A few years ago, in my Monday column in the Daily Nation, I explained why I was not among the millions of Kenyans who are on Facebook. I told my readers that the main reason I had not joined Facebook was because I wanted to keep my private life private.
I said that Facebook allows users to connect and “make friends” with dozens, if not hundreds, of people they would not normally interact with in daily life, which would not be such a frightening prospect if those you interacted with were people you trusted with all your heart. But because Facebook is an equal opportunity friendship-maker, the “friends” you make on the social networking platform could range from your boss to your plumber. This could affect your career development and your home life in significant ways.
Mark Zuckerberg, the founder of Facebook, believes that by allowing many people to share more of their personal lives with each other, he is helping to create a virtual global community where “people stay in touch and maintain empathy for each other.” In other words, he believes he is creating a more caring world, where transparency and openness are the modus operandi and where there are no secrets.
However, critics have argued that instead of connecting people in meaningful ways, Facebook actually isolates people, who spend more time online rather than doing things that strengthen relationships, such as talking to each other or sharing a meal. With an estimated 2.7 billion Facebook users around the world and an estimated 10 million users in Kenya alone, that is a scary scenario that has severe consequences on how people socialise and interact.
But what is even scarier is that Facebook – the company – has been sharing users’ private data with third parties without their knowledge, as has been confirmed by the Cambridge Analytica scandal, which revealed that Facebook users had been manipulated to impact elections in the United States and in Kenya, as well as in the Brexit referendum in the UK. The Cambridge Analytica scandal has shown that no data is safe and that those with ill intentions can use people’s personal information for nefarious objectives or for political gain.
It is not just companies like Cambridge Analytica (which closed shop as a result of the scandal) that are using Facebook data without users’ knowledge or consent. Recently, a local newspaper revealed that in the first half of 2019 the Kenyan government had on five different occasions demanded that Facebook reveal private information about Kenyan users of the social networking site. According to an article published in the Standard (which somehow did not raise any furore in Kenya perhaps because, as one Twitter user commented, we are so used to being abused that we no longer have the energy or motivation to fight back), “the [Kenyan] State refused to use proper legal channels while demanding the information, insisting on the urgency of the demand”.
The Cambridge Analytica scandal has shown that no data is safe and that those with ill intentions can use people’s personal information for nefarious objectives or for political gain.
The article, based on Facebook’s transparency report, further says that Facebook complied with at least one of these demands, but the company did not give details on the nature of the information the Kenyan government had demanded. The government also asked Facebook to preserve the account information of seven users. Apparently, such requests/demands are not unusual; reports indicate that the United States government requested Facebook to provide data on 82,461 users in the first six months of this year, while India made such requests on 33,324 users.
Data privacy and protection: An illusion?
At a time when data privacy and protection are becoming increasingly important, especially in light of revelations that governments and private companies are using social media platforms to manipulate voters, as happened in the Cambridge Analytica case, and in an environment of increasing xenophobia and fear-mongering, this revelation should have been a cause for alarm. But as is with most things in Kenya, news that the government was spying on its citizens and collecting data on them without their knowledge or consent barely elicited a yawn.
The story becomes even more intriguing given that Facebook is facing heavy criticism for violating users’ privacy. In July this year, Facebook was fined $5 billion by the US Federal Trade Commission for violating users’ privacy. The settlement includes several provisions that limit Facebook owner Mark Zuckerberg’s decision-making powers, including the creation of a privacy committee on Facebook’s board of directors.
We must also remember that the Jubilee government of Uhuru Kenyatta and William Ruto has not been averse to manipulating social media users to win elections. Not only has this government been implicated as a beneficiary of Cambridge Analytica’s social engineering and “psychological warfare” tactics in the 2013 and 2017 elections, but it also employed a gang of bloggers known as “The State House Boys” to bombard Kenyans with propaganda prior to and during the election period.
But as is with most things in Kenya, news that the government was spying on its citizens and collecting data on them without their knowledge or consent barely elicited a yawn.
Ironically, this is the same government that is now going after bloggers through the controversial Kenya Information and Communications (Amendment) Bill that some view as a gagging order on bloggers and social media users – a form of censorship that will severely curtail what and how Kenyans communicate via the Internet.
The Bill says that bloggers will need a licence to operate. Failure to comply with this requirement and to adhere to the standards set by the Communications Authority of Kenya could lead to fines of up to Sh10 million or two years in prison. Offences include “degrading” and “intimidating” recipients/readers. This leaves the door wide open for politicians and others to charge bloggers with all manner of offences just because they do not like what they have to say about them. Columnists, cartoonists, writers and even photographers could be “criminalised” on spurious grounds.
Huduma Namba and commercial interests
Ironically, while this Bill is being debated, Parliament has finally woken up to the fact that privacy is a right guaranteed by the Kenyan Constitution. A few days before Kenyans learnt that the government was spying on its citizens through Facebook, President Uhuru Kenyatta approved legislation that complies with the European Union’s General Data Protection Regulation. The Data Protection Bill, 2019, which came into force in mid-November this year, prevents governments and corporations from sharing an individual’s personal data without the consent of the owner of the data. Personal data is defined as information relating to a person’s race, ethnicity, gender, marital status, educational background, medical condition, criminal history and financial transactions, among others. (Note: Some data, such as a person’s credit rating, though protected by privacy laws in Kenya and in other countries, are still easily accessible to interested parties.)
