[kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?

Walubengo J jwalu at yahoo.com
Mon Nov 4 09:07:40 EAT 2013


I see the point and concede that local hosting affords the national goverments some leverage with regards to holding organisations liable in the event of a security breach. 

However, for this to happen, we need to enact the Data Protection Act - otherwise I still feel local hosting on its own, will not necessary increase information security.

walu.


--------------------------------------------
On Fri, 11/1/13, Sammy Buruchara <buruchara at me.com> wrote:

 Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
 To: "Walubengo J" <jwalu at yahoo.com>
 Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
 Date: Friday, November 1, 2013, 4:46 AM
 
 Walu,
 
 I would like emphasize the need for us to mix security and
 locally hosted
 data, contrary to your assertions.  If your data is
 local and is snooped
 on, you have a legal recourse with the local hosting
 provider. But if the
 data is stored in the USA for example, any legal action
 against the
 provider can prove to be a daunting task.
 
 Whether government or private data, any snooping on the data
 would have
 consequences as spelt out in the communication act. While we
 cannot rule
 out hacking of even local content, or guarantee its safety
 100 percent for
 locally hosted data, at least there is a starting point and
 legal
 framework for dealing with such acts. Next would be
 increasing our
 competences in securing the data.
 
 Regards
 Sammy Buruchara
 
 On 10/31/13 4:49 PM, "Walubengo J" <jwalu at yahoo.com>
 wrote:
 
