[kictanet] NSA Tapping into Google & Yahoo Networks? How is Kenya protected?
Barrack Otieno
otieno.barrack at gmail.com
Mon Nov 4 09:13:49 EAT 2013
+1 Mark.
On Nov 4, 2013 9:08 AM, "Walubengo J" <jwalu at yahoo.com> wrote:
> I see the point and concede that local hosting affords the national
> goverments some leverage with regards to holding organisations liable in
> the event of a security breach.
>
> However, for this to happen, we need to enact the Data Protection Act -
> otherwise I still feel local hosting on its own, will not necessary
> increase information security.
>
> walu.
>
>
> --------------------------------------------
> On Fri, 11/1/13, Sammy Buruchara <buruchara at me.com> wrote:
>
> Subject: Re: [kictanet] NSA Tapping into Google & Yahoo Networks? How is
> Kenya protected?
> To: "Walubengo J" <jwalu at yahoo.com>
> Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
> Date: Friday, November 1, 2013, 4:46 AM
>
> Walu,
>
> I would like emphasize the need for us to mix security and
> locally hosted
> data, contrary to your assertions. If your data is
> local and is snooped
> on, you have a legal recourse with the local hosting
> provider. But if the
> data is stored in the USA for example, any legal action
> against the
> provider can prove to be a daunting task.
>
> Whether government or private data, any snooping on the data
> would have
> consequences as spelt out in the communication act. While we
> cannot rule
> out hacking of even local content, or guarantee its safety
> 100 percent for
> locally hosted data, at least there is a starting point and
> legal
> framework for dealing with such acts. Next would be
> increasing our
> competences in securing the data.
>
> Regards
> Sammy Buruchara
>
> On 10/31/13 4:49 PM, "Walubengo J" <jwalu at yahoo.com>
> wrote:
>
> >>>On Thu, 10/31/13, Phares Kariuki <pkariuki at gmail.com>
> wrote:
> >We need to bring the latter back home simply because the
> US has proven it
> >cannot be trustedŠ It¹s not that the galvanised
> internet is the best
> >option, it¹s simply a compromise because some people
> have broken trustŠ
> >
> >>>
> >I totally agree. I am for local content, local hosting,
> local, local this
> >and the other. What I find difficult to understand
> is the myth that once
> >something is local, then it is safer.
> >
> >We need to be careful not to mix security with being
> local. Let us have
> >two independent tracks on the issues. Lets build
> local content to
> >increase uptake, reduce latency, perhaps pricing,
> etc. But I would hate
> >to imagine our NSIS director briefing our President that
> we are very
> >secure because we have made all our ICT infrastructure
> local.
> >
> >ICT Security is often discussed under CIA -
> Confidentiality, Integrity,
> >and Availability (not central intelligence agency :-). I
> want to believe
> >the geographic location of your data cannot save you, if
> your CIA
> >procedures are poor. So if we want to be secure, lets
> put the emphasis
> >where it should be.
> >
> >walu.
> >nb: Osama bin laden was as local and as manual as you
> can get. US folks
> >still smoked him out.
> >
> >--------------------------------------------
> >On Thu, 10/31/13, Phares Kariuki <pkariuki at gmail.com>
> wrote:
> >
> > Subject: Re: [kictanet] NSA Tapping into Google &
> Yahoo Networks? How is
> >Kenya protected?
> > To: "Walubengo J" <jwalu at yahoo.com>
> > Cc: "KICTAnet ICT Policy Discussions" <kictanet at lists.kictanet.or.ke>
> > Date: Thursday, October 31, 2013, 11:58 AM
> >
> > Search engines will be
> > largely unaffected btw. Search engines don¹t go
> through
> > your mail etcŠ
> > The internet services that
> > are centralised will remain centralised (basic web
> > hosting/blogs etc). However, mail, internal
> applications etc
> > still have to be securedŠ
> > There¹s data that we
> > don¹t mind being publicly accessible (e.g. The Nation
> > Media Group website), and there¹s data that the
> NSA/Search
> > engines etc should not have access to (e.g. My banking
> > records, my health records etc).
> > We need to bring the
> > latter back home simply because the US has proven it
> cannot
> > be trustedŠ It¹s not that the galvanised internet is
> the
> > best option, it¹s simply a compromise because some
> people
> > have broken trustŠ --
> > Phares Kariuki
> > From: Walubengo
> > J Walubengo
> > J
> > Reply: Walubengo J jwalu at yahoo.com
> > Date: October 31, 2013 at
> > 11:10:34 AM
> > To: Phares Kariuki pkariuki at gmail.com
> > Subject: Re: [kictanet] NSA
> > Tapping into Google & Yahoo Networks? How is Kenya
> > protected?