A Data Protection Commissioner will also be appointed to ensure that the law is enforced. The Commissioner will not only receive complaints about data privacy violations but will also have the power to investigate breaches of privacy and to impose fines. However, the Data Protection Bill also says that this law will not apply to personal data collected for the purposes of national security or in the public interest.
This law is viewed as critical to ensuring that data is not abused by third parties and is seen as a necessary and important step to increase investor confidence in Kenya and to regulate the use of mobile phone technology and digital apps, which are increasingly becoming the targets of predatory business and corporate interests.
The timing of the law is, however, interesting. It comes into force at precisely the time when the government is being criticised by some for implementing the National Integrated Identity Management System – better known as Huduma Namba – which many view as a surveillance tool modelled on the Chinese “social credit” system, where citizens gain points for “good conduct” and lose points for “bad behaviour. As I have said before, the idea that you can be denied a service because you cannot identify yourself through a number negates basic constitutional freedoms and rights. Various government mandarins have said that those without a Huduma Namba will be denied government services, including obtaining a Kenya Revenue Authority Personal Identification Number (PIN).
Critics have also raised privacy concerns with regard to Huduma Namba, which is perhaps why the Data Protection Bill was passed in a hurry – to reassure Kenyans that their personal biometric data is safe and that government institutions have perfected the art of making digital technology secure. However, as has been witnessed in the recent past, laws in Kenya are not sufficient to protect Kenyans from electoral or other types of fraud and invasions of privacy.
For instance, Kenya’s electoral body, the Independent Electoral and Boundaries and Commission, has proved to be completely inept (or deliberately malicious) in using technology, as demonstrated during the 2013 and 2017 elections when the biometric digital systems for voting either failed or malfunctioned. Apart from questions regarding the procurement of the technology, and whether kickbacks were involved, Kenyans watched in horror as the electoral body fumbled through the election results, even claiming that several voting stations could not electronically transmit the election results. Almost all attempts by this so-called “digital” government to introduce computerised systems in government, ostensibly to reduce corruption and to streamline service delivery, have also failed miserably; in fact, corruption has reached unprecedented levels. It is now an accepted fact that the introduction of the Integrated Financial Management Information System (IFMIS) in government procurement led to the disappearance and theft of billions of shillings from state coffers. If IFMIS can be so easily manipulated by government officials, then how easy will it be to hack or manipulate the Huduma Namba and other data collection systems?
There are also strong rumours that the National Hospital Insurance Fund (NHIF) is being routinely robbed by unscrupulous medical officers and NHIF employees. Kenya Power, the country’s only electricity company, has also been accused of stealing from customers by sending them fictitious and inflated bills. All this is possible because employees have access to subscriber/customer data that they can easily manipulate. In other words, no Kenyan is safe from government bodies that provide a service at taxpayers’ expense – you will either be denied the service or will be robbed. –.
Citizens or borrowers? The debt trap
But protecting people’s privacy in order to comply with the Constitution may not be the primary motive of the data protection bill. As David Ndii has suggested in a recent article, the Huduma Namba is not so much a personal identity tool for Kenyan citizens as it is a credit facility that ensures that every Kenyan is a potential “customer” for micro-credit services, and which has the potential to place every adult Kenyan on a borrowing treadmill that will benefit banks and businesses associated with the Kenyatta family.
The scheme could have severe adverse effects on citizens/customers/borrowers who risk getting a negative credit rating, and thus becoming criminalised, not for “bad behaviour” as the Chinese would define it, but for not paying back a loan on time. Remember, unlike a normal credit card, the customers –Kenyan citizens – have not been given a choice whether or not to apply for the card – the government has deemed it mandatory for everyone.
Given the high standards set by international credit card companies on issues such as customer privacy and data protection, it is possible that the Data Protection Bill was a means to make the Huduma Namba (and its local and international commercial partners) compliant with international norms and standards, thus giving the illusion that, unlike rogue betting companies or greedy loan sharks, the Huduma Namba is a respectable and legitimate way of borrowing money.
If IFMIS can be so easily manipulated by government officials, then how easy will it be to hack or manipulate the Huduma Namba and other data collection systems?
The question one must ask is: if the Huduma Namba is essentially a credit card, what business is it of the government to impose credit cards on people who can barely make ends meet, thanks to the same government’s economic policy failures? For the government and its commercial partners to make money from hapless Kenyan borrowers is not only unethical, but raises questions about whether – like the subprime mortgage crisis in America where the US government’s housing agencies encouraged low-income people to buy houses even though they did not have the means to pay the mortgage – this scheme could lead to the collapse of an economy that is already in the doldrums.
Coupled with the “Affordable Housing” pillar of the Jubilee government – which is based on the erroneous premise that a majority of low-income people in the country are eager to own apartments (a notion I refute in this article), I see many Kenyans losing their money and their property because the government has encouraged them to take loans they cannot afford. This government has already set the country on a path to unprecedented and unsustainable debt. Now it wants every Kenyan to become a reckless borrower.
