[kictanet] Kenya IGF 2010, Discussions :Day 6 of 8 Theme:E-Crime, Online Privacy & Data Security.
Barrack Otieno
otieno.barrack at gmail.com
Tue Jul 13 16:27:41 EAT 2010
Dear Judy, distinguished listers,
I will attempt to crack this menu:
ecrime: in so far as electronic crime is concerned insecurity means
different things to different people, the first step in my humble opinion
would be to educate the public on issues such as the importance of contracts
and or service level agreements (ISACA can come in here), you are right Judy
when you ask what happens when a client loses money? does it turn out to be
a wild goose chase, will the corporates pay back just to save face?, i
suppose it is high time we developed elaborate measure that would compel the
client and the service provider to take responsibility in so far as their
obligations towards security are concerned so that should a problem occur it
is easy to see who is on the wrong (service level agreements). It is common
practice that most of us walk around with the ATMs of our significant
others :-) whether this is correct or not , the people will decide since it
puts to test basic policies for security in so far as e-commerce is
concerned, this is a direct challenge to the Consumer affairs depart at the
Communications Commision of Kenya and the relevant Consumer constituencies
and advocacy organisations to educate the public.
I agree with Walu, Business and innovation will not always wait for
regulation, regulation in fact comes to streamline business (read fairplay)
meaning it is not always easy to regulate a new idea when it begins since
you need to understand it at first.
*Evoting*
In so far as E-voting is concerned i am pertubed by the way the exercise is
being conducted, anyway, even making mistakes can be termed as learning.
IMHO evoting is an intricate subject based on the issues around it, Voting
is a question of trust. Flashback to the controversies sorrounding the
election in the USA in 2004
http://en.wikipedia.org/wiki/2004_United_States_election_voting_controversies,
shows how this concept is giving the developed world a headache. There are
questions regarding procurement of the e-voting machines, in the
aforementioned case, Financiers of one of the leading contenders for the
presidential election happened to be suppliers of the e-voting machines
which brings in the question of who should supply this machines. India being
one of the countries that has done well in this regard
http://en.wikipedia.org/wiki/Indian_voting_machines Chose to have public
entities design the machines, i wonder if we might want to attempt this or
outsource the manufacturing of the machines, considering past experiences.
Brazil has also been very successfull in so far as e-voting is
concerned http://en.wikipedia.org/wiki/Elections_in_Brazil
<http://en.wikipedia.org/wiki/Elections_in_Brazil>
Apparently Brazil hires out their machines as stipulated in the reference
material above and i wonder whether our new found alliance would herald
greater things to come. Non the less the point i am trying to raise is that
e-voting should be as transparent as possible because an election is hinged
on trust, this is why we need the Freedom of Information Bill or act as a
matter of urgency, there is not secrecy or classification when it comes to
elections otherwise we shall be headed for disaster.
This is my take on the issues you have raised.
On Mon, Jul 12, 2010 at 3:25 PM, Judy Okite <judyokite at gmail.com> wrote:
> Mr. Walubengo,
>
> thank you for the clarifications.
>
> what would create the demand for Data Protection Bill/Act and Freedom of
> Information Bill/Act?
>
> Kind Regards,
>
>
> On Mon, Jul 12, 2010 at 3:07 PM, Walubengo J <jwalu at yahoo.com> wrote:
>
>> @Judy,
>>
>> in general technology tends to moves ahead of its security
>> implications...and so all these MPESA/MKESHO/ and/or eCommerce in general
>> will always happen before laws and regulations catch up. It only becomes an
>> issue if such laws take a relatively longer period to happen. Within the
>> Kenyan Context so far.
>>
>> 1. Kenya Comm. Amendement Act (2009) - done (good for ecommerce)
>> 2. Data Protection Bill/Act - NOT YET DONE -wonder @ what level this is
>> 3. Freedom of Information Bill/Act - NOT YET DONE - wonder @ what level
>> this is
>>
>> These three laws are complimentary within the ICT/IS security domain and
>> must eventually be delivered sooner rather than later...
>>
>> walu.
>> nb: visit www.isaca.or.ke and see more of what ISACA-Kenya are trying to
>> do in contributing in this security space...
>>
>>
>>
>> --- On *Mon, 7/12/10, Judy Okite <judyokite at gmail.com>* wrote:
>>
>>
>> From: Judy Okite <judyokite at gmail.com>
>> Subject: Re: [kictanet] Kenya IGF 2010, Discussions :Day 6 of 8
>> Theme:E-Crime, Online Privacy & Data Security.
