[kictanet] Technical Considerations for Internet Service Blocking and Filtering

Harry Delano harry26001 at gmail.com
Wed Mar 16 07:08:46 EAT 2016


Hey Grace,

Just to echo your point, I would not hesitate to add that the scenario
calls for a healthy open debate (believe me, a little diplomacy/user
education plays an important role - whether in a corporate jurisdiction or
even at the national stage). A stealth background technical deployment of
filtering technologies which  also can obtain and store user access data in
some environments could in fact  prove counterproductive as well as passing
off as heavy-handed, an intrusive blatant breach of privacy and plainly
unethical. Users would frown heavily upon such practices in a corporate
setting. Moreover, such multi vector blended attacks such as email phishing
and social engineering that are evolving rapidly and are designed to bypass
perimeter-wide network security deployments. User education in this case is
quite effective to deal with such attacks.  However, on a much more larger
scale such as on the national stage -for instance when you think of the
"Great firewall", the stakes dramatically increase. Justification and
relevant laws backing for more advanced intrusive monitoring and control
that result from such deep packet filtering activities will be mooted from
time to time by state actors to counter activities such as cyber terrorism,
laundering and other ills. The objective to be met at this level would
broadly be from a national security standpoint. The citizenry might however
be or not be directly engaged as stakeholders in the formulation and
deployment of such "national firewalls", but they ultimately are in
operational deployment the world over to "eavesdrop" in on ongoing
communications. While the objective could be noble, the monumental task of
sifting through mountains of data they generate on real time basis requires
highly skilled data analysts to decipher and provide timely analytical
reports. Meanwhile, "moderated balance" here would have to address the
critical need for national security on the one hand vis-à-vis user privacy
concerns on the other. Citizen cyber vigilance and advocacy can be rightly
called for, to keep in check any "state-abuse" of such a mandate such as
aptly demonstrated in the ongoing UK debate on critical cyber investigatory
powers required by the cyber espionage agency there(As noted by Barack in
another post here). Interestingly enough, the request for enactment of
relevant laws to back such powers appears to be a belated “after-the-fact”,
as the agency has been spying anyway…

Consequently, different methodologies will apply differently in diverse
jurisdiction environments. However, it helps a great deal in
consensus-building where a noble objective such as for example, the
blocking of social media or streaming media that are bandwidth hungry in a
corporate work environment because this directly impacts on user productive
output. This approach, for the most part  actually works with minimal user
resistance since arbitrary enforcement could quickly breed disaffection and
resentment  among the workforce and result in such truant activities that
among others could include circumvention of Firewall deep packet inspection
filtering policies via proxy tunneling etcetera. As a last resort, some
would in fact bring their own devices (Byods) to browse facebook that's
blocked on the corporate network. Obviously, a number of the technologies
deployed at the deep packet filtering level protect corporate networks from
targeted attack vectors such as network intrusion and malware

But as you said, this is one rapidly evolving space, and it can only get
more interesting. One thing to note however, technology on its own, has
never, and will never be a panacea to solving all our problems or remedying
social ills. Nonetheless, when applied innovatively, transparently and all
inclusively, it is one significant driver..

Harry

On Mon, Mar 14, 2016 at 7:35 PM, Grace Mutung'u (Bomu) via kictanet <
kictanet at lists.kictanet.or.ke> wrote:

