Shares

The Bloggers Association of Kenya (BAKE), leading a high-profile coalition including the Law Society of Kenya (LSK), Article 19 Eastern Africa, and the Kenya Union of Journalists (KUJ), has formally lodged a Petition of Appeal at the Supreme Court of Kenya.

The Petitioners are seeking to overturn a Court of Appeal verdict that upheld several controversial sections of the Computer Misuse and Cybercrimes Act (CMCA) 2018, which they argue create an unconstitutional Big Brother state.

While the Court of Appeal recently struck down sections 22 and 23 (dealing with false publications), BAKE and its partners contend that the court erred by leaving other unguided missiles in the law. The Supreme Court petition specifically targets sections that the coalition argues are impermissibly vague and infringe upon the Bill of Rights:

  1. Cyber-harassment (Section 27) & Cybersquatting (Section 28): The Petitioners argue these sections limit freedom of expression without the mandatory declaration of intent required by Article 24(2) of the Constitution.
  2. Revenge Porn (Section 37): The coalition highlights a grave error of law where the Court of Appeal identified the validity of this section as an issue but failed to deliver a judgment on it, leaving the law in a state of uncertainty.
  3. Excessive Surveillance (Sections 48, 50, 51, 52, & 53): This is the heart of the Big Brother challenge. The Petitioners argue these sections grant law enforcement unfettered, subjective powers to search persons, seize data, and conduct real-time interception for up to nine months without robust judicial oversight or notification to the affected parties.

In their submissions, BAKE and the co-petitioners warn that current investigative procedures allow for indiscriminate scrutiny of private communications. They are beseeching the Supreme Court to either declare these sections unconstitutional or read-in mandatory safeguards, including:

  • Clearer definitions of traffic data and subscriber information.
  • Strict judicial oversight to prevent the police from using subjective belief as a basis for intrusive searches.
  • Post-investigation notification to citizens who have been placed under surveillance.

Key court deadlines

Hon. Alice Mukenga, Deputy Registrar of the Supreme Court, has established the following roadmap for the case:

  • April 20, 2026: Deadline for Petitioners to serve the Petition of Appeal to the DPP, Attorney General, Inspector General of Police, and the Speaker of the National Assembly.
  • May 4, 2026 (14 Days): Deadline for the State Respondents to file their replies.
  • May 11, 2026: A virtual mention at 9:00 a.m. to set the hearing date for the final arguments.

Resources

  1. BAKE petition of Appeal
  2. DPP petition of Appeal

Brief of the contested sections

1. Section 27: Cyber Harassment

Criminalizes the willful use of a computer system to communicate data that causes a person apprehension or fear of violence, damage to property, or detrimentally affects them (including causing them to commit suicide).

Penalty: A fine of up to Ksh. 20 million, imprisonment for up to 10 years, or both.

BAKE’s Argument: It is too broad and vague, failing the constitutional test for limiting free speech.

2. Section 28: Cybersquatting

Prohibits the intentional, unauthorized use of a name, trademark, or domain name owned by another person on the internet in bad faith.

Penalty: A fine of up to Ksh. 200,000, imprisonment for up to 2 years, or both.

BAKE’s Argument: It suppresses legitimate use, such as parody or fair use, and lacks a mandatory declaration of intent to limit rights.

3. Section 37: Wrongful Distribution of Obscene or Intimate Images

Often called the Revenge Porn section. It criminalizes the transfer, publication, or dissemination of an intimate or obscene image of another person through a computer system.

Penalty: A fine of up to Ksh. 200,000, imprisonment for up to 2 years, or both.

BAKE’s Argument: The Court of Appeal failed to rule on its validity, leaving it in a state of legal limbo.

4. Section 48: Search and Seizure of Stored Computer Data

Allows a police officer or authorized person to apply for a warrant to enter premises and search/seize data if they have reasonable grounds to believe it is material to a criminal investigation. Critically, it allows the search of any person found at the premises, regardless of whether they are the target of the warrant.

5. Section 50: Production Order

Empowers the court to issue a mandatory order directing a person or service provider to submit specified data or subscriber information.

BAKE’s Argument: The use of the word “shall” (as opposed to “may”) in the law suggests that the court acts as a rubber stamp for police requests, overriding judicial discretion.

6. Section 51: Expedited Preservation and Partial Disclosure of Traffic Data

Allows law enforcement to serve a notice to a service provider to “freeze” (preserve) traffic data for 30 days without a prior court warrant if they fear the data might be lost or destroyed.

7. Section 52: Real-time Collection of Traffic Data

Permits the collection or recording of traffic data (meta-data like IP addresses, location, and timestamps) in real-time through technical means, typically for up to 6 months.

8. Section 53: Interception of Content Data

The most intrusive section. It allows for the real-time interception and recording of the actual content of communications (emails, messages, voice calls) for up to 9 months, with possible extensions.