In this article allow your mind to wander and to think about forensics, hacking and any other related terms because the discussion will follow this course.
Section 21 of the Act provides for the crime of cyber espionage and states that any person who performs an act that results in gaining access or intercepting data unlawfully commits a crime and is liable for a term not exceeding twenty years. Additionally, the Act criminalizes unauthorized access by infringing security measures so as to gain access. The focus for today shall be on persons who commit such acts which are translated as hacking.
In Kenya cases of hacking with an intent to gain access to systems are not new. Last year we were treated to news that KRA system had been hacked and a staggering 4 billion made away with. The man behind the alleged electronic fraud was Alex Mutuku. When the arrest was made police disconnected and took away every gadget with a memory; mobile phones, computers, hard drives, digital video recorders and servers. While the story has taken different twists, what is certain is that evidence to prove the case is a necessary component otherwise, the allegations hold no water.
In Kenya, the laws dealing with electronic fraud are the Kenya Information Communication Act under section 84B and now the Computer Misuse and Cybercrimes Act, 2018. When faced with a case where evidence would be digitally presented, the court is guided by section 78A of the Evidence Act. In the case of Republic v Mark Lloyd Stevenson (2016) eKLR the emails were not authenticated by giving their technological footprint hence were not admissible in court. Authentication is necessary to prohibit tampering which is common in e-evidence and could render an allegation invalid.
The case of Oquendo where the accused was recently found guilty of killing her step daughter, the investigators produced geolocation information extracted from a mobile device but the judge expected a more scientific treatment of the evidence while casting doubt on the reliability of the digital traces this can be loosely translated to mean, more evidence to the authenticity of the e-evidence.
In both cases, the importance of e-evidence to try a matter is clear as well the risk of tampering or falsification is evident hence the need to clearly preserve the evidence.
Why is tampering a risk? E-evidence is highly volatile hence can be changed or manipulated through file deletion softwares, viruses, and botnets. Once manipulated it is difficult to detect and trace it unless with the help of a forensics expert. While in fact the duty of making decisions is the reserve of the judge, the role of an expert testimony cannot be undermined at all costs as they help judges to understand forensic findings and their value in a case.
The role of an expert is not to make decisions but to give an assessment hence it is important for the expert not to present the material as facts such that it gives no room for exploring the alternatives. This will also help curb bias.
There is need for a standardized approach to expert evidence with an insistence on them acting as assessors. The law being in place already points to a need for regulating the cyberspace hence more needs to be done on the procedure of producing expert evidence as we expect more of evidence to be presented in this manner. The standalone laws should be made in consultation with computer forensics experts to establish a nomenclature for digital evidence.