[kictanet] [Fwd: Re: Day 6 of 10: IG Discussions, Legal Issues]
alice
alice at apc.org
Mon Aug 18 11:23:15 EAT 2008
And more on DNS security
http://blog.wired.com/27bstroke6/2008/08/experts-accuse.html
Experts Accuse Bush Administration of Foot-Dragging on DNS Security Hole
By Ryan Singel Email <mailto:ryan at ryansingel.net>August 13, 2008 |
3:44:24 PMCategories: Hacks and Cracks
<http://blog.wired.com/27bstroke6/hacks_and_cracks/index.html>, Threats
<http://blog.wired.com/27bstroke6/threats/index.html>
Roots
Despite a recent high-profile vulnerability that showed the net could be
hacked in minutes, the domain name system -- a key internet
infrastructure -- continues to suffer from a serious security weakness,
thanks to bureaucratic inertia at the U.S. government agency in charge,
security experts say.
If the complicated politics of internet governance continue to get in
the way of upgrading the security of the net's core technology, the
internet could turn into a carnival house of mirrors, where no URL or
e-mail address could be trusted to be genuine, according to Bill
Woodcock, research director at the nonprofit Packet Clearing House
<http://www.pch.net/home/index.php>.
"The National Telecommunications and Information Administration, an
agency of the Department of Commerce, is the show-stopper here,"
Woodcock said.
At issue is the trustworthiness of the domain name system, or DNS, which
serves as the internet's phone book
<http://www.wired.com/science/discoveries/news/2008/06/dayintech_0623>,
translating queries such as wikipedia.org into the numeric IP address
where the site's server lives.
Just weeks ago, security researcher Dan Kaminsky announced he'd
discovered a way for hackers to feed fake info into DNS listings, which
would allow hackers to redirect web traffic at will -- for example,
routing every person attempting to log in to the Bank of America to a
fake site controlled by the attacker.
Kaminsky quietly worked with large tech companies to build patches for
the net's name servers to make the attack more difficult. But security
experts, and even the NTIA, say those patches are just temporary fixes;
the only known complete fix is DNSSEC
<http://www.dnssec-deployment.org/> -- a set of security extensions
<http://www.dnssec-tools.org/> for name servers.
Those extensions cryptographically sign DNS records, ensuring their
authenticity like a wax seal on an letter. The push for DNSSEC has been
ramping up over the last few years, with four regions -- including
Sweden (.SE) and Puerto Rico (.PR) -- already securing their own domains
with DNSSEC. Four of the largest top-level domains -- .org, .gov, .uk
and .mil, are not far behind.
But because DNS servers work in a giant hierarchy, deploying DNSSEC
successfully also requires having someone trustworthy sign the so-called
"root file" with a public-private key. Otherwise, an attacker can
undermine the entire system at the root level, like cutting down a tree
at the trunk. That's where the politics comes in. The DNS root is
controlled by the Commerce Department's NTIA, which thus far has refused
to implement DNSSEC.
The NTIA brokers the contracts that divide the governance and top-level
operations of the internet between the nonprofit ICANN and the
for-profit VeriSign, which also runs the .com domain.
"They're the only department of the government that isn't on board with
securing the Domain Name System, and unfortunately, they're also the
ones who Commerce deputized to oversee ICANN," Woodcock said.
"The biggest difference is that once the root is signed and the public
key is out, it will be put in every operating system and will be on all
CDs from Apple, Microsoft, SUSE, Freebsd, etc," says Russ Mundy,
principal networking scientist at Sparta, Inc, which has been developing
open-source DNSSEC tools for years with government funding, He says the
top-level key is "the only one you have to have, to go down the tree."
A European networking group known as RIPE called in June 2007 for the
root to be signed, with Swedish and British representatives echoing the
call in October. But NTIA is not moving quickly enough to sign the root,
given the looming threat, even after the final technical problems have
been resolved, according to Woodcock and others.
"A few years ago, there were still technical hurdles to actually signing
and using DNSSEC, but in the past few years, a lot of software tools,
both commercial and open-source, have come out, and now it's a
completely solved problem," Woodcock said. "All that's left is the far
less tractable, purely political problem."
"Arguing over who gets to hold the cryptographic keys in the long run
[should] wait until we're not facing a critical threat," Woodcock said.
But the NTIA insists it is moving at just the right pace.
"We are committed to taking no action that would have the potential to
adversely affect the operational stability of the DNS," says spokesman
Bart Forbes. "While there is increasing pressure to secure the DNS, NTIA
must work with all stakeholders and consider all possible solutions."