>> To: jwalu at yahoo.com
>>
>> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
>> Date: Monday, July 12, 2010, 3:36 PM
>>
>>
>> Solomon,
>>
>> thank you....and I agree with you, irregardless of how many players may
>> have to be brought into it...we need to laws to protect the consumers as
>> well as the service providers.
>>
>> when we talk about e-crime, am sure that its not just about
>> MPESA/ZAP...lets take for example a personal experience, given to us by
>> Michuki, earlier last week...
>> and I quote
>>
>> "Well if you may, let me indulge you with my personal experience with my
>> bank regarding online transactions.
>>
>> My bank approached me with a new service called email authorization.
>> Which means that i can send an email to authorize transactions from my
>> account. Well as exciting as this may sound, i asked how would they be
>> in a position to validate that am the sender. At that point the bank had
>> no way to do so.
>>
>> All the same, i went ahead and said, i have a PGP key, would you be
>> willing to exchange keys with me so that you have a way of validating
>> that am the sender i.e encrypt my messages or digitally sign them for
>> security purposes. At that point it was clear that such a feature did
>> not exist.
>>
>> I have to give credit to my bank for taking the bold step of introducing
>> such a service. I would however have been even more glad if they
>> supported digital email signatures or PGP for email authorizations. But
>> then again, how many people actually use this?."
>>
>> the introduction to online services, is GREAT! it could be towards the
>> right direction, .....BUT are we jumping before we leap? again I ask, are we
>> being oblivious to the implications?
>>
>> Kind Regards,
>>
>> On Mon, Jul 12, 2010 at 1:18 PM, Solomon Mburu Kamau <
>> solo.mburu at gmail.com <http://mc/compose?to=solo.mburu@gmail.com>> wrote:
>>
>>>
>>>
>>> On 12 July 2010 12:54, Judy Okite <judyokite at gmail.com<http://mc/compose?to=judyokite@gmail.com>
>>> > wrote:
>>>
>>>> Wesley and Solomon,
>>>>
>>>> Thank you for your contributions, what are we saying? these platforms
>>>> are here with us and we are using them, we have fallen victims,
>>>>
>>>> whichever way that has been dealt with outside, the public forum, is
>>>> upto the person's concerned?
>>>>
>>>> do you you wait until you become a victim, before you know which law
>>>> applies or will apply?
>>>>
>>>> However, that said, MPESA/ZAP/SOKOTELE was/has been in operation for a
>>>> while, the KCA 2009 never captured it or atleast the IT part of it. why?
>>>>
>>>
>>> You've touched on a classic mobile money transfer (SOKOTELE) which was
>>> not as vibrant as is successor, ZAP!
>>> To answer your question, I think the KCA 2009 was developed as a need for
>>> supply and not demand. By this, I mean that the regulator saw it wise to
>>> have law that governs the use of technology and its related programmes. One
>>> of the most important thing here is to understand there is a greater need to
>>> look at the dynamics of the platforms, and see ways in which to integrate
>>> them well into the laws of the land.
>>>
>>> When you are a victim of scam through the mobile money transfer, the
>>> providers must give ways in which a person can have the money back.
>>> Since the law is already in place, then once becoming a victim, should
>>> have a reprieve, though the providers are better placed to inform the public
>>> on how to go about!
>>>
>>>>
>>>> floor is open....
>>>>
>>>> Kind Regards,
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Mon, Jul 12, 2010 at 12:11 PM, Solomon Mburu Kamau <
>>>> solo.mburu at gmail.com <http://mc/compose?to=solo.mburu@gmail.com>>wrote:
>>>>
>>>>> Dear All,
>>>>>
>>>>> Inline responses
>>>>>
>>>>> On 12 July 2010 09:02, wesley kirinya <kiriinya2000 at yahoo.com<http://mc/compose?to=kiriinya2000@yahoo.com>
>>>>> > wrote:
>>>>>
>>>>>>
>>>>>> b) E-voting
>>>>>> 1. A human being only has 10 finger prints which cannot be replaced. I
>>>>>> think the public deserves to know how secure their finger prints are in the
>>>>>> e-system.
>>>>>>
>>>>>> 2. Is Kenya's election problem really an identity problem? Those are
>>>>>> problems where I would expect fingerprints to be captured. IMHO I think it's
>>>>>> a problem of non-existing people voting by ballot boxes being tampered with.
>>>>>> Technology can help with electronic capturing of the cast votes. I've not
>>>>>> heard much about this. If the problem is not really identity but
>>>>>> non-existing ppl voting, then stealing votes is still here with us...