The problem is that, unlike the government, individuals cannot rely on taxpayers or a second credit facility to get them out of a debt trap. Families in the United States who lost their homes during the subprime mortgage crisis have still not recovered, despite President Barack Obama’s efforts to avert a financial crisis in 2008 – a lesson this government is unwilling or unable to process but which signals doom for the many Kenyans who are being made to believe that taking a loan, no matter how risky, is the easiest way out of poverty.
Support The Elephant.
The Elephant is helping to build a truly public platform, while producing consistent, quality investigations, opinions and analysis. The Elephant cannot survive and grow without your participation. Now, more than ever, it is vital for The Elephant to reach as many people as possible.
Your support helps protect The Elephant's independence and it means we can continue keeping the democratic space free, open and robust. Every contribution, however big or small, is so valuable for our collective future.
Elections 2022: Mt Kenya Foundation Remains Mum
Mt Kenya Foundation — a league of top business and political leaders has refrained from publicly declaring its support for presidential hopeful Raila Odinga. An influential institution formed in 2007, the foundation’s approach is a tactical public retreat but its support for Azimio remains strong and unwavering.
As the presidential campaign gets into high gear and with only 48 days to the general election, a key plank of Raila Odinga’s support group has been very quiet and less and less visible from the public.
For the better part of 2021, the Mt Kenya Foundation (MKF) was very much in the limelight, meeting with the Azimio alliance presidential candidate in carefully choreographed business bashes, cocktail parties, prayer meetings and even in public rallies. Come 2022 and the meetings have gradually petered out.
Or, let’s put this way: their soirées are no longer being reported by the mainstream media, including their “in-house” media house, the Royal Media Services (RMS) owned by media mogul S.K. Macharia, one of the foundation’s members.
Two weeks ago, I had a lengthy discussion with one of their members, who told me that nothing has changed. “Our position and support hasn’t changed; Raila is still our preferred choice. We only decided to continue lending our support away from the public glare.”
The foundation still funds some of his presidential campaigns, albeit discreetly. “Our people [Gikuyu, Meru, Embu Association GEMA] were not, and are not, enthused by our [open] support for Raila. We were getting a lot of flak from them and we reckoned it wasn’t helping his and our cause. Nothing will sway GEMA from not voting for Raila. That’s the brutal fact.”
It’s not only MKF that has stopped declaring their support for Raila publicly. The Council of Elders, which in October 2020 made a hyped trip to Bondo, the ancestral home of the Odinga family in Siaya County, have equally gone mute. “After that trip, the [Kikuyu] people shunned our activities and seemingly avoided us,” one of the elders told me recently. “They didn’t take well to our partisan and public support of Raila.”
The MKF, which was formed in 2007, comprises among others, captains of industry, very senior and influential civil servants, and powerful politicians. The year 2007 was a critical juncture in the politics of Kenya: President Mwai Kibaki, who died in April 2022, was going to face Raila in the coming December presidential elections.
Although Raila had helped Kibaki clinch the presidential seat in the crucial 2002 general elections, against the greenhorn duo of Uhuru Kenyatta and William Ruto, by the end of his first term Kibaki had become Raila’s nemesis. Under the Orange Democratic Party (ODM) banner, Raila had already sent shivers down Kibaki’s party ranks that in 2007 elections ODM was ready to wrestle power from him.
It is against this backdrop that some of the richest among the GEMA fraternity coalesced around the MKF. Basically, it was a platform for raising campaign money for Kibaki’s second term. Not ready to witness another change of the rear guard just when they had begun consolidating their riches, after a 24-year hiatus during President Daniel arap Moi’s reign, this ethnic group was not about to take any chances.
Raila mounted a formidable if disorganised campaign. But just as he was on the cusp of wresting power from Kibaki, who was now running under the Party of National Unity (PNU), a new party that had been quickly cobbled together, the Electoral Commission of Kenya (ECK) —precursor to the Independent Electoral and Boundaries Commission (IEBC)—started relaying startling results.
What the end result of this “startling results” heralded for Kenya is now in the history books: post-election violence (PEV), over 600,000 internally displaced people (IDPs), unmitigated deaths officially put at 1,000 by the state, but recorded figure by non-governmental organisation (NGOs) placed the numbers at three time as much.
The MKF is not an entirely new invention—in 1996, some of the richest Kikuyus from Central Kenya came together to form the Central Province Development Support Group (CPDSG) in anticipation of the GEMA–KAMATUSA (Kalenjin, Maasai, Turkana, Samburu) peace talks. The supposedly “peace group” was formed presumably to stem (ethnic and post-election) tensions that first occurred after the first multiparty elections in 1992.
The talks were also supposed to culminate in the re-settling of the victims of the so-called tribal violence that had erupted in the expansive Rift Valley Province and which mostly affected the Kikuyu people. The reality is that this elite cabal that was again composed of influential civil servants, rich business people and powerful politicians was an informal lobby group that sought to campaign for the hated ruling party KANU and for President Moi in Central Province.
