawful use of violence, with intent to advance political, religious, and ideological or other
such causes and includes any unlawful use of violence or threat of use of violence with intent to
put public or section of public in fear.

2|Page
The prevention Act of 2012 defines a terrorist act or threat of action; which involves the use of
violence against a person that creates a serious risk to the health or safety of public and
prejudices a national security or public safety,

Elements of terrorism

I. Use of violence , use of violence or fear to instill fear to a section of public

II. Ideological motivation, have strong ideological belief that they are going to use violence
in advance
III. Non state actors, they are carried out with people who are not official members of the
government or afflicted with any government
IV. Targeting civilians , they attack civilians rather than military government officials in
order to spread fear and create sense of insecurity
V. Political objections, may seek to overthrow government establish an independent
government or promote a specific political agenda

Membership of terrorist organization

Section 24 defines the offense, a person who is a member of or professes to be a member of a

terrorist group commits an offence and is liable on conviction to imprisonment for a term not
exceeding thirty years

In the case of Abirizak muktar Edow V Kenya (2016) eKLR, court confirmed process of
proving membership of terrorist group established in the case of

Mohammed Haro V Kenya, court observed that membership of terrorist group may not be
easily determinable, but use of circumstantial evidence that points the association with such a
group is vital and the prosecution ought to take steps to show a clear linkage between the actions
of the accused and the outlawed group

Laws and penalties for terrorist offences

A person who carries out terrorist act is liable, on conviction of life imprisonment. Where one
carries out terrorist activities and results to death of another he/she may be imprisoned for life.
Inchoate offences such as conspiracy to commit terrorist offences are also liable to imprisonment

3|Page
for up to 20 years. Incitement through publication, distribution or otherwise availing information
for incitement of terrorist act attracts liability to 30 years.

In the case of Ahmad Abolfathimohammed and another V Republic (2016) the court gave
the appellant 15 years life imprisonment after attempted terrorism. We have cases where the
court found the sentence given by the other courts being excessive and they reduce the sentence
based on the circumstances of the case as was in the case of Isaac Lekushon Taruru V
Republic (2017) EKLR.

Funding of terrorist group

Section 42 of prevention Act of terrorism provides the following

A person who has information on

a) The existence of any property in his or property used for commission of offence under
this Act possess or control which is to his knowledge owned or controlled by or on behalf
of a terrorist group
b) Any information regarding a transaction or proposed transaction in respect of any
property preferred in a

Section 43 provides the following orders for seizure and restrainment of property

The High court may on ex parte application supported by an affidavit and where there are any
property used for or in connection with the received as payment for the commission of an
offence under this Act

a) A warrant authorizing a police officer to search the building, place or vessel and seize the
property in respect of which the warrants are issued
b) A restraining order prohibiting any person from disposing of , or dealing with any interest
in that property, other than as may be specified in the order
Steps taken to address terrorism
 Establishment of the Anti - terrorism police unit to specifically deal with offenses
dealing with terrorism
 International marketing for our terrorism section

4|Page
  Inter faith based approach to deal with religious extremism idealogy
 Enactment of the prevention Terrorism Act
3. Rioting

Riot is defined under Section 78 (1) of the Penal Code as “When three or more persons
assemble with intent to commit an offence, or, being assembled with intent to carry out some
common purpose, conduct themselves in such a manner as to cause as to cause persons in the
neighborhood reasonably to fear that the persons so assembled will commit a breach of the
peace, or will by such assembly needlessly and without any reasonable occasion provoke other
persons to commit a breach of the peace, they are an unlawful assembly.” 1

Section 78(3) of the Kenyan Penal Code states that “When an unlawful assembly has begun to
execute the purpose for which it assembled by a breach of the peace and to the terror of the
public. The assembly is called a riot, and the persons assembled are said to be riotously
assembled.”

Elements of rioting include: The intent to cause a riot, a person engages or acts in the conduct,
a person urges others to commit acts of force or violence or property damage, under
circumstances that it produces present and immediate danger & the acts of force or violence or
property damage.

The case of Ibrahim Adan V Republic2 the definitions and grounds of being charged with riot
and unlawful assembly arose. In this case, the appellants were freed and the accusations dropped
on riot and unlawful assembly. Taking part in an unlawful assembly makes one guilty of a
misdemeanor which one can be imprisoned for not more than one year as per section 79 of the
Penal Code.

Rioters are assumed to disperse upon announcement of a proclamation by an administrative

officer or any military force present at the ongoing riot 3. Upon expiration of the time given for
proclamation, those rioters that may not disperse can be apprehended and is guilty of a felony
and is liable for a life imprisonment according to section 86 of the Penal Code.

1
Section 78(1) of the Penal Code of Kenya
2
Civil Appeal No 843-930 of 1983
3
Section 83 of the Kenyan Penal Code

5|Page
4. Treason

Treason is a crime that involves betraying one's country or sovereign. It typically consists of
actions that undermine the security, stability, or territorial integrity of a nation. The concept of
treason varies depending on the legal framework of each country. In general, treason involves the
following elements: Intentional and willful betrayal-The person must act with the intent to harm
the country or its interests. Acts that undermine sovereignty-Treasonous acts can include
espionage, sedition, conspiracy, or aiding and abetting an enemy force. Damage or potential
damage to the country-The actions must cause or have the potential to cause significant harm to
the country's security, stability, or territorial integrity.

