[kictanet] [Skunkworks] Media Misleading Citizens?-One Man Security?
John Kariuki
ngethe.kariuki2007 at yahoo.co.uk
Thu Mar 22 08:47:35 EAT 2012
Listers,
If we agree that preservation of security is the role of state organs and in the physical world Kenyans are willing to cede some "privacy" , by allowing to be searched,to have handbags opened and even produce ID cards; we need to ask ourselves why the state should not provide security in the virtual world especially in light of recent serious cyber threats in our country.
Section 83C of Cap.411A mandates CCK to promote public confidence in the integrity and reliability of electronic records and electronic transactions. Can there be public confidence in electronic records and transactions without cyber security?
And if state organs do not do it;Who will?
John Kariuki
________________________________
From: Barrack Otieno <otieno.barrack at gmail.com>
To: ngethe.kariuki2007 at yahoo.co.uk
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke>
Sent: Thursday, 22 March 2012, 7:45
Subject: Re: [kictanet] [Skunkworks] Media Misleading Citizens?-One Man Security?
Thanks Moses, in view of all this whats your proposed way forwad since
we should not debate for the sake of it, i think CCK is just an
implementing entity and we should not focus too much energy on it,
what is the role of other stakeholders in countering Cyber threats in
Kenya?, first i would wish to correct you when you talk of a one man
show because i have been involved in various multistakeholder
initiatives as a professional in Standards developement and as a
member of the society through various fora that have been initiated by
the regulator, there are many bodies such as ISACA, KEBS, CCK, playing
key roles if you do a check
On 3/21/12, Moses Muya <mouzmuyer at gmail.com> wrote:
> First of all,good evening Sir!
>
> mmmhhh...I think a better question to ask is whether you want the
> Government or Regulator to have this type of legal backing. Wearing my
> security hat, I can tell you for free that national cyber-security
> initiatives can never be effective using a "one-stakeholder, do it as I
> say" approach...(unless u are in China and related cousins like North
> Korea) *- In my opinion,after the Government has shown interest in
> something,they are very likely to pursue it to the end. As our former
> President would say,"Mpende msipende" (whether we want it or not) ,this
> system or a variant of the same will be installed! Actually,as we speak,the
> NSIS conducts various forms of electronic surveillance on us. The only
> choice we have is whether we will allow the Government to spy on us as they
> please without any grounds for doing that or whether we will force them to
> follow the correct legal channels. It's a matter of choosing the lesser
> evil. Btw,have you noticed how silent The CCK has been on this matter? They
> have not denied the existence of such a system.*
>
> Lets for a moment imagine that there is legal backing and ALL Operators are
> compelled to install this gadget. Would we then claim to be electronically
> safer? *- Not at all! Judging by the fact that 103 websites were hacked by
> a junior student from Indonesia,I wouldn't depend on the Government to
> provide any security. I'm afraid we are on our own on this one and it's our
> responsibility as individuals to make sure we have the right policies
> within our organisations that will safeguard our ICT/Telecommunications
> infrastructure.*Research shows that over 75% of electronic fraud/crime
> originates and is executed internally (like within Banks/Organisations) and
> hence putting gadgets at the Operators level presupposes the most of the
> bad guys are comming in from the "outside". Fine you may catch the
> minotrity thugs (25%) but have not impact on the majority internal thugs
> (the 75%...) *- I agree. However,I think the kind of security that the
> Government is talking about is not limited to 'eSecurity' per se but
> rather criminal acts/terrorism planned using electronic means and executed
> 'offline'. For example,the system will flag a person who has been using an
> email address to plan an attack on building X in Nairobi. Law enforcement
> agencies will then follow up on this issue and possibly bring the culprit
> to book. I stand to be corrected on this one. *
>
> A secondary but equally important point, is what would stop the Director
> General (my good friend Wangusi) to use the very same equipment to block
> internet traffic into and out of the Kenyan space? Especially if Kenyans
> are trying to do the equivalent of the Arab uprising on
> Twitter/FB/etc...which is likely considering our politics is not really
> improving (but I digress) *- Proper legal frameworks? Saying the Government
> should not have this kind of power because they will misuse it is
> tantamount to saying the police should not be given guns since they are
> likely to shoot innocent civilians! It's all a matter of implementing
> proper laws and proper ethics on the Government's side.*
>
> Am not purely against security gadgets being installed. Am against a
> framework that puts one man or woman in charge of these gadgets. Even our
> new constitution puts the Police and Security Intelligence bosses under
> Parliament (210 MPs?) *- I agree. On the political aspect of it,having 210
> members of parliament to decide on anything will simply extend the time
> taken but won't necessarily stop something that has been rejected by the
> masses. As we have seen in the past,parliament does not choose what is best
> for the citizens but what is best for the members' survival,it all depends
> on political affiliations of the member moving the motion and those seeking
> to support or reject it. We have also seen how the promises of financial
> heavens can sway the opinions of the most sober-minded M.Ps! One more
> shocker, most of the politicians in the U.S who were in support of
> SOPA/PIPA did not have in-depth knowledge of how these laws would be
> implemented and their effects on the citizens. How much worse would it be
> in Kenya where ignorance is more prevalent?*
>
> If we are not carefull we may be basically putting Kenya back to the days
> of one-man-show. Remember one broadcasting station - Voice of Kenya?
