Is civic accountability cybercrime?

formerly headlined as "Everything is cybercrime"

Olatunji Olaigbe

and

Olatunji Alameen

Jun 21, 2025

CybAfriqué is a space for news and analysis on cyber, data, and information security on the African continent.

HIGHLIGHT

Is civic accountability cybercrime?

You’ve heard it before, especially from us: cybercrime laws are being used to target the people they’re supposed to protect. In Kenya, a cybercrime against Rose Njeri, a 35-year-old software developer and mother of two, was thrown out of court. Rose, with what Al-Ameen describes as “a few lines of code,” built a website tool in the wake of Kenya’s #RejectFinanceBill protests. The civic accountability tool allowed Kenyans to directly email their MPs and object to the bill. Cute. Inspiring.

ICYMI: Anonymous says #RejectFinanceBill

The state did not find it so. On May 30, 2025, Rose Njeri was arrested without a warrant. Her home was raided, and electronic devices were confiscated. Rose’s whereabouts were unknown for days after her arrest, which led to a public outcry. Later, she was charged with "unauthorised interference with a computer system" under Section 16 of Kenya's Computer Misuse and Cybercrimes Act of 2018. The state's argument, essentially, was that her website was "spamming" the parliamentary system and interfering in the state’s democratic procedure..

Interference is a tricky term, but it's essentially used to describe engineered interaction and interception of the democratic process. It’s most popular among disinformation experts when describing political disinformation, like in the discussion of Russia’s political influence in Africa. The state's attempt to frame Njeri's actions as "interference" is a dangerous perversion of the term and can provide ground that essentially criminalizes civic accountability tech.

Public participation is noisy. It is meant to be a deluge, a powerful and sometimes overwhelming expression of popular will. To label this "interference" is to fundamentally mislabel the relationship between a government and its people.

True interference in the context of cybercrime is something entirely different. It involves a small group of individuals, often with malicious intent, creating mechanized, inorganic noise, like botnets carrying out denial-of-service (DDoS) attacks to shut down a website, or entities flooding social media with disinformation to sow chaos. These are acts of sabotage.

Njeri’s website did not hack, deface, or disrupt the parliamentary email system. It simply streamlined a constitutional right. Instead of every citizen having to manually look up their MP's email address and compose a message, her platform automated the "To:" field and offered a template for the body of the email.

Each email sent through her platform represented a real person exercising their right to petition their government.

Earlier this week, after she’d been released on bail, a Nairobi court threw out the charges against Njeri. Magistrate Geoffrey Onsarigo declared the two counts against her "ambiguous" and the charge sheet "defective." The court decided that the prosecution had failed to demonstrate that any actual crime had been committed.

Across the continent, we are seeing a disturbing trend of digital policies and cybercrime laws being engineered for "political power-hacking" rather than for genuine governance and the protection of citizens. These laws, passed under the guise of fighting online fraud and terrorism, are becoming the go-to tools for governments looking to control the digital public square.

ICYMI: The state of cyber policies in Africa.

Do you find value in the CybAfriqué newsletter? Share to support the work we do

Israel’s eyes on West Africa: Ambassador Gilad on trust, spyware and why Ghana’s Jollof tops his list, via The Africa Report
Russia is openly expanding its state military footprint in Africa, largely through the new "Africa Corps," which is believed to be run by the Russian defense ministry and is filling the void left by the Wagner mercenary group. This strategic shift moves Russia from relying on proxies to a more direct, state-coordinated mechanism of influence, particularly in francophone West African nations like Mali, Burkina Faso, and Niger, where former colonial power France's presence is diminishing. Russia's engagement leverages anti-colonial sentiment, provides security cooperation often without democratic strings attached, and employs extensive disinformation campaigns to legitimize its presence and undermine Western influence, all while pursuing economic interests, especially in extractive industries. Read more.

South Africa's healthcare sector is increasingly adopting AI, but data privacy and cybersecurity measures are struggling to keep pace with the rapid technological advancements and surging cyber threats. Recent ransomware attacks, like the one on the National Health Laboratory Service (NHLS), highlight the vulnerability of sensitive patient data, which is now expanding to include genomic information and radiological images. While South Africa has legal frameworks like the Protection of Personal Information Act (POPIA) and the National Health Act, experts warn that these are not being effectively implemented or are insufficient to address the complexities of AI, leading to calls for stronger governance, adaptable infrastructure, and ethical frameworks to safeguard "biomedical big data." Read more.
Folks at Resilience Technologies explore the extent of what exactly it will take for African CSOs to deal with digital threats and why that remains elusive. Read here.