Specific examples of Treason include providing classified information to an enemy power,

conspiring to overthrow the government, joining or supporting an armed insurrection against the
country and attempting to assassinate the head of state. Treason is a serious crime and is
punishable by severe penalties, including imprisonment, fines, or even death, depending on the
jurisdiction. The specific definition and consequences of treason vary from country to country,
and it is always advisable to consult the relevant legal authorities for a more precise
understanding. According to Section 40(3) of the Penal Code the punishment for treason or any
person who is found guilty of the offence of treason shall be sentenced to death. As refereed in
the case of Rex V Kichanjele s/o Ndamungu 1941 (EACA) in this case the courts substituted
the imprisonment penalty with death.

5. Misprision of treason

Misprision of treason is a legal term that refers to the act of concealing or failing to report
knowledge of treasonous activities. It involves knowing about a treasonous plot or act and not
disclosing this information to the authorities, which can be considered a criminal offense in some
jurisdictions. The concept emphasizes the duty individuals have to report serious crimes against
their country's government or sovereignty. In other words, misprision of treason is a criminal
law offense that involves concealing or failing to report knowledge of a treasonous plot or act.

Misprision of treason is based on the principle that individuals have a duty to disclose any
knowledge of treasonous activity to the authorities. Failure to do so can constitute a crime.

6|Page
To prove misprision of treason, the prosecution must establish the following elements: The
defendant had knowledge of a treasonous plot or act; the defendant concealed or failed to report
that knowledge to the authorities and the defendant had a legal duty to disclose the knowledge.
The punishment for misprision of treason varies depending on the jurisdiction. In the United
States, it is typically punished as a felony offense. Possible defenses to misprision of treason
include: Lack of knowledge of the treasonous nature of the plot or act, duress or coercion, fear of
retaliation and mistake of law. Misprision of treason laws plays a crucial role in preventing and
deterring treasonous activity by: Encouraging individuals to report suspicious behavior, ensuring
that those who know about treasonous plots are held accountable and safeguarding national
security. The definition and concept of misprision of treason may vary across different legal
systems and jurisdictions. It is important to consult the specific laws and legal authorities for a
comprehensive understanding of this offense. In Kenya, it is found under section 42 of the Penal
code, under concealment of treason is found guilty of the felony termed as misprision of treason
as is liable for life imprisonment. In the case of Mataka and Anor V Republic it was stated that
the name of the person intending to commit the treason should also be given for the charge to be
valid.

6. Treasonable felony

A treasonable felony is a serious crime that involves acts of disloyalty or betrayal against one's
country or government. It typically encompasses offenses that threaten national security or
sovereignty. Treasonable felonies are often defined by specific statutes and may vary depending
on the jurisdiction. Generally, they involve actions that: Attempt to overthrow the government or
incite rebellion, aid or abet the country's enemies during wartime, engage in espionage or
sabotage and conspire to commit treasonous acts. Treasonable felonies are considered grave
offenses and carry severe penalties. Depending on the jurisdiction, punishments can range from
imprisonment to capital punishment or life sentences. Treasonable felony laws are crucial for
protecting national security and maintaining the integrity of a country. They deter individuals
from engaging in acts that could harm the state or its citizens. Examples of Treasonable Felonies
include: Providing classified information to foreign agents, participating in terrorist activities
against the country, attempting to overthrow the government through force or violence and
conspiring to undermine the country's defence system.

7|Page
The definition and concept of treasonable felony may vary across different legal systems and
jurisdictions. It is important to consult the specific laws and legal authorities for a comprehensive
understanding of this offense in any particular context. In Kenya, its stipulated under section 43
of the Penal code as any person who, not owing allegiance to the Republic, in Kenya or
somewhere else commits any act or commission of acts which, if it were committed by a person
who owed such allegiance would amount to the offence of treason under section 40 of the penal
code, is guilty of a felony and is liable for life imprisonment.

Crimes committed in the digital space as detailed under the Computer Misuse and Cyber
Crimes Act 2018

Cybercrime is any criminal activity that involves a computer, network or networked device.

Computer Misuse and Cybercrimes Act provides for offences relating to computer systems; to
enable timely and effective detection, prohibition, prevention, investigation and prosecution of
cybercrimes; to facilitate international cooperation in dealing with cybercrimes and for
connected purposes.

Objectives of the Computer Misuse and Cybercrimes Act

a) Protecting the rights to privacy and freedom of expression

b) Prevent the unlawful use of computer systems.
c) Protect data from theft and damage.
d) To promote international cooperation on matters covered under this Act.

Examples of the offences include: Unauthorized access, interference and interception of ICT
systems, Illegal devices and access codes, Cyber espionage, False publications and publication of
false information, Child pornography, Computer fraud and forgery, Subversion, Cyber
harassment, Cybersquatting, Identity theft and impersonation, Phishing, Cyber terrorism and
sabotage, Aiding and abetting in the commission of an offence & Any other computer and
cybercrimes as provided for in all laws in Kenya.