Then, as now, one of the constant figures in these formations has been S.K. Macharia; he belonged to the CPDSG just as he now belongs to the MKF. As with the CPDSG then, the MKF is a lobby group primarily concerned with the survival of its business interests.
William Kabogo, the first governor of Kiambu County who is seeking to reclaim his seat in 2022, wrote on his twitter handle: “If you care to know Mt Kenya Foundation specializes on fundraising but the big question is do the funds go to the intended purpose? Your guess is as god as mine. Caveat emptor.”
Among the MKF membership is Mutuma Nkanata, the foundation’s coordinator who is also the CEO of the NGO Coordination Board—the regulatory board for NGOs in Kenya. He is also the Chairman of Kirimara Sports; a Meru-based sports development organisation.
Another member is the former Kenya Revenue Authority (KRA) boss Michael Waweru. Waweru was appointed commissioner-general of KRA in 2003 by Kibaki. His contract ended in 2012. An accountant by profession, he was the managing partner at Ernst & Young (EY) – East Africa until 2002.
Also in MKF is Peter Munga, founding chairman of Equity Bank group and one of its largest shareholders. Munga is also a shareholder at Britam, the financial services conglomerate, and a founder of the Pioneer Group of Schools.
MKF member Titus Ibui is the chairman of Lamu Port South Sudan, Ethiopia, Transport Corridor Development Authority (LAPSSET), a regional infrastructure partnership between Ethiopia, Kenya and South Sudan. Ibui is also the vice chairman of Kenya Leather Council and founder and executive director of Bell Industries Ltd., an agri-business and health solutions company.
Zamara Group chairman, politician and former MP Dennis Waweru is also an MKF member, as is businessman Wilfred Murungi, owner of Mastermind Tobacco Kenya (MTK).
During one of the Raila meetings organised by MKF on 28 September 2021, communications director Joe Murimi said, “The Tuesday (September) meeting between MKF and Mr Odinga is also with a view to coordinating resource allocation and setting priorities for the region’s economic turn-around ahead of 2022. We’re listening to all presidential contenders and our interests as a region are way bigger than only the position of a deputy president.” The foundation had previously met with Raila in June 2022.
Some of the personalities in the June meeting included President Uhuru’ influential maternal uncle, former Catholic priest George Muhoho, Media mogul Macharia and former Kenya Chamber of Commerce vice chairman, James Mureu.
At the meeting, Macharia claimed that it was President Uhuru Kenyatta who made overtures to Raila Odinga. “I’m saying that handshake, we ask him (Uhuru) to leave it in good hands so that it can continue. We believe President Uhuru will leave this country in good hands, the hands he went looking for.”
At that meeting Nyandarua County governor Francis Kimemia confessed that the Kikuyu political class had peddled falsehoods against Raila. “Our work was to tarnish Raila’s name, but now we must change that narrative and tell our people that that was politics then. He asked the class to help undo the lies.”
Two months ago, in April 2022, campaigning in his own Nyandarua County, Kimemia changed his tune, insinuating that President Uhuru had not kept his promise on developments projects in Nyandarua. I called my friend Njenga from Rurii location, to find out was going on with governor Kimemia. “Kimemia was told by the people in no uncertain terms that campaigning for Azimio would take him nowhere, so he got the drift, changed tune and started bashing President Uhuru.”
As MKF makes a tactical retreat in its support for Azimio, it is not only Kimemia who has changed his tune; many of the politicians from the Azimio camp seeking elective posts in Mt Kenya are careful not to mention Azimio or even Raila’s name in their campaign rallies.
IEBC Up to Its Usual Mischief
With less than two months to go before Kenya’s general election, the credibility of the Independent Electoral and Boundaries Commission (IEBC) is on the line.
The Independent Electoral and Boundaries Commission (IEBC) was playing by the rulebook when it received the presidential nomination papers of Walter Mongare alias Nyambane. But no sooner did candidate Jimi Wanjigi of the Safina Party show up than Mongare’s papers were quickly rescinded.
The commission, which is mandated to oversee the forthcoming general election, has been in the spotlight and under intense scrutiny from Kenyans and the world since bungling the 2017 presidential election.
The electoral commission’s credibility and trustworthiness have remained wanting, to say the least; the body does not inspire confidence and, indeed, few Kenyans trust it. Even less believe it will midwife the forthcoming presidential election successfully, a bad place for the IEBC to be.
The results of the two 2017 presidential elections are still shrouded in controversy and mystery largely because of the commission’s ineptitude, but the less said about the 2017 general election, which is still fresh in the minds of some, the better.
Fast forward to 2022 and the commission is again in the spotlight; with only 55 days remaining, the IEBC’s credibility and modus operandi are under scrutiny. How it delivers the general election will tell whether any lessons have been learned, especially concerning the presidential election, which, if not handled with the utmost transparency, may result in ugly scenes.
That the IEBC would still be in the grip of shadowy mandarins seeking to influence, in particular, the outcome of the results of the presidential election would be nothing new; the history of electoral bodies in this country, whether pre- or post- the 2010 constitution, is replete with cases of external interference. The Jimi Wanjigi-IEBC saga is a clear indication that the IEBC has yet to rid itself of its penchant for bad behaviour. This is a bad omen.
On receiving the papers of the Safina Party’s candidate, the IEBC chairman and presidential election returning officer Wafula Chebukati prevaricated, seeming to interpret the law when on 6 June 2013 he told Wanjigi, who appeared before him, that he did not possess a university degree.
That the IEBC would still be in the grip of shadowy mandarins seeking to influence, in particular, the outcome of the results of the presidential election would be nothing new.
The matter of what is a degree and what constitutes a university education had already been interpreted by the High Court as law, as illustrated below, a law that the IEBC has been using for the last nine years. In 2013, Justices Isaac Lenaola and E.K.O. Ogola ably demonstrated the application of the said legal statutes and gave an interpretation of the 2010 constitution and the election act, insofar as possession of a university degree is concerned.
In the case of Janet Ndago Mbete vs IEBC and Hassan Joho Petition No. 116 of 2013, the commission cleared the 3rd respondent (Hassan Joho) based on the completion letter from the university and defended the position in court as proof that the 3rd respondent had indeed received a university education. It therefore boggles the mind when Chebukati purports to say that both Jimi Wanjigi and Walter Mongare (an afterthought) do not possess university degrees.
In fact, in recognising and applying the law properly, the commission had indeed accepted and cleared Mongare’s presidential candidacy based on university letters that showed that he had completed his studies. This it did by communicating and confirming that he had met all the statutory requirements. So, why did Chebukati annul his earlier decision, which clearly came as an afterthought?
The revocation of Mongare’s clearance by Chebukati followed in the wake of Wanjigi’s complaint to the IEBC that he was being discriminated against. Is it not the case that once a candidate has been cleared by the returning officer Chebukati has no powers to quash the nomination unless through a judicial process?
Ten days after the March 4 general election, on 15 March 2013, High Court judge Isaac Lenaola in his substantive ruling quoted from the Blacks Law Dictionary, 8th Edition, which defines a degree as; “a title conferred on a graduate of a school, college, or university either after the completion of required studies or in honour of special achievements.” The judge also quoted from the Concise Oxford Dictionary, 10th Edition, which defines a degree as; “an academic rank conferred by a college or university after examination and or after completion of a course, or conferred as an honour.”
Summing up his argument, Judge Lenaola said, “I am therefore in agreement with the 3rd respondent that a degree is not a physical connotation, but a process whose pinnacle is the graduation. Indeed, the Concise Oxford Dictionary, 10th Edition defines a graduate as one who has ‘successfully completed a degree’ and a graduand as ‘person who is about to receive an academic degree’. It is therefore clear to me that, the graduation ceremony cannot be used as measure to determine whether one had a degree or not. In my view what matters is that a person has attended school, undertaken the studies envisaged and has passed all the requisite exams for the conferment of the degree. Having found as above, I am satisfied that the 3rd respondent holds the qualifications envisaged by Section 22 (2) of the Elections Act.”
The revocation of Mongare’s clearance by Chebukati followed in the wake of Wanjigi’s complaint to the IEBC that he was being discriminated against.
In a related ruling delivered before the 4 March 2013 elections, on 13 February 2013, Judge E.K.O Ogola made very much the same argument as Judge Lenaola in the case of Mable Muruli vs the Independent Electoral and Boundaries Commission.
“The issue for this court is then to determine whether or not after a person has successfully gone through the process leading to acquisition of a degree, he is qualified under section 22 (2) of the Act even when no physical certificate has been conferred. In my judgement, the respondent that is the (IEBC) has made very superficial interpretation of section 22 (2) of the Election Act. In my view, a certificate is merely a confirmation of what is already in existence. The petitioner (Mabel Muruli) has successfully completed the course programme. That programme has been acknowledged by the Commission of Higher Education (. . .) and the respondent has no option but to admit the petitioner to the relevant candidacy.”
Judge Ogola in his wisdom also said that, “there are many circumstances where people have been admitted to employment or to further study course on the basis of what they have proved to have achieved even when the graduation and certification is yet to take place. For the respondent to flagrantly disregard this peculiar position is to arrogantly violate the rights of the petitioner and it is the duty of this court to restore the same.”
As far as the Election Act goes this law has never been appealed, hence it is binding to both the respondents and the IEBC. Chebukati, therefore, cannot purport to change the law on a whim, otherwise he will be operating outside of the law.
Jimi Wanjigi’s case, like many other complainants’ cases, went before the IEBC’s Dispute Tribunal Committee at Milimani Courts. However, on 17 June 2022 the Tribunal upheld the earlier decision and did not clear him to run for the country’s top seat.
Road to 9/8: Risks Posed by Digitisation of Electoral Processes
This is the third of a series of articles that discuss some of the major issues at stake, and the roles played by various institutions in safeguarding the integrity of the August 2022 general election.
In our previous article, we highlighted the key challenges facing Kenya’s electoral integrity that are posed by the increased digitisation of election systems and the electioneering process. From cybersecurity risks to harms occasioned by human conduct on social networking platforms, there are various factors that could undermine the credibility of elections in the digital age. In this article, we review some of the measures adopted to mitigate the potential for such harms in the context of the upcoming elections.
