DEPARTMENT OF PEACE, SECURITY AND SOCIAL STUDIES
MASTER OF ARTS IN CRIMINOLOGY AND CRIMINAL JUSTICE
TASK: Write an original qualitative research concept with the following components; Title, background of the problem, statement of the problem, two research questions, justification, data collection, data analysis and references (Maximum 7 pages, 1.5 spacing).
EFFECTIVENESS OF COMPUTER MISUSE AND CYBERCRIMES ACT, 2018, ON WAR AGAINST CYBERCRIME IN KENYA
According to McGuire and Dowling (2013) cybercrime can be used as an umbrella term to describe two distinct, but closely related criminal activities: cyber-dependent and cyber-enabled crimes.
Cyber-dependent crimes are offences that can only be committed by using a computer, computer networks, or other forms of ICT, for example, spread of viruses, hacking, distributed denial of service (DDoS) attacks etc. Cyber enabled crimes are traditional crimes that are increased in their scale or reach by the use of computers, computer networks or other ICT, for example, fraud, theft, sexual offending against children (McGuire & Dowling, 2013).
Lovely (2010) define cybercrimes as criminal offences that involve or occur in cyberspace, the ethereal region created when computers and people connect over electronic networks that gspan the world. Cybercrimes emergence as an international crime and justice problem is a vexing downside to the blending of digital communications technology, especially the internet, into everyday life and global commerce (Lovely, 2010).
Internet and computer technology makes life so speedy and fast but also in danger because of cybercrime.
Das and Nayak (2013) argue that computers and computer networks act as a tool for cybercrimes and as a target or a place where cybercrimes takes place.
Longo (2013) define and identify some of the legal issues, the computer misuses and the criminal activities associated with Information Security (IT) that are increasingly a matter of criminal litigation, civil litigation and national policy where fighting serious organized crime and cybercrimes are concerned.
Serianu (2017) reports that in the year 2017 Kenya lost Sh21.2 billion through cybercrime, this was a 40 per cent increase from Sh15.1 billion in 2015. In Africa, Nigeria were the leader followed by Kenya, they had lost Sh65.5 billion. Africa continent lost a sum total of Sh350 billion to cybersecurity. Financial institutions were the most affected (Serianu, 2017).
Serianu (2017) also reported that in Kenya Most cyberattacks target the banking sector. This sector accounts for a third (Sh7 billion) of the overall estimated loss to cybercrime. It is followed by governmental agencies which accounts for 24 per cent of the overall estimated loss to cybercrime (this is equal to Sh5 billion). However, due to the fear of losing credibility by financial institutions, very few cases are reported (Serianu, 2017).
Cybercrime attacks aimed at government institutions are widespread all over the world. The most famous and recent cases are accusation of Russia hacking the US Democratic Convention servers in run up to 2016 elections and when North Korea was accused of spreading the WannaCry ransomware to other nations. In Kenya the most famous case was in the year 2012, this is when an Indonesian hacker who was identified as Direxer shut down one hundred and three (103) state websites (Mutisya, 2018).
On the year 2017 there was a big cybercrime related case where a man was charged in court for allegedly hacking into the Kenya Revenue Authoritys system, Sh4 billion were lost as a result of this breach. In 2018, in Nyeri County, three suspects who had allegedly defrauded a ward representative of Sh1.9 million from his Mpesa and bank account were arrested by the police (Mutisya, 2018).
Clough (2015) argues that whether it is fraud, child pornography, stalking, criminal copyright infringement or attacks on computers themselves, criminals will find ways to exploit new technology. The challenge for all countries is to ensure their criminal laws keep pace. The challenge is global one, and much can be learned from the experience of other jurisdictions (Clough, 2015).
Computer misuse and Cybercrime Act, 2018 came in force on 30th May 2018. The law was expected to curb cybercrimes and computer related offences to enable timely and effective detection, prohibition, prevention, response, investigation and prosecution of computer and cybercrime (Okal, 2018).
Cybercrime has led to loss of billions and billions of money in Kenya. Many banks have been victims of internet fraud which have resulted to serious losses. Government ministries and military have also been victims of hacking and other cybercrimes which has led to fear among citizens. Attacks on government agencies have also led to citizens losing confidence on their government ability to protect them. Young people have also been bullied over the internet or have been victims of cyberbullying. Peoples identities have also been stolen what has resulted to their money being stolen. Copyright infringement or intellectual property rights have also been violated where people have been illegally downloading music and images from the internet without permission of the owners.
Due to the escalation of cybercrime, legislators in Kenya responded by creating legislation to address the threats. They drafted the Computer Misuse and Cybercrimes Act (Act No 5, 2018). The date of commencement for this Act was on 30th May, 2018.
One of the major functions of the law is to deter people from committing crime. It makes people fear and thus refrain from engaging in criminal activities. This is because of the punishment aspect of the law. Despite having this Act in force, there have been reported cases of cyber-attacks on local banks and government parastatals.