1. Unauthorized access to computer systems4

4
Section 14 of the Computer Misuse and Cybercrimes Act, 2018

8|Page
Section 14 prohibits unauthorized access to a computer system. The key elements of the offence
are: Access-This reference interaction with a computer system, including logging in,
downloading files, or modifying data. No authorization-The access must be without lawful
permission or authority from the owner or authorized user of the system.

R v Goldstein (2001)

It is a British case where the defendant was convicted under a similar unauthorized access law. Goldstein
accessed a university computer system using a fake username and password. The court found him guilty;
highlighting that even limited access to a computer system can constitute an offence.

Section 14 protects computer systems from unauthorized infusion, which can be a stepping stone
to more serious crimes like data theft or fraud. It applies to a broad range of scenarios, including:
hacking into a personal computer or social media account, accessing a company network without
authorization and downloading confidential information from a restricted system.

2. Access with intent to commit further offences5

Section 15 criminalizes access to a computer system with the intent to commit further offences.
This section goes beyond unauthorized access. It criminalizes gaining access to a computer
system to commit another crime.

The key elements include:

1. Unauthorized Access: Similar to Section 14, there must be access to a computer system
without lawful permission.

2. Intent: The prosecution must prove the accused intended to commit another offence after
gaining access. This could be theft, fraud, vandalism, or any other crime facilitated by
unauthorized access.

Section 15 strengthens cyber security by deterring individuals from using computer systems for
criminal purposes. It encourages responsible use of authorized access and helps combat various
cybercrimes.

3. Prohibits unauthorized interference with computer systems

5
Section 15 of the Computer Misuse and Cybercrimes Act, 2018

9|Page
Section 16 prohibits unauthorized interference with computer systems or data. In simpler terms,
it prohibits tampering with a computer system or its data without lawful permission.

Examples of Offense include hacking into a system and deleting critical files, introducing
malware to disrupt a computer network and modifying data on a server without authorization.

State of Maharashtra v. Prafulla Hiraman Ahire [2014]: This case dealt with unauthorized modification
of source code. The court ruled that altering computer source code constituted a punishable offence
under Section 66 of the IT Act. This case highlights how Indian courts interpret unauthorized access and
modifications to computer systems.

Section 16 safeguards the integrity and availability of computer systems and data. It prevents
unauthorized individuals from altering or destroying information, which can cause significant
harm to businesses and individuals.

Similar to Sections 14 and 15, violating Section 16 carries a fine of up to ten million shillings or
imprisonment for up to ten years or both.

4. Unauthorized interception of computer systems6

Section 17 shows that unauthorized interception of electronic communication an offence. This

section protects the privacy of electronic communications, such as emails, text messages, and
social media messages. Electronic Communication refers to any message or information created,
sent, or received electronically, including emails, text messages, instant messages, voicemails,
and social media messages.

The law prohibits intentionally listening to, capturing, or recording electronic communication
without the consent of all parties involved.

It's important to note that Section 17 likely doesn't apply to:

a.) Communications you send to someone else, where you expect them to be able to read or
listen to them e.g., sending an email.

b.) Communications where one party has consented to the interception (e.g., law enforcement
with a warrant).
6
Section 17 of the Computer Misuse and Cybercrimes Act, 2018

10 | P a g e
Section 17 safeguards the privacy of electronic communication in Kenya. It discourages
eavesdropping and ensures people can communicate electronically without fearing unauthorized
interception.

Minister of Communications and another V Silber [2009]: This case addressed the unauthorized
interception of data. The court ruled that intercepting electronic communication without consent violated
the ECT Act. The South African case offers perspectives on electronic communication and unauthorized
data interception, which are relevant to Kenya's CMCA Section 17.

Similar to Sections 14-16, violating Section 17 carries a fine of up to ten million shillings or
imprisonment for up to ten years or both.

5. Prohibition of illegal devices and access codes7

Section 18 clearly defines and prohibits the possession of illegal devices or access codes used to
commit cybercrimes. It aims to prevent irrelevant from acquiring or using resources that
facilitate unauthorized access or interference with computer systems. The law prohibits the
possession of any device designed or adapted primarily to commit a computer crime. This could
include hacking tools, password crackers, or malware creation kits. Section 18 also criminalizes
the possession of access codes, passwords, or other data used to gain unauthorized access to a
computer system. This might involve stolen credentials, key loggers, or network access include

Unlike other sections focusing on unauthorized access or interference (14, 15, 16), Section 18
doesn't require proof of intent to commit a crime. Simply possessing these illegal devices or
access codes is an offence.

Similar to Sections 14-17, violating Section 18 carries a fine of up to ten million shillings or
imprisonment for up to ten years or both.

6. Unauthorized disclosure of passwords or access codes8

Section 19 criminalizes the unauthorized disclosure of passwords or access codes. This section
safeguards passwords and access codes used for computer systems and data. It prohibits the
unauthorized disclosure of these credentials. Examples of Offences against this section include:

7
Section 18 of the Computer Misuse and Cybercrimes Act, 2018
8
Section 19 of the Computer Misuse and Cybercrimes Act, 2018

11 | P a g e
Sharing your work computer's login credentials with a friend, selling stolen user passwords to a
third party and leaking a company's security access codes online

The potential penalty for violating Section 19 can vary depending on the offender's motive:

a.) Without Wrongful Gain or Unlawful Purpose: If someone discloses a password or access
code unintentionally or without malicious intent, the penalty might be less severe.

b.) For Wrongful Gain or Unlawful Purpose: If the disclosure is made for personal gain e.g.,
financial gain or with the intent to harm someone e.g., facilitate unauthorized access, the penalty
could be more significant.