> Harry,
> I thought we would see "moderated balance" for a while longer but it seems
> that even what are considered human rights states are increasingly
> expanding their jurisdiction. Of course with good reason, such as security
> and prevention of terrorism, among others.
> It can only get more interesting.
> Tarehe 10 Mac 2016 12:01, "WANGARI KABIRU via kictanet" <
> kictanet at lists.kictanet.or.ke> aliandika:
>
>> Happy Thursday!
>>
>> I would like to reference to Sam Wambugu's,  Sunday 06/03/016 Sunday
>> Nation article titled "Cloud Computing Buss Made Easy" which I'd rename "
>> Raining in Cloud Computing".
>>
>> The writer uses what I would call human terminology or human-nature
>> experiences in reference to tech situations such as " being asked whether
>> data gets wet during RAINY SEASONS or may be damaged by LIGHTENING and
>> THUNDER", "...storing ...on your phone MEMORY...", "...SITTING on your
>> desktop...", "...you cannot tell where your photos or emails are SITTING
>> but you access them when you log on to your email account or FACEbook...",
>> "...a computer SITTING in California, Dublin..; you don't know - and most
>> likely don't care..."
>>
>> The same paper insinuates that the rule of the jungle doesn't apply as it
>> quotes ICT Cabinet Secretary on the progress to the new Communications
>> Authority (CA) Board " So long as we follow the law, we believe that we are
>> fine, so we should have a new board in two months."
>>
>> Thus what applies in Human life would expect to be seen in the Tech world
>> including Internet space.
>>
>> All this humanness in the Tech world means that the Human Way applies and
>> not vice-versa; "It is not for TECH to create HUMANS as TECH is created by
>> HUMANS".
>>
>>
>> Blessed day.
>>
>> Regards/Wangari
>>
>> ---
>> Pray God Bless. 2013Wangari circa - "Being of the Light, We are Restored
>> Through Faith in Mind, Body and Spirit; We Manifest The Kingdom of God on
>> Earth".
>>
>>
>> --------------------------------------------
>> On Thu, 10/3/16, Barrack Otieno via kictanet <
>> kictanet at lists.kictanet.or.ke> wrote:
>>
>>  Subject: Re: [kictanet] Technical Considerations for Internet Service
>> Blocking and Filtering
>>  To: wangarikabiru at yahoo.co.uk
>>  Cc: "Barrack Otieno" <otieno.barrack at gmail.com>
>>  Date: Thursday, 10 March, 2016, 8:56
>>
>>  Well captured Harry,
>>
>>  It is a tough call when faced
>>  with situations where acts of terrorism
>>  in
>>  which the same technology is a key facilitator are rampant.
>>  We are
>>  faced with a tougher situation in our
>>  part of the world where
>>  Citizen's with
>>  limited opportunities in advancing their education are
>>  bombarded with too much information (grape
>>  vine,politics) which they
>>  cannot synthesize
>>  properly resulting in polarization as a result of
>>  deeply divided opinions. This results in
>>  scenario's where they are
>>  risks unto
>>  themselves (thinking like Kaparo ;-)). That is why
>>  Universal Access is still key in this part of
>>  the world since it will
>>  create an empowered
>>  Citizen, Access to Education, Access to the
>>  Internet, Access to Telecommunication, access
>>  to ICT's name it.
>>
>>  My 2
>>  cents
>>
>>  On 3/10/16, Harry
>>  Delano via kictanet <kictanet at lists.kictanet.or.ke>
>>  wrote:
>>  > Grace,
>>  >
>>  > Quite a salient subject indeed, that the
>>  ietf makes an attempt to
>>  > shed/spotlight
>>  perspective on..
>>  >
>>  >
>>  Drawing from experience, I suppose the foremost key
>>  objectives for blocking
>>  > and filtering
>>  would broadly fall under jurisdictional oversight &
>>  control
>>  > and informational security
>>  policing. For this very reason, the subject will
>>  > at best, forever remain contentious and
>>  controversial, depending on whose
>>  >
>>  perspective you seek on the matter. In other words, for a
>>  very long time to
>>  > come, it'll
>>  almost be impossible to achieve a universal, unanimous
>>  > consensus on a firewall that serves
>>  "everyone' "anywhere" in this
>>  > globalized networked digital village that
>>  cuts across diverse geopolitical,
>>  >
>>  religious,cultural,governance and even family or personal
>>  jurisdictions.
>>  >
>>  > One
>>  would delve on and on in finer detail on the subject - and
>>  the scope is
>>  > hugely wide, just as the
>>  ietf has disclaimed. However, my best take-away
>>  > from such a rich discourse is,
>>  "Moderated Balance". Ideally, the basic
>>  > minimum threshold  should be; how to
>>  strive to achieve the most appropriate
>>  >
>>  concurrence where jurisdictional policing(which is
>>  necessary), either at
>>  >
>>  country/government level, corporate, or even at home -
>>  assuming you set up
>>  > a family firewall
>>  meets/embraces the inherent guaranteed/enshrined
>>  > universal freedoms of access to
>>  information..
>>  >
>>  > But
>>  again, who should police/enforce the attainment of this
>>  moderation and
>>  > balance on
>>  jurisdictional authorities..? Using which methodologies..?
>>  Who
>>  > knows..
>>  >
>>  > As ietf aptly puts it in their preamble