 >>>On Thu, 10/31/13, Phares Kariuki <pkariuki at gmail.com>
 wrote:
 >We need to bring the latter back home simply because the
 US has proven it
 >cannot be trustedŠ It¹s not that the galvanised
 internet is the best
 >option, it¹s simply a compromise because some people
 have broken trustŠ
 >
 >>>
 >I totally agree. I am for local content, local hosting,
 local, local this
 >and the other.  What I find difficult to understand
 is the myth that once
 >something is local, then it is safer.
 >
 >We need to be careful not to mix security with being
 local. Let us have
 >two independent tracks on the issues.  Lets build
 local content to
 >increase uptake, reduce latency, perhaps pricing,
 etc.  But I would hate
 >to imagine our NSIS director briefing our President that
 we are very
 >secure because we have made all our ICT infrastructure
 local.
 >
 >ICT Security is often discussed under CIA -
 Confidentiality, Integrity,
 >and Availability (not central intelligence agency :-). I
 want to believe
 >the geographic location of your data cannot save you, if
 your CIA
 >procedures are poor. So if we want to be secure, lets
 put the emphasis
 >where it should be.
 >  
 >walu.
 >nb: Osama bin laden was as local and as manual as you
 can get. US folks
 >still smoked him out.
 >
 >--------------------------------------------
 >On Thu, 10/31/13, Phares Kariuki <pkariuki at gmail.com>
 wrote:
 >
 > Subject: Re: [kictanet] NSA Tapping into Google &
 Yahoo Networks? How is
 >Kenya protected?
 > To: "Walubengo J" <jwalu at yahoo.com>
 > Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
 > Date: Thursday, October 31, 2013, 11:58 AM
 > 
 > Search engines will be
 > largely unaffected btw. Search engines don¹t go
 through
 > your mail etcŠ 
 > The internet services that
 > are centralised will remain centralised (basic web
 > hosting/blogs etc). However, mail, internal
 applications etc
 > still have to be securedŠ
 > There¹s data that we
 > don¹t mind being publicly accessible (e.g. The Nation
 > Media Group website), and there¹s data that the
 NSA/Search
 > engines etc should not have access to (e.g. My banking
 > records, my health records etc).
 > We need to bring the
 > latter back home simply because the US has proven it
 cannot
 > be trustedŠ It¹s not that the galvanised internet is
 the
 > best option, it¹s simply a compromise because some
 people
 > have broken trustŠ  --
 > Phares Kariuki
 >  From: Walubengo
 > J Walubengo
 > J
 > Reply: Walubengo J jwalu at yahoo.com
 > Date: October 31, 2013 at
 > 11:10:34 AM
 > To: Phares Kariuki pkariuki at gmail.com
 > Subject:  Re: [kictanet] NSA
 > Tapping into Google & Yahoo Networks? How is Kenya
 > protected? 
 >  @Phares,
 > 
 > 
 > 
 > this line of thinking was has been explored recently at
 the
 > IGF and I had a different angle to it and I quote:
 > 
 > 
 > 
 > >>
 > 
 > Whereas having each economy build its own email,
 social
 > media and other web-based systems may provide national
 pride
 > and a debatable sense of national security, it
 unfortunately
 > goes towards balkanising the Internet along existing
 > national geographic boundaries.
 > 
 > 
 > 
 > The final effect will be a diminished value for online
 > services. Search engines will end up with only a
 localised
 > or national view of data, as opposed to the more
 > international view currently enjoyed by keeping the
 Internet
 > open and global.
 > 
 > >>>
 > 
 > 
 > 
 > more  
 > 
 > @
 > 
 >http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G
 >overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
 > 
 > 
 > 
 > walu.
 > 
 > 
 > 
 > --------------------------------------------
 > 
 > On Thu, 10/31/13, Phares Kariuki <pkariuki at gmail.com>
 > wrote:
 > 
 > 
 > 
 >  Subject: Re: [kictanet] NSA Tapping into Google
 & Yahoo
 > Networks? How is Kenya protected?
 > 
 >  To: jwalu at yahoo.com
 > 
 >  Cc: "KICTAnet ICT Policy Discussions"
 > <kictanet at lists.kictanet.or.ke>
 > 
 >  Date: Thursday, October 31, 2013, 10:09 AM
 > 
 >   
 > 
 >  I¹ll very selfishly
 > 
 >  advocate for an increased uptake of local cloud
 services,
 > 
 >  away from the NSA¹s prying eyes, with locally
 established
 > 
 >  standards of encryption etcŠ
 > 
 >  We¹ve got capable
 > 
 >  universities that can assist in coming up with
 new
 > 
 >  encryption etc standards for the military &
 > 
 >  government. 
 > 
 >  Interesting article by
 > 
 >  Charles
 > 
 >  ObboŠ. 
 >http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/
 >440808/2053660/-/j8oy4g/-/index.html
 > 
 >   -- 
 > 
 >  Phares Kariuki
 > 
 >   From: Ngigi
 > 
 >  Waithaka Ngigi Waithaka
 > 
 >  Reply: Ngigi Waithaka
 > 
 >  ngigi at at.co.ke
 > 
 >  Date: October 31, 2013 at
 > 
 >  9:12:10 AM
 > 
 >  To: Phares Kariuki pkariuki at gmail.com
 > 
 >  Subject:  [kictanet] NSA
 > 
 >  Tapping into Google & Yahoo Networks? How is
 Kenya
 > 
 >  protected?  
 > 
 >    
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >  Listers,
 > 
 >   
 > 
 >   
 > 
 >  Just came across
 > this 
 >http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link
 >s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/
 >e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
 > 
 >   
 > 
 >   
 > 
 >  It looks like Google might have been caught by
 the NSA
 > 
 >  with
 > 
 >  their pants down since hacking into their Data
 Transport
 > 
 >  layer
 > 
 >  simply gives up all the secrets that encryption
 is supposed
 > 
 >  to be
 > 
 >  protecting.
 > 
 >   
 > 
 >   
 > 
 >  Now, moving on swiftly to the local setup, I am
 also
 > 
 >  concerned
 > 
 >  that even as we look to start pushing for
 National
 > Standards
 > 
 >  of
 > 
 >  Encryption through the PKI project, whether we as
 a country
 > 
 >  have
 > 
 >  come together to review and see how to protect
 our
 > countries
 > 
 >  intelligence and data.
 > 
 >   
 > 
 >   
 > 
 >  We also know for a fact that the US was busy
 tapping
 > 
 >  into
 > 
 >  World Leaders phones, and I can bet if there are
 a few
 > 
 >  presidents
 > 
 >  to be 'tapped' in Africa, ours should be way up
 on
 > 
 >  that
 > 
 >  ladder!
 > 
 >   
 > 
 >   
 > 
 >  However, more worrying would be, how protected
 are our
 > 
 >  internal networks from such tapping, even from
 locals?
 > Could
 > 
 >  there
 > 
 >  be a guy who has tapped into Safaricoms internal
 network
 > and
 > 
 >  is
 > 
 >  busy reading every email, chat that is flying
 through and
 > 
 >  perhaps
 > 
 >  selling such information to our erstwhile enemies
 the
 > 
 >  Al-Shabbab?
 > 
 >   
 > 
 >   
 > 
 >  I was once very surprised when a personal friend
 got a
 > 
 >  transcript of all his calls, and chat messages,
 > 
 >  word-for-word for
 > 
 >  the previous past 6 months, dug up from one of
 the local
 > 
 >  Telcos.
 > 
 >  The ease with which such information was availed
 appalled
 > me
 > 
 >  as it
 > 
 >  clearly means that the Telcos clearly store all
 our chats,
 > 
 >  and such
 > 
 >  records in clear text months after we have used
 them and a
 > 
 >  guy with
 > 
 >  basic SQL knowledge just needs to hack into the
 network
 > 
 >  (easy) and
 > 
 >  call them up.
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >  So, as we continue with the PKI project, there
 are
 > 
 >  really very
 > 
 >  basic things on security of data that we as a
 nation
 > 
 >  haven't even
 > 
 >  dealt with.
 > 
 >  --
 > 
 >   
 > 
 >   
 > 
 >  Regards,
 > 
 >   
 > 
 >   
 > 
 >  Waithaka
 > 
 >  Ngigi
 > 
 >   
 > 
 >   
 > 
 >  Chief Executive Officer
 > 
 >  | Alliance
 > 
 >  Technologies | MCK Nairobi
 > 
 >  Synod
 > 
 >  Building
 > 
 >   
 > 
 >   
 > 
 >  T +
 > 
 >  254 (0)
 > 
 >  20 2333 471 |Office
 > 
 >  Mobile: +254 786 28 28 28 | M +
 > 
 >  254 737 811 000
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >  www.at.co.ke
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >  _______________________________________________
 > 
 >   
 > 
 >  kictanet mailing list
 > 
 >   
 > 
 >  kictanet at lists.kictanet.or.ke
 > 
 >   
 > 
 >  https://lists.kictanet.or.ke/mailman/listinfo/kictanet
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >  Unsubscribe or change your options at
 > 
 >  
 >https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >  The Kenya ICT Action Network (KICTANet) is a
 > 
 >  multi-stakeholder platform for people and
 institutions
 > 
 >  interested and involved in ICT policy and
 regulation. The
 > 
 >  network aims to act as a catalyst for reform in
 the ICT
 > 
 >  sector in support of the national aim of ICT
 enabled growth
 > 
 >  and development.
 > 
 >   
 > 
 >   
 > 
 >   
 > 
 >  KICTANetiquette : Adhere to the same standards
 of
 > acceptable
 > 
 >  behaviors online that you follow in real life:
 respect
 > 
 >  people's times and bandwidth, share knowledge,
 > don't
 > 
 >  flame or abuse or personalize, respect privacy,
 do not
 > spam,
 > 
 >  do not market your wares or
 > 
 >  qualifications.
 > 
 >  -----Inline Attachment Follows-----
 > 
 >   
 > 
 >  _______________________________________________
 > 
 >  kictanet mailing list
 > 
 >  kictanet at lists.kictanet.or.ke
 > 
 >  https://lists.kictanet.or.ke/mailman/listinfo/kictanet
 > 
 >   
 > 
 >  Unsubscribe or change your options at
 > https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
 > 
 >   
 > 
 >  The Kenya ICT Action Network (KICTANet) is a
 > 
 >  multi-stakeholder platform for people and
 institutions
 > 
 >  interested and involved in ICT policy and
 regulation. The
 > 
 >  network aims to act as a catalyst for reform in
 the ICT
 > 
 >  sector in support of the national aim of ICT
 enabled growth
 > 
 >  and development.
 > 
 >   
 > 
 >  KICTANetiquette : Adhere to the same standards
 of
 > acceptable
 > 
 >  behaviors online that you follow in real life:
 respect
 > 
 >  people's times and bandwidth, share knowledge,
 > don't flame
 > 
 >  or abuse or personalize, respect privacy, do not
 spam, do
 > 
 >  not market your wares or qualifications.
 > 
 > 
 >
 >_______________________________________________
 >kictanet mailing list
 >kictanet at lists.kictanet.or.ke
 >https://lists.kictanet.or.ke/mailman/listinfo/kictanet
 >
 >Unsubscribe or change your options at
 >https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40mac.com
 >
 >The Kenya ICT Action Network (KICTANet) is a
 multi-stakeholder platform
 >for people and institutions interested and involved in
 ICT policy and
 >regulation. The network aims to act as a catalyst for
 reform in the ICT
 >sector in support of the national aim of ICT enabled
 growth and
 >development.
 >
 >KICTANetiquette : Adhere to the same standards of
 acceptable behaviors
 >online that you follow in real life: respect people's
 times and
 >bandwidth, share knowledge, don't flame or abuse or
 personalize, respect
 >privacy, do not spam, do not market your wares or
 qualifications.
 
 
 




More information about the KICTANet mailing list