> remember KPT&C - the days of JamboNet? Same thing here on the offing - if
> we are to believe what has been published in the press (and why not, no one
> from CCK has protested as being misquoted) .
>
> On 21 March 2012 18:49, Walubengo J <jwalu at yahoo.com> wrote:
>
>> --- On *Wed, 3/21/12, Moses Muya <mouzmuyer at gmail.com>* wrote
>> >snip
>> The only question that comes to mind is whether the Government has the
>> right legal backing to do this.
>> >snip
>>
>> mmmhhh...I think a better question to ask is whether you want the
>> Government or Regulator to have this type of legal backing. Wearing my
>> security hat, I can tell you for free that national cyber-security
>> initiatives can never be effective using a "one-stakeholder, do it as I
>> say" approach...(unless u are in China and related cousins like North
>> Korea)
>>
>> Lets for a moment imagine that there is legal backing and ALL Operators
>> are compelled to install this gadget. Would we then claim to be
>> electronically safer? Research shows that over 75% of electronic
>> fraud/crime originates and is executed internally (like within
>> Banks/Organisations) and hence putting gadgets at the Operators level
>> presupposes the most of the bad guys are comming in from the "outside".
>> Fine you may catch the minotrity thugs (25%) but have not impact on the
>> majority internal thugs (the 75%...)
>>
>> A secondary but equally important point, is what would stop the Director
>> General (my good friend Wangusi) to use the very same equipment to block
>> internet traffic into and out of the Kenyan space? Especially if Kenyans
>> are trying to do the equivalent of the Arab uprising on
>> Twitter/FB/etc...which is likely considering our politics is not really
>> improving (but I digress)
>>
>> Am not purely against security gadgets being installed. Am against a
>> framework that puts one man or woman in charge of these gadgets. Even our
>> new constitution puts the Police and Security Intelligence bosses under
>> Parliament (210 MPs?)
>>
>> If we are not carefull we may be basically putting Kenya back to the days
>> of one-man-show. Remember one broadcasting station - Voice of Kenya?
>> remember KPT&C - the days of JamboNet? Same thing here on the offing - if
>> we are to believe what has been published in the press (and why not, no
>> one
>> from CCK has protested as being misquoted) .
>>
>> walu.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --- On *Wed, 3/21/12, Moses Muya <mouzmuyer at gmail.com>* wrote:
>>
>>
>> From: Moses Muya <mouzmuyer at gmail.com>
>> Subject: Re: [kictanet] [Skunkworks] Media Misleading Citizens?
>> To: jwalu at yahoo.com
>> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
>> Date: Wednesday, March 21, 2012, 5:07 PM
>>
>> To the best of my understanding,the story makes perfect sense! The
>> government wants to implement N.E.W.S and ITU is helping it. One of ITU's
>> objective is "To improve telecommunication infrastructure in the
>> developing world and to establish worldwide standards". If part of
>> "worldwide standards" is using telecommunications infrastructure to
>> safeguard the security and interests of a country,they are the correct
>> people to help in this. Moreover,seeing as ITU is part of the U.N,I would
>> argue that they have the financial and technical might needed to do this.