> > @Phares,
> >
> >
> >
> > this line of thinking was has been explored recently at
> the
> > IGF and I had a different angle to it and I quote:
> >
> >
> >
> > >>
> >
> > Whereas having each economy build its own email,
> social
> > media and other web-based systems may provide national
> pride
> > and a debatable sense of national security, it
> unfortunately
> > goes towards balkanising the Internet along existing
> > national geographic boundaries.
> >
> >
> >
> > The final effect will be a diminished value for online
> > services. Search engines will end up with only a
> localised
> > or national view of data, as opposed to the more
> > international view currently enjoyed by keeping the
> Internet
> > open and global.
> >
> > >>>
> >
> >
> >
> > more
> >
> > @
> >
> >
> http://www.nation.co.ke/oped/blogs/dot9/Lessons-from-the-Global-Internet-G
> >overnance-Forum/-/1959700/2051402/-/ouee6l/-/index.html
> >
> >
> >
> > walu.
> >
> >
> >
> > --------------------------------------------
> >
> > On Thu, 10/31/13, Phares Kariuki <pkariuki at gmail.com>
> > wrote:
> >
> >
> >
> > Subject: Re: [kictanet] NSA Tapping into Google
> & Yahoo
> > Networks? How is Kenya protected?
> >
> > To: jwalu at yahoo.com
> >
> > Cc: "KICTAnet ICT Policy Discussions"
> > <kictanet at lists.kictanet.or.ke>
> >
> > Date: Thursday, October 31, 2013, 10:09 AM
> >
> >
> >
> > I¹ll very selfishly
> >
> > advocate for an increased uptake of local cloud
> services,
> >
> > away from the NSA¹s prying eyes, with locally
> established
> >
> > standards of encryption etcŠ
> >
> > We¹ve got capable
> >
> > universities that can assist in coming up with
> new
> >
> > encryption etc standards for the military &
> >
> > government.
> >
> > Interesting article by
> >
> > Charles
> >
> > ObboŠ.
> >
> http://www.nation.co.ke/oped/Opinion/Spy-more-on-your-friends-than-foes/-/
> >440808/2053660/-/j8oy4g/-/index.html
> >
> > --
> >
> > Phares Kariuki
> >
> > From: Ngigi
> >
> > Waithaka Ngigi Waithaka
> >
> > Reply: Ngigi Waithaka
> >
> > ngigi at at.co.ke
> >
> > Date: October 31, 2013 at
> >
> > 9:12:10 AM
> >
> > To: Phares Kariuki pkariuki at gmail.com
> >
> > Subject: [kictanet] NSA
> >
> > Tapping into Google & Yahoo Networks? How is
> Kenya
> >
> > protected?
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Listers,
> >
> >
> >
> >
> >
> > Just came across
> > this
> >
> http://www.washingtonpost.com/world/national-security/nsa-infiltrates-link
>
> >s-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/
> >e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?hpid=z1
> >
> >
> >
> >
> >
> > It looks like Google might have been caught by
> the NSA
> >
> > with
> >
> > their pants down since hacking into their Data
> Transport
> >
> > layer
> >
> > simply gives up all the secrets that encryption
> is supposed
> >
> > to be
> >
> > protecting.
> >
> >
> >
> >
> >
> > Now, moving on swiftly to the local setup, I am
> also
> >
> > concerned
> >
> > that even as we look to start pushing for
> National
> > Standards
> >
> > of
> >
> > Encryption through the PKI project, whether we as
> a country
> >
> > have
> >
> > come together to review and see how to protect
> our
> > countries
> >
> > intelligence and data.
> >
> >
> >
> >
> >
> > We also know for a fact that the US was busy
> tapping
> >
> > into
> >
> > World Leaders phones, and I can bet if there are
> a few
> >
> > presidents
> >
> > to be 'tapped' in Africa, ours should be way up
> on
> >
> > that
> >
> > ladder!
> >
> >
> >
> >
> >
> > However, more worrying would be, how protected
> are our
> >
> > internal networks from such tapping, even from
> locals?
> > Could
> >
> > there
> >
> > be a guy who has tapped into Safaricoms internal
> network
> > and
> >
> > is
> >
> > busy reading every email, chat that is flying
> through and
> >
> > perhaps
> >
> > selling such information to our erstwhile enemies
> the
> >
> > Al-Shabbab?
> >
> >
> >
> >
> >
> > I was once very surprised when a personal friend
> got a
> >
> > transcript of all his calls, and chat messages,
> >
> > word-for-word for
> >
> > the previous past 6 months, dug up from one of
> the local
> >
> > Telcos.
