Until now I have known of only two basic tools for fighting cybercrime; technical soft and hard tools for network, gadget and personal protection and legislation for establishing frameworks for the adoption of those tools and scaring (deterring) attackers. Dr. Bitange Ndemo has added his views on cybercrime and legislation in his article “We must tread carefully on cyber security” posted yesterday in Business Daily. In the article, Dr. Ndemo articulates the importance of cyber space and the contribution Internet has on GDP. He reasons that the losses on cyber security are inconsequential compared to the gains economies reap from cyber space. In essence therefore, Dr. Ndemo proposes for countries and African countries in particular to stop worrying and spending on cyber security but rather ought to concentrate on increasing penetration of gadgets and the Internet and later worry about cyber security when they become vulnerable to attack.
Secondly Dr. Ndemo is of the opinion that legislation that focuses on cyber control alone is a mistake. He recommends for protective measures to be viewed from a broader angle where reasons that lead to cyber attack are addressed. As such Dr. Ndemo proposes for “proper parenting and behavioural change” as effective means for deterring cyber attacks instead of excessive legislation.
I agree with Dr. Ndemo in one point but disagree with him in two. I agree with him that legislation geared towards controlling the cyber space alone, whether one or excessive, cannot yield effective results. This type of legislation will only act to limit Internet penetration and its access thereby curtailing any economic gains that a country could have reaped. I do agree with Dr. Ndemo that the draft legislation by the African Union, as currently is, is indeed an excessive legislation that will have retrogressive impact on the achievements Africa has had from Internet this far and as such should not be adopted next month. During the Information Security and Public Key Infrastructure Conference by COMESA that was held at Safari Park last month, The Kenya ICT Action Network (KICTANet) promised that they will follow up on the issues that have been raised by organizations such as Centre for Intellectual Property and Information Technology that touch on the draft legislation. I do hope that KICTANet has sufficient time to bring out the issues that are of concern given that under Kenya Constitution, any International treaties or conventions ratified becomes part of our laws.
But what Dr. Ndemo seem not to realize is the real impact Cyber Crime has in Africa even now that we hardly have half the penetration the developed world has. In East Africa it was mentioned during the conference that we lose $1.5 billion annually to cyber attackers and cyber security failures. It has also been found that Kenya has one of the poorest cyber security measures yet it has one of the fastest Internet penetration rates in the region. Kenya is known to pioneer mobile money transfer in M-PESA and has close to 80% of all mobile money transfers in the world. We cannot therefore sit back and wait for attackers to start fishing out the hard earned cash by Kenyans that sit on M-PESA platform. The challenges facing Mobile Security that have so far identified by the government and other stakeholders need to be addressed. To address most of the challenges, proper and adequate legislation must be put in place. To further appreciate the need for legislation that properly addresses cyber security, read change of heart on cyber security part 1 and part 2.
Dr. Ndemo’s proposal for Africa countries not to worry about cyber crime is actually proposing that we should continue following the reactive ideologies that have so far cost us a lot in disasters. The reactive mentality is what has made most African countries beg for food year in year out; fail to contain man made and natural disasters like the drought and the floods and the fires, and is what has made us think that spending trillion of shillings in 1970s technologies is progress. No, we must know that cyber space doesn’t just bring with it the positive economic impacts but also has the potential to harm a nation and her people. We must be proactive enough to put in place necessary measures that will minimize the negative impacts but promote the positive effects promised by the cyber space.
My second point of disagreement with Dr. Ndemo is on the proposal that parenting and behavior change can have better results than legislation. I have heard similar calls made by people like Prof. Patrick Lumumba when it comes to fighting corruption where Anti-corruption agencies pioneer establishment of behavior change programs in primary schools and churches. These arguments are based on the fact that some of the ills we see in the society are results of human innate tendency to reap benefits using the least costly routes. Everyone, including the most spiritual or “saved” individuals that the society expect to live sacrificing lifestyles, won’t take a second to opt for the least energy spending method for satisfying personal needs. Even if they would opt for the the hard routes, collectively the number of people who subscribe to sacrificing lifestyles are negligible.
Studies have been done and found out that the the law of the jungle that demands survival for the fittest still apply to humans. Economic theories formulated on the “greed” are best useful for predicting the performance of nations’ and the world economy than those formulated based on “altruism”. What I’m saying is that I do not expect Bob, a trained hacker who can access billions of dollars from account A, to deter himself from doing so merely because he has had good parenting. If there was no legislation against bank robbery I don’t think we would have the moral authority to condemn G4S security officers that have since diverted the millions of shillings and disappeared. Bob will similarly be required to have second thoughts if he is fully aware that he will be caught and punished if he attempts to hack bank A.
Even if we were to frame policies for proper parenting and injecting behavior change to the society, how practical would we go about this without legislation? How would we legislate against improper parenting if at all? Would we require parents to follow some strict parenting codes as stipulated in a “Parenting Act”?
What of behavior change? I remember I chaired a Behavior Change Communication Group back in the days of college life that tried to influence members of my former church to change their mindsets in issues regarding HIV. Trust me you cannot change the thinking of fundamentalists against the use of condom to all over sudden start saying “yes, we can run condom ads in our churches” within months or a few years.
Cyber crime is widespread. Just yesterday Digital Trends advised its readers on how to protect themselves against cyber attacks following the reports that over 2 million Facebook, Yahoo, Google, and Twitter passwords had been stolen. Bitcoin, the cryptocurrency that has received much love over the past months since April has had its fair share of attacks. Hackers have been able to steal Bitcoin from virtual wallets, personal computing devices to some of the Bitcoin exchange bureaus closing shop and disappearing with billions of dollars worth of Bitcoins. The rate at which new malware get introduced in the market (more than 12 per second) means that we cannot follow behavior change route that takes tens of years to achieve. Just like parenting, what type of legislation can we enact that enforces behavior change? No we cannot solve cyber crime through parenting and behavior change, we must do so technically and by treating cyber crime as a crime.
Finally I would like to conclude that any technical approach for curtailing cyber crime must have legal backing. Legislation for deploying technical tools for fighting cyber crime are needed just as much as legislation for punishing cyber criminals. Let parenting and behavior change be championed by the churches and not the state. But the state has little to do with regards to how effective churches implement “good parenting” and “behavior” change doctrines. Dr. Ndemo, good parenting cannot be a solution to cybercrime.