These attacks cast doubts if indeed this law is helpful in protection of citizens from cybercrimes or not. It cast doubts if this law serves the deterrence functions that the law should serve or not. Therefore, the purpose of this study is to evaluate the effectiveness of Computer Misuse and Cybercrimes Act, 2018 in war against cybercrimes.
This study is guided by the following research questions:
1. What are some of the limitations of the newly enacted Computer misuse and Cybercrimes Act, 2018?
2. How are the Kenya police officers equipped to enforce the newly enacted Computer misuse and Cybercrimes Act, 2018.
Apart from cybercrimes, there are other forms of crimes such as Murder, theft, robbery, assault, burglary etc. The difference between cybercrimes and these other crimes is that they occur in the real physical world and most often leave a trace of physical evidence behind. On the contrary, cybercrimes are complicated because they occur online. It is therefore hard to prove that indeed they took place. This because most of the times criminals are able to erase evidence that can link them to crime. Unlike the crime like murder where someone can testify that they witnessed someone kill someone, cybercrimes rarely have witnesses. This is because they happen in the virtual world. Therefore to implement and enforce computer and cybercrimes Act, police requires expertise in information technology and cyber security. And such knowledge needs to be updated every now and then, because cybercrimes get sophisticated each and every day. This study will help to establish if indeed the police have what it takes to implement the newly enacted computer and cybercrimes Act, 2018.
In Kenya the legislative bill is drafted by the members of parliament. They go through various stages before they become operational. For instance, they go through first reading, second reading, and committee stage and so on. The last stage is the presidential assent. The president assent the bill into law. There are some limitations in the law that cannot be felt or identified during the law making process. Such limitations can only be identified or noted when the law is operational or during the implementation of the law. Therefore, some months after the date of commencement a study is necessary to identify the limitations of that particular law. So far in Kenya there is no study that has been done to evaluate the effectiveness of the aforementioned law. That is the function that this study is going to carryout.
This study will be beneficial to the policy makers in the criminal justice system. It will fill the knowledge gap about the effectiveness of the computer misuse and cybercrimes Act, 2018. The policy makers will learn from an independent and credible data the limitations and the weaknesses of the newly enacted cybercrimes law and therefore, this study will form the basis of amendment of this Act of parliament to make sure that it is in line with the Kenyan law enforcement framework.
In-depth Interviews will be conducted on various participants at the locations convenient for them. Interviews will average about forty five minutes. But generally the length of an interview will be dependent on how fast the interviewee is able to give information. It will also depend on how fast I will get enough information relevant to my research.
The interviews will be semi-structured featuring open ended questions. This will make probing possible. However, the guide will not control the interviews flow; each interview will have its own conversational flow. The interviews will be recorded with digital audio recorder. As a backup for audio recorder, I will also use my phone for recording. But I will have to remove the sim card or put the phone on flight mode to prevent disturbances from someone texting or calling as the interview is going on. During interviews I will also take notes. Notes will guide me during data analysis.
I will also conduct focus group discussion to help verify individual interview data. Focus group will have 4-8 participants. I will be the moderator, but I will have an assistant to help me in notes taking. The discussions will be recorded with digital audio recorder and a digital video recorder.
I will also collect data by observation method. I will attend computer misuse and cybercrimes trials in courts of law. I will record data by taking relevant and reliable notes.
Both in-depth and focus group discussion data will be transcribed. Data will be transcribed by the use of transcription software called HyperTranscribe. If the software will fail or not work I will use the traditional method of transcription, which is; listening, stopping, and rewinding often many times.
After transcription I will explore the data. This will entail reading through the textual, audio or visual data and thinking about it. I will then start marking and highlighting texts that I will think are important. This process is called coding. I will read through the entire set of data and chunk the data into smaller meaningful parts (codes). I will then label each chunk with descriptive title or a code. I will then compare new chunk of data with previous codes and then label similar chunks with similar code. Finally, I will group similar codes together to help me in the identification of themes.
I will also use constant analysis to identify which codes are used the most and which might be the most important concepts of the interviewee.
Clough, J. (2015). Principles of Cybercrime. Cambridge: Cambridge University Press.
Das, S. & Nayak, T (2013). Impact of cybercrime: Issues and challenges. International Journal Engineering Science and Engineering Technologies, 6(2), 142-153.
Longo, B. (2013). Learning on the Wires: BYOD, embedded systems, wireless technologies and cybercrime. Legal Information Management, 13(2), 119-123
Lovely, R. (2010). International Crime and Justice. Cambridge: Cambridge University Press.
McGuire, M., & Dowling, S. (2013). Cyber crime: A review of the evidence (Report No. 75). Retrieved from Assets Publishing Service website:
Mutisya, J. (2018, September 2). Cybercrime losses surge above Sh20 billion. Daily Nation. Retrieved from
Okal, J. (2018, May 24). Review on the New Computer Misuse and Cybercrimes Act Kenya. [Blog Post]. Retrieved from
Sirianu (2017). Kenya Cyber Security Report. Retrieved from Serianu website: