[kictanet] [Skunkworks] Media Misleading Citizens?-One Man Security?

Edwin Onchari eonchari at lynxbits.com
Thu Mar 22 09:12:55 EAT 2012


The issue here is not to oppose surveillance wholesome (I understand- we
live in a post 9/11 era), the issue is how will our privacy be protected
from the potentially overzealous custodians of the system(s)? By that I
mean, what will stop our "very competent" security organs from say selling
the information they gather during their surveillance escapades to third
parties who in turn will use it for political blackmail, business
undercutting, etc?  

 

Edwin

From: kictanet-bounces+eonchari=lynxbits.com at lists.kictanet.or.ke
[mailto:kictanet-bounces+eonchari=lynxbits.com at lists.kictanet.or.ke] On
Behalf Of John Kariuki
Sent: Thursday, March 22, 2012 8:48 AM
To: Edwin
Cc: KICTAnet ICT Policy Discussions
Subject: Re: [kictanet] [Skunkworks] Media Misleading Citizens?-One Man
Security?

 

Listers,

If we agree that preservation of security is the role of state organs and in
the physical world Kenyans are willing to cede some "privacy" , by allowing
to be searched,to have handbags opened and even produce ID cards; we need to
ask ourselves   why the state should not provide security in the virtual
world especially in light of recent serious cyber threats in our country.

Section 83C of Cap.411A mandates CCK to promote public confidence in the
integrity and reliability of  electronic records and electronic
transactions. Can there be  public confidence in electronic records and
transactions without cyber security?

And if  state organs do not do it;Who will?

 

John Kariuki

 

  _____  

From: Barrack Otieno <otieno.barrack at gmail.com>
To: ngethe.kariuki2007 at yahoo.co.uk 
Cc: KICTAnet ICT Policy Discussions <kictanet at lists.kictanet.or.ke> 
Sent: Thursday, 22 March 2012, 7:45
Subject: Re: [kictanet] [Skunkworks] Media Misleading Citizens?-One Man
Security?


Thanks Moses, in view of all this whats your proposed way forwad since
we should not debate for the sake of it, i think CCK is just an
implementing entity and we should not focus too much energy on it,
what is the role of other stakeholders in countering Cyber threats in
Kenya?, first i would wish to correct you when you talk of a one man
show because i have been involved in various multistakeholder
initiatives as a professional in Standards developement and as a
member of the society through various fora that have been initiated by
the regulator, there are many bodies such as ISACA, KEBS, CCK, playing
key roles if you do a check

