NAIROBI, Kenya – The Kenyan government’s move to procure advanced cybersecurity infrastructure—funded by the World Bank—has stirred a growing storm over digital rights, with civil society groups and privacy advocates warning that the new tools could enable large-scale surveillance of citizens.
In a tender issued on June 17 by the Information and Communications Technology Authority (ICTA), the government is seeking to acquire high-performance internet gateway firewalls, internal network protection systems, and centralized monitoring software.
These systems, part of the Kenya Digital Economy Acceleration Project, are capable of deep packet inspection—a powerful technology that can scan internet traffic, monitor communications, and analyze user behavior online.
While officials insist the tools are essential to protecting Kenya’s expanding digital infrastructure from rising cyber threats, watchdogs say the lack of transparency and legal safeguards is alarming.
Surveillance Concerns in a Volatile Context
Critics argue the timing of the acquisition could not be more sensitive.
Kenya has witnessed a string of cybercrime incidents, reports of digital surveillance, and even allegations of politically motivated abductions.
The tools described in the tender documentation—characterized as “military-grade” enterprise systems—could allow real-time interception of emails, social media messages, and browsing histories, depending on how they are configured.
Although the project is subject to World Bank procurement rules—including international bidding requirements—observers say that doesn’t guarantee public accountability once the tools are deployed.
Legal Gaps and Governance Worries
Kenya’s current digital privacy protections—anchored in the Data Protection Act, 2019, and updates to the Computer Misuse and Cybercrimes Act—are seen by experts as insufficient for overseeing systems of this scale and sensitivity.
The tender documents make no reference to independent oversight mechanisms or citizen safeguards. Nor do they detail who will access the collected data or how long it will be retained.
This absence of detail is fueling suspicion among civil society actors already alarmed by a Sh100 million allocation for spyware in the current ICT budget.
A Race Against Time—and Public Scrutiny
The tender is open until July 31, 2025, and is expected to attract bids from leading global cybersecurity firms.
Government insiders say the tools are urgently needed to combat the rising tide of cyberattacks targeting critical sectors like finance, healthcare, and education.
Yet public unease continues to grow. Human rights organizations are now calling for:
- A full public audit of the planned cybersecurity tools
- Parliamentary oversight and public consultation
- Clear legal limits on data collection and retention
- Independent monitoring of state surveillance programs
The concerns mirror regional calls from the Intergovernmental Authority on Development (IGAD) for a unified strategy to govern both cybersecurity and artificial intelligence across East Africa, as digital infrastructure becomes more central—and contested—in national development agendas.
With less than six weeks to the tender deadline, the government now faces increasing pressure to assure Kenyans that defending against cybercrime won’t come at the cost of civil liberties.