Since the 2017 general election, there have been numerous changes to the legal framework applicable to the use of technology in different contexts. Some notable changes within the context of elections are the enactment of the Computer Misuse and Cybercrimes Act, 2018 (CMCA) as well as the Data Protection Act, 2019 (DPA), and the operationalisation of the Data Commissioner’s office. The effect of these changes is already being felt—the Data Commissioner was recently called into action following numerous complaints by citizens that they were registered as members of political parties without their knowledge or consent. In response, the Data Commissioner consulted with the Office of the Registrar of Political Parties and directed it to establish an opt-out mechanism that has since been implemented. However, a recent report authored for the Mozilla Foundation chronicled the practice of disinformation for hire; the use of social media influencers by political actors to spread false or misleading content on their opponents is common despite the provisions of the CMCA criminalising such conduct. This suggests that the existing measures taken may be insufficient.
Recalling some of the major challenges Kenya faced in the 2017 general election, we outline the key developments that have since taken place and highlight their potential impact on the integrity of the election administration system and the practice of electioneering online.
Integrity of the election administration system
The Elections Act mandates the Independent Electoral and Boundaries Commission (IEBC) to establish and maintain an electronic system for voter registration and identification and the transmission of results. Further, the Elections (Technology) Regulations outline how the IEBC is required to administer this system and the safeguards that they are required to put in place. They set out the principles that ought to guide the IEBC in data handling and storage. In 2017, the IEBC’s administration of the election system came under the microscope due to a series of unfortunate events, pointing, at best, to ineptitude.
During the 2017 election cycle, the IEBC debuted the Kenya Integrated Management System (KIEMS), billing it as a solution to the credibility issues that had previously plagued electoral processes. KIEMS uses electronic voter identification and transmission of tabulated results through mobile devices stationed at each polling centre. The server support and underlying IT for KIEMS was provided by French-based firm, OT-Morpho (later, IDEMIA). According to the then opposition, IDEMIA was contracted under dubious conditions and, from the start, was part of a fraudulent scheme to subvert the election process. Despite assurances from the IEBC on the credibility of its system, several occurrences cast significant doubts over the elections. For one, a week prior to the elections, the IEBC’s ICT manager in charge of the KIEMS—Chris Msando—was found murdered shortly after appearing on a news segment assuring Kenyans of the integrity of KIEMS and his centrality to the security of the system. To date, the circumstances of his death are not clear, and no one has been charged.
Secondly, during the elections, the transmission of results was hampered by poor connectivity, with approximately 11,155 polling stations out of the total 40,883 lacking sufficient network coverage. At some point, the tallying of results was briefly interrupted. All these factors were relied on by the petitioners in the 2017 presidential election petition, and this led to the Supreme Court calling into question the integrity of the servers used to facilitate the transmission and storage of the election results. Perhaps the most notable occurrence in the discussions on OT-Morpho’s involvement in the election was the IEBC indicating that it was unable to provide access to the election servers due to the time difference between Kenya and France. In its eventual judgment, the Supreme Court found that there were several irregularities plaguing the electronic transmission system and this contributed to its decision to annul the election. After the nullification of the elections, one of the IEBC’s commissioners fled the country, the CEO was terminated and, citing a lack of faith in the chairman, three other commissioners resigned. These positions, including that of the late Chris Msando, have since been filled. It is notable that the chairperson remains in office, despite the debacles of 2017.
Reeling from the events of the 2017 election, the IEBC conducted a post-election evaluation exercise in 2019 to inform its strategic approach to the 2022 elections. This process not only informed the legislative amendments that the IEBC has recently supported in parliament such as the Election (Amendment) Bill, 2021, but also the preparation of the IEBC’s ICT capacity. Based on the evaluation, the IEBC has acquired a primary and secondary data centre in Kenya and has put in place a Joint Technical Committee with the Communications Authority to map out the network coverage challenges.
However, there are significant challenges facing the IEBC. While the IEBC has moved away from IDEMIA, its procurement of Smartmatic International Holding B.V. is currently being challenged by one of the other contenders for the contract, Risk Africa Innovatis. This is not the first time Risk Africa Innovatis has challenged the IEBC’s procurement of a biometric service provider. In 2017, it challenged the procurement of IDEMIA on similar bases as its current challenge of Smartmatic’s award. Among these challenges, is that Smartmatic International Holding B.V. has been adversely mentioned in the Philippines, Venezuela, Uganda, Nigeria, and the USA over its credibility. While Risk Africa Innovatis is a Kenyan-owned company, Smartmatic is a multinational initially incorporated in the US by several Venezuelan nationals. In several elections it administered in Venezuela, the Philippines, and the United States, Smartmatic faced controversy over the integrity of its systems as well as its links to the Venezuelan government (in particular, alleged pay-outs to high-ranking government officials). For example, in Venezuela, independent election monitors concluded that it was likely that electronic election fraud had been committed in the 2004 presidential recall referendum administered by Smartmatic. Following adverse media coverage, Smartmatic undertook an internal restructuring that obfuscated its true ownership using what the US State Department described as a “web of holding companies in the Netherlands and Barbados”. Interestingly, Smartmatic supplied the biometric voting machines for Uganda’s recent 2021 elections, not exactly a ringing endorsement.