> >
> > The ease with which such information was availed
> appalled
> > me
> >
> > as it
> >
> > clearly means that the Telcos clearly store all
> our chats,
> >
> > and such
> >
> > records in clear text months after we have used
> them and a
> >
> > guy with
> >
> > basic SQL knowledge just needs to hack into the
> network
> >
> > (easy) and
> >
> > call them up.
> >
> >
> >
> >
> >
> >
> >
> > So, as we continue with the PKI project, there
> are
> >
> > really very
> >
> > basic things on security of data that we as a
> nation
> >
> > haven't even
> >
> > dealt with.
> >
> > --
> >
> >
> >
> >
> >
> > Regards,
> >
> >
> >
> >
> >
> > Waithaka
> >
> > Ngigi
> >
> >
> >
> >
> >
> > Chief Executive Officer
> >
> > | Alliance
> >
> > Technologies | MCK Nairobi
> >
> > Synod
> >
> > Building
> >
> >
> >
> >
> >
> > T +
> >
> > 254 (0)
> >
> > 20 2333 471 |Office
> >
> > Mobile: +254 786 28 28 28 | M +
> >
> > 254 737 811 000
> >
> >
> >
> >
> >
> >
> >
> > www.at.co.ke
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> >
> >
> >
> > kictanet mailing list
> >
> >
> >
> > kictanet at lists.kictanet.or.ke
> >
> >
> >
> > https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> >
> >
> >
> >
> >
> >
> >
> > Unsubscribe or change your options at
> >
> >
> >
> https://lists.kictanet.or.ke/mailman/options/kictanet/pkariuki%40gmail.com
> >
> >
> >
> >
> >
> >
> >
> > The Kenya ICT Action Network (KICTANet) is a
> >
> > multi-stakeholder platform for people and
> institutions
> >
> > interested and involved in ICT policy and
> regulation. The
> >
> > network aims to act as a catalyst for reform in
> the ICT
> >
> > sector in support of the national aim of ICT
> enabled growth
> >
> > and development.
> >
> >
> >
> >
> >
> >
> >
> > KICTANetiquette : Adhere to the same standards
> of
> > acceptable
> >
> > behaviors online that you follow in real life:
> respect
> >
> > people's times and bandwidth, share knowledge,
> > don't
> >
> > flame or abuse or personalize, respect privacy,
> do not
> > spam,
> >
> > do not market your wares or
> >
> > qualifications.
> >
> > -----Inline Attachment Follows-----
> >
> >
> >
> > _______________________________________________
> >
> > kictanet mailing list
> >
> > kictanet at lists.kictanet.or.ke
> >
> > https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> >
> >
> >
> > Unsubscribe or change your options at
> > https://lists.kictanet.or.ke/mailman/options/kictanet/jwalu%40yahoo.com
> >
> >
> >
> > The Kenya ICT Action Network (KICTANet) is a
> >
> > multi-stakeholder platform for people and
> institutions
> >
> > interested and involved in ICT policy and
> regulation. The
> >
> > network aims to act as a catalyst for reform in
> the ICT
> >
> > sector in support of the national aim of ICT
> enabled growth
> >
> > and development.
> >
> >
> >
> > KICTANetiquette : Adhere to the same standards
> of
> > acceptable
> >
> > behaviors online that you follow in real life:
> respect
> >
> > people's times and bandwidth, share knowledge,
> > don't flame
> >
> > or abuse or personalize, respect privacy, do not
> spam, do
> >
> > not market your wares or qualifications.
> >
> >
> >
> >_______________________________________________
> >kictanet mailing list
> >kictanet at lists.kictanet.or.ke
> >https://lists.kictanet.or.ke/mailman/listinfo/kictanet
> >
> >Unsubscribe or change your options at
> >
> https://lists.kictanet.or.ke/mailman/options/kictanet/buruchara%40mac.com
> >
> >The Kenya ICT Action Network (KICTANet) is a
> multi-stakeholder platform
> >for people and institutions interested and involved in
> ICT policy and
> >regulation. The network aims to act as a catalyst for
> reform in the ICT
> >sector in support of the national aim of ICT enabled
> growth and
> >development.
> >
> >KICTANetiquette : Adhere to the same standards of
> acceptable behaviors
> >online that you follow in real life: respect people's
> times and
> >bandwidth, share knowledge, don't flame or abuse or
> personalize, respect
> >privacy, do not spam, do not market your wares or
> qualifications.
>
>
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/otieno.barrack%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20131104/b184dd94/attachment.htm>
More information about the KICTANet
mailing list