The Kenyan government, through various agencies, has been accused of secretly acquiring sophisticated surveillance technology to monitor its citizens, particularly on social media. This revelation has raised serious concerns about the erosion of privacy rights and the potential for abuse of power.
According to a report, the Communications Authority of Kenya (CA) and the National Intelligence Service (NIS) have acquired a social media monitoring software called HIWIRE from the Israeli firm webintPRO, founded by Shai Schiller. The software allows for the capture and analysis of open-source traffic, particularly adapted to analyzing social media. The firm’s website states that HIWIRE can alert clients if any suspicious conversations arise in forums, media, social media, Reddit, or other digital platforms.
The Directorate of Criminal Investigations (DCI) has also obtained Gi2 gadgets from Verint to triangulate the locations of targets. NIS officials have allegedly termed the murder of targets, such as IEBC ICT Manager Chris Msando, as “acceptable” for the greater good.
These surveillance and counterterrorism efforts were reportedly intertwined with influencing the electoral outcome, as former President Uhuru Kenyatta was desperate to rig elections and stay in office.
The Independent Policing Oversight Authority (IPOA) is said to be ineffective in enforcing oversight due to constant intimidation.
The revelations come at a time when Kenya is tightening its cybersecurity policy framework, with the National Intelligence Service (NIS) having strategic and operational influence on the country’s cybersecurity program. This is particularly concerning given the NIS’ routine abuse of their powers of surveillance.
The Communications Authority of Kenya (CA) has invested $5.8 million (Sh600 million) in a social media monitoring system for the government, raising questions about the prioritization of such projects while many Kenyans struggle with poverty and lack of basic necessities.
The acquisition of these surveillance technologies has raised concerns about the infringement of Kenyans’ constitutional rights, including the right to privacy (Article 31). The weak regulations meant to protect privacy in Kenya have left citizens vulnerable to technological infringement on their privacy.
As the government continues to frame cybersecurity as a national security issue, the securitization approach has led to the prominent role of intelligence agencies like the NIS in the country’s cybersecurity initiatives. This has limited public scrutiny of these projects and initiatives, making it difficult to hold the government accountable for its actions.
The Data Protection Act, 2019, which came into effect in July 2022, aims to regulate the processing of personal data and protect the privacy of individuals. However, there have been cases where entities have failed to comply with the Act, leading to breaches of regulatory requirements. For instance, Oppo Kenya was fined Kshs5 million for using a data subject’s photo on its social media platforms without consent.
As Kenyans continue to embrace social media and the internet, the government’s actions raise concerns about the future of privacy rights in the country. The lack of transparency and accountability surrounding these surveillance programs, coupled with the weak enforcement of data privacy laws, suggests that Kenyans are slowly losing their right to privacy while remaining largely silent and unaware of the implications.