>>>>>>
>>>>>> 8~)
>>>>>>
>>>>>>
>>>>>> --- On *Mon, 7/12/10, Judy Okite <judyokite at gmail.com<http://mc/compose?to=judyokite@gmail.com>
>>>>>> >* wrote:
>>>>>>
>>>>>>
>>>>>> From: Judy Okite <judyokite at gmail.com<http://mc/compose?to=judyokite@gmail.com>
>>>>>> >
>>>>>> Subject: [kictanet] Kenya IGF 2010, Discussions :Day 6 of 8
>>>>>> Theme:E-Crime, Online Privacy & Data Security.
>>>>>> To: kiriinya2000 at yahoo.com<http://mc/compose?to=kiriinya2000@yahoo.com>
>>>>>> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke<http://mc/compose?to=kictanet@lists.kictanet.or.ke>
>>>>>> >
>>>>>> Date: Monday, July 12, 2010, 1:45 AM
>>>>>>
>>>>>>
>>>>>> Good Morning,
>>>>>>
>>>>>>
>>>>>> I hope that we all, had a restful weekend! unless you were @ the
>>>>>> campaign trails :-)
>>>>>>
>>>>>> To the FIFA world cup2010 winners,SPAIN, CONGRATULATIONS!!
>>>>>>
>>>>>> To the rest, lets keep an eye on 2014…yet another chance to better our
>>>>>> skills J
>>>>>>
>>>>>>
>>>>>> As we continue with our discussions, your comments and contributions
>>>>>> to the former threads are welcome, just respond to the correct
>>>>>> subject/title.
>>>>>>
>>>>>> The next two days (Monday & Tuesday) we will be discussing:
>>>>>>
>>>>>> a) a) e-crime-
>>>>>>
>>>>>> Definition: E-crime is where a computer or other electronic
>>>>>> communications device (eg mobile phone) is used to commit an offence.
>>>>>>
>>>>>> Looking at this definition, the question on top of my head, is how
>>>>>> many transactions do we do through our mobile phones, in Kenya.
>>>>>>
>>>>>> a) MPESA, ZAP- transfer of money
>>>>>>
>>>>>> To my knowledge (I stand to be corrected) MPESA /ZAP still rides under
>>>>>> the umbrella of Telecommunication, banking and IT.
>>>>>>
>>>>>> Lately, you can pay your electricity bill, water bill etc…through this
>>>>>> medium.
>>>>>>
>>>>>> Their usage has increased and we have branded it innovation,
>>>>>> creativity, but are we being oblivious of the implications?
>>>>>>
>>>>>>
>>>>> When these 'innovations' were developed here in Kenya, we were
>>>>> apprehensive. First, it was because we were not sure whether such platforms
>>>>> were worthy emulating or using because, of obvious reasons such as security
>>>>> among others. Years later, the same problem still exists because of lack of
>>>>> mass education and capacity development for their use from the providers and
>>>>> regulator.
>>>>> Their are ramifications which are likely to be great since there are
>>>>> scams around alleged to be coming from the providers. This is just the tip
>>>>> of the iceberg. There are those who have fallen victims to the scams and a
>>>>> lot of money gotten lost.
>>>>> As the platforms become advanced, so are the thugs.
>>>>>
>>>>>> Where or who do you approach in loss of your money?
>>>>>>
>>>>>> KPLC or Safaricom/Zain?etc and many other services that we are paying
>>>>>> for using MPESA/ZAP
>>>>>>
>>>>>> In normal situation, one should approach their respective provider in
>>>>> case of a loss of money. If for example, I was to pay KShs. 2,000 for my
>>>>> electricity using MPESA or ZAP, and typed a wrong account, KPLC will is not
>>>>> the custodian of these platforms, but Safaricom and Zain respectively!
>>>>>
>>>>>>
>>>>>>
>>>>>> b) b) E-voting
>>>>>>
>>>>>> Definition: is an election system that allows a voter to record his
>>>>>> or her secure and secret ballot electronically.
>>>>>>
>>>>>> Currently we have a pilot project on e-voting that will first be
>>>>>> tested, during the referendum on 4th August 2010.there are at least
>>>>>> 1.5 million new voters in the 18 EVR pilot constituencies.
>>>>>>
>>>>>> more info:
>>>>>> http://www.standardmedia.co.ke/InsidePage.php?id=2000007579&cid=4&ttl=Kenya%20enters%20era%20of%20electronic%20voting
>>>>>>
>>>>>> In the recent days, we have experienced instances of ‘computer error’
>>>>>> within the Ministry of Finance and Education, what happens when the same
>>>>>> happens with the IIEC?
>>>>>>
>>>>>> What do we have in place as a country, to ensure that this does not
>>>>>> happen
>>>>>>
>>>>>> and if it does, does IIEC have the technical know-how?
