Treasury Cabinet Secretary John Mbadi.
The government’s push to crack down on internet subscribers and SIM-card users is well underway, with the Directorate of Criminal Investigations (DCI) allocated Sh100 million to procure spyware.
Details of the initiative are contained in the 2025/26 budget estimates approved by the National Assembly on Wednesday. The funds will finance the acquisition of Optimus 3.0 – software for the DCI forensic lab – to monitor Kenyans’ social media accounts.
Legal scrutiny
The spyware, a form of malicious software, infiltrates devices, collects user data, and transmits it to third parties without consent – a violation of the Data Protection Act. It enables the State to snoop on and hack internet subscribers’ and SIM-card users’ accounts, including decrypting encrypted data.
This funding coincides with the upcoming debate on the Kenya Information and Communication (Amendment) Bill, 2025, criticised for provisions seen as intrusive to free speech, expression, electronic dissemination, and the right to privacy as protected by the Constitution.
Sponsored by Aldai MP Marianne Kitany, the Bill seeks to grant the Cabinet Secretary for Information sweeping powers to monitor and demand information from Internet Service Providers (ISPs), telecom firms, and cyber operators.
The spyware allocation has drawn criticism from former National Assembly Speaker and ex-Public Service Cabinet Secretary Justin Muturi and Nairobi-based lawyer David Ochami. Mr Muturi suggested the government may have already procured the software, and that the KICA Bill is designed to legitimise an ongoing illegal operation.
“They’re already snooping on Kenyans. The Bill seeks to regularise an illegality already in force,” said Mr Muturi. “This is clear evidence that President Ruto is determined to roll back the freedoms Kenyans fought so hard for.”
Expert alarm
He added that the amendments have no place under the current Constitution and accused the President of harbouring authoritarian ambitions.
“The President wants to take Kenya back to the dark days – he’s nostalgic for the trappings of dictatorship and the imperial presidency of the past,” he said.
If enacted, the Bill would legitimise the use of spyware and encroach on the Media Council of Kenya’s (MCK) mandate to regulate broadcast content, creating an additional layer of State surveillance.
Under the proposals, ISPs and SIM-card vendors would be required to install tools such as signature-creation devices, akin to facial recognition modules, to monitor customers’ activities – data the State could retrieve at will.
In addition to the spyware funding, Sh300 million has been allocated to the MCK to support media monitoring, content regulation, and operational costs of existing ICT media centres.
Clause 3 of the Bill proposes amending Section 27A of KICA to require ISPs to implement metered billing systems that assign each customer a unique, identifiable meter number.
“The Bill seeks to require ISPs to develop and deploy quality metered billing systems capable of monitoring customer usage, translating it into readable data, generating invoices based on consumption, and aligning metrics with the value of services used,” the Bill states.