>> The only question that comes to mind is whether the Government has the
>> right legal backing to do this.
>>
>> On 21 March 2012 09:03, Barrack Otieno
>> <otieno.barrack at gmail.com<http://mc/[email protected]>
>> > wrote:
>>
>> Moses,
>>
>> The reason i called it misinformation is that the acting DG was on the
>> media when the deal was being signed , unless i was watching Al
>> Kajiado TV and i never heard anything like this, furthermore last
>> year we had a Cyber Security Workshop hosted by CCK where all those
>> issues were explained but i dont recall seeing brethren from the
>> fourth estate, that is why i proposed that they should do more
>> research, imho this kind of reporting can defeat the war on
>> Cybersecurity since the people are an integral part of the Cyberworld.
>>
>> On 3/21/12, Moses Muya
>> <mouzmuyer at gmail.com<http://mc/[email protected]>>
>> wrote:
>> > I wouldn't be quick to call this 'misinformation'. Such systems have
>> > been
>> > deployed the world over,even by the biggest democracies! It all depends
>> on
>> > the Government's objectives for doing this - they could go the U.S.A way
>> > and crack down on terrorism or they could go the China way and use it to
>> > oppress us!
>> >
>> > On 21 March 2012 08:27, Barrack Otieno
>> > <otieno.barrack at gmail.com<http://mc/[email protected]>>
>> wrote:
>> >
>> >> Listers,
>> >>
>> >> I just saw this on the wall of a popular media house and i am appalled
>> >> by the misinformation, why can't our dear journalists do more research
>> >> before publishing info, i see why Prof Nyong'o was so agitated during
>> >> the Interview on Citizen TV, this is really dangerous? below is the
>> >> text..
>> >>
>> >> The Communications Commission of Kenya could have access to your
>> >> personal internet content by July this year, if a plan they have set
>> >> in motion succeeds. The CCK has signed a 32.6 million shilling deal
>> >> with the International Telecommunications Union (ITU) to install a
>> >> system that will monitor all incoming and outgoing internet content in
>> >> Kenya, and has already requested local internet service providers and
>> >> telecommunications institutions to install it.
>> >>
>> >> Do you think this is right?
>> >>
>> >> Hope the concerned will react on time.
>> >>
>> >> --
>> >> Barrack O. Otieno
>> >> +254721325277
>> >> +254-20-2498789
>> >> Skype: barrack.otieno
>> >> http://www.otienobarrack.me.ke/
>> >> _______________________________________________
>> >> Skunkworks mailing list
>> >> Skunkworks at lists.my.co.ke<http://mc/[email protected]>
>> >> ------------
>> >> List info, subscribe/unsubscribe
>> >> http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> ------------
>> >>
>> >> Skunkworks Rules
>> >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> >> ------------
>> >> Other services @ http://my.co.ke
>> >>
>> >
>> >
>> >
>> > --
>> > Kind Regards,
>> >
>> > Moses Muya.
>> >
>>
>>
>> --
>> Barrack O. Otieno
>> +254721325277
>> +254-20-2498789
>> Skype: barrack.otieno
>> http://www.otienobarrack.me.ke/
>> _______________________________________________
>> Skunkworks mailing list
>> Skunkworks at lists.my.co.ke <http://mc/[email protected]>
>> ------------
>> List info, subscribe/unsubscribe
>> http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>>
>> Skunkworks Rules
>> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
>> ------------
>> Other services @ http://my.co.ke
>>
>>
>>
>>
>> --
>> Kind Regards,
>>
>> Moses Muya.
>>
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke<http://mc/[email protected]>
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and
>> development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>>
>
>
> --
> Kind Regards,
>
> Moses Muya.
>
--
Barrack O. Otieno
+254721325277
+254-20-2498789
Skype: barrack.otieno
http://www.otienobarrack.me.ke/
_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet
Unsubscribe or change your options at http://lists.kictanet.or.ke/mailman/options/kictanet/ngethe.kariuki2007%40yahoo.co.uk
The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for people and institutions interested and involved in ICT policy and regulation. The network aims to act as a catalyst for reform in the ICT sector in support of the national aim of ICT enabled growth and development.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120322/919b5484/attachment.htm>
More information about the KICTANet
mailing list