On 3/21/12, Moses Muya <mouzmuyer at gmail.com> wrote:
> First of all,good evening Sir!
>
> mmmhhh...I think a better question to ask is whether you want the
> Government or Regulator to have this type of legal backing. Wearing my
> security hat, I can tell you for free that national cyber-security
> initiatives can never be effective using a "one-stakeholder, do it as I
> say" approach...(unless u are in China and related cousins like North
> Korea) *- In my opinion,after the Government has shown interest in
> something,they are very likely to pursue it to the end. As our former
> President would say,"Mpende msipende" (whether we want it or not) ,this
> system or a variant of the same will be installed! Actually,as we
speak,the
> NSIS conducts various forms of electronic surveillance on us. The only
> choice we have is whether we will allow the Government to spy on us as
they
> please without any grounds for doing that or whether we will force them to
> follow the correct legal channels. It's a matter of choosing the lesser
> evil. Btw,have you noticed how silent The CCK has been on this matter?
They
> have not denied the existence of such a system.*
>
> Lets for a moment imagine that there is legal backing and ALL Operators
are
> compelled to install this gadget.  Would we then claim to be
electronically
> safer? *- Not at all! Judging by the fact that 103 websites were hacked by
> a junior student from Indonesia,I wouldn't depend on the Government to
> provide any security. I'm afraid we are on our own on this one and it's
our
> responsibility as individuals to make sure we have the right policies
> within our organisations that will safeguard our ICT/Telecommunications
> infrastructure.*Research shows that over 75% of electronic fraud/crime
> originates and is executed internally (like within Banks/Organisations)
and
> hence putting gadgets at the Operators level presupposes the most of the
> bad guys are comming in from the "outside".  Fine you may catch the
> minotrity thugs (25%) but have not impact on the majority internal thugs
> (the 75%...) *- I agree. However,I think the kind of security that the
> Government is talking about is not limited to 'eSecurity' per se  but
> rather criminal acts/terrorism planned using electronic means and executed
> 'offline'. For example,the system will flag a person who has been using an
> email address to plan an attack on building X in Nairobi. Law enforcement
> agencies will then follow up on this issue and possibly bring the culprit
> to book. I stand to be corrected on this one.  *
>
> A secondary but equally important point, is what would stop the Director
> General (my good friend Wangusi) to use the very same equipment to block
> internet traffic into and out of  the Kenyan space? Especially if Kenyans
> are trying to do the equivalent of the Arab uprising on
> Twitter/FB/etc...which is likely considering our politics is not really
> improving (but I digress) *- Proper legal frameworks? Saying the
Government
> should not have this kind of power because they will misuse it is
> tantamount to saying the police should not be given guns since they are
> likely to shoot innocent civilians! It's all a matter of implementing
> proper laws and proper ethics on the Government's side.*
>
> Am not purely against security gadgets being installed.  Am against a
> framework that puts one man or woman in charge of these gadgets. Even our
> new constitution puts the Police and Security Intelligence bosses under
> Parliament (210 MPs?) *- I agree. On the political aspect of it,having 210
> members of parliament to decide on anything will simply extend the time
> taken but won't necessarily stop something that has been rejected by the
> masses. As we have seen in the past,parliament does not choose what is
best
> for the citizens but what is best for the members' survival,it all depends
> on political affiliations of the member moving the motion and those
seeking
> to support or reject it. We have also seen how the promises of financial
> heavens can sway the opinions of the most sober-minded M.Ps! One more
> shocker, most of the politicians in the U.S who were in support of
> SOPA/PIPA did not have in-depth knowledge of how these laws would be
> implemented and their effects on the citizens. How much worse would it be
> in Kenya where ignorance is more prevalent?*
>
> If we are not carefull we may be basically putting Kenya back to the days
> of one-man-show. Remember one broadcasting station - Voice of Kenya?
> remember KPT&C - the days of JamboNet? Same thing here on the offing - if
> we are to believe what has been published in the press (and why not, no
one
> from CCK has protested as  being misquoted) .
>
> On 21 March 2012 18:49, Walubengo J <jwalu at yahoo.com> wrote:
>
>> --- On *Wed, 3/21/12, Moses Muya <mouzmuyer at gmail.com>* wrote
>> >snip
>> The only question that comes to mind is whether the Government has the
>> right legal backing to do this.
>> >snip
>>
>> mmmhhh...I think a better question to ask is whether you want the
>> Government or Regulator to have this type of legal backing. Wearing my
>> security hat, I can tell you for free that national cyber-security
>> initiatives can never be effective using a "one-stakeholder, do it as I
>> say" approach...(unless u are in China and related cousins like North
>> Korea)
>>
>> Lets for a moment imagine that there is legal backing and ALL Operators
>> are compelled to install this gadget.  Would we then claim to be
>> electronically safer? Research shows that over 75% of electronic
>> fraud/crime originates and is executed internally (like within
>> Banks/Organisations) and hence putting gadgets at the Operators level
>> presupposes the most of the bad guys are comming in from the "outside".
>> Fine you may catch the minotrity thugs (25%) but have not impact on the
>> majority internal thugs (the 75%...)
>>
>> A secondary but equally important point, is what would stop the Director
>> General (my good friend Wangusi) to use the very same equipment to block
>> internet traffic into and out of  the Kenyan space? Especially if Kenyans
>> are trying to do the equivalent of the Arab uprising on
>> Twitter/FB/etc...which is likely considering our politics is not really
>> improving (but I digress)
>>
>> Am not purely against security gadgets being installed.  Am against a
>> framework that puts one man or woman in charge of these gadgets. Even our
>> new constitution puts the Police and Security Intelligence bosses under
>> Parliament (210 MPs?)
>>
>> If we are not carefull we may be basically putting Kenya back to the days