Olaf Kolkman, a Dutch networking export, says there's no time to waste.
The only way for DNSSEC to work is for the top-level zone file -- which
lists the specifics for top-level domains like .gov -- to be signed by a
trusted authority.
"Currently DNSSEC is the only mechanism known to protect against the
Kaminsky attack," Kolkman said. "It is not clear that other solutions
will provide the same level of protection as DNSSEC."
Without such extensions, a hacker eager for trade secrets could hijack
the DNS listing for Apple's e-mail server and insert the number for a
server he controls instead. He could then keep a copy of every message
sent to the company and forward them all. No one would likely to be any
wiser until a human looked closely at the mail headers.
Still, even DNSSEC's most fervent backers admit that signing the root
won't instantly secure the net. Installing the extensions internet-wide
will be costly and time-intensive, but proponents say that getting the
root signed will turbocharge the process.
The Internet Assigned Numbers Authority -- which coordinates the
internet -- has been prototyping a system to sign the root-zone file for
the last year, but they can't do the same for the internet's top servers
without approval from the Department of Commerce.
That's where the rub is, according to Kolkman.
"Then the issue becomes political because there seems to be the
perception that the introduction of a key guardian changes the current
policies," Kolkman said
That could also simplify how top-level zone files are created, according
to Richard Lamb, a technical expert at IANA. Currently companies that
manage top-level domains like .com submit changes to ICANN, which then
sends them to NTIA for approval, before they're forwarded to VeriSign.
VeriSign actually edits the root file and publishes it to the 13 root
servers around the world.
"We would want to bring the editing, creation and signing of the root
zone file here," to IANA, Lamb said, noting that VeriSign would likely
still control distribution of the file to the root servers, and there
would be a public consultation process that the change was right for the
net.
But changing that system could be perceived as reducing U.S. control
over the net -- a touchy geopolitical issue. ICANN is often considered
by Washington politicians to be akin to the United Nations, and its push
to control the root-zone file could push the U.S. to give more control
to VeriSign, experts say.
VeriSign did not respond to a request for comment, but its CTO said
earlier this year that it was creating its own root-zone file-signing
test bed.
The root-zone file, which contains entries for the 300 or so top-level
domains such as .gov and .com, changes almost every day, but the number
of changes to the file will likely increase radically in the near
future, since ICANN decided in June to allow an explosion of new
top-level domain names.
Woodcock isn't buying the assurances of NTIA that it is simply moving
deliberatively.
"If the root isn't signed, then no amount of work that responsible
individuals and companies do to protect their domains will be
effective," Woodcock said. "You have to follow the chain of signatures
down from the root to the top-level domain to the user's domain. If all
three pieces aren't there, the user isn't protected."
Brian Munyao Longwe wrote:
> So does Cyber War bring out any legal issues? This is a slightly
> chilling summary of the current crisis in Georgia and the central role
> that the internet had before the hostilities escalated.
>
> *Longtime Battle Lines Are Recast In Russia and Georgia's Cyberwar*
>
> By Kim Hart
> Washington Post Staff Writer
> Thursday, August 14, 2008; D01
>
> As the violence unfolded between Russia and Georgia during the past
> week, hackers waged war on another front: the Internet.
>
> The Georgian government accused Russia of engaging in cyberwarfare by
> disabling many government Web sites, making it difficult to inform
> citizens quickly of important updates. Russia said that it was not
> involved and that its own media and official Web sites had suffered
> similar attacks. Although a cease-fire has been ordered, major
> Georgian servers are still down, hindering communication in the country.
>
> Some Georgian officials, bloggers and citizens were able to work
> around the disruptions, sending text messages to friends in other
> countries using Web sites hosted by servers in the United States,
> Poland and Estonia that are less likely to fall victim to a cyberattack.
>
> Concerted online attacks have been a threat for years. But security
> experts say the "cyberwar" between Russia and Georgia underscores the
> havoc that can spread on a digital battlefield. It also highlights how
> vulnerable Web-reliant countries are to assaults that could cripple
> military communications or a national banking industry.
>
> The attacks against Georgia's Internet infrastructure began nearly two
> months before the first shots were fired, according to security
> researchers who track Internet traffic into and out of the countries.
> Such attacks, known as "denial of service" attacks, are triggered when
> computers in a network are simultaneously ordered to bombard a site
> with millions of requests, which overloads a server and causes it to
> shut down.
