State needs court order to shut websites in new cybercrime law

The government has no power to shut down websites or pull down social media posts in the newly enacted cybercrimes law unless it obtains a court order to do so.

While activists warn of the law’s potential overreach, its fine print reveals the critical safeguard, negating narratives that the state now wields unchecked executive power over the digital realm.

The law, signed on October 15, amends the 2018 Cybercrimes Act to address what legislators describe as evolving online threats.

It explicitly targets and prohibits the use of electronic means to promote terrorism, religious extremism, cultic practices, child pornography and cyber harassment. 

It also aims to enhance the government's ability to trace and recover the proceeds of cybercrime.

Contrary to the widespread fear that errant or ‘offensive’ social media posts could be removed by executive fiat, the law establishes a clear and mandatory judicial process to take down certain websites or other online content

The National Computer and Cybercrimes Coordination Committee, while empowered to issue directives against websites, cannot act unilaterally.

Before any page, website, or application can be rendered inaccessible, the state must first secure a court order.

The law states, “Where a person has been convicted of an offence related to promotion of illegal activities, child pornography, terrorism, extreme religious and cultic practices and the person was using a computer system, website or digital device in contravention of this Act, the court may order the person to remove the content or materials from the computer system, website or digital device.”

The court may also order such persons to close or deactivate the computer system, website or digital device.

Even when it is proven that the website or web application promotes unlawful activities, child pornography, terrorism, cultism or religious extremism, the order would still be required.

Authorised persons, as well as the cybercrimes committee, would be required to obtain court orders before taking action.

The Act states, “Where an authorised person believes that a computer system, website or digital device is being used to promote illegal activities…the authorised person may apply to court for an order for removal of the content or materials from the computer system, website or digital device.”

“The authorised person may apply to court for an order for closure or deactivation of the computer system, website or digital device; or such orders as may be necessary,” the Act reads.

MPs, in explanatory notes, said that in the event of a successful prosecution of an offender, the new provisions empower the court to order the removal of such content from a platform or device.

The changes are said to be in line with best practices in regulating access to harmful online content in the United Kingdom and the United States.

The legislative push follows a recent court ruling on September 10 this year, which had raised doubts about the existence of a clear law prohibiting the sharing of pornographic content, highlighting a legal gap.

The law also enhances the offence of cyber harassment to cover instances in which a perpetrator knows his or her conduct is likely to cause a person to commit suicide.

“The existing offence of phishing is expanded under the law to include identity theft committed through email or phone calls, especially in light of the prevalence of SIM swap fraud in the country,” Parliament said in an explainer on the law.

The Computer Misuse and Cybercrimes Act came into force in May 2018 and sets out fines for offences against its provisions. False publication attracts a Sh5 million fine, while a convicted hacker could be charged as much as Sh25 million.

In its overview, the amended law been described as seeking to prohibit the use of electronic media to promote terrorism, religious extremism and cultic practices.

The Bill amended the Cybercrimes Act to enhance the existing provisions that prohibit the use of cyberspaces to promote child pornography, terrorism, cultism, cyber harassment, identity theft and fraud.

It aims to enhance the government’s ability to trace, freeze and recover the proceeds of cybercrime.

It further empowers the National Computer and Cybercrimes Coordination Committee to issue a directive to render a website or application inaccessible.