STRATHMORE LAW SCHOOL

14th October 2013 Re: Call for Parliamentary Referendum Opposing the African Union Convention on the Confidence and Security in Cyberspace (AUCC) The African Union has prepared a final draft of an AU Convention on Cyber security (the AUCC). The AUCC is scheduled for final passage at an AU meeting in January 2014. We implore you to consider supporting our call for a Parliamentary Referendum opposing passage of the AUCC in its current form. After extensive discussions with various Kenyan stakeholders from industry, academia, and NGOs, we have identified numerous provisions in the AUCC that, if passed by the AU and ratified by Kenya, will have substantial negative effects on the Kenyan online economy and social culture. A few of the more problematic examples are: 1. The AUCC significantly restricts freedom of expression in violation of basic human rights by prohibiting individuals from expressing ideas and theories based on a variety of factors such as religion and ethnicity. 2. The AUCC requires governments to have in place a mechanism for cyber forensic investigations into online criminal activity. This includes appointment of investigative judges with almost unlimited power to require seizure and analysis of digital and physical evidence. Most African governments currently lack legislative and technical capability to satisfy such a legal requirement, and the likelihood of misuse is high. 3. The AUCC criminalizes all unsolicited electronic communications. No government or intergovernmental treaty in the world has had success in doing this; it is completely impractical and will draw wide criticism for selective enforcement or lack of enforcement. 4. The AUCC requires that a person or a corporate organization engaging in electronic financial transactions (e.g., mobile money transfers and payments) provide full identity information, including PIN and address information. This requirement is costly and risky, and it remains unclear how such data will be protected and how confidentiality will be maintained. 5. Finally, preparation of the AUCC involved little or no consultation with non-government stakeholders. Major industry stakeholders have expressed serious misgivings to us about the scope and practicality of the AUCC. Most industry stakeholders, however, remain completely unaware even of the existence of the draft AUCC. We are calling for a Parliamentary debate over the merits of the AUCC and whether Kenya should support passage of this ill-advised treaty. At a very minimum, cyber security experts and a wide selection of industry and non-government stakeholders should be given a chance to vet the AUCC. The process should be transparent and public. Organizations endorsing this movement include, among others, Google, iHub, iLabAfrica and CIPIT at Strathmore University. CIPIT CIPIT@strathmore.edu Mobile: (254-0703) 034601 Strathmore Law School www.cipit.org Tel: (254-0723) 730308 PO Box 59857-00200 Fax: (254-20) 6007498 Nairobi, Kenya

STRATHMORE LAW SCHOOL

We will shortly be paying a courtesy call to follow up on this introductory letter. I hope we will be able to count on your support in this matter. If you would like to speak with me, I can be reached on 0705630310. Sincerely,

Dr. Isaac Rutenberg, PhD, JD Director, Center for Intellectual Property and Information Technology Law (CIPIT) Strathmore Law School

CIPIT CIPIT@strathmore.edu Mobile: (254-0703) 034601 Strathmore Law School www.cipit.org Tel: (254-0723) 730308 PO Box 59857-00200 Fax: (254-20) 6007498 Nairobi, Kenya