KRA has sued internet giant Google following a mystery hacking of the taxman’s systems.
Hackers breached the Kenya Revenue Authority’s systems, prompting an investigation.
KRA detectives are engaged in a landmark court battle with Google over access to an email at the centre of the hacking.
The Directorate of Criminal Investigations has obtained a court order granting it access to an email address used by the hacker.
KRA has served the order to Google’s local subsidiary, but the American firm says it is not in a position to assist in the probe.
SEPARATE ENTITY
The order issued by the Milimani Chief Magistrate’s Court on January 9, directed Google Kenya to furnish Mohammed Jillo of the DCI’s KRA unit with documents and records relating to the email address.
Google Kenya has moved to the High Court to quash the order, arguing that it is a separate legal entity from its California-based parent company Google LLC.
Google Kenya says it has no access to the documents and records it has been ordered to provide.
Justice George Odunga has issued a temporary order barring the DCI officers from enforcing the order that allowed them access to the gmail account until Google Kenya’s suit is heard and determined.
Odunga will issue further orders on March 20, after hearing both parties. Google Kenya holds that it has no access to Google LLC’s servers, services or products which are exclusive to its US-based parent.
KRA’s DCI unit says the email address, [email protected], has been used by a mystery hacker on more than one occasion to perform tasks reserved for the
taxman’s officers.
FEAR OF CONTEMPT
It wants access to the account to help track down the suspect.
“Google Kenya Limited and Google LLC are separate limited liability companies and legal entities operating in two separate countries, carrying out different activities. Google Kenya has no capacity to comply with the order as it has no access to Google LLC servers, services and products,” Google Kenya says.
The firm insists that KRA’s DCI officers should have served the court order on Google LLC in California, saying it cannot receive documents on behalf of its parent firm.
Google Kenya lawyer Ife Osaga-Ondondo said the firm was not a party to the application for a warrant before the Chief Magistrate’s court, hence it cannot be asked to comply with the order.
The firm moved to court in fear of being found in contempt of a court order that it is unable to obey.
The suit is expected to answer the question on whether a firm’s subsidiary can be used to effect service of court documents.
The order issued by the Chief Magistrate’s court has also raised questions as to whether the government can obtain private information from the global search engine, an issue at the centre of a separate court battle between Google LLC and the US government.
Google stores data in several servers around the globe. Last year, the firm sued the US government to bar it from accessing information stored overseas.
VULNERABLE
In the KRA’s quest to track down the mystery hacker, the taxman holds that the breach of its systems was reported at the Railways police station within the Central
Business District.
KRA does not say what the hacker did inside its systems. Jillo says KRA’s systems have been left vulnerable by the hacking incident.
Other than crucial revenue collection details and records, the KRA also holds intimate data on millions of taxpayers that may have been accessed by the
Mysterty hacker.
“The gmail account is believed to have been used to access KRA’s computer system and used to perform the task of an authorised officer, thereby infringing on the information security of the KRA,” Jillo said when applying for a warrant to access the email address.
KRA is in a separate court case in which it wants to recover Sh4 billion from another suspected hacker, Alex Mutuku. Mutuku had previously been accused of hacking into Safaricom and NIC Bank systems. His case with the KRA is still pending at the High Court.