Smartmatic International Holding B.V. has been adversely mentioned in the Philippines, Venezuela, Uganda, Nigeria, and the USA over its credibility.
Beyond this, the IEBC’s procurement process seems to be off to a rocky start. For one, the delay in procuring Smartmatic’s services means that Kenyans may not get an opportunity to scrutinise the register of voters despite being legally entitled to do so. Further, the IEBC is also facing a legal challenge in respect of its procurement of Inform P Lykos Holdings for the printing of ballot papers. The Public Procurement Review Board nullified both awards to Inform P Lykos and Smartmatic but its decision has since been challenged at the High Court. The IEBC proceeded to sign contracts with both, citing the urgency of the election and the absence of an injunction from the High Court preventing it from contracting the two entities during the pendency of the appeal. When one considers that there are five years between election cycles, it is staggering that the IEBC would find itself in this position.
Certain of the broader issues facing the elections administration system have since been addressed by several legislative developments, principally the enactment of the DPA and the operationalisation of the Data Commissioner’s office. Supplementing the Elections (Technology) Regulations, the DPA and its accompanying regulations layer onto the IEBC’s obligations with respect to data collection, handling, and storage. These obligations have further been clarified by the Data Commissioner in a recently issued Guidance Note for Electoral Purposes. For example, the IEBC’s collection of voter registration information must be based on consent, and it must implement data protection mechanisms within the design of its systems. To ensure this is done, the Data Commissioner advises that a Data Protection Impact Assessment (DPIA) should be conducted by the IEBC and other election stakeholders such as the Registrar of Political Parties, who handle voter data, ahead of the elections.
For clarity a DPIA is required where personal data processing operations are likely to pose a risk to the rights of data subjects (in this case, voters). It guides risk mitigation efforts which should be undertaken by the person collecting and processing personal data, or whether such collection and processing should happen in the first place. A failure to conduct a DPIA resulted in the High Court’s recent revocation of the roll out of the Huduma Cards under the National Integrated Identity Management System. If the IEBC fails to conduct a DPIA, it is likely that this failure will feature either in the resulting election petitions or in court action prior to the elections. With respect to the storage of personal data, the general regulations issued under the DPA specify that the IEBC’s processing of personal data should be through a server located in Kenya, or the IEBC should at least maintain a copy of the server locally. This seems to be a nod to 2017 Supreme Court Judgement annulling the presidential election, which took issue with the unavailability of the IEBC’s servers.
In 2018, the CMCA was also enacted to provide for computer system-related offences such as unauthorised access or hacking. The CMCA established a National Computer and Cybercrimes Coordination Committee (referred to as NC4) which is tasked with coordinating the state’s response to cybercrime. Recently, the Cabinet Secretary for Interior and Coordination of National Government, who sits on the NC4, designated various parts of the country’s telecommunications infrastructure (including data centres and systems used to manage elections) as critical infrastructure under the CMCA. With this designation, the telecommunications infrastructure will benefit from enhanced security and scrutiny from the NC4, and any attempts to infiltrate or damage such infrastructure would attract criminal penalties under the CMCA. While this designation was linked to recent attacks on telecommunication masts and power grid, its link to the upcoming election is clear—the IEBC relies on telecommunication service providers to transmit results to its cloud servers. If compromised, the outcome of the election may be adversely impacted.
Electioneering on social media
The same measures that were adopted to bolster the integrity of the election administration system also serve to safeguard against the harms occasioned by the conduct of political actors on social media. In 2017, several media outlets reported that the now infamous Cambridge Analytica—a self-proclaimed political consultancy firm—was active in Kenya, offering services to various parties. According to Cambridge Analytica, its service offering included profiling online audiences based on regular demographics (for example age and gender) as well as personality. For the purposes of this profiling, personality is discerned from the audiences’ conduct on social media—the content which they consume, the individuals they interact with and other data points. Once audiences were profiled, political actors would be able to differentiate the messaging used based on the type of audience being targeted (in other words, to conduct microtargeting). Often, this messaging would include false or misleading information. To facilitate microtargeting, Cambridge Analytica would require large amounts of personal data. In the aftermath of the 2016 US elections, it was revealed that Cambridge Analytica harvested the personal data of millions of people through Facebook. Based on reports of its involvement in Kenya’s election, it is not clear whether Cambridge Analytica facilitated microtargeting or simply designed campaign communications strategy. However, what is clear is that it harvested Kenyans’ personal data through surveys.
This seems to be a nod to 2017 Supreme Court Judgement annulling the presidential election, which took issue with the unavailability of the IEBC’s servers.