Penalty for a basic offense is a fine not exceeding five million shillings or imprisonment for a
term not exceeding three years, or both while an aggravated offense is a fine not exceeding ten
million shillings or imprisonment for a term not exceeding five years, or both (applicable when
disclosure is for wrongful gain or unlawful purpose).

7. Penalties for offences involving protected computer systems9

Section 20 clearly describes enhanced penalties for these offences if they target "protected
computer systems” critical to national security, infrastructure, or essential services. Protected
Computer Systems are critical systems designated by the Director-General of the
Communications Authority of Kenya (CA). They are considered essential for national security,
infrastructure, or the provision of essential services. Examples could include: Government
databases and networks, financial institutions' systems Power grid control systems and
Telecommunication infrastructure. Since these protected systems are vital for national security
and well-being, any unauthorized access, interference, or other offences outlined in Sections 14-
19 carry a more severe punishment to deter potential attackers and emphasize the seriousness of
such crimes.

The specific penalties for violating Sections 14-19 when targeting protected systems are not
directly mentioned in Section 20 itself. However, it generally refers to "enhanced penalties." The
exact nature of the enhancement is likely determined by other provisions within the CMCA or

9
Section 20 of the Computer Misuse and Cybercrimes Act, 2018

12 | P a g e
relevant regulations. It is possible that the enhanced penalties could involve: A significant
increase in the maximum fine and a longer maximum prison sentence or both.

8. Cyber Espionage10

Espionage is the practice of spying to obtain information about the plans and activities especially
of a foreign government or a competing company. Cyber espionage is a where an unauthorized
user attempts to access sensitive or classified data or intellectual property to gain competitive
advantage over another company or government entity. Examples of scenarios where there is
espionage include: When one country sends spies to gather military information about another
and when one hacks into a computer network to steal information. Cyber spies most commonly
attempt to access the following assets: Financial details, personal data, academic research data,
product formulas or blueprints, client lists, strategies in business or politics and military
intelligence.

Section 21 of the Computer Misuse and Cyber Crimes Act provides for the offence of cyber
espionage. It states that a person who lawfully or unlawfully and intentionally performs or
authorizes or allows another person to perform a prohibited act envisaged in this Act in order to
gain access to critical data or intercept data. Actus Reus of cyber espionage is where the cyber
perpetrator enters the computer and unlawfully takes, or exercises unlawful control over, the
property—the information of another. Mens Rea of cyber espionage is where the cyber
perpetrator enters with the intent to commit an offense and acts with the intent of depriving the
lawful owner of data in order to benefit from it.

9. False Publication11

It has been provided for under Section 22 of the Act which states that a person who intentionally
publishes false, misleading or fictitious data with intent that the information shall be considered
authentic. Actus Reus of false publication is the act of publishing false, misleading or fictitious
data. Mens Rea of false publication is the intent that the data be considered or acted upon as
authentic with or without any financial gain.

10
Section 21 of the Computer Misuse and Cybercrimes Act, 2018
11
Section 22 of the Computer Misuse and Cybercrimes Act, 2018

13 | P a g e
10. Publication of false information12

The offence has been provided for under Section 23 of the Act. It involves publishing false
information in print, broadcast, and data or over a computer system that is calculated or results in
panic, chaos or violence among citizens of the Republic or which is likely to discredit the
reputation of a person. Actus Reus of publication of false information is the act of publishing
false information. Mens Rea publication of false information involves the intent to discredit the
reputation of a person. Penalty for this offence includes a fine not exceeding 5 million shillings
and imprisonment for 10 years or both.

11. Child Pornography13

It is any depiction of a minor (under the age of 18 years) who is engaged in sexually related
conduct. This includes pictures, videos, and computer-generated content. Section 24 of the Act
provides that a person, who produces and publishes child pornography through a computer
system, distributes and lends for gain and exchanges. Mens Rea of child pornography includes
the intent to possess, distribute, or receive child pornography on the part of the defendant. Actus
Reus of child pornography includes the possession, distribution, publishing, production or
downloading of child pornography.

Defences to child pornography14

Furthermore, section 24 (2) provides for the defences to this offence. A publication which is
proved to be justified as being for the public good on the ground that it is in the interest of
science, literature, learning or other objects of general concerns. Accidentally stumbling upon
child pornography is not enough to be convicted of a crime. When an individual downloads
hundreds of images or repeatedly accesses an illegal website, the intent may be obvious.