>>  ....  *"Whether particular forms of
>>  > filtering are lawful in particular
>>  jurisdictions raises complicate legal
>>  >
>>  questions that are outside the scope of this document. For
>>  similar reasons,
>>  > questions about the
>>  ethics of particular forms of filtering are also out of
>>  > scope"*
>>  >
>>  > Plenty of regards,
>>  >
>>  Harry
>>  >
>>  >
>>  >
>>  >
>>  >
>>  On Wed, Mar 9, 2016 at 7:03 PM, Grace Mutung'u (Bomu)
>>  via kictanet <
>>  > kictanet at lists.kictanet.or.ke>
>>  wrote:
>>  >
>>  >>
>>  Listers,
>>  >> A very informative RFC
>>  especially in our context. It addresses use of
>>  >> various technologies for blocking and
>>  filtering communications over the
>>  >>
>>  Internet. Among other things considered are user consent
>>  when employing
>>  >> blocking/filtering,
>>  who sets blocking policy? who enforces blocking
>>  >> policy?
>>  >> Some
>>  purposes of blocking, efficacy of the methods as well as
>>  >> consequences.
>>  >>
>>  Some takeaways are that we are going to see more
>>  blocking/filtering but
>>  >> it
>>  >> would help if there was more
>>  transparency. ​And as regards content
>>  >> blocking, a collaborative approach is
>>  required. ​
>>  >>
>>  >> "where filtering is occurring to
>>  address content that is generally agreed
>>  >> to be inappropriate or illegal, strong
>>  cooperation among service
>>  >>
>>  providers
>>  >> and governments may
>>  provide additional means to identify both the victims
>>  >> and the perpetrators through
>>  non-filtering mechanisms, such as
>>  >>
>>  partnerships
>>  >> with the finance
>>  industry to identify and limit illegal
>>  transactions."
>>  >>
>>  >> https://tools.ietf.org/html/rfc7754
>>  >>
>>  >> Regards,
>>  >>
>>  >> --
>>  >> Grace L.N. Mutung'u
>>  >> Nairobi Kenya
>>  >>
>>  Skype: gracebomu
>>  >> Twitter: @Bomu
>>  >>
>>  >> <http://www.diplointernetgovernance.org/profile/GraceMutungu>
>>  >>
>>  >> PGP ID :
>>  0x33A3450F
>>  >>
>>  >>
>>  >>
>>  _______________________________________________
>>  >> kictanet mailing list
>>  >> kictanet at lists.kictanet.or.ke
>>  >> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>  >>
>>  >> Unsubscribe
>>  or change your options at
>>  >>
>> https://lists.kictanet.or.ke/mailman/options/kictanet/harry26001%40gmail.com
>>  >>
>>  >> The Kenya ICT
>>  Action Network (KICTANet) is a multi-stakeholder platform
>>  >> for people and institutions interested
>>  and involved in ICT policy and
>>  >>
>>  regulation. The network aims to act as a catalyst for reform
>>  in the ICT
>>  >> sector in support of the
>>  national aim of ICT enabled growth and
>>  >> development.
>>  >>
>>  >>
>>  KICTANetiquette : Adhere to the same standards of acceptable
>>  behaviors
>>  >> online that you follow in
>>  real life: respect people's times and
>>  >> bandwidth,
>>  >>
>>  share knowledge, don't flame or abuse or personalize,
>>  respect privacy, do
>>  >> not spam, do
>>  not market your wares or qualifications.
>>  >>
>>  >
>>
>>
>>  --
>>  Barrack O. Otieno
>>  +254721325277
>>  +254733206359
>>  Skype: barrack.otieno
>>
>>  _______________________________________________
>>  kictanet mailing list
>>  kictanet at lists.kictanet.or.ke
>>  https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>>  Unsubscribe or change your
>>  options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/wangarikabiru%40yahoo.co.uk
>>
>>  The Kenya ICT Action Network
>>  (KICTANet) is a multi-stakeholder platform for people and
>>  institutions interested and involved in ICT policy and
>>  regulation. The network aims to act as a catalyst for reform
>>  in the ICT sector in support of the national aim of ICT
>>  enabled growth and development.
>>
>>  KICTANetiquette : Adhere to the same standards
>>  of acceptable behaviors online that you follow in real life:
>>  respect people's times and bandwidth, share knowledge,
>>  don't flame or abuse or personalize, respect privacy, do
>>  not spam, do not market your wares or
>>  qualifications.
>>
>> _______________________________________________
>> kictanet mailing list
>> kictanet at lists.kictanet.or.ke
>> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>>
>> Unsubscribe or change your options at
>> https://lists.kictanet.or.ke/mailman/options/kictanet/nmutungu%40gmail.com
>>
>> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
>> for people and institutions interested and involved in ICT policy and
>> regulation. The network aims to act as a catalyst for reform in the ICT
>> sector in support of the national aim of ICT enabled growth and development.
>>
>> KICTANetiquette : Adhere to the same standards of acceptable behaviors
>> online that you follow in real life: respect people's times and bandwidth,
>> share knowledge, don't flame or abuse or personalize, respect privacy, do
>> not spam, do not market your wares or qualifications.
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at
> https://lists.kictanet.or.ke/mailman/options/kictanet/harry26001%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20160316/b8466bc6/attachment.htm>


More information about the KICTANet mailing list