>
> "In terms of the scope and international dimension of this attack,
> it's a landmark," said Ronald J. Deibert, director of the University
> of Toronto's Citizen Lab, which has nearly 100 researchers mapping Web
> traffic through several countries, including Russia and Georgia. He
> said small-scale attacks have occurred between the countries since
> June. "International laws are very poorly developed, so it really
> crosses a line into murky territory . . . Is an information blockade
> an act of war?"
>
> Cyberattacks can be launched cheaply and easily, with a few hundred
> computers and a couple of skilled hackers. Simpler tactics are even
> easier to mount by hacking into a server and deleting files,
> reconfiguring settings and altering photos. Compared with expensive
> military attacks, cyberwar tactics "seems like the kind of thing that
> a sophisticated military would want to experiment with," said Ben
> Edelman, assistant professor at Harvard Business School who has
> studied cyberattacks.
>
> "Imagine how devastating it would be to a military commander to lose
> access to a server that tells him where his troops are stationed and
> where he has resources," he said, adding that "this is the first time
> we've had such strong evidence of cyberwarfare."
>
> Instructions on how to mount such attacks are readily available on
> blogs, making it easy for a grass-roots effort to quickly escalate
> into a crippling assault, said Evgeny Morozov, a technology consultant
> based in Berlin who has tracked blogs in Georgia and Russia.
>
> Figuring out who is behind the attacks has been difficult, Deibert
> said, because of complex routing methods and a multitude of connection
> exchanges. The Internet's infrastructure is a maze of lines laid by
> different service providers traversing many countries, masking how
> information is traveling -- or blocked.
>
> "It's an ongoing battle in documenting where it's coming from and
> helping people get around it," he said.
>
> In Georgia, which is not as dependent on the Internet as other
> nations, the cyberattack mainly hindered the government's ability to
> communicate with its citizens and others during the fighting. The
> Georgian Foreign Ministry's Web site, for example, was disabled except
> for a collage that compared Georgian President Mikheil Saakashvili to
> Adolf Hitler.
>
> "Battles today are as much about ideas and images as they are
> territories," Deibert said. "If you're a military and intelligence
> agency, you're going to take down information that is in opposition
> and control the message."
>
> To get around the blockade, Georgian officials relocated national Web
> sites to addresses hosted by Google's Blogspot, whose U.S. servers are
> more immune to attack. Citizens used blogging platforms such as
> LiveJournal -- the dominant platform in Russia and Georgia -- to post
> their own reactions during the fighting.
>
> For example, a Georgian refugee from Abkhazia who blogs under the name
> Cyxymu on LiveJournal posted photos of Russian troops entering the
> Georgian town of Gori. The blogger said the photos were taken after
> Russia had announced its withdrawal, proving, he said, that fighting
> continued.
>
> Morozov said only a few hundred Georgians used blogs to communicate
> with people outside the country. Even that tool was threatened, he
> said, when a group of Russian bloggers sent a letter asking Sup, the
> Russian company that owns and manages LiveJournal, to censor posts
> with pro-Georgian sentiment. Sup did not comply.
>
> Givi Bitsadze, in Tbilisi, used microblogging site Twitter to share
> updates about the fighting in English and Russian.
>
> "Tbilisi is still safe, but other cities are under attack, bombs kinda
> stopped, but Russian soldiers are breaking in a houses," one post read
> yesterday. He also noted an Olympic victory: "Georgia beats Russia in
> beach volleyball."
>
> The cyberwar will most likely serve as a Web security wake-up call,
> Morozov said.
>
> "Georgia was completely unprepared to the fact that all this
> information was on the Internet," he said. "I think it taught them --
> and a lot of people -- a lesson."
>
>
>
>
> On Aug 18, 2008, at 9:00 AM, John Walubengo wrote:
>> Hi all,
>>
>> Hpe u had a good weekend. Today is day 6 of 10, but the theme is
>> still on legal issues.
>>
>> I still cant believe the learned friends have not spoken and left
>> everything to Alex and Mike. If any of you runs into Evelyn R.,
>> Kihanya J., Omo J. or Clara R. just to mention a few, ask them if
>> they can give us a shout without us having to 'open a file'
>>
>> We have only today for this since tomorrow we move into the Economic
>> Issues to be facilitated by a renowned IG expert to be unveiled in
>> due course.
>>
>> walu.