12. Computer Forgery15

12
Section 23 of the Computer Misuse and Cybercrimes Act, 2018
13
Section 24 of the Computer Misuse and Cybercrimes Act, 2018
14
Section 24 (2) of the Computer Misuse and Cybercrimes Act, 2018
15
Section 25 of the Computer Misuse and Cybercrimes Act, 2018

14 | P a g e
It is seen where a person who intentionally inputs, alters, deletes or suppresses computer data
resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes
as if it were authentic, regardless of whether or not the data is directly readable and intelligible
commits an offence of computer forgery. Actus Reus of computer forgery involves the act of
altering, deleting or suppressing computer data resulting in inauthentic data. Mens Rea of
computer forgery involves the intent that the inauthentic data be considered or acted upon as if it
were authentic for wrongful gain, wrongful loss to another person and any economic benefit for
oneself or another person. Penalty for computer forgery include a fine not exceeding 10 million
shillings and imprisonment for a term not exceeding 5 years or both

6. Computer Fraud16

It is the use of someone else's computer to access personal information with the intent to use it
fraudulently. The offence is provided for under Section 26 of the Act. It involves installing
spyware or malware to engage in data mining.

7. Cyber security17

A person who, individually or with other persons, willfully communicates, either directly or
indirectly, with another person or anyone known to that person commits an offence, if

They know or ought to know that their conduct—

(a) Is likely to cause those persons apprehension or fear of violence to them or damage or loss on
that persons’ property; or

(b) Detrimentally affects that person; or is in whole or part, of an indecent or grossly offensive
nature and affects the person.

A case law that is applicable in this scenario is Republic V Jared Otieno in 2018 where Otieno
was charged with cyber harassment and defamation for creating and spreading false information
about a prominent Kenyan politician on social media platforms. The court found him guilty and
he was sentenced to prison.

16
Section 26 of the Computer Misuse and Cybercrimes Act, 2018
17
Section 27 of the Computer Misuse and Cybercrimes Act, 2018

15 | P a g e
8. Cyber squatting18

This section suggests that anyone who intentionally takes or makes use of a name, business
name, trademark, domain name or other word or phrase registered, owned or in use by another
person on the internet or any other computer network, without authority or right, commits an
offence.

The element(s) here is: The intentional and unauthorized use of a name belonging to another
person and the fine accorded is not exceeding two hundred thousand or a term not exceeding two
years or both.

An example of a case law is Panavision v. Toeppen back in 1996. In this case, a cyber-squatter
named Dennis Toeppen registered the domain name “panavision.com,” which was the
trademark of the Panavision Company. Toeppen then offered to sell the domain name to
Panavision for a significant amount of money. Panavision filed a lawsuit against Toeppen,
claiming trademark infringement and cybersquatting. The court ruled in favor of Panavision,
recognizing that Toeppen had acted in bad faith by intentionally profiting from someone else’s
trademark.

9. Identity theft and impersonation19

The element highlighted under this section is the dishonest use of the electronic signature,
password or any other unique identification feature of any other person.

The fine accorded is not exceeding two hundred thousand or a term not exceeding three years or
both.

An American case law that applies here is United States v. Beltran-Rivera in 2012. In this
case, the defendant used stolen identities to file false tax returns and claim refunds. The court
found Beltran-Rivera guilty of identity theft, aggravated identity theft, and conspiracy to commit
mail fraud.

10. Phishing20

18
Section 28 of the Computer Misuse and Cybercrimes Act, 2018
19
Section 29 of the Computer Misuse and Cybercrimes Act, 2018
20
Section 30 of the Computer Misuse and Cybercrimes Act, 2018

16 | P a g e
The element here is the creation of a website and or sending a message that would lead to the
user of the website or the recipient of the message to disclose personal information for an
unlawful purpose or to gain unauthorized access to a computer system.

The fine accorded is not exceeding three hundred thousand or a term not exceeding three years or
both.

An example of an American case law is United States v Peteris Sahurovs in 2011. Sahurovs, a
Latvian national, was involved in a large-scale phishing operation that targeted online banking
customers. He sent out fraudulent emails pretending to be from legitimate financial institutions,
tricking people into revealing their personal and financial information. Sahurovs was eventually
arrested and extradited to the United States, where he faced charges of wire fraud, identity theft,
and conspiracy to commit computer fraud.

11. Interception of electronic messages or money transfers.

The element highlighted here is the destruction or abortion of any electronic mail or processes
through which money or information is being conveyed. This is considered a crime in Kenya
according to section 31of the computer misuse and cybercrimes act. The fine accorded is not
exceeding two hundred thousand or a term not exceeding seven years or both.

12. Willful misdirection of electronic messages

The element here is the willful misdirection of electronic messages.

The fine accorded is not exceeding one hundred thousand or a term not exceeding two years or
both.

An example of an American case law is United States v. David Nosal in 2012. Nosal was
charged with unauthorized access to a computer system and theft of trade secrets. He convinced
former colleagues to misdirect confidential information from their employer’s database. The
court ruled that Nosal’s actions constituted a violation of the Computer Fraud and Abuse Act.

13. Cyber terrorism21

21
Section 33 of the Computer Misuse and Cybercrimes Act, 2018

17 | P a g e
Section 33 of the Act clearly states that a person who accesses or causes to be accessed a
computer or computer system or network for purposes of carrying out a terrorist act, commits an
offence and shall on conviction, be liable to a fine not exceeding five million shillings or to
imprisonment for a term no exceeding ten years, or to both.