Since the Cambridge Analytica scandal, Kenya has enacted the DPA and CMCA that are ostensibly expected to reduce the likelihood of microtargeting and other forms of harmful social media activity in the context of the elections. The access to and use of personal data is central to political campaigning in the digital age. Prior to the enactment of the DPA, this practice was largely unregulated. Political actors were able to obtain voters’ personal data from the publicly available voters’ register and the party member list that is available to parties through the ORPP. Their activities in processing this data for purposes of generating targeted messaging were also largely unsupervised. Save for the guidelines jointly issued by the National Cohesion and Integration Commission and the Communications Authority on bulk messaging and social media communications (NCIC-CA Guidelines), political actors were basically free to determine how to craft their messaging and target audiences. While the NCIC-CA Guidelines brought in a measure of transparency by requiring the source of political messaging to be disclosed within the body of the message, this is limited to communications disseminated through licenced telecommunications service providers.
The provisions of the DPA would serve to limit potential for microtargeting campaigns by raising the barriers to accessing personal data and increasing the scrutiny over political actors’ handling of personal data. For example, under the regulations issued under the DPA, entities involved in electioneering are required to register with the Data Commissioner, whether or not they qualify for an exemption. Further, the electorate whose data is being collected would be able to exercise rights against political actors and these entities such as requiring them to delete their personal data or refrain from processing it in the first place. Without the ability to freely collect and process personal data, and with the threat of legal action against them, it is arguable that political actors would be less likely to engage in these practices in the coming elections. However, this would largely depend on the role played by the Data Commissioner. For example, one would expect the Data Commissioner to spring into action in light of a recent acknowledgment by the IEBC that illegal transfers of voters were undertaken on its electronic voter register.
Aside from being reliant on the proactivity of the Data Commissioner, the efficacy of the data protection law framework in relation to microtargeting campaigns is limited by provisions of election laws. While the collection of personal data by the IEBC or ORPP is initially based on consent, once collected, these entities’ subsequent processing operations are provided for in statute and as such are not subject to further consent or the exercise of certain rights by the electorate. For example, the publication of the voter register cannot be stopped by a data subject due to its provision in law. One may only be able to request minimisation of unnecessary data such as contact information. Once published, this voter register would be accessible to political actors who may use the information gathered to engage in microtargeting.
In relation to the nature of campaign messaging shared through social media, the CMCA criminalises the spread of misleading or false content. This is in addition to the criminalisation of hate speech already contained in the National Cohesion and Integration Act. To date, the provisions of the CMCA relating to the spread of misleading or false content have only been invoked in politically charged contexts and in a seemingly selective manner. For example, while a blogger was charged with this offence under the CMCA for spreading alarming information regarding COVID-19, a Member of Parliament was not charged for what was effectively the same offence. Despite this law being in place for nearly three years, it has not been implemented in instances where researchers have identified specific social media accounts that are engaged in disinformation-for-hire campaigns.
Once published, this voter register would be accessible to political actors who may use the information gathered to engage in microtargeting.
Aside from this, there are other shortcomings with this approach. For one, the use of criminal sanctions to limit the types of speech people engage in is generally discouraged due to the risk posed to the freedom of expression that is crucial in healthy democracies. Further, the nature of online speech is often incompatible with traditional law enforcement mechanisms and, therefore, detecting and prosecuting such offences is bound to be difficult. The state may find itself responding disproportionately to situations where harmful content is being spread online, such as by shutting down internet access. Instead of criminalising certain speech, a few democracies have recently turned to codes of conduct that govern the conduct of political actors online. The most notable of these is the Election Pledge developed by the Transatlantic Commission on Election Integrity. Recognising that healthy political engagement online is primarily driven by political actors, the Election Pledge attempts to have these actors publicly and voluntarily commit to above board conduct such as avoiding the spread of mis-and disinformation, avoiding the spread of hate speech, and using personal data appropriately.
The nature of online speech is often incompatible with traditional law enforcement mechanisms and, therefore, detecting and prosecuting such offences is bound to be difficult.
All in all, a number of steps have been taken that in principle should improve the legal framework applicable to elections as they are conducted in the digital age. However, fundamental concerns remain with regard to the procurement of the IEBC’s ICT procurement and its internal capability. At its core, the conduct of the IEBC and political actors involved in the electoral process will determine the credibility of the process. The IEBC has not yet discharged its mandate of establishing in the public mind how it will avoid the debacles of 2017. Aside from this, the steps taken to safeguard the electorate from practices such as microtargeting seem limited by the provisions of election laws and the proactivity of sector regulators such as the Data Commissioner and the Communications Authority will play a significant role in setting the tone for political actors. In our next article, we will shine a spotlight on the IEBC and consider its readiness to conduct this election in a transparent, credible and lawful manner.
This article was authored in collaboration with the Kofi Annan Foundation whose electoral integrity programme is supported by the United Nations Democracy Fund.
Culture2 weeks ago
The Changing Face of Kisii as Smallholder Agriculture Wanes
Long Reads2 weeks ago
Growing Up With Jaramogi: Some Radical Memories
Long Reads1 week ago
No More Camp: Confident Despite Contradictions
Long Reads6 days ago
Genocide: The Weapon Used to Keep Ethiopia Intact
Politics2 weeks ago
The Post-colonial Kenyan State: The Thorn in Our Flesh
Op-Eds1 week ago
IEBC Up to Its Usual Mischief
Long Reads2 weeks ago
Dust to Ashes: Cremating Christians in Kenya
Long Reads1 week ago
Democratization, Welfarism and African Underdevelopment