>>
>> --- On Sat, 8/16/08, Alex Gakuru <alex.gakuru at yahoo.com
>> <mailto:alex.gakuru at yahoo.com>> wrote:
>>
>>> From: Alex Gakuru <alex.gakuru at yahoo.com <mailto:alex.gakuru at yahoo.com>>
>>> Subject: Re: [kictanet] Day 5 of 10: IG Discussions, Legal Issues
>>> To: jwalu at yahoo.com <mailto:jwalu at yahoo.com>
>>> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke
>>> <mailto:kictanet at lists.kictanet.or.ke>>
>>> Date: Saturday, August 16, 2008, 11:17 AM
>>> G8 links!
>>>
>>> The introduction to this topic was on the presumption that
>>> consumers were the criminals proceeding to outline law
>>> enforcement challenges. The most convenient and common form
>>> of misrepresenting cyber crimes and law -- first take away
>>> all their rights then they struggle to regain one after the
>>> other... It is good that Mike presents both sides of the
>>> story.
>>> Telecommunication companies hold massive data on all
>>> individuals and they ensure that their on their "Terms
>>> of Use" and contracts users are "guilty until
>>> proven innocent" and the companies are at liberty to do
>>> whatever they please with our personal data.
>>>
>>> Consider below extract from a local telecommunication
>>> company's Terms of Use: -
>>> ------------
>>> 5. Use of your information
>>>
>>> (The Company) may hold and use information provided by you
>>> for a number of purposes, which may include:
>>>
>>> (a) Carrying out any activity in connection with a legal,
>>> governmental or regulatory requirement on (The Company) in
>>> connection with legal proceedings or in respect of crime or
>>> fraud prevention, detection or prosecution.
>>>
>>> (b) Monitoring or recording of your communications for (The
>>> Company)’s business purposes such as marketing, quality
>>> control and training, prevention of unauthorised use of
>>> (The Company)’s telecommunications system and ensuring
>>> effective systems operation in order to prevent or detect
>>> crime.
>>>
>>> ---------
>>>
>>> "May include" does not mean "limited
>>> to" - implying that they are allowed, for example, to
>>> share, sell, etc private data to their partners... Exactly
>>> what Mike points out to on the Business Week link.
>>>
>>> Framed in ways suggestive of company "law
>>> enforcer" (illegal roles) onto "guilty"
>>> users. Notice how "Intellectual Property" is
>>> conveniently repeated. Or is it be assumed that consumers do
>>> not have any "intellectual property" they would
>>> wish protected? the companies should abide to also protect.
>>> BTW, There is an IGF Dynamic Coalition movement calling for
>>> a balance between Intellectual Property and development
>>> which includes Access to Knwoledge
>>> (A2K).<http://www.ipjustice.org>. Very resourceful!
>>>
>>>
>>> Supposing earlier proposed M-Medicine went ahead in East
>>> Africa? Sold ailments data to pharmaceutical companies, that
>>> would hike medicines prices in outbreak zones at selected
>>> locations... You go to a bank with a water-tight business
>>> proposals and all bank turn you down. Reason? They have
>>> shared your medical history and they think you will soon
>>> "sleep in the shamba" your excellent business
>>> proposals notwithstanding.
>>>
>>> In summary, unless Data Protection and Privacy Laws are
>>> enacted, the default should be to deny all telecommunication
>>> companies legal loophole to trade with personal information.
>>> And it should be seen to be enforced.
>>>
>>> On a lighter note, should I sue a WiFi company for
>>> trespassing when their signals enter my laptop, or should
>>> they sue me for illegally access of their signal? Over to
>>> Ben Shihanya.
>>>
>>> Thanks again Mike!
>>>
>>>
>>> --- On Fri, 8/15/08, Mike Theuri
>>> <mike.theuri at gmail.com <mailto:mike.theuri at gmail.com>> wrote:
>>>
>>>> From: Mike Theuri <mike.theuri at gmail.com
>>>> <mailto:mike.theuri at gmail.com>>
>>>> Subject: Re: [kictanet] Day 5 of 10: IG Discussions,
>>> Legal Issues
>>>> To: alex.gakuru at yahoo.com <mailto:alex.gakuru at yahoo.com>
>>>> Cc: "KICTAnet ICT Policy Discussions"
>>> <kictanet at lists.kictanet.or.ke <mailto:kictanet at lists.kictanet.or.ke>>
>>>> Date: Friday, August 15, 2008, 2:11 PM
>>>> Not a legal opinion: It would be very difficult to
>>> apply
>>>> existing common law
>>>> (analogous to jurisprudence) to electronic crimes
>>> committed
>>>> in a new era,
>>>> atleast within the local context.