The North Atlantic Treaty Organization (NATO), defines cyber terrorism as a cyber-attack that
uses or exploits computer or communication networks to cause sufficient destruction or
disruption to generate fear or to intimidate a society into an ideological goal,

Methods of cyber terrorism

Cyber terrorism actors use various methods to achieve these aims, including:

a. Advanced persistent threat (APT) : It uses sophisticated, concentrated penetration

methods to gain network access. Organizations with high-value information, such
as those in the defense, manufacturing, healthcare, and financial industries are
typical targets for APT attacks.
b. Computer viruses, worms and malware target IT control systems: They are used
to attack utilities, transportation systems, power grids, critical infrastructure,
government departments, and military systems.
c. Denial of service: Attackers attempt to prevent legitimate users from accessing
targeted computer systems, devices, or websites. They often go after critical
infrastructure and governments.
d. Hacking: It seeks to gain unauthorized access to steal critical data, often from
institutions governments and businesses.
e. Ransom ware: Aims at holding data or information systems hostage until the
victim pays the ransom.
f. Phishing: It attempts to collect information through a target’s email , using that
information to access systems or steal the victim’s identity,

Examples of cyber terrorism

Disruption of major websites: The intent is to stop traffic to websites that serve many users and
whose disruption might create widespread public inconvenience.

18 | P a g e
Unauthorized access: Attackers often aim to gain access to certain systems or to modify
communications that control military systems or other critical technology.

Disruption of critical infrastructure systems: Threat actors try to disable or disrupt cities, cause a
public health crisis, endanger public safety or cause massive panic and fatalities.

Cyber espionage: Nation-states carry out or sponsor cyber espionage attacks to spy on rival
nations and gather sensitive, secret, or confidential intelligence, such as troop locations or
military strategies.

Inducement to deliver electronic message

According to the computer security and cybercrime Act section 34: A person who induces any
person in charge of electronic devices to deliver any electronic messages not specifically meant
for him commits an offence and is liable on conviction to a fine not exceeding two hundred
thousand shillings or imprisonment for a term not exceeding two years or both.

Intentionally withholding message delivered erroneously

According to the computer security and cybercrime Act cap 35: A person who intentionally
hides or detains any electronic mail, message, electronic payment, credit and debit card which
was found by the person or delivered to the person in error and which ought to be delivered to
another person, commits an offence and is liable on conviction a fine not exceeding two hundred
thousand shillings or imprisonment for a term not exceeding two years or to both.

Unlawful destruction of electronic messages

According to the computer security and cybercrime Act cap 36: A person who unlawfully
destroys or aborts any electronic mail or processes through which money or information is being
conveyed commits an offence and is liable on conviction to a fine not exceeding two hundred
thousand shillings or imprisonment for a term not exceeding two years or both.

Wrongful distribution of obscene or intimate images

According to the computer security and cybercrime Act cap 37: A person who transfers,
publishes, or disseminates, including making a digital depiction available for distribution or

19 | P a g e
downloading through a telecommunications network or through any other means of transferring
data to a computer, the intimate or obscene image of another person commits an offence and is
liable, on conviction to a fine not exceeding two hundred thousand shillings or imprisonment for
a term not exceeding two years, or to both.

• When intimate photos or videos are shared without the consent of the person in the photos or
videos the consequences for the victims involved include; mental health problems, loss of
employment, and damage to personal relationships. The UN Office on Drugs and Crime
estimates that the trafficking of women and girls for sexual exploitation generates $99 billion
annually. Online platforms have been identified as a key enabler of sex trafficking. Traffickers
can use the internet to recruit and exploit vulnerable individuals. Intimate images include
everything from non-consensual sharing of explicit images and videos to the trafficking of
individuals for sexual exploitation. It can have devastating consequences for the victims
involved, and it can be addictive. As individuals, we need to be aware of the potential dangers of
pornography and take steps to protect ourselves and others. As a society, we need to work
together to address this issue and ensure that the internet is a safe place for everyone.

Fraudulent use of electronic data

According to the computer security and cybercrime Act cap 38: A person who knowingly and
without authority causes any loss of property to another by altering, erasing, inputting or
suppressing any data stored in a computer, commits an offence and is liable on conviction to a
fine not exceeding two hundred thousand shillings or imprisonment for a term not exceeding two
years, or to both.

(1) A person who sends an electronic message which materially misrepresents any fact upon
which reliance by another person is caused to suffer any damage or loss commits an offence and
is liable on conviction to imprisonment for a fine not exceeding two hundred thousand shillings
or imprisonment for a term not exceeding two years or both.

A person who with intent to defraud, franks electronic messages, instructions, subscribes any
electronic messages or instructions, commits an offence and is liable on conviction a fine not
exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years,
or to both. A person who manipulates a computer or other electronic payment device with the

20 | P a g e
intent to short pay or overpay commits an offence and is liable on conviction to a fine not
exceeding two hundred thousand shillings or imprisonment for a term not exceeding two years,
or to both.

(3) A person convicted under subsection

(4) Shall forfeit the proprietary interest in the stolen money or property to the bank, financial
institution or the customer.

