“Kenya to require users of public Wi-Fi to register with government,” reads a July 1 Ars Technica headline. At first glance, the east African country’s proposed regulations appeared to extend their reach beyond even that broad subset of Kenyan Internet users. According to quotes from officials included in the article, the new rules would require all users of any device with wireless networking capabilities, not just public Wi-Fi routers, to register their equipment with either their Internet service providers or the Kenya Network Information Centre (KENIC).
Even correcting for what seems to be overbroad interpretation of the final regulations, Kenya's plans risk invading the privacy of the majority of its non-mobile Internet users, as well as chasing legitimate anonymous speakers from the country's Internet.
A July 3 press release from the Kenyan Communications Authority (KCA) clarified that users would not be required to register devices with KENIC, and that the draft regulations will be subject to public consultations. A 2010 decision of Germany's Federal Supreme Court resulted in a similar requirement upon WiFi network operators under German law. This decision is currently under review by the Court of Justice of the European Union. The press release adds even more restrictions on Kenyan public Wi-Fi however:
The draft regulations will have provisions that require installations of Public WI-FI to integrate a component that obliges its users to log in for identification purposes. In this regard, operators of cyber-cafes and public wireless hotspots shall be required to identify users before providing them with Internet access services. The identification shall be through a user registration system that ties each user to a registered mobile phone number. Operators of cyber-cafes shall also be required to ensure that system logs are retained in their original form for a defined period, install Closed Circuit Television (CCTV) for surveillance and use public Internet Protocol (IP) addresses for its computers.
ITU statistics put Kenya’s Internet penetration at 39% and mobile phone subscriptions at 71% of the population. The country is a regional technology hub with a strong online presence. Many Kenyans access the Internet from public wireless hotspots and cafes. Its government, however, is also embroiled in conflict with militant group Al-Shabaab, making cybersecurity an administrative priority. Kenya will also soon play host to a center for coordinating the fight against cybercrime in the Common Market for Eastern and Southern Africa (COMESA), a free trade area.
Requiring Kenyans to effectively register with personal details in order to use wireless Internet is a blow to the right to anonymity, but it is also burdensome on those seeking to offer widespread broadband access. It assumes criminal intent of those who, through economic circumstances or otherwise, choose to access the Internet in public spaces, rather than at home. Compulsory logging and obligatory surveillance cameras add to a draconian level of invasive monitoring that will primarily affect innocent Internet users in the pursuit of a tiny subset of criminals.
This also amounts to a ban on the common practice of network address translation—which is commonly employed to shield workstations behind a central firewall, as well as to extend the limited capacity of the IPv4 address space. Due to the expense of obtaining IP space for each computer in a cyber-cafe, this will impact significantly on the affordability of Internet access for Kenyans, whose per capita income is about 5% of the U.S. average. It will also increase the risk of computers in cyber cafes suffering intrusions, thereby placing the privacy and security of users at risk.
With these new proposed regulations, Kenya is falling into the company of states that misuse security issues to impose unnecessary controls on their citizens’ speech and access to information. Given the country's reputation as a tech innovator, it also risks spreading such poor security policies to other countries that look to Kenya's leadership in this area. The KCA should revise their proposed regulations to respect Kenyan Internet users' civil liberties, and set a standard of Internet freedom that reflects their country's high-tech status.