>> of one-man-show. Remember one broadcasting station - Voice of Kenya?
>> remember KPT&C - the days of JamboNet? Same thing here on the offing - if
>> we are to believe what has been published in the press (and why not, no
>> one
>> from CCK has protested as  being misquoted) .
>>
>> walu.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> --- On *Wed, 3/21/12, Moses Muya <mouzmuyer at gmail.com>* wrote:
>>
>>
>> From: Moses Muya <mouzmuyer at gmail.com>
>> Subject: Re: [kictanet] [Skunkworks] Media Misleading Citizens?
>> To: jwalu at yahoo.com
>> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
>> Date: Wednesday, March 21, 2012, 5:07 PM
>>
>> To the best of my understanding,the story makes perfect sense! The
>> government wants to implement N.E.W.S and ITU is helping it. One of ITU's
>> objective is "To improve telecommunication infrastructure in the
>> developing world and to establish worldwide standards". If part of
>> "worldwide standards" is using telecommunications infrastructure to
>> safeguard the security and interests of a country,they are the correct
>> people to help in this. Moreover,seeing as ITU is part of the U.N,I would
>> argue that they have the financial and technical might needed to do this.
>> The only question that comes to mind is whether the Government has the
>> right legal backing to do this.
>>
>> On 21 March 2012 09:03, Barrack Otieno
>> <otieno.barrack at gmail.com<http://mc/[email protected]>
>> > wrote:
>>
>> Moses,
>>
>> The reason i called it misinformation is that the acting DG was on the
>> media when the deal was being signed , unless i was watching Al
>> Kajiado TV  and i never heard anything like this, furthermore last
>> year we had a Cyber Security Workshop hosted by CCK where all those
>> issues were explained but i dont recall seeing brethren from the
>> fourth estate, that is why i proposed that they should do more
>> research, imho this kind of reporting can defeat the war on
>> Cybersecurity since the people are an integral part of the Cyberworld.
>>
>> On 3/21/12, Moses Muya
>> <mouzmuyer at gmail.com<http://mc/[email protected]>>
>> wrote:
>> > I wouldn't be quick to call this 'misinformation'. Such systems have
>> > been
>> > deployed the world over,even by the biggest democracies! It all depends
>> on
>> > the Government's objectives for doing this - they could go the U.S.A
way
>> > and crack down on terrorism or they could go the China way and use it
to
>> > oppress us!
>> >
>> > On 21 March 2012 08:27, Barrack Otieno
>> >
<otieno.barrack at gmail.com<http://mc/[email protected]>>
>> wrote:
>> >
>> >> Listers,
>> >>
>> >> I just saw this on the wall of a popular media house and i am appalled
>> >> by the misinformation, why can't our dear journalists do more research
>> >> before publishing info, i see why Prof Nyong'o was so agitated during
>> >> the Interview on Citizen TV, this is really dangerous? below is the
>> >> text..
>> >>
>> >> The Communications Commission of Kenya could have access to your
>> >> personal internet content by July this year, if a plan they have set
>> >> in motion succeeds. The CCK has signed a 32.6 million shilling deal
>> >> with the International Telecommunications Union (ITU) to install a
>> >> system that will monitor all incoming and outgoing internet content in
>> >> Kenya, and has already requested local internet service providers and
>> >> telecommunications institutions to install it.
>> >>
>> >> Do you think this is right?
>> >>
>> >> Hope the concerned will react on time.
>> >>
>> >> --
>> >> Barrack O. Otieno
>> >> +254721325277
>> >> +254-20-2498789
>> >> Skype: barrack.otieno
>> >> http://www.otienobarrack.me.ke/
>> >> _______________________________________________
>> >> Skunkworks mailing list
>> >>
Skunkworks at lists.my.co.ke<http://mc/[email protected]>
>> >> ------------
>> >> List info, subscribe/unsubscribe
>> >> http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> >> ------------
>> >>
>> >> Skunkworks Rules
>> >> http://my.co.ke/phpbb/viewtopic.php?f=24
<http://my.co.ke/phpbb/viewtopic.php?f=24&t=94> &t=94
>> >> ------------
>> >> Other services @ http://my.co.ke
>> >>
>> >
>> >
>> >
>> > --
>> > Kind Regards,
>> >
>> > Moses Muya.
>> >
>>
>>
>> --
>> Barrack O. Otieno
>> +254721325277
>> +254-20-2498789
>> Skype: barrack.otieno
>> http://www.otienobarrack.me.ke/
>> _______________________________________________
>> Skunkworks mailing list
>> Skunkworks at lists.my.co.ke
<http://mc/[email protected]>
>> ------------
>> List info, subscribe/unsubscribe
>> http://orion.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
>> ------------
>>
>> Skunkworks Rules
>> http://my.co.ke/phpbb/viewtopic.php?f=24
<http://my.co.ke/phpbb/viewtopic.php?f=24&t=94> &t=94
>> ------------
>> Other services @ http://my.co.ke
>>
>>
>>
>>
>> --
>> Kind Regards,
>>
>> Moses Muya.
>>
>>
>> -----Inline Attachment Follows-----
>>
>> _______________________________________________
>> kictanet mailing list
>>
kictanet at lists.kictanet.or.ke<http://mc/[email protected]
r.ke>
>> http://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> http://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and
>> development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and
bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>>
>>
>
>
> --
> Kind Regards,
>
> Moses Muya.
>


-- 
Barrack O. Otieno
+254721325277
+254-20-2498789
Skype: barrack.otieno
http://www.otienobarrack.me.ke/

_______________________________________________
kictanet mailing list
kictanet at lists.kictanet.or.ke
http://lists.kictanet.or.ke/mailman/listinfo/kictanet

Unsubscribe or change your options at
http://lists.kictanet.or.ke/mailman/options/kictanet/ngethe.kariuki2007%40ya
hoo.co.uk

The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform for
people and institutions interested and involved in ICT policy and
regulation. The network aims to act as a catalyst for reform in the ICT
sector in support of the national aim of ICT enabled growth and development.

KICTANetiquette : Adhere to the same standards of acceptable behaviors
online that you follow in real life: respect people's times and bandwidth,
share knowledge, don't flame or abuse or personalize, respect privacy, do
not spam, do not market your wares or qualifications.



  _____  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 2012.0.1913 / Virus Database: 2114/4885 - Release Date: 03/21/12

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20120322/833e0a16/attachment.htm>


More information about the KICTANet mailing list