Issuance of false e-instructions

According to the computer security and cybercrime Act cap 39:A person authorized to use a
computer or other electronic devices for financial transactions including posting of debit and
credit transactions, issuance of electronic instructions as they relate to sending of electronic debit
and credit messages or confirmation of electronic fund transfer, issues false electronic
instructions, commits an offence and is liable, on conviction, a fine not exceeding two hundred
thousand shillings or imprisonment for a term not exceeding two years, or to both.

How to protect yourself against cybercrime

Anyone using the internet should exercise some basic precautions.

a. Use a full-service internet security suite-It’s a good idea to consider trusted security
software which provides all-in-one protection for your devices, online privacy, and
identity, and helps protect your private and financial information when you go online.
b. Use strong passwords-Don’t repeat your passwords on different sites, and change your
passwords regularly. Make them complex. A password management application can help
you to keep your passwords locked down.
c. Keep your software updated-This is important with your operating systems and internet
security software. Cybercriminals frequently use known exploits, or flaws, in your
software to gain access to your system. Patching those exploits and flaws can make it less
likely that you’ll become a cybercrime target.
d. Manage your social media settings-Keep your personal and private information locked
down. Social engineering cybercriminals can often get your personal information with
just a few data points, so the less you share publicly, the better.
e. Strengthen your home network-It’s a good idea to start with a strong encryption password
as well as a virtual private network. A VPN will encrypt all traffic leaving your devices

21 | P a g e
 until it arrives at its destination. If cybercriminals do manage to hack your
communication line, they won’t intercept anything by encrypted data.
f. Talk to your children about the internet-Teach kids about acceptable use of the internet
without shutting down communication channels. They should know that seek guidance to
an adult if they’re experiencing any kind of online harassment, stalking, or bullying.
g. Keep up to date on major security breaches-When doing business with a merchant or
have an account on a website that’s been impacted by a security breach, find out what
information the hackers accessed and change your password immediately.
h. Take measures to help protect yourself against identity theft

Identity theft occurs when someone wrongfully obtains your personal data in a way that involves
fraud or deception, typically for economic gain. A virtual private network (VPN) can also help to
protect the data you send and receive online, especially when accessing the internet on public
Wi-Fi. Know that identity theft can happen anywhere. It’s smart to know how to protect your
identity even when traveling. There are a lot of things you can do to help keep criminals from
getting your private information on the road. Know what to do if you become a victim. If you
believe that you’ve become a victim of a cybercrime, you need to alert the local police and. This
is important even if the crime seems minor. Your report may assist authorities in their
investigations or may help to thwart criminals from taking advantage of other people in the
future.

The Computer Misuse and Cybercrimes Act 2018 was assented on 16th May 2018, by the
President of Kenya and enacted on 30th May 2018. Its objective is to provide for offences
relating to computer systems, enabling among other things, prompt detection, prohibition,
prevention, investigations and prosecution of computer and cybercrimes. The Act among other
things criminalizes fake news as well as publication of false information. Shortly after its
enactment, the Bloggers Association of Kenya (BAKE), challenged its constitutionality before
the High Court of Kenya, resulting in the suspension of 26 sections pending the hearing and
determination of the suit. The grounds of the petition were the limitation of various fundamental
freedoms by provisions of the Act. On 20th February 2020, Justice Makau gave the final
judgment that upheld, in entirety, the constitutionality of the Act. In this blog post, we discuss
the highlights of this judgment.

22 | P a g e
 a. Whether section 5 of the Act, on the composition of the National Computer and
Cybercrimes Co-ordination Committee, violated Article 27 of the Constitution on
equality and freedom from discrimination;
b. Whether sections 22, 23, 24, 27, 28 and 37 of the Act limit Articles 32, 33 and 34 of the
Constitution in a manner inconsistent with the limitation of rights as envisioned in Article
24 of the Constitution;
c. Whether sections 16, 17, 31, 34, 35, 36, 38, 39 and 41 are inconsistent with the
Constitution for failing to prescribe a mens rea for the offences;
d. Whether sections 48, 50, 51, 52, and 53 limit the right to privacy under Article 31 of the
Constitution in a manner inconsistent with Article 24;
e. Whether the National Assembly Standing Order 133 Contravenes Article 118 of the
Constitution

1. Section 5 and the Right to Equality

The Act, in section 4, establishes a National Computer and Cybercrimes Co-ordination

Committee. In section 5, it provides the composition of said Committee to include various
holders of State Offices (or their representatives). The Petitioner (BAKE), complained that the
provision did not put in place adequate safeguards to ensure that two-thirds gender rule mandated
by Article 27(8) of the Constitution, would be upheld. Their argument was that, the Act failed to
contemplate an instance where all the holders of said offices, or their chosen representatives
would be of one gender. It is on this basis that the Petitioner sought to have the section declared
unconstitutional. The court found that the Petitioner had failed to prove that the Committee was
constituted, and such constitution violated Article 27. Makau J found the challenge to be
premature; there was no basis for anticipating a potential violation. Section 5 was thus upheld.