>>>>
>>>> For these reasons it is necessary to define the crimes
>>>> under distinct and
>>>> separate legislation. Due to the borderless nature of
>>> the
>>>> Internet (see
>>>> shared link), it is necessary for such legislation to
>>> take
>>>> a broad
>>>> approach into account.
>>>>
>>>> For instance there ought to be provisions that allow
>>> local
>>>> authorities to
>>>> seek the arrest and extradition of foreign based
>>> suspects
>>>> from other
>>>> jurisdictions for electronic crimes committed against
>>>> citizens or local
>>>> infrastructure owned by individuals or entities even
>>> though
>>>> the suspects at
>>>> the time of commission of the crime were present in
>>> other
>>>> jurisdictions.
>>>>
>>>> The same provision can allow private parties to pursue
>>>> civil remedies in a
>>>> similar matter and give them the basis where possible
>>> to
>>>> enforce the
>>>> judgement in the defendant's jurisdiction.
>>>>
>>>> This for example would close the possible
>>> jurisdictional
>>>> loophole
>>>> of individuals crossing borders so as to commit
>>> electronic
>>>> crimes from a
>>>> country that lacks electronic crime laws. Current law
>>> is
>>>> ill equipped in
>>>> ensuring civil remedies, prosecution or arrest of
>>> local or
>>>> international
>>>> cyber criminals, 419ers, lurers of minors, harassers,
>>>> electronically
>>>> transmitted or created threats (threats to a person,
>>>> threats to
>>>> infrastructure by way of viruses, malaware, DoS etc)
>>> etc
>>>> neither is it
>>>> likely to be in a position to ensure serious
>>> consequences
>>>> or deterents for
>>>> the same or allow for the definition of crimes as
>>>> distinguished here for an
>>>> international gang of culprits:
>>>>
>>> http://www.secretservice.gov/press/GPA15-08_CyberIndictments_Final.pdf
>>>>
>>>> It was recently reported that a bill or regulations to
>>>> protect the data of
>>>> consumers would be brought about as a means of
>>> regulating
>>>> the CRBs. This
>>>> could be model legislation/regulations to adopt to
>>> ensure
>>>> that the public
>>>> has a say in the manner in which their private
>>> information
>>>> is used.
>>>>
>>>> At the same time consumers ought to be able to
>>> instruct
>>>> companies with whom
>>>> they have business relationships with not to share
>>> that
>>>> same information
>>>> with 3rd parties without their prior consent (ie
>>>> opt-in/out). This is only
>>>> effective if there are laws or regulations to provide
>>> for
>>>> consequences when
>>>> businesses violate the same.
>>>>
>>>> As CRBs take root, there will be a likelihood that
>>> similar
>>>> bureaus or
>>>> entities will eventually start sharing information in
>>> real
>>>> time, for example
>>>> an underwriter of an insurance policy might want to
>>> check
>>>> an individual's
>>>> claim history across the industry to determine the
>>> level of
>>>> risk the insured
>>>> poses in determining policy premiums. Similarly an
>>>> organization may want to
>>>> conduct background checks for prospective employees in
>>>> privately maintained
>>>> electronic databases.
>>>>
>>>> It is important that instead of regulations or laws
>>> being
>>>> formed for sectors
>>>> of the economy, that national data privacy laws and
>>>> regulations be defined
>>>> (or ammended) and on that basis refinement of specific
>>>> regulations/laws
>>>> could be made for sectors that require specific data
>>>> requirements. Such
>>>> regulatory foresight can reduce or avert the occurence
>>> of
>>>> issues such as
>>>> those seen here:
>>>>
>>> http://www.businessweek.com/magazine/content/08_31/b4094000643943.htm?campaign_id=rss_null
>>>>
>>>>
>>>> On Fri, Aug 15, 2008 at 12:21 AM, John Walubengo
>>>> <jwalu at yahoo.com <mailto:jwalu at yahoo.com>> wrote:
>>>>
>>>>> Mornings,
>>>>>
>>>>> Today and next Monday, we intend to thrash out
>>> the
>>>> legal dimensions of
>>>>> Internet Governance. The typical issues revolve
>>>> around:
>>>>> -Jurisdiction & Arbitration (who resolves
>>>> e-disputes)
>>>>> -Copyright & IPR (are they pro or
>>>> anti-development?)
>>>>> -Privacy and Data Protection (how is the
>>> e-Citizens
>>>> data abused/protected?)