>>>>>>
>>>>>> and as Kenyans, are we assured that such a case will have
>>>>>> ‘e-evidence’ on how and when and where the ‘computer error’ took place?
>>>>>>
>>>>>>
>>>>> I'm still going by what Wesley put forth. Without capacity development,
>>>>> the end-users are 'bombarded' with pilot programs without involving them.
>>>>> Ideally, it would work 'well' if the voters were given enough education on
>>>>> how to register, follow-up and vote using electronic voter registry
>>>>> (platform). Security is also another thing that requires much attention
>>>>> since there is no assurance that the e-voting is secure and free from any
>>>>> hitch.
>>>>>
>>>>>>
>>>>>> I hope that these two are bound to see our inboxes full as it touches
>>>>>> on each and every one of us.
>>>>>>
>>>>>> Your thoughts, corrections, inputs, queries, reactions are welcome!
>>>>>>
>>>>>>
>>>>>>
>>>>>> Kind Regards,
>>>>>>
>>>>>> --
>>>>>> “To live is to choose. But to choose well, you must know who you are
>>>>>> and what you stand for, where you want to go and why you want to get there.”
>>>>>> Kofi Annan
>>>>>>
>>>>>> -----Inline Attachment Follows-----
>>>>>>
>>>>>> _______________________________________________
>>>>>> kictanet mailing list
>>>>>> kictanet at lists.kictanet.or.ke<http://mc/compose?to=kictanet@lists.kictanet.or.ke>
>>>>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>>>
>>>>>> This message was sent to: kiriinya2000 at yahoo.com<http://mc/compose?to=kiriinya2000@yahoo.com>
>>>>>> Unsubscribe or change your options at
>>>>>> http://lists.kictanet.or.ke/mailman/options/kictanet/kiriinya2000%40yahoo.com
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> kictanet mailing list
>>>>>> kictanet at lists.kictanet.or.ke<http://mc/compose?to=kictanet@lists.kictanet.or.ke>
>>>>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>>>
>>>>>> This message was sent to: solo.mburu at gmail.com<http://mc/compose?to=solo.mburu@gmail.com>
>>>>>> Unsubscribe or change your options at
>>>>>> http://lists.kictanet.or.ke/mailman/options/kictanet/solo.mburu%40gmail.com
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Solomon Mbũrũ Kamau
>>>>>
>>>>> *****************************************************
>>>>> Man is a gregarious animal and enjoys agreement as cows will graze all
>>>>> the same way to the side of a hill!
>>>>>
>>>>> AND
>>>>>
>>>>> It is better to die in dignity than in the ignomity of ambiguous
>>>>> generosity!
>>>>>
>>>>> http://smiley2.wordpress.com
>>>>> http://mburu.sikika.co.ke
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> kictanet mailing list
>>>>> kictanet at lists.kictanet.or.ke<http://mc/compose?to=kictanet@lists.kictanet.or.ke>
>>>>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>>>>
>>>>> This message was sent to: judyokite at gmail.com<http://mc/compose?to=judyokite@gmail.com>
>>>>> Unsubscribe or change your options at
>>>>> http://lists.kictanet.or.ke/mailman/options/kictanet/judyokite%40gmail.com
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> “To live is to choose. But to choose well, you must know who you are and
>>>> what you stand for, where you want to go and why you want to get there.”
>>>> Kofi Annan
>>>>
>>>
>>>
>>>
>>> --
>>> Solomon Mbũrũ Kamau
>>>
>>> *****************************************************
>>> Man is a gregarious animal and enjoys agreement as cows will graze all
>>> the same way to the side of a hill!
>>>
>>> AND
>>>
>>> It is better to die in dignity than in the ignomity of ambiguous
>>> generosity!
>>>
>>> http://smiley2.wordpress.com
>>> http://mburu.sikika.co.ke
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> “To live is to choose. But to choose well, you must know who you are and
>> what you stand for, where you want to go and why you want to get there.”
>> Kofi Annan
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke<http://mc/compose?to=kictanet@lists.kictanet.or.ke>
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> This message was sent to: jwalu at yahoo.com<http://mc/compose?to=jwalu@yahoo.com>
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
>>
>>
>>
>
>
> --
> “To live is to choose. But to choose well, you must know who you are and
> what you stand for, where you want to go and why you want to get there.”
> Kofi Annan
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> This message was sent to: otieno.barrack at gmail.com
> Unsubscribe or change your options at
> http://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com
>
>
--
Barrack O. Otieno
+41767892272
Skype: barrack.otieno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20100713/d817459d/attachment.htm>
More information about the KICTANet
mailing list