2. Limitation of the freedoms under Article 32, 33 and 34 of the Constitution by the Act

Articles 32-34 of the Constitution of Kenya guarantee the following freedoms (among others):
conscience, religion, belief and opinion; expression and the media (in relation to journalists).
The Petitioners contended that sections 22, 23, 24, 27, 28 and 37 of the Act, amount to a
limitation of these freedoms in a manner inconsistent with Article 24. Article 24 of the
Constitution which requires that limitations ought to be prescribed by the law, in pursuit of a

23 | P a g e
justifiable aim in an open and democratic society and proportionate to the aims sought – a
common standard in international human rights law. The sections considered by the court under
this issue are summarized here: false publications, publication of false information, child
pornography, cyber harassment, cyber-squatting and wrongful distribution of obscene or intimate
messages.

Absence of Mens Rea in Cybercrime Offences

The Petitioner contended that the offences in sections 16, 17, 31, 32, 34, 35, 36, 38(1), 38(2), 39
and 41 lack the element of mens rea. They fail to provide for the state of mind or intent of the
perpetrator of offences. This, according to the Petitioner is contrary to the basic principle that
wrongdoing must be conscious to be criminal; only those offences that are public welfare or are
regulatory do not require mens rea. The upshot of this, to the Petitioner, is the inadvertent
criminalization of apparently innocent conduct. messages or money transfers, willful
misdirection of electronic messages, inducement to deliver electronic message, intentionally
withholding message delivered erroneously, unlawful destruction of electronic messages,
fraudulent use of electronic data, issuance of false e-instructions and employee responsibility to
relinquish access codes.

References

a) Kenya Law Reports

b) The Kenyan Penal Code
c) The Computer Misuse and Cybercrimes Act, 2018

24 | P a g e
MINUTES OF GROUP 10 MEETING WHICH WAS HELD AT THE GROUP STUDY ROOM
ON 2ND APRIL, 2024 FROM 10:00 A.M TO 11:30 A.M

MEMBERS PRESENT

1. Vitalice Matilda Margaret- Group leader

2. Ndunda Catherine Mwende- Secretary
3. Myra Wambui
4. Melody Nyawira
5. Kemunto Faith
6. Deborah Nekesa
7. Moraa Nyanchoka
8. Schiffer Nyakora
9. Litala Patience Khasandi
10. Janice Wambui Wanjiru

Min. 1/04: Preliminaries

The meeting was brought to order by the group leader Vitalice Matilda at 10:00 a. m. She
requested Melody Nyawira to pray for the meeting.

Min. 2/04: Discussion of the group assignment

The group leader informed the group members about the criminal law 2 work which was
assigned to every group by Ms. Mulinya. The work included offences against the state and
crimes committed in the digital space. Since the group members had an idea of what the
questions were about, they decided to start their research at that time.

Min 3/04: Assigning each group member work to do

The group members were able to come up with various topics they would tackle in completing
the work. The group leader therefore assigned the work as follows: Catherine Ndunda would do
Sedition, Deborah Nekesa would do terrorism, Patience Litala would handle Rioting, Janice
Wambui would handle misprision of treason, the group leader would handle treason, Myra
Wambui would look at section 14-20 of the Computer Misuse and Cybercrimes Act, Moraa

25 | P a g e
Nyanchoka would look at section 21-26 of the Computer Misuse and Cybercrimes Act, Schiffer
Nyakora would tackle section 27-32 of the Computer Misuse and Cybercrimes Act, Faith
Kemunto would handle section 33-39 of the Computer Misuse and Cybercrimes Act and Melody
Nyawira would summarize the Cybercrimes offences.

Min 4/04: A.O.B

The group leader requested the group leaders to make sure to include statutes and case laws in
their work.

Min 5/04: Adjournment

There being no other business, the meeting was adjourned with a word of prayer from Faith
Kemunto. The group leader said that the next meeting would be held on 5 th April 2024 at the
same venue.

MINUTES OF GROUP 10 MEETING WHICH WAS HELD AT THE GROUP STUDY ROOM
ON 5TH APRIL 2024 FROM 11:00 A.M TO 12:00 P.M

MEMBERS PRESENT

1. Vitalice Matilda Margaret- Group leader

2. Ndunda Catherine Mwende-Secretary
3. Myra Wambui
4. Melody Nyawira
5. Kemunto Faith
6. Deborah Nekesa
7. Moraa Nyanchoka
8. Schiffer Nyakora
9. Litala Patience Khasandi
10. Janice Wambui Wanjiru

Min 1: Preliminaries

The meeting was brought to order by the group leader Vitalice Matilda at 11:00 a.m. She
requested Deborah Nekesa to pray for the meeting.

26 | P a g e
Min 2: Confirmation of the previous minutes

The secretary, Catherine Ndunda, read the minutes of the previous meeting which were
confirmed by Janice Wanjiru as true reading of the matters previously discussed. This was
seconded by Schiffer Nyakora.

Min 3: Group members presenting their research on the work assigned

Each group member was able to present their work whereby their research was sufficient.

Min 4: Submission of the work for compiling

The group leader told the group members to submit their work for compilation by Patience
Litala.

Min 5: A.O.B

The group leader requested all members to ensure that they contribute money towards printing of
the work.

Min 6: Adjournment

There being no other business, the meeting was adjourned with a word of prayer from Moraa
Nyanchoka.

27 | P a g e