>>>>>
>>>>> I do hope the 'learned' friends will chip
>>> in
>>>> since I cannot pretend to be
>>>>> an expert here as I introduce the general legal
>>>> principals. Basically,
>>>>> dispute resolutions can be done through,
>>>>> · Legislation;
>>>>> · Social norms (customs);
>>>>> · Self-regulation;
>>>>> · Regulation through code (software
>>> solution);
>>>>> · Jurisprudence (court decisions);
>>>>> · International law.
>>>>>
>>>>> There is however two broad conflicting schools of
>>>> thought when it comes to
>>>>> resolving disputes occasioned by the Internet.
>>> One
>>>> group claims that
>>>>> whatever happens online does have an equivalent
>>>> 'off-line' characteristics
>>>>> and as such existing laws can easily be applied.
>>> E.g
>>>> stealing money
>>>>> electronically is no different from stealing
>>> money
>>>> physically and so Robbery
>>>>> charges and subsequent jurisdictional procedures
>>> could
>>>> apply. However, the
>>>>> second group feels that electronic crimes have a
>>>> totally different context
>>>>> and must have a separate and totally new set of
>>>> legislation or methodologies
>>>>> for resolutions.
>>>>>
>>>>> The borderless nature of the Internet brings to
>>> fore
>>>> the Challenges of
>>>>> Jurisdiction and Arbitration as in
>>> yesterday's
>>>> example, where content in one
>>>>> country may be illegal but is legal in another.
>>>> Copyright and Intellectual
>>>>> Property Rights issues are also explosive as
>>>> demonstrated by the Napster
>>>>> Case, where some young software engineers created
>>>> software that facilitated
>>>>> sharing of (SONY) Music files across the
>>> Internet.
>>>> Also related was the case
>>>>> of Amazon.com trying to Patent the
>>>> 'single-click' method of buying goods
>>>>> online.
>>>>>
>>>>> Other cases touch on Data Privacy where Business
>>>> Companies have been known
>>>>> to sell customer records to Marketing firms
>>> without
>>>> express authority from
>>>>> the Customers. Other times customer data is
>>> simply
>>>> hacked into and
>>>>> Businesses are unable to own up (going public) to
>>> the
>>>> detriment of the
>>>>> Customer.
>>>>>
>>>>> Most of these issues are under discussion
>>>> internationally at the Internet
>>>>> Governance Forum (IGF), World Intellectual
>>> Property
>>>> Organization (WIPO)
>>>>> amongst other fora. They present emerging legal
>>>> challenges and it would be
>>>>> interesting to know if stakeholders in the East
>>>> African region are/should be
>>>>> involved in shaping the outcomes of any of these
>>>> issues.
>>>>>
>>>>> 2days on this one, today and next Monday and feel
>>> free
>>>> to belatedly respond
>>>>> to Day 1 through Day 5 issues.
>>>>>
>>>>> References:
>>>>> http://www.diplomacy.edu/ISL/IG/
>>>>> http://en.wikipedia.org/wiki/Napster
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> kictanet mailing list
>>>>> kictanet at lists.kictanet.or.ke <mailto:kictanet at lists.kictanet.or.ke>
>>>>>
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>>
>>>>> This message was sent to: mike.theuri at gmail.com
>>>>> <mailto:mike.theuri at gmail.com>
>>>>> Unsubscribe or change your options at
>>>>>
>>>>
>>> http://lists.kictanet.or.ke/mailman/options/kictanet/mike.theuri%40gmail.com
>>>>>
>>>> _______________________________________________
>>>> kictanet mailing list
>>>> kictanet at lists.kictanet.or.ke <mailto:kictanet at lists.kictanet.or.ke>
>>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>
>>>> This message was sent to: alex.gakuru at yahoo.com
>>>> <mailto:alex.gakuru at yahoo.com>
>>>> Unsubscribe or change your options at
>>>>
>>> http://lists.kictanet.or.ke/mailman/options/kictanet/alex.gakuru%40yahoo.com
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> kictanet mailing list
>>> kictanet at lists.kictanet.or.ke <mailto:kictanet at lists.kictanet.or.ke>
>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>
>>> This message was sent to: jwalu at yahoo.com <mailto:jwalu at yahoo.com>
>>> Unsubscribe or change your options at
>>> http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
>>
>>
>>
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke <mailto:kictanet at lists.kictanet.or.ke>
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> This message was sent to: brian at caret.net <mailto:brian at caret.net>
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/brian%40caret.net
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> This message was sent to: alice at apc.org
> Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/alice%40apc.org
>
More information